Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!think!mit-eddie!cybvax0!frog!die From: die@frog.UUCP (Dave Emery, Software) Newsgroups: net.ham-radio,net.video,net.crypt,net.mail,net.legal Subject: Some comments on the Electronic Communications Privacy Act (long) Message-ID: <1031@frog.UUCP> Date: Sat, 6-Sep-86 16:37:21 EDT Article-I.D.: frog.1031 Posted: Sat Sep 6 16:37:21 1986 Date-Received: Sun, 7-Sep-86 05:58:03 EDT Reply-To: die@frog.UUCP (David I. Emery) Distribution: net Organization: Superfrog Heaven [ CRDS, Framingham MA ] Lines: 284 Keywords: Severe, Jail, Fines, Scrambled, Encrypted, Pay TV Xref: mnetor net.ham-radio:2220 net.video:2161 net.crypt:567 net.mail:1102 net.legal:3473 First reaction Perhaps the strongest impression on seeing the text of the privacy act is how incredibly draconian the penalties are considering the ease with which radio communications can be intercepted and the fact that such interception isn't currently a crime. The crimes The act provides that intentionally intercepting the contents of a radio or electromagnetic communication "not readily available to the general public" is legally the same crime as wiretapping or bugging and carries the same penalties with certain few exceptions. The bill provides a year in jail and/or a $10,000 fine for merely intentionally listening to ("acquiring the contents of") a radio communication on certain frequencies (those used by radio and TV remote pickup and studio transmitter links), sent over facilities provided by a common carrier (such as a communications satellite) or on a subcarrier or other subsidiary signal (such as Teletext, vertical blanking interval signals + SCA). This 'reduced' penalty only applies if the interception is not for commercial purposes or private gain or in violation of any contract and is the first offense. The full penalty of five years in jail and a $250,000 fine applies if the interception is for commercial purposes or private gain or is a second or subsequent offense. And perhaps the most incredible of all - five years in jail and a $250,000 fine for intercepting and acquiring the contents of (ie descrambling) any radio communication that is "scrambled or encrypted" (such as pay tv stations or scrambled satellite TV). This applies even if this is a first offense, and is not for private gain or commercial purposes. There is no requirement that the scrambling or encryption be secure or difficult to break, absolutely any kind qualifies. And in a very nasty section, not only is it a crime for which one can get thrown in the pokey for a year to intercept a common-carrier signal or other private signals but it is a crime to intercept any signal whose "essential modulation parameters have been witheld from the general public" in order to protect privacy. This means that if one finds an odd signal and demodulates it, one may have committed a serious crime even if one had no knowlage that the signal was modulated that way for the purpose of preserving privacy and knew (from the frequency or other information) that it was not a common carrier signal or other otherwise private signal. Further the bill provides for civil damages for anyone whose radio communication, "not readily accessible to the general public", is intercepted or used. This provision allows for a suite to recover all profits or gains from the use of the communication, court costs, and punitive damages of the greater of $10,000 or $100 a day for every day the radio communication was intercepted. Though I am not a lawyer (just a humble engineer) it appears to me to be possible to mount such a law suite even if there was no criminal prosecution for the violation. (That is to say if the local pay TV or cable company (this applies to wire communications too) decides to take you to court for descrambling their pay signals they can do so and collect $10,000 damages even if the local US attorney doesn't want to prosecute you on the felony interception charges.) The exceptions There are bizzare exceptions made for cellular telephone calls (6 months and $500) and non-scrambled or encrypted private satellite video (only $500 !!), and complete exemptions for cordless telephones and tone only pagers (???!!!). The things that are legal Certain things are explicitly legal to receive including anything on ham, CB, and general mobile radio service frequencies, a distress signal from an aircraft, vessel or person (not car or truck), transmissions from a marine or aeronautical communication system, and police, fire, civil defense, government, and law enforcement transmissions that are readily accessible to the general public. Naturally one can legally receive any transmission specifically intended for the general public such as radio and TV broadcasts (but not any subcarriers or subsidiary services riding on broadcast signals unless they are also specifically intended for the use of the general public). And one can legally receive unscrambled and unencrypted satellite transmissions of programs intended to be broadcast (network TV feeds and radio feeds). I believe that the underlying law already allows reception of cable tv feeds (Satellite Viewing Rights Act) that are not scrambled or encrypted