Wireless Millennium Spectrum 20/20 Conference
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Privacy on the Air?
December 3rd, 1998
By Richard-Philippe Maurel
(Check against delivery)
- What is Privacy?
- Privacy Invasions Enabled by Wireless Technologies
- Wireless Mobile Communication Technologies Affect How We Live
- Wireless Mobile Communication Technologies Reveal Where We Go
- Wireless Communication Technologies Reveal What We Think, Say and Do
- Possible Solutions
Privacy protection is poised to become as hot a public issue in the coming years as environmental protection was two decades ago. While technological advances have for the most part benefited society by bettering our way of life, they have radically altered how we interact with others. Wireless communications have many advantages over traditional methods, yet they lead to three main kinds of privacy invasions.
- Wireless mobile systems are more intrusive on our time and activities than wireline technologies. Indeed, while we always have the option to turn off a pager or a cellular telephone, we do so at a cost, for the demands on our presence and availability are often much higher with wireless devices.
- Positioning system requirements indicate our constant whereabouts, thus compromising our democratic right to move about as we please. Moreover, this information is recorded and stored, and can be used in the future for unknown and unrelated purposes.
- The contents of our communications can be intercepted and manipulated without our knowledge and consent, and often without the protection of any law. From simple scanners to more sophisticated interception networks like the international ECHELON system, any of our wireless communications can be intercepted and decrypted if needed, and its contents used and manipulated by private individuals, law enforcement agencies or rival corporations for gain or in the name of "national security" or "defense".
There is no complete solution to the above problems. Wireless technologies cannot be rolled back, nor should they be. However, users must become aware of the dangers, and tailor their behavior accordingly. Manufacturers must design all required privacy protection tools into their products and be honest about them. Society on the whole must adopt wireless technologies intelligently.
Privacy is much more than confidentiality or security: privacy is a fundamental human right, the right of each and every one of us to control what others know about us and how they affect our life. Privacy is not the same as confidentiality. Indeed, confidentiality is only a component of privacy, because confidentiality merely requires one person to limit the disclosure of information about another. Privacy is not the same as security, because security is simply a component of privacy that requires one person to protect information about another against accidental or unauthorized deletion, modification or access.
Our right to limit how much personal information we share with others is not confidentiality or security: it is privacy. Our right to walk naked in our own homes is not confidentiality or security: it is privacy. Our right to enjoy alcohol in our own backyards without the neighbor informing the police or anyone else is not confidentiality or security: it is privacy. Our right to go into a store and buy what we want without others knowing about it is not confidentiality or security: it is privacy. Our right to smoke a cigarette in our own homes without our employers finding out about it is not confidentiality or security: it is privacy. Our right to read the magazines or books we choose, or to visit the Web sites of our choice, or to discuss the topics of our choice with the people of our choice without strangers learning about it, none of that is confidentiality or security: it is privacy.
Nobody wants to live under the constant interest or surveillance of police officers, governments, neighbors, big and small companies, friends or even family members, and this is true even if most of us have little or nothing to hide. Indeed, we want to be able to go wherever and whenever we want, to speak to whomever we want, to read and buy whatever we want, to do as we please outside and inside our homes, within the limits of reasonable laws. In short, we want freedom. And privacy is an essential prerequisite to freedom. Without privacy, there cannot be freedom. And without freedom, there cannot be personal or social growth. A society that does not grow cannot evolve, eventually weakens and may even disappear. That is why privacy is so important to us, both as individuals, and as a society. Privacy is an essential prerequisite to a good quality of life.
Because privacy is so important, we must do everything we can to preserve it. We must ensure that as little of our privacy is invaded, and that we have ways to protect or restore our privacy when needed. Sometimes, events occur or technologies are developed that can invade privacy, even if this invasion is an unexpected result of the event or technology. The best example is that of the computer, which has evolved so much in the past 20 years that anyone can, from the comfort of his or her own home, keep the family budget, type letters to friends, or find out everything about a total stranger in 20 minutes or less, thanks to the Internet.
Wireless technologies, whether for voice or data, hold immense promise for people on the move, residents of rural or remote areas, and for countless other individuals. Indeed, wireless technologies bring flexibility, connectivity and even a sense of community to users. Yet, wireless technologies do invade our privacy in three ways.
The wireline telephone can be annoying, especially when it rings at dinner time. But we can always ignore it, turn off the ringer, or let the machine record a message. By now, most of us expect that someone may choose not to answer the telephone, thereby asserting complete control over this communication technology. The situation is much different with wireless mobile communication technologies.
