~e; EM security issues

From human being <human@electronetwork.org>
Date Wed, 31 Jul 2002 13:39:58 -0500

  [this story is quoted in full as it demonstrates the
  range of issues with everyday electronics, such as PDAs
  and cellphones and their potential security issues...]

Agency to Impose Limits on Devices
Wed Jul 31, 5:44 AM ET
By TED BRIDIS, Associated Press Writer

(please see original url for links and more information. ~e.org)

WASHINGTON (AP) - The wireless soldier may be getting some new 
strings attached.

The Defense Department, concerned that hackers or spies might 
eavesdrop on classified meetings or secretly track the locations of 
top U.S. officials, is imposing new limits on its workers' use of the 
latest generation of wireless devices inside military buildings.

The new rules will outline new restrictions on civilian and military 
employees carrying cellular telephones, pagers and handheld computers 
while working, even devices that employees bought themselves and 
carry for their personal convenience at work, said John P. Stenbit, 
the assistant defense secretary for command, control, communications 
and intelligence.

Stenbit, who also is the Pentagon ( news - web sites)'s chief 
information officer, disclosed the upcoming rules Tuesday after a 
technology conference in Washington focusing on security problems of 
wireless devices. Stenbit said the new rules would be announced 
within a month.

In an earlier speech at the same conference, President Bush ( news - 
web sites)'s top cyber-security adviser, Richard Clarke, said the 
technology industry was acting irresponsibly by selling wireless 
tools such as computer network devices that remain remarkably easy 
for hackers to attack.

The industry's most common data-scrambling technique designed to keep 
out eavesdroppers, called the wireless encryption protocol, can be 
broken - usually in less than five minutes - with software available 
on the Internet.

"It is irresponsible to sell a product in a way that can be so easily 
misused by a customer in a way that jeopardizes their confidential 
and proprietary and sensitive information," Clarke said.

Clarke said government and companies need to explain to consumers 
ways to keep their information secure over wireless networks. Some 
recommendations will be included in a forthcoming report from the 
administration on cyber-security, which currently runs more than 
2,800 pages.

Stenbit said the new rules would explain which equipment, such as 
handheld Blackberry e-mail devices, may be used in different areas of 
military buildings, including the Pentagon. Stenbit has complained to 
colleagues about classified meetings being interrupted when 
electronic bug-sweepers in specially designed conference rooms detect 
the presence of cell phones and handheld computers.

Stenbit exhorts visitors, "Let's lose the devices," said one frequent 
meeting participant, speaking on condition of anonymity.

Robert Gorrie, deputy director of the Pentagon's Defense-wide 
Information Assurance Program Office, called it "a thorn in my side" 
when military officers try to carry handheld wireless devices inside 
such classified conference rooms.

Gorrie said the military won't ban wireless gadgets outright because 
of their convenience but also won't let workers use them without 
clear rules. "That would be a stupid thing to do," he said.

The new policy reflects increasing concerns among security experts 
about the latest breed of devices, such as two-way pagers and 
wireless network cards for handheld computers. Officials have 
previously worried that cell phones, programmed to answer 
automatically and with ringers set to silent, could be hidden inside 
a conference room and dialed to function as low-tech listening 

The newest wireless devices, which can send and receive e-mails and 
even voice messages, also could be misused as eavesdropping devices, 
even without the user's knowledge. And since the devices usually 
transmit continuously, experts worry they could be used to trace a 
particular user's location. They fear, for example, that a two-way 
pager assigned to a top Defense Department official could reveal 
whenever that person rushes to the Pentagon in the middle of the 

"They're recognizing the kinds of threats that are out there," said 
Art Matin, president of McAfee Security, a software company. "That 
kind of spark will accelerate people's focus on that risk."

Other U.S. agencies already impose some restrictions on wireless 
technology. Visitors to the CIA ( news - web sites)'s headquarters 
must leave cell phones in the parking lot, and signs warn visitors to 
some offices at the National Security Council not to bring cell 
phones inside.

Workers at the Defense Intelligence Agency must walk outside the 
headquarters building to place a call on a cell phone.

copyright 2oo2 AP/Yahoo. fair-use, em educational usage, ~e.org 2oo2.

  the electromagnetic internetwork-list
  electromagnetism / infrastructure / civilization