Computer and Information Science professor Matt Blaze has figured out how to stop government spooks -- or anyone -- from eavesdropping.
Blaze and third-year graduate students Eric Cronin and Micah Sherr spent four months last year testing the security of phone-tapping systems used by law enforcement agencies.
The results -- which shocked the team and have received national attention -- showed that the systems are actually very easy to fool.
"We were very surprised that the systems used by law enforcement agencies are not very robust," Blaze said. "Almost anything we'd think of [to fool the wiretaps] turned out to work."
Their research, which was completed last November, comes on the heels of a congressional investigation into a National Security Agency domestic wiretapping program, which The New York Times exposed in December. It was discovered that President Bush has granted permission for the phone of someone believed to have terrorist ties to be tapped more than 30 times. The constitutionality of this has yet to be determined.
By equipping their laboratory with surplus FBI eavesdropping tools purchased at auction Web site eBay.com, the researchers were able to demonstrate that phone-tapping systems have two key vulnerabilities.
One of Blaze's discoveries is based on the fact that the wiretapping systems rely on a sound -- called a C-tone -- that indicates a phone is on the hook and no recording needs to be done.
The researchers discovered that computers can easily forge C-tones. As long as the noise continues, speakers are free to talk without worrying about anyone eavesdropping on them.
According to Cronin, the C-tone is not even a "well-guarded secret" as it is discussed explicitly in easily obtainable wiretapping equipment catalogues.
Another vulnerability in current phone-tapping systems is the way in which they record all the phone numbers dialed on a tapped phone, Blaze found.
The problem, according to Blaze's team, is that law enforcement agencies and phone companies have different methods for interpreting numbers dialed. Someone hoping to protect a phone call can take advantage of these differences by fooling a wiretap into recording a number completely different from the one actually dialed.
Since the wiretap-fooling techniques are so simple, it is not unlikely that individuals with better motives for doing so -- such as criminals or terrorists -- have already stumbled upon them, he said.
According to Blaze, the research has very serious legal implications.
Prosecutors often present printouts of phone calls and their times as non-contestable evidence in trials, he said.
If phone taps are so easy to fool, then the evidence they gather "may not reflect reality at all," he said.
Because the research was so sensitive, the team met with FBI employees from the Philadelphia field office before publishing their study.
According to Sherr, the FBI was "extremely receptive" and took the research "very seriously."
Nevertheless, an FBI spokeswoman later told The New York Times that the organization is "aware of the possibility" that phone taps can be fooled using the techniques that Blaze's team discovered in their research.
She added that the vulnerabilities only exist in about 10 percent of state and federal phone taps today.
Though larger law enforcement agencies have more technologically advanced wiretaps, Blaze believes that local police stations may still be using older and more vulnerable systems.
Sherr attributes the national attention received by the team's work to to the research's "coolness factor," which he added is unusual in the computer science field.
Penn Computer and Information Science Department Chairman Fernando Pereira praised the research for its "scientific way of looking at security and privacy."
Pereira added that alerting the FBI that their procedures had flaws was the right thing to do.
