YOU ARE HERE: LAT HomeCollections


At the Beep, Leave Your Life Open

Intrusions into voicemail systems have dispelled the myth that phone messages are private and secure. Often the weak link in security is not technological but human.


The first signs of trouble at National Regulatory Services, a small consulting firm in Connecticut, were a series of odd complaints from customers that their phone messages were not being returned--the electronic equivalent of a slap in the face.

Sales agents at the company were stumped by the complaints since they could never remember receiving the phone messages in the first place. Helplessly, they watched as their business dwindled and customers drifted away to competitors who, presumably, at least returned their phone calls.

It took months of digging before the company finally figured out that a former employee was tapping into the voice-mailbox of the salesman he had once sat next to and deleting calls from potential customers, whom he would then call on his own.

By the time the man was convicted last year, the damage had been done: an estimated $1 million in lost business and an incalculable loss in the sense of privacy and security for those who worked at the company.

"E-mail, phone, voicemail--I use them, but I don't put anything proprietary on them anymore," said Jacqueline Hallihan, the president of National Regulatory Services. "It's changed the way I do everything. I sit there sometimes and still wonder . . . who is listening?"

Within the last handful of years, the walls of electronic privacy that had been so intricately constructed through technology have crumbled with an alarming regularity.

Voicemail once seemed to be a trivial corner of modern communication, made up of endless messages in the game of phone tag or spousal reminders to please call home.

But voicemail has proved to be a gaping hole of vulnerability, not so much for technical reasons but for human ones--easily guessed passwords, careless password handling or no passwords at all.

Although there is a wide variety of voicemail systems, in general they all have security features that protect messages and passwords--some even from the designers of the machines. Systems can be set up to lock mailboxes if they detect a trial-and-error attempt to discover passwords. The passwords in most systems are also usually hidden and encrypted so they would be unreadable even to someone with the deepest computer access.

But, at best, these features create only an illusion of privacy. They protect against technological attacks but not against the most basic errors of wetware--that is, humans. Ken Kumasawa, a telephone security consultant with Burlingame-based TeleDesign Management, said the most common error is picking a password that is too short or obvious. Classic errors include using children's names, the last four digits of a phone number, 1111, 0000 or the user's first name. Guessing or simply looking over someone's shoulder as they enter a password can make a mockery of the most advanced security systems. Kumasawa said using any password less than nine digits is just inviting intrusion.

"It doesn't take a rocket scientist to break a four-digit pass code," Kumasawa said.

Newspaper Story Galvanizes Concerns

The case that has propelled voicemail into the heated lexicon of electronic paranoia is the alleged theft of thousands of voicemail messages by a reporter for the Cincinnati Enquirer. Many of the messages were printed in an 18-page Enquirer report on Chiquita Brands International that appeared in May. The report alleged that the company sprayed dangerous pesticides on farm workers in Central America, used phony companies to obscure its ownership of land in some foreign countries, attempted to hide an effort by one employee to bribe Colombian officials and failed to take adequate precautions to prevent illegal drug shipments on its fruit ships.

Although the truth of the Enquirer's stories about Chiquita are still being sorted out, the impact of the intercepted messages has long since transcended the realm of mere bananas and newspapers.

They have become the latest centerpieces in the evolving tale about the loss of privacy in the modern world and the general disarray in grappling with modern forms of communication that don't quite fit in the traditional mold of wire and paper.

"People expect a level of protection--that this system is private," said Evan Hendricks, the publisher of the Washington-based newsletter, Privacy Times. "People expect that a lot of things are private these days. The reality is that they are very vulnerable."

The Chiquita case has become the most notable instance of voicemail interception not only because of the vastness of the alleged theft but also because the newspaper retracted all the stories, fired the lead reporter and paid Chiquita at least $10 million to settle the issue.

Los Angeles Times Articles