Communications security for physicians

Canadian Medical Association Journal 1996; 154: 302


[Letters]

The article "A warning to MDs: If you want to keep calls confidential, hang up the cordless phone" (CMAJ, 1995; 153: 1485- 1488 [abstract / résumé]), by Mary Mouzar, was timely. For several years radio enthusiasts have been reading about communications developments in magazines such as Popular Communications or Monitoring Times. These magazines are full of advertisements for "interception" equipment and "broadcasting" frequencies for all types of telephones. Although these advertisements mention that eavesdropping may be illegal, this is probably insufficient to deter would-be eavesdroppers. As a confidentiality-conscious physician, I have accumulated some useful experience in this area, which I would like to share with CMAJ readers.

If you use regular cordless or cellular telephones, avoid giving out identifying information; this may prove especially difficult after several minutes of conversation.

If you can afford it, opt for eavesdropper-proof equipment. On the lower end of the scale ($150) are telephones (usually cordless) offering voice-inversion scrambling. These transmit a Donald-Duck-like sound between the handset and its base when the owner is speaking. However, this scrambling is easy for electronic hobbyists to "crack." A better option is a telephone that transmits your voice digitally (not analogically), sometimes with the use of special ("pseudorandom") encryption algorithms. Even more sophisticated is equipment that transmits your voice (digitally or otherwise) on several frequencies, sometimes even changing in time (called "spread-spectrum").

By reading this far, you already know more about this topic than all of the salespeople I have ever encountered.

A spread-spectrum, digitally encrypted, 900-MHz cordless telephone would provide you with a very high level of security for about $500, a hefty price for being able to move freely in your home or office. And the high level of security is only true as long as the electronic chip that does the scrambling (Clipper, Data Encryption Standard or others) is not stolen, cloned or misused by a private company, a government agency or a hacker.

Your readers should be aware that, unless a secure telephone (as described) is used, standard push- button sound tones can be decoded by devices sold precisely for that purpose. There goes your calling-card number and your voicemail access code. It would also be wise to check regularly your outgoing office message in case a hacker changes it to "personalized escort services by Dr. . . ." I have heard of one such unfortunate occurrence.

Also available are cheap ($150) Post Office Code Standardization Advisory Group (POCSAG), GOLAY (another code) and super-POCSAG decoders, which can intercept all of the messages (sometimes several lines long) received on your sophisticated pager that you were so proud of.

Long-distance telephone microwave transmissions (voice, faxes and modem data), terrestrial or satellite, are intercepted by specialized equipment daily. Computer radiowaves are also prone to interception, but this is less of a risk than internal leaks through your office personnel. email is also prone to eavesdropping.(1)

Rest assured, a special Royal Canadian Mounted Police squad is surfing the Internet and is already monitoring!

Pierre-Étienne Senécal, MD, FRCPC, ABMTox
Montreal Children's Hospital
Montreal, Que.

Reference

  1. Maher TP: Legal issues: privacy in the workplace. Lab Med 1995; 26: 636-638

| CMAJ February 1, 1996 (vol 154, no 3) |