20 March 1997

Schneier Rebuts CTIA


Return-Path: daw@cs.berkeley.edu
From: David Wagner <daw@cs.berkeley.edu>
Subject: CTIA Rebuttal (fwd)
To: jya@pipeline.com
Date: Thu, 20 Mar 1997 17:18:21 -0800 (PST)

Here's Bruce Schneier's press release rebutting the CTIA's assertions.

Forwarded message:

MINNEAPOLIS -- The Cellular Telecommunications Industry Association (CTIA) issued a press release discussing our recent cryptographic break against digital cellular phones. Following is a correction of some of their mis-statements.

1. While it is true that our paper did not discuss voice encryption, that does not mean that the voice encryption system is any good. As early as 1992 others -- including noted expert Whitfield Diffie -- have pointed out fatal flaws in the new standard's voice privacy features. The underlying technology is the Vegienere cipher, broken by the Union Army during the American Civil War. One cryptographer was quoted in the July 1992 Communications of the ACM calling the voice privacy protection "pitifully easy to break." Certainly digital cellular is harder to eavesdrop on than analog cellular--the latter just requires a scanner tuned to the correct frequencies--digital cellular voice security can be broken in real time by anyone with a little bit of budget, expertise, and desire.

2. While our break did involve sophisticated cryptographic expertise, our results have been published. While we have no intention of publishing our computer code, anyone able to understand our paper can implement our attack. It is not true that "any technology developed by one person can be broken by another with the application of sufficient technology." The Telecommunications Industry Association (TIA) could have designed secure algorithms to protect voice and messages; they chose not to.

3. While it is true that our announcement does not affect most people because they use analog phones, that is a misleading statement. Analog phones are even less secure; the whole point of digital cellular was that it was secure. This announcement affects both CDMA and TDMA cellular systems, but not GSM systems.

4. The phone industry did not develop phones with unbreakable security because they chose not to. It is possible, with today's technology, to implement digital cellular algorithms in cellular phones without affecting the phone's weight, power consumption, voice quality, or call setup. It takes more computer processing power to digitize the voice than it does to encrypt the digital voice.

5. It is true that our attack does not affect phone cloning. The TIA put more effort into preventing cellular fraud, because that directly affects their bottom line. Cellular privacy is much less of a concern, so they didn't bother doing a good job.

6. All the industry seems to be doing about this problem is releasing misleading press releases in an attempt to pretend that nothing is wrong.

One moral of this story is that good security standards need to be developed in the open. The CTIA believed that keeping the details of their security measures secret improved the security of the system. This notion works, as long as the details remain secret. All good security systems are designed to remain secure even if their details are made public. To do otherwise is naive and foolish, similar to creating recipes without ever bothering to let anyone taste the food.

The CTIA also pointed to the need for legislation to make this illegal. While important, this is not a solution. Listening in on analog cellular phones is illegal, but people do it all the time. Stealing cars is illegal, but Lojack is still in business. We need to protect ourselves with technology, not with legislation. Laws are a quick fix for an industry unwilling to devote resources to solving their problems.