From: Bill Stewart <bill.stewart@pobox.com>
To: Geraint Price <karn@qualcomm.com>
Message Hash: 1bc489e2f16eadecc1305dbfdba815b64a5164c5ccaba9087b958dc1afbc4d95
Message ID: <3.0.5.32.19980426233526.00983100@popd.ix.netcom.com>
Reply To: <199804222049.NAA26335@servo.qualcomm.com>
UTC Datetime: 1998-04-27 06:53:51 UTC
Raw Date: Sun, 26 Apr 1998 23:53:51 -0700 (PDT)
From: Bill Stewart <bill.stewart@pobox.com>
Date: Sun, 26 Apr 1998 23:53:51 -0700 (PDT)
To: Geraint Price <karn@qualcomm.com>
Subject: Re: Position escrow
In-Reply-To: <199804222049.NAA26335@servo.qualcomm.com>
Message-ID: <3.0.5.32.19980426233526.00983100@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
>This technology already exists in Britain (I don't know about any other
>countries), where you can buy a mobile without any subscription information
>off the shelf. To use the mobile, you go and purchase a 'token' which allows
>you to use the mobile on a pay-per-call basis much the same as a public phone.
>I don't know the method of token implementation.
>
>The police have started kicking up a fuss over this technology as they claim
>it hinders their investigation into criminal activity, because if they trace a
>cellular phone which turns out to be one of this type then they can't pull the
>info on the customer to go round knocking on doors.
As usual, some of the important questions are scale, threat model,
and economics.
If you're in the Retail Pharmaceuticals business, trying to
solve the problem for yourself and a few of your best customers,
it's much simpler than solving the problem for The Masses.
Steal some cellphones, or steal some credit cards and buy some
cellphones, or hire a street person to rent a cell phone for you.
If the cops know they're looking for cellphone 202-654-3210,
they can call you, but they don't know who you are,
and even direction finders may only tell them that
the holder of that phone is somebody walking down Pennsylvania Ave.
On the other hand, if the cops are looking for _you_,
they may not have your phone number.
The Cheesebox story was quite nice, and would work better today,
with automated PBXs available - it would have worked
even better 10 years ago, when PBX hacking was easier.
Another small-scale solution is to use ham radio repeaters with
phone patches, assuming they're still widely available.
Tracing it tells the cops they need to go find an FCC RDF truck
to drive around South Silicon Valley looking for someone
with a pocket-sized 2m or 70cm handheld radio who doesn't
talk more than 1 minute at a time, or maybe just listens.
If they catch you, you could be in Big Big Trouble for using
a ham radio without a license!
Another part of the scale is that not only is tracing a lot of work,
as others have pointed out, but not everybody goes taunting
Tsutomo and continually reminding everybody that they
haven't yet caught him, the way Dread Pirate Mitnick allegedly did.
If you're just Yet Another Pot Dealer, the FBI, NSA and FCC will
probably tell your local police that a 75-gram dope deal is
less important that Cliff Stoll's 75-cent accounting difference.
On the other hand, maintaining a professional level of paranoia
all the time while doing business for a few years is more than
most FBI Targets are willing to bother doing.
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Return to April 1998
Return to “Steve Schear <schear@lvdi.net>”