[ISN] Think your voice mail is secure? Don't be so sure..

From: mea culpa (jerichoat_private)
Date: Sun Sep 06 1998 - 08:05:36 PDT

  • Next message: mea culpa: "[ISN] Computers Spawn a New Criminal Breed"

    Forwarded From: blueskyat_private
    
    http://www.seattletimes.com/news/nation-world/html98/voic_090698.html
    
    Posted at 12:55 a.m. PDT; Sunday, September 6, 1998 
    
    Think all your voice mail is secure? Don't be so sure
    
    by Ashley Dunn 
    Los Angeles Times 
    
    The first signs of trouble at National Regulatory Services, a small
    consulting firm in Connecticut, were a series of odd complaints from
    customers that their phone messages were not being returned.
    
    Salesmen at the company were stumped by the complaints since they could
    never remember receiving the phone messages in the first place.
    Helplessly, they watched as their business dwindled and customers drifted
    away to other competitors who, presumably, at least returned their phone
    calls.
    
    It took months of digging before the company finally figured out that a
    former employee was tapping into the voice mail of the salesman he had
    once sat next to and deleting calls from potential customers, whom he
    would then call on his own.
    
    By the time Kenneth T. Kaltman was convicted last year, the damage already
    had been done - an estimated $1 million in lost business and an
    incalculable loss in the sense of privacy and security for those who
    worked at the company. Kaltman pleaded guilty in state superior court to
    one count of larceny and one count of computer crime. He was fined $2,500.
    
    "E-mail, phone, voice mail - I use them, but I don't put anything
    proprietary on them anymore," said Jacqueline Hallihan, the president of
    National Regulatory Services. "It's changed the way I do everything. I sit
    there sometimes and still wonder . . . who is listening?"
    
    Within the past handful of years, the walls of electronic privacy that had
    been so intricately constructed through technology have crumbled with an
    alarming regularity.
    
    Voice mail once seemed to be a trivial corner of modern communications,
    made up of endless messages in the game of phone tag or spousal reminders
    to please call home.
    
    But in the past few years, voice mail has proved to be a gaping hole of
    vulnerability, not so much for technical reasons, but human for ones -
    easily guessed passwords, careless password handling or no passwords at
    all.
    
    The Cincinnati Enquirer case
    
    The case that has propelled voice mail in the heated lexicon of electronic
    paranoia is the alleged theft of thousands of voice-mail messages by a
    reporter for The Cincinnati Enquirer. Many of the messages were printed in
    an 18-page Enquirer report on Chiquita Brands International that appeared
    in May.
    
    The report alleged that the company sprayed dangerous pesticides on farm
    workers in Central America, used phony companies to obscure its ownership
    of land in some foreign countries, attempted to hide an effort by one
    employee to bribe Colombian officials and failed to take adequate
    precautions to prevent the smuggling of illegal drugs on its fruit ships.
    
    While the truth of The Enquirer's stories about Chiquita is still being
    sorted out, the impact of the intercepted messages has been enormous.
    
    Those messages have become the latest centerpieces in the evolving tale
    about the loss of privacy in the modern world and the general disarray in
    grappling with new forms of communications.
    
    The Chiquita case has become the most notable case of voice-mail
    interception not only because of the enormity of the theft, but also
    because the newspaper retracted all the stories, fired the lead reporter
    on the story and paid Chiquita at least $10 million to settle the issue.
    
    The company has denied the allegations of The Enquirer's report and filed
    a defamation suit against the lead reporter, Mike Gallagher.
    
    What has made Chiquita's case more complicated is that copies of the
    messages are believed to have been sent to the Securities and Exchange
    Commission, opening the possibility of a battle in the tricky legal realm
    of electronic privacy.
    
    An evolving area of law
    
    Various federal and state laws, dating back to the late 1960s, ban the
    unauthorized interception of electronic communications. But even after
    decades, it is still an evolving area of law - one that at times seems
    uncertain about the new methods of communications that seem to sweep the
    planet every so many years.
    
    One case now pending before the 9th U.S. Circuit Court of Appeals involves
    a worker at a Costa Mesa, Calif., company, PDA Engineering, who broke into
    a female co-worker's voice-mail box after discovering she was having an
    affair with a company vice president. The office worker managed the
    break-in by simply guessing that the password was the vice president's
    first name. 
    
    The sport of listening to messages turned serious when the vice president,
    Richard J. Smith, left a message suggesting that he was involved in
    insider trading. The U.S. Attorney's office in Los Angeles was contacted
    and an investigation begun.
    
    Smith was convicted in 1996 of 11 counts of insider trading but he has
    appealed the case, claiming, in part, that his voice-mail messages could
    not be used as evidence.
    
    The 1968 Wiretap Act bars the use of any evidence gotten through an
    unauthorized interception of "communications by the aid of wire, cable, or
    other like connection."
    
    The act's suppression of unauthorized wiretap evidence sets a standard
    that is actually greater than that applied to other types of evidence,
    such as paper documents. In most cases, stolen evidence can still be used
    by law-enforcement agencies - and the media, for that matter - as long as
    they did not steal the evidence themselves.  For example, if a person
    broke into a home and stole a weapon used in a murder, that weapon could
    be turned over to police and used in a trial as long as the police were
    not involved in the theft.
    
    Smith's case would be much easier to resolve if not for the passage of the
    1986 Electronic Communications Privacy Act, which was designed to include
    more recent methods of communications such as e-mail, computer files and
    voice mail. 
    
    Within the amendments was a section specifically dealing with "stored wire
    and electronic communications," which had no requirement to suppress
    illegally obtained stored communications. 
    
    The government has argued that Smith's voice-mail messages are stored
    communications and hence can be used as evidence. 
    
    The point of this conflict is simply that the law is unsettled. It seems
    to create a hierarchy of privacy - with live phone conversations
    considered the most sacred and documents or voice mail seen as some lesser
    entity.
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:03:19 PDT