New Revelations From BellSouth
by Emmanuel Goldstein
2600 has obtained internal documents detailing BellSouth's future plans for monitoring telephone lines. Their desire is to develop a system more flexible and powerful than that currently allowed by the Dialed Number Recorder (DNR). Its purpose, according to one of the documents, is "to assist our security personal [sic] in identifying intrusions across the telephone network."
What BellSouth is developing here is truly frightening - the ability to spy on any kind of conversation (voice, data, fax) literally at the touch of a button. Add to this the fact that everything obtained will be stored on computers and the potential abuses of this technology shine far brighter than any benefits.
An Overview
The system is to be made up of two separate components: a control unit and a remote unit (used for the actual monitoring). Both of these would be capable of allowing multiple units.
According to BellSouth:
"The control unit will be located in a secure area, under the supervision and control of BellSouth Security personnel. This device is to be used to program and control the remote unit(s), gather data, and produce statistics. The telephone network and modem technology is to be the primary means of communications between the remote and control units."
The company is planning to purchase one control unit and four remote units. Each control unit, however, will be able to handle at least 50 remote units. Their long range plans are described as being able to cover up to six metropolitan areas.
Among the features BellSouth described as mandatory was a way of indicating the presence of fax or data communications occurring on the line and presumably capturing them. As for voice communications, the remote unit will be able to "record all analog signals occurring on the targeted number" upon receiving a command from the control unit.
Communications between the two devices are to be encrypted. The monitoring device (remote unit) will be capable of holding the data it captures until the control unit tells it to transfer the information. Doing this will not prevent it from capturing more data at the same time.
Among the information to be exchanged between the two units is an identification code indicating the target number. This code would be translated within the control unit. The company seems especially concerned at not having the actual phone number revealed in any communications. Another piece of data would be a "call sequence number" designed to keep track of the number of communications between the two devices.
Other information includes standard DNR-type data: time the phone was picked up, what numbers were dialed (rotary or pulse), time the phone was hung up. Each single cal will be capable of holding 300 digits and dialing within a call is also to be time-stamped.
The information on the monitoring device would be held in Random Access Memory (RAM). Also in RAM will be "characterization data" such as the telephone number of the control unit and the alphanumeric unit identification code mentioned above. BellSouth estimates that 64K of RAM will be enough to store data on twenty dialing sessions or 24 hours worth of calls.
Listening In
All of these monitoring devices will be capable of listening to everything on the line, which makes them radically different from DNRs. "When activated," a BellSouth document reads, "all signals, voice, data, and fax, detected on the target number line are to be passed to the control unit using the communications data link between the remote and control location. The mode of transmission is to be simplex, towards the control unit. The activation of this capability is to be under control of the control unit and will be downloaded to the remote unit at time of activation." The control unit will be able to connect a call from the remote unit directly to a tape recorder. The control unit will also be able to tell the monitoring device to only listen when the phone is off-hook or to listen at all times.
The monitoring device is supposed to be able to call the control unit when certain conditions are met, such as the memory being full or at a predetermined time of day. It can also call whenever a call is made from or to the targeted number or whenever a certain type of call is initiated, i.e., fax or data. Theoretically, this could also mean calls to a certain area code or to a specific number would enable the remote unit to call home.
Security Features
The two units will be communicating over the regular telephone network via modem, although there will be the ability to communicate in a "private line environment." To prevent unauthorized access, the units will be silent when called. They will only become activated when the right password is entered at the right protocol by the calling device. BellSouth also suggests having "an artificial audible ring" emanate from both of the devices. Communications protocols under consideration appear to be XMODEM and AX.25 with a preference for the latter.
Data received by the control unit will require a multi-tasking computer. Operating systems such as OS/2, UNIX, and XENIX are being considered. In addition to storing data on a hard disk, tape backups are also likely. Backup control units are also being planned, in case one fails.
As far as physical makeup, each of the remote units, according to one of the documents, will be less than eight inches high, ten inches long, and three inches deep. They will also be capable of running on 60 hertz with internal batteries that will last at least two hours. Both the remote and control units will be capable of future expansion.
The Potentials
Everything seems to indicate that this system is designed for sticking a remote monitoring device in a location anywhere between the central office and the target telephone.
You may have already asked yourself a very good question. Why would BellSouth come up with such a system when they could just operate the whole thing out of a central office? Why bother with all of this communication between two units, synchronization, passwords, another phone line, etc.?
Although it was never stated, it appears that this system will be ideal for any agency interested in monitoring certain individuals. Who says the control units have to be located within the phone company at all? It could be anywhere. This kind of monitoring system can operate quite well without the phone company even getting involved.
Under the guise of protecting its system against intrusion, BellSouth is creating a monster. And it now appears that other phone companies around the nation are involved in this as well. The one thing needed for such projects to succeed is continued consumer ignorance.