Forwarded From: bluesky@rcia.com
http://www.seattletimes.com/news/nation-world/html98/voic_090698.html
Posted at 12:55 a.m. PDT; Sunday, September 6, 1998
Think all your voice mail is secure? Don't be so sure
by Ashley Dunn
Los Angeles Times
The first signs of trouble at National Regulatory Services, a small
consulting firm in Connecticut, were a series of odd complaints from
customers that their phone messages were not being returned.
Salesmen at the company were stumped by the complaints since they could
never remember receiving the phone messages in the first place.
Helplessly, they watched as their business dwindled and customers drifted
away to other competitors who, presumably, at least returned their phone
calls.
It took months of digging before the company finally figured out that a
former employee was tapping into the voice mail of the salesman he had
once sat next to and deleting calls from potential customers, whom he
would then call on his own.
By the time Kenneth T. Kaltman was convicted last year, the damage already
had been done - an estimated $1 million in lost business and an
incalculable loss in the sense of privacy and security for those who
worked at the company. Kaltman pleaded guilty in state superior court to
one count of larceny and one count of computer crime. He was fined $2,500.
"E-mail, phone, voice mail - I use them, but I don't put anything
proprietary on them anymore," said Jacqueline Hallihan, the president of
National Regulatory Services. "It's changed the way I do everything. I sit
there sometimes and still wonder . . . who is listening?"
Within the past handful of years, the walls of electronic privacy that had
been so intricately constructed through technology have crumbled with an
alarming regularity.
Voice mail once seemed to be a trivial corner of modern communications,
made up of endless messages in the game of phone tag or spousal reminders
to please call home.
But in the past few years, voice mail has proved to be a gaping hole of
vulnerability, not so much for technical reasons, but human for ones -
easily guessed passwords, careless password handling or no passwords at
all.
The Cincinnati Enquirer case
The case that has propelled voice mail in the heated lexicon of electronic
paranoia is the alleged theft of thousands of voice-mail messages by a
reporter for The Cincinnati Enquirer. Many of the messages were printed in
an 18-page Enquirer report on Chiquita Brands International that appeared
in May.
The report alleged that the company sprayed dangerous pesticides on farm
workers in Central America, used phony companies to obscure its ownership
of land in some foreign countries, attempted to hide an effort by one
employee to bribe Colombian officials and failed to take adequate
precautions to prevent the smuggling of illegal drugs on its fruit ships.
While the truth of The Enquirer's stories about Chiquita is still being
sorted out, the impact of the intercepted messages has been enormous.
Those messages have become the latest centerpieces in the evolving tale
about the loss of privacy in the modern world and the general disarray in
grappling with new forms of communications.
The Chiquita case has become the most notable case of voice-mail
interception not only because of the enormity of the theft, but also
because the newspaper retracted all the stories, fired the lead reporter
on the story and paid Chiquita at least $10 million to settle the issue.
The company has denied the allegations of The Enquirer's report and filed
a defamation suit against the lead reporter, Mike Gallagher.
What has made Chiquita's case more complicated is that copies of the
messages are believed to have been sent to the Securities and Exchange
Commission, opening the possibility of a battle in the tricky legal realm
of electronic privacy.
An evolving area of law
Various federal and state laws, dating back to the late 1960s, ban the
unauthorized interception of electronic communications. But even after
decades, it is still an evolving area of law - one that at times seems
uncertain about the new methods of communications that seem to sweep the
planet every so many years.
One case now pending before the 9th U.S. Circuit Court of Appeals involves
a worker at a Costa Mesa, Calif., company, PDA Engineering, who broke into
a female co-worker's voice-mail box after discovering she was having an
affair with a company vice president. The office worker managed the
break-in by simply guessing that the password was the vice president's
first name.
The sport of listening to messages turned serious when the vice president,
Richard J. Smith, left a message suggesting that he was involved in
insider trading. The U.S. Attorney's office in Los Angeles was contacted
and an investigation begun.
Smith was convicted in 1996 of 11 counts of insider trading but he has
appealed the case, claiming, in part, that his voice-mail messages could
not be used as evidence.
The 1968 Wiretap Act bars the use of any evidence gotten through an
unauthorized interception of "communications by the aid of wire, cable, or
other like connection."
The act's suppression of unauthorized wiretap evidence sets a standard
that is actually greater than that applied to other types of evidence,
such as paper documents. In most cases, stolen evidence can still be used
by law-enforcement agencies - and the media, for that matter - as long as
they did not steal the evidence themselves. For example, if a person
broke into a home and stole a weapon used in a murder, that weapon could
be turned over to police and used in a trial as long as the police were
not involved in the theft.
Smith's case would be much easier to resolve if not for the passage of the
1986 Electronic Communications Privacy Act, which was designed to include
more recent methods of communications such as e-mail, computer files and
voice mail.
Within the amendments was a section specifically dealing with "stored wire
and electronic communications," which had no requirement to suppress
illegally obtained stored communications.
The government has argued that Smith's voice-mail messages are stored
communications and hence can be used as evidence.
The point of this conflict is simply that the law is unsettled. It seems
to create a hierarchy of privacy - with live phone conversations
considered the most sacred and documents or voice mail seen as some lesser
entity.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Mon Sep 7 09:57:23 1998