Firstly, some wireless mobile communication technologies intrude upon our physical privacy in the form of a device we must carry around on our person, be it a cellular telephone ("cellphone"), a pager, a Personal Communication System ("PCS") unit, etc. The presence of these devices affects our appearance and overall physical well-being.
Secondly, because wireless mobile communication technologies carry a sense of urgency and expectation that a communication be dealt with as soon as it is received, they intrude upon our ability to manage our own time and our solitude far more than do wireline communication technologies. Yes, one can always turn off a cellphone or "misplace" a pager, but the guilt and possible implications of doing so can affect a person's mental well-being far more than the act of ignoring a wireline telephone call.
Thirdly, the portability of wireless mobile communications technologies encourages many users to abandon discretion and inadvertently reveal the most intimate details of their lives as they walk on the street, wait for a friend outside an office building, ride a bus home or take a break from a technical conference.
Lastly, the mere presence of a wireless mobile communication unit can affect the behavior of others around us, who may act in a different or less spontaneous fashion, whether they mean to or not. This, in turn, can affect our interaction with these people and can influence our lives against our wishes. One simply has to think about how many romantic evenings are ruined by pagers, or about the murderous looks of fellow moviegoers when one's cellphone rings just as everyone is about to learn the key to the movie's plot.
According to Wireless Telecom (Third Quarter 1998), 37% of the Canadian population have access to a wireless telephone. This figure shows that wireless communications affect a sizable portion of our population, and that the impact of wireless mobile communication technologies cannot be ignored. Users of such technologies currently have two choices: either give up any expectation of privacy, or change their way of life to accommodate the technologies they are using, and thus compromise their privacy. Either way, wireless users lose.
Wireless mobile communication technologies rely on one key element to function: constant knowledge by the transmitting or switching system of the location of a wireless mobile communication (cellphone, PCS, pager, etc.) unit for the purpose of routing incoming communications. Even when they are not in use, these units regularly and automatically emit positioning signals. Unfortunately for privacy, these signals can be used for purposes far different that the original goal of routing communications.
According to SC Magazine (February 1998), police in Switzerland have secretly been tracking the movements of the country's more than one million mobile telephone users through a service provider's computer: while crime prevention and repression are important goals of any society, must more than one million people automatically be considered as potential criminals and monitored as such?
This massive privacy invasion could also soon occur in the United States of America ("USA") where, on October 22, 1998, the Federal Communications Commission ("FCC") tentatively agreed to the Federal Bureau of Investigations' ("FBI") demands that wireless communication service providers build location tracking capabilities into their systems to identify the cell site of both the beginning and end of every mobile call. While the FCC is seeking public comments on its tentative decision, it is unlikely that it will be reversed.
The FBI's approach will undoubtedly have an impact on Canadian wireless mobile communication users when they are in the USA. As well, the usual spill-over effect of American law enforcement policies likely will mean a similar fate for the privacy of Canadian users in Canada. Lastly, what guarantees exist that global satellite networks such as Iridium, Globalstar, Odyssey and ICO will not at some point support tracking capabilities?
As well, an increasing number of company vehicles, usually trucks, are being equipped with sensors or other devices that indicate the movements of each vehicle in the fleet: while such devices can help locate vehicles in case of emergency or the tracking of goods, must all drivers be subject to the scrutiny of their employer, and must their speed, rest stops and driving patterns be monitored at all times?
Finally, a number of companies track the movements of their employees throughout the building with the help of transmitter badges: while such badges can be used to redirect calls to the telephone nearest the employee, must the company know the constant whereabouts of all their employees, including how much time they spend in the bathroom? As well, given the rapid pace of technological "progress", it is entirely possible that tracking technologies could be used to monitor the whereabouts of individual citizens in a town or province, be they convicts on parole or, in a modern-day remake of Hitler's Germany, members of "questionable" minorities or ethics.
Do we want to live in a society where unknown watchers could find out that, on a particular date and time, we went to a specific address and spent a certain amount of time there? While jealous spouses and overzealous law enforcement officers may say yes, the majority of us should say no. When our very freedom of movement is curtailed or compromised by tracking technologies, so is our individual privacy, and so is our social democracy.
By definition, all wireless technologies transmit information on the airwaves. This information can consist of routing or content data, and any of it can be intercepted and, in some cases, manipulated without our knowledge or consent. This inherent vulnerability affects all wireless technologies, and means that anyone with the right equipment can find out the things we say on our cordless wireline telephones, cellphones or PCS units. Turning to Local Multipoint Communication Systems or similar wireless technologies, anyone could learn about the movies we order from Pay-per-View or watch from Video-on-Demand, the television programs we watch, the Web sites we visit, the electronic mail we receive or send, the Internet chat or news groups we participate in, the office projects we are working on, and the amount of money we have in our bank accounts. In short, anyone with the right equipment can find out how we live, which goes to the very core of privacy.