under certain conditions. An editorial note To me, the radio part of the Electronic Communications Privacy Act seems to have little or nothing to do with privacy of radio communications. It seems to really be a bill designed to protect the economic interests of certain people who transmit pay tv signals, stock market data, cable TV programming and other signals that have recently become targets of widespread piracy. Unfortunately, the way the law is written it makes no difference whether or not there is an intent to steal a service, it is a felony to merely peek to see what is there. If there is an intent to protect privacy, it is not to mandate real security or provide encouragements to carriers to provide it, (the bill carefully avoids making carriers liable for the disclosure of radio communications transmitted over radio systems foolishly designed so they can be easily intercepted (like cellular telephones)) but to make sure that it is in fact a crime to intercept almost any conceivably private communication. The actual purpose of this is more to get providers of communications services off the hook if customers sue them because their communications were intercepted then to provide security as it is normally a valid defense against charges of negligence to demonstrate that the act in question is a serious crime. The saddest part is that the bill does nothing to encourage the use of the only technology that can provide real radio security - encryption with a secure cipher. It actually stifles that effort by giving complete legal protection to any cipher or other security technique no matter how feeble, and by protecting even many completely open signals with harsh penalties. Post Script The rest of the act is basicly anti-hacker. I am on the side of the angels on most of the rest of the bill's provisions, as I do think that there is a fundemental difference between listening to a radio communication and breaking into a computer system and accessing private information contained therein (or exceeding ones authorization to use the system). Radio is all around us, and is by its very nature a publicly accessible medium - while wire (fiber and cable) communications and computer systems are legitimately private spaces. Some sleepers in the bill - very technical The most obvious sleeper is the use of the key (and very ambiguous) phrase "readily accessible to the general public". Though the bill defines that concept as it pertains to radio (and thus precludes use of the extremely logical and common sense argument that almost any radio signal is readily accessible to the general public), the phrase is made for judges to add interpretations to. Almost any signal which is on a secret frequency, or has not been widely publicized, or seems from its contents like it ought to be secret, or is not publically admitted to by its owning agency, or which requires special equipment to receive could be excluded on the grounds it wasn't readily accessible to the general public. I am sure that the argument will soon be made that any signal on a non-published or secret frequency is not readily accessible to the general public just by virtue of the fact that the frequency information is not made readily available to the general public. Ready Access The bill leaves hanging questions about signals that are only receivable in certain limited places (such as highly directional signals, very low power signals, or signals on frequencies that don't propagate well) Is it illegal to receive them even if one happens to live near the transmitter ? Suppose one builds a large antenna ? What sort of difficulty does one have to go to to exceed the limits of "ready access" ? And what is the "general public" in this context anyway ? Does being a technically knowlageable engineer or other specialist disqualify one from membership in the "general public" the bill refers to ? Banned Frequencies The bill for the first time forbids receiving and "acquiring the contents of" any communication on certain frequencies allocated to broadcast remote pickup and auxiliary services regardless of whether the intercepted signal is in fact a signal used by a broadcast station. This concept of a "banned frequency" might prevent one from receiving ANY radio signal of unknown origen on some frequencies if the bill is strictly interpreted. In many ways that is a much harsher restriction than forbidding the "acquistion of the contents of" a signal transmitted by certain specific groups. This establishes a nasty precedent that might have impact on electronic instrumentation, EMC/Tempest, and rf equipment engineering, test, and repair. It also could be used to convict someone for simply possessing a receiver turned on and tuned to such a channel since it could be argued that receiving any signal that came in (presumably including cosmic noise and the thermal background hiss) was illegal unless one could establish that one was an authorized recipient of some lawful transmission on these channels. And it would make establishing intent easier, since there could be no legal purpose for someone not authorized to receive such signals to possess a receiver for those frequencies. Common Carriers The bill defines