From: John Young <jya@pipeline.com>
To: cypherpunks@toad.com
Message Hash: aa4f35d13b1e3cf83f770be37c1dff59b99d5ffaa988442ea4d84ab4758b0eab
Message ID: <1.5.4.32.19970321023106.006e3a40@pop.pipeline.com>
Reply To: N/A
UTC Datetime: 1997-03-21 02:38:40 UTC
Raw Date: Thu, 20 Mar 1997 18:38:40 -0800 (PST)
From: John Young <jya@pipeline.com>
Date: Thu, 20 Mar 1997 18:38:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: CTIA Downplays Code Crack
Message-ID: <1.5.4.32.19970321023106.006e3a40@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain
(Bruce Schneier's rebuttal of this follows)
TITLE: CTIA: Encryption of Digital Wireless Phones
SOURCE: PR Newswire
DATE: 3/20/97 12:10 PM
CTIA: Encryption of Digital Wireless Phones
Today, a group of professional and academic cryptographers will announce
that it has "discovered a flaw in the privacy protection used in today's most
advanced digital cellular phones." Following is a set of questions and
answers that arise from that announcement.
Q. Does this mean that eavesdroppers can listen in on my phone calls?
A. No. The encryption discussed by the researchers involves the
algorithm used to encrypt numbers punched on the keypad of a phone, not the
algorithm used to encrypt voice transmissions.
Q. Is it easy to break this keypad number code?
A. Not at this time. It involves very sophisticated cryptological
knowledge. The digital encryption system now in use is designed to inhibit
interception by the unsophisticated. Any technology developed by one person
can be broken by another with the application of sufficient technology. This
announced attack requires multiple minutes -- up to hours -- of high speed
computer processing to break a coded message.
0. What is the impact of this announcement on people who now use
wireless phones?
A. Virtually none. Approximately 95 percent of the wireless phones now
being used are analog phones, not digital phones. The possible impact of this
announcement is only relevant to some digital phones that are now being
introduced to the market.
Q. Why didn't the wireless phone industry develop phones that have
unbreakable security?
A. Standards for phone technology are developed within the confines of
federal regulations and the realities of the marketplace. A wireless phone is
a consumer product, not a spy v. spy technology adequate for national
security. Such a unit would have cost, battery life and call set-up times
which would make it unacceptable to consumers.
0. Does this announcement have any impact on the industry's efforts to
stop phone cloning?
A. No. During the past year, the industry has been very successful in
introducing new technologies that prevent phone cloning. These authentication
and "fingerprinting" technologies operate differently and are not compromised
by the cryptography announced today.
Q. What is the industry doing about this problem?
A. Tom Wheeler, the president and CEO of CTIA, testified before Congress
on February 5, about the need to strengthen the laws protecting the security
of wireless phone calls. It is currently illegal to intentionally intercept a
wireless phone call. Unfortunately, whereas federal law prohibits the sale
and manufacture of devices designed to eavesdrop on wireless calls, it does
not extend the prohibition to cordless phones and the newer digital
frequencies. In regard to today's announcement, Wheeler said, "This is the
horse nudging at the barn door and it is time to act before the horse is gone
completely."
CTIA is the international association for the wireless telecommunication
industry. It represents more PCS and cellular carriers than any other
association in the world.
INTERNET USERS. News about the wireless telecommunications industry is
updated several times each day on CTIA's World Wide Web site
(http://www.wow-com.com). CTIA news releases and other information also are
available an WOW-COM.
NOTE: The cryptography researchers are Bruce Schneier, Counterpane
Systems, 612-823-1098; Robert Sanders, University of California, Berkeley,
510-643-6998; David Wagner, University of California, Berkeley, 510-643-9435;
and Lori Sinton, Jump Start Communications, 415-938-2234.
CONTACT: For more information, please contact Tim Ayers, 202-736-3203, or
Jeffrey Nelson, 202-736-3207, both of CTIA.
Return to March 1997
Return to “John Young <jya@pipeline.com>”
1997-03-21 (Thu, 20 Mar 1997 18:38:40 -0800 (PST)) - CTIA Downplays Code Crack - John Young <jya@pipeline.com>