Depending on the wireless technology used, interception can be conducted with any tool ranging from an old television set (scanning UHF frequencies) to a cellphone (the May 1997 issue of Infosecurity News reports that the OKI 900 cellphone can be programmed, when connected to a laptop, to track frequency changes between cells and to monitor calls to and from a specific cellphone), a scanner or some other related device born of someone's imagination.
For example, Bulletin 45 of the Information Technology Security Bulletin (February 1998) of the Royal Canadian Mounted Police warns that existing scanners can readily be modified to monitor most cellphone traffic. Even worse, because of the limited range of channel frequencies assigned to cellphones (from 824MHz to 849MHz for mobile or reverse channels, and from 869MHz to 894MHz for base or forward channels) an eavesdropper using two scanners set at 45MHz apart will be able to intercept both sides of a conversation.
Interception is a big problem for the older generation of wireless technologies, operating in analog (like radio signals) mode. And going digital is not necessarily a solution. Not only are wireless technologies just beginning to communicate in digital strings of 0s and 1s that an analog scanner would pick up only as a high-pitched whine, but those users fortunate enough to have a digital wireless communication unit still face two major problems.
The first is that scanners capable of picking up and decoding digital signals have become available and they are not banned in Canada. Granted, they are still very expensive and out of most people's reach, but as with all technologies, they will come down in price. Granted too, Standard RSS-135-1, issued by Industry Canada in April 1997, requires the licensing of digital scanner users in the hope of controlling the availability of this technology, but this requirement seemingly does not apply to manually tunable scanners, which apparently would make up the bulk of digital scanners.
The second problem is that the vast majority of wireless mobile and wireline communication devices currently in use throughout the world still operate in analog mode. Thus, even if a communication originates in digital mode from a digital mobile communication device, it will need to be converted to analog mode for the recipient, making interception still as much of a threat as before. This problem also applies to all-digital PCS units that also operate as analog cellphones.
Encryption sounds like a better solution, even if this is not always the case. Scrambling communications to prevent an eavesdropper from understanding them is currently feasible. But encryption can be broken by skilled cryptanalysts (of whom many exist) and is only as good as the bit length of its algorithmic key. The longer the key, the stronger the encryption, and the longer it takes to break to get at the contents of the communication. Current encryption used with wireless technologies does not seem to be up to the challenge, however, as illustrated by the following examples.
On March 21, 1997, researchers from the University of California at Berkeley and at a Minneapolis consulting firm announced that they had found a serious breach in the standard software used to encrypt signals from new digital cellphones, which means that digital scanner users could easily decode the contents of communications.
According to Infosecurity News (May 1997), the encryption algorithm used by PCS units contains weaknesses that allow a digital scanner user to determine digits dialed on the units. While this would not enable an eavesdropper to understand an intercepted communication, it could provide the eavesdropper with a person's credit card number or personal identification number (voice mailbox password, calling card password, etc.) if those were the digits dialed on the unit keypad.
On April 13, 1998, the American Smartcard Developer Association announced that it had discovered a deliberate weakening of the encryption algorithm (labeled A5) used in the Groupe Spécial Mobile ("GSM") cellphone standard, the most widely used in the world. The algorithm is supposed to be 64-bit in length but in fact only uses 54 of those bits, making it this much easier to break.
One of the most widely used encryption algorithms in the world, the 56-bit DES, can now be "cracked" in under 72 hours, as proven by the Electronic Frontier Foundation in July 1998, when it built a DES-cracking system for under $250,000.
True, Part VI of the Canadian Criminal Code states that intercepting a private wireless communication is an indictable offense, punishable by a five-year jail term. The Code also states that using or disclosing the contents of an intercepted communication without consent is another indictable offense, punishable by a two-year jail term. These two offenses, however, are almost impossible to detect (except perhaps when the contents of an illegally intercepted communication are disclosed to a wide audience), and are thus almost impossible to prevent or punish. And even in the best of worlds, where all wireless communications would be all-digital and well encrypted, and all eavesdroppers would be caught and jailed, our wireless privacy would still be subject to the whims of government.
