Updated: 27.11.2002; 12:17:56 Uhr.
disLEXia
lies, laws, legal research, crime and the internet
        

Tuesday, February 15, 1994

Canada to monitor phone calls,fax,etc.?

Canadian security intelligence services is trying to make equipment to keep records of all conversations from millions of airborne phone, fax, radio signal and other transmissions. The first thing that comes to my mind from this high-tech snoop gadget is that it violates the people's trust and confidence. Nobody can ever be confident to have a private conversation with others. They are always afraid of what have been said because the government keeps records of these conversations. This monitoring of phone calls is the invasion of privacy. As we have read from the other examples in the text book about risk_forum digest contributions, the computers could make mistakes. In the case of Canadian government, using computers could cause someone else to be accused by the government for something he/she didn't do. An error could result, for example, from two persons having the same name. The other risk factor could be the possibility of an intruder accessing a system and erasing some of the data or other information. An intruder changing the data could cause other people to be at risk. Computers are not always to be credited. They could make errors, or someone else could cause these errors by changing the data. This hardware on Canadian security service will have the same problem, but the main issue is that the Canadian government is taking advantage of the new technology to invade people's private life. [eng350q3@csulb.edu (Sahel Alleyasin) via risks-digest Volume 15, Issue 55]
23:41 # G!

No switch on new Sun Microphone

A recent product announcement from Sun Microsystems (SunFLASH Vol 62 #8, 4 February 1994) introduces "new microphone, SunMicrophone II, to ship with current and new Sun desktop platforms". Among the features described by the announcement for this "uni-directional microphone which allows greater focus on direct voice input while providing less interference from background ambient noise" is the following Q&A:

Q. Does the SunMicrophone II look similar to the SunMicrophone?

A. No, the two products look very different. The current SunMicrophone has a unique square shape, with an on/off switch. The SunMicrophone II looks like a classic microphone on a rectangular stand, with no on/off switch. Both products come in Sun colors and with Sun logo.

So, the new, "improved" model has no "on/off" switch, although the old one did. Maybe the new microphone is "uni-directional", but that doesn't mean it can't pick up ambient sound--just turn up the gain.

This "improvement" makes it all the more difficult to follow the final recommendation of CERT Advisory CA-93:15 (21 October 1993), quoted in part below. It's bad enough that the problem existed in the first place, but Sun has now made it worse!

III. /dev/audio Vulnerability This vulnerability affects all Sun systems with microphones. ...

A. Description /dev/audio is set to a default mode of 666. There is also no indication to the user of the system that the microphone is on.

B. Impact Any user with access to the system can eavesdrop on conversations held in the vicinity of the microphone.

C. Solution [...] *** Any site seriously concerned about the security risks associated with the microphone should either switch off the microphone, or unplug the microphone to prevent unauthorized listening. ***

Even if this vulnerability is fixed from a systems viewpoint, a user is still vulnerable to Trojan horse programs that exploit the user's own (legitimate) access to the microphone--and the information discussed in a person's office may be far more sensitive than the information stored on an office computer.

This is especially a problem for multi-level secure (MLS) systems. Although MLS systems offer protection against disclosure of information by Trojan horse programs, that's no help at all if the microphone picks up a Top Secret conversation that occurs in the office while the user happens to be logged in at Unclassified. Sure--one might look around to be sure there's nobody who can inadvertently overhear, or close the office door--but the computer? Computers don't eavesdrop, do they?

Computer manufacturers need to address these risks. It's certainly nifty to have desktop audio- and video-conferencing, but not when that equivalent to installing a bug in every office (and remember not to aim your video camera at the whiteboard).

Every microphone and video camera should have a positive on/off switch and some positive indication (such as a light) to show when it's actually in use (as opposed to just being enabled by the on/off switch). The broadcast industry learned this years ago, with its "ON THE AIR" lights. Fail-safes, such as permitting only manual activation, but computer deactivation, or requiring manual confirmation of any attempted activation, would be better still.

Olin Sibert |Internet: Sibert@Oxford.COM Oxford Systems, Inc. |UUCP: uunet!oxford!sibert [Olin Sibert via risks-digest Volume 15, Issue 55]
14:47 # G!


Maximillian Dornseif, 2002.
 
February 1994
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28          
Jan   Jun
Search
about this disLEXia thing
presentations
scientific publications
logner Texts
my old homepage
categories in this weblog
Subsections of this WebLog
bloging by me
german language content
hacks
computer investigations
computer incidents
going to court
events and conferences
statistics and the like
privacy
main page

Subscribe to "disLEXia" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.