as private any signals "transmitted over a communication system provided by a common carrier". This would seem to include situations where the common carrier provides radios, transmitter sites or other facilities to radio communications systems that do not operate on common carrier frequencies. This makes determining whether a particular communication is private and illegal to listen to much more complicated. (An example is the White House Nationwide (Echo Foxtrot) radio system used to provide a very unsecure radio telephone connection to Air Force One - this system is supposed to have been provided by AT&T in whole or in part and uses AT&T sites but uses federal frequencies for the radio links) It is also very unclear what the bill means by "transmitted over". Does this mean transmitted by a transmitter provided by a common carrier ? Or does it mean that if the signal at some point in its path between original sender and ultimate recipiant goes over a communication link provided by a common carrier it is illegal to receive it ? Suppose it is transmitted by a privately provided transmitter in communication with a common carrier system (such as a cellular phone owned by a subscriber and not purchased from a common carrier) ?. How about an otherwise legal-to-receive radio signal that happened to go over telephone lines or other common-carrier provided facilities between the control point and the transmitter (a very common case in mobile radio systems) ? How about signals from a privately owned satellite uplink ? Subcarriers Another bit of legal language that could be sticky is "subcarrier or other signal subsidiary to a radio transmission". At first glance this seems to mean SCA signals on FM radio broadcasts. But depending on how subcarrier is interpreted it could mean virtually any modulation more complex than simple direct AM or FM. Is a FDM-SSB voice channel a subcarrier ? (One could argue no, it is not further modulated - it is merely shifted in frequency - unlike an FM subcarrier which is itself a modulated carrier.) Is a pcm subchannel on a tdm multiplexed signal a subcarrier ? What is meant by "subsidiary to" ? Many digital signals transmitted over analog paths (such as the AFSK used in 2 meter ham packet radio) use modems which modulate an audio frequency carrier. When transmitted over a radio channel, these audio signals become subcarriers. Does the bill mean to preclude reception of any digital transmission except direct FSK, PSK or PAM of a carrier ? (Reception of 2 meter packet is otherwise explicitly allowed so this is not an issue for hams). What about those military multiplex HF RTTY transmissions that some people copy news wires or weather information from ? Are the individual channels subcarriers or separate 85hz shift FSK signals that happen to be transmitted from a common transmitter ? Scrambling Another problem area lies with the definition of "scrambled". To lawmakers this probably means what one sees on a pay cable channel one doesn't subscribe to. But what constitutes scrambling ? What parameters of a signal have to be changed for it to be scrambled ? Is merely inverting the usual video polarity (as some satellite services do) scrambling ? What is enough alteration to put one in jail ? And what constitutes scrambling for other sorts of radio signals ? Does it have to be effective ? or is it merely enough to alter some parameter of the signal with the intent of making harder to receive on some kind of receiver. Suppose your receiver can receive the signal anyway, is it still illegal ? Another problem with the term "scrambling" is that it has a technical meaning different from its common usage meaning. All modern digital radio transmission systems (and almost all modems > 300 bps) permutate the data transmitted with a digital pattern to ensure that the modulated signal contains plenty of 0-1 and 1-0 transitions (for maintaining clock synchronism between transmitter and receiver) and to guarantee that the same data does not always result in the same modulated signal in case some particular pattern in the data produces a worse case analog signal (this ensures that if the transmission is retried, it probably will work the second time). This technique has been called (since its inception) "scrambling". If it is illegal to intercept a radio signal that has been scrambled for this purpose (and the bill does not say "scrambled or encrypted to protect the privacy of" it will be illegal to intercept almost any properly designed digital radio transmission or radio transmission of a modem signal carrying data at greater than 300 bps (except 202 FSK). Note to Phil Karn I don't have my table of FCC frequency allocations handy but isn't 39.17 mhz (the frequency on which the preacher hears God) a broadcast remote pickup frequency ? Perhaps Phil Karn's theory that the fundementalists are the force behind this bill because of the debunking of that phoney TV evangelist on the Johnny Carson show is real !! David I. Emery Charles River Data Systems 617-626-1102 983 Concord St., Framingham, MA 01701. uucp: decvax!frog!die -- David I. Emery Charles River Data Systems 983 Concord St., Framingham, MA 01701 (617) 626-1102 uucp: decvax!frog!die