After all, how many PCS subscribers are aware of the license requirements that the Canadian Solicitor General indirectly imposed to PCS providers? These providers, upon request from a law enforcement official, are now obliged to, among others: intercept communications without being detected by their users; give the users' location to the law enforcement official; protect information on how interceptions are being or have been performed, and not disclose information on how interceptions are carried out; transmit intercepted communications to the law enforcement official in decrypted format. Those standards were neither debated nor approved by our elected representatives in Parliament, but rather enforced through a simple Ministerial Directive, seemingly against the concerns of Industry Canada's Assistant Deputy Minister.
Other countries are not immune to such initiatives. A report published by the European Parliament in February 1998, entitled An Appraisal of Technologies for Political Control, revealed the existence of an international government-led surveillance project, code-named ECHELON, that seeks to intercept all voice and data communication traffic routed by Intelsat satellites. ECHELON operates on the existing UKUSA surveillance network (of which Canada is an active member), which includes a fleet of satellites owned by the American National Security Agency, and the surveillance targets primarily non-military information.
But this revelation should not be taken to mean that European countries are opposed to such surveillance, quite on the contrary. According to the December 2, 1998 issue of Wired News, the European Union "is quietly getting ready to approve legislation that will allow the police to eavesdrop both on Internet [communications] and Iridium satellite telephone calls without obtaining court authorization" (emphasis added). This new legislation will affect all communications made on the Iridium, Globalstar, Odyssey and ICO satellite networks, which "will be required by the law to provide access to European law enforcement agency through ground stations in France, Italy, England and Germany". If unchallenged, this devastating development is likely to mean the end of wireless privacy worldwide.
Must using wireless technologies to communicate with others, to work, to bank, to surf the Internet or for leisure purposes mean that we have to surrender all expectation of privacy and subject our daily activities to the scrutiny of anyone with the right interception equipment? The average citizen would likely say no, and so should we all.
According to Wireless Telecom (Second Quarter 1998), 55% of Canadians would switch from wireline to wireless telephone service if prices were comparable. As well, Canadians currently account for 37% of the current worldwide wireless market. These two figures suggest that not only are Canadians receptive to the use of wireless technologies, but that they should be able to significantly influence the development and use of these technologies.
To address the way wireless mobile communication technologies affect our lives, manufacturers should promote wireless technologies that can be used independent of a user's body. As well, purchasers of such technologies should be made aware that these technologies invade privacy, and grant users clear control over their operation and thus over the moments when their privacy can be invaded. Thirdly, users should always remember that, since anything they say in public can be overheard, they should avoid discussing personal or sensitive matters within earshot of another. Lastly, wireless mobile communication technologies should simply be banned from certain locations or occasions.
To remedy the privacy invasions caused by the positioning feature of wireless mobile communication technologies, manufacturers should design their products in a way in which a user could manually disable the emission of automatic positioning signals when the unit is not in use. As well, the Canadian government should resist the American pressure toward monitoring positioning data, and Canadians should not be subject to random or ongoing surveillance by law enforcement officials as a condition of using such technologies. Lastly, provincial and territorial governments should legislate employee or vehicle location monitoring, granting employees specific protection against abusive surveillance by employers.
To counter the privacy threats posed by the interception of wireless communications, manufacturers should provide purchasers and users with reasonably detailed warnings of the general and specific privacy risks of their products. As well, manufacturers should offer reasonably strong encryption as a default and fixed feature of all their product. Thirdly, the Canadian government should not try to impose "back doors" to wireless technology providers enabling law enforcement officials to exercise covert and unfettered access to all wireless communications, nor cave in to European or other pressures to do so. As a result, the above-mentioned PCS license conditions should be brought before Parliament for debate, as should any future similar or related initiative by the Canadian government.
Lastly, users should always be wary of the limits to the protection afforded by digitalization and encryption, and should adapt their behavior and their wireless communications to the sensitivity and life span of the information exchanged. For example, revealing one's credit card number during an analog cellphone conversation would be unwise, but mentioning that one's house will be empty tonight during an encrypted all-digital PCS call is relatively safe, for it would take more than a few hours to crack the encryption and take advantage of the information. Similarly, encryption should not be relied upon blindly to protect sensitive information with a prolonged value such as banking data, passwords, Internet news group membership, political views, "questionable" or exotic hobbies or tastes, etc. Once a hacker or government cryptanalyst has spent the days, weeks or even months required to crack the encryption, the information would remain as valuable then as it is now.
Wireless technologies are extremely useful to our society and should evolve. Their negative impacts on the privacy of Canadians, however, must be acknowledged and addressed by manufacturers, purchasers and users alike.
- Date modified: