Climbing up the stairs, the three men look like anybody else coming into the SUN office except for the load of briefcases each carried. But as they start to open those black leather cases and pull out a strange array of electronic equipment, we know they are the men from CMSS.
Formally, the Counter Measure Security Systems (CMSS) is a counter-surveillance or "debugging" company based right here in Ann Arbor. Using the same electronic technology which makes massive illegal bugging possible, CMSS makes machines to find microphones and transmitters hidden in an office or home.
Without a word to tip off any potential listeners to their presence, the three go to work. Dave immediately begins to disconnect the red desk phone, while Dan is extending the antenna on another mysterious-looking contraption.
"There's ten ways to bug the average phone," explains Dave as he hooks my phone into a Telephone Analyzer. "This machine tests a series of abnormalities in the phone and along the lines which would show a possible tap. People often think their phone is tapped when it isn't. Clicks, buzzes and pops on the line don't necessarily mean the line is bugged. In fact, we most often find taps on lines which are free of noise."
First, Dave runs a voltage test on the phone lines. Any high or low readings could indicate an electronic device plugged in on the lines and pulling off power. This test is run with the receiver both on and off the line.
The next test runs a high gain amplification along the lines to pick up noises in the phone.
"If you can hear yourselves talking, you know the phone's bugged somewhere and picking up conversation in the room," Dave says. The Phone Analyzer is making lots of electronic noise, although none of it sounds like words.
"You've got a noisy bell on this phone," he comments, and he doesn't mean for ringing. "You can see how the bell can be used as a place for planting a bug."
So far, nothing unusual. In the next test, he takes the phone and puts it into a briefcase.
"This test is for infinity or "harmonica" bugs," he explains as a loud electronic tone becomes audible. Beginning at a low frequency, the sound quickly becomes a high pitched, annoying scream and moves on out of human audio range.
A "harmonica" bug is a devious device, since most bugs which aren't operating are hard to find. This one turns on and off by remote control. The eavesdropper plants it in the victims' phone, then calls the number from somewhere else. Just before the first ring, he blows a tone from a pitch pipe or rings a tuning fork sending the sound over the wire. The bug goes on and prevents the phone from ringing. Voila, the listener can now hear any conversation in the room. Another note from his "harmonica," and the device is inactive until he wants to try it again.
By running through the entire audio range, the Telephone Analyzer should activate any "harmonica" bug on the line, thus making it detectable.
"I've heard that an infinity bug has been developed which uses two tones to activate it rather than just one," I ask, "so just running through the scale wouldn't trigger it."
Dave admits he has seen such a device, and indeed it would be difficult to locate.
"However, the technology for the two-tone bug is still not developed, so they're extremely unreliable. As yet, they're not in common use and we probably won't find any for a few years," he comments to quell my fears we may miss something.
Suddenly, the phone rings, the machine instantly shuts off, and a tiny light goes on.
"That also happens if anyone picks up the phone to call out," he continues. "It guarantees others won't know the line is being tested."
The SUN's phone lines are clean and so is my desk phone. But since the tap could be on any individual instrument in the office, Dave moves off to check out the other phones.
In the meantime, Dan is in the next room running a square box with a long antenna over the walls and furniture. "This is a Transmitter Locator," Dan tells me. "It picks up any radio transmissions coming from the room." Nicknamed "the screamer," the device emits a constant electronic whine. "If we find anything, it will really scream," he laughs.
As he moves along the room, he keeps tilting and turning the antenna. Much simpler than the Telephone Analyzer, this device doesn't require any special training. All you do is turn it on and "sweep" the walls. Suddenly, the steady hum goes crazy. A signal in the walls?
Dan takes a second box out of his briefcase which makes it possible to "hear" the transmission coming from our wall - a Transmitter Verifier. He holds it up next to the spot where the "screamer" had gone off, and what do we hear, but - music?
"If we'd heard ourselves talking, we would have known there was a transmitter planted in the wall," laughs Dan. "But in these old buildings, we almost always get pipes picking up local radio stations. Nothing here."
Taking back out the Locator, Dan finds several more spots around the room. Along a door frame, we hear a police radio relaying calls. "Must be parked around the block somewhere," Dan mumbles. Everyone cracks up a few minutes later when the radiator starts playing "You Got to Knock on Wood."
The last major test is along the electrical lines in the office, another prime place for planting a bugging device. The Line Analyzer turns the electric signal into audio, letting the tester "listen" to the AC lines.
"Dave is really the genius in this operation," comments Kerry . "He needed something to run this kind of test, so he built this Power Line Analyzer in just one night. Looks real professional - would have taken anyone else at least three months."
He plugs the box into the wall and puts on a set of headphones. Immediately he starts tapping his feet. "WPAG comes in loud and clear," he comments as he hands me the headphones to try on. "It's just like listening to AM radio."
After a thorough test throughout the SUN office, the men from CMSS have not found a single bugging device operating anywhere in the building. When we admit we had not been too discreet about discussing their approaching visit, they suggest any bugger would have been tipped off and probably removed the transmitters in the office. Of course, we're relieved they found nothing but it would have been interesting if they had.
After this demonstration of a "debugging" operation, I went back to their office at 300 South Thayer, Suite 8 (in the basement of the Bell Tower Hotel) to find out more about the debugging business.
"We have a find rate of about twelve percent," says Dave. "Some of the people for whom we've found devices have been flipped right out and thought the world was coming to an end. Other people have just shrugged and said 'I know. At least now I know where it is!'"
Dave and Dan have been involved in the business for about six years, doing work on a personal service basis for friends and occasionally for private detectives. After Watergate, bugging became a popular pastime for all kinds of people.
"There's quite a bit of industrial spying going on," Dave telIs me. "We are finding more and more people are bugging for smaller and smaller amounts. It used to be on things like road contracts where bids were around $8 million and a $2,000 difference might take it. Now, people are bugging for amounts as small as $25,000."
Other people involved in the bugging business include private detectives (bugging is popular for marital cases), local police and prosecutors. In each case, the bugging is ilIegal.
"We have all kinds of laws about it," comments Dave, "but they don't do a damn thing to stop it."
Counter Measure Security Systems was founded three months ago, as demands for Dave and Dan and their equipment increased beyond their ability to fulfill them.
"If someone desires our services," Dan explains, "either walk in to our office or call from a pay phone. Don't say I anything in your home or office. We are quite cool about it - we will even walk into your place and not say a word to each other about what we're doing. We've been known to I write little notes back and forth if necessary."
"But if we spot any illegal activities," continues Dave, "we have to get up and walk right out. For example, if I someone wants phones checked for taps and it's obviously a bookie organization, we'd have to leave. If it's impossible to clean up your act enough to let us walk through your home, then we'll sell you the equipment, teach you to use it and you'll get the same results."
CMSS has had numerous people buy equipment, in fact, up to $30,000 worth. "You don't know if it's a dope dealer or a law firm," comments Dave. People have sent money orders or wired money by Western Union and had the machines in as little as eight hours. Some requests go to post office boxes, and aliases used included such names as Ben Dover, or Rob N. Cheatum, a used car dealer. Dan claims some people writing for catalogues and equipment even spell their names different each time they write.
The technology involved in wiretapping and debugging is constantly changing, so CMSS is continually updating its equipment.
"It's a regular war," comments Dave. "Some of the electronic systems in our devices date back to the forties, others are only three weeks old."
"It's not legal to make or sell bugging devices anymore, except to law enforcement agents - and that's only with specific paper work," he explains while showing me some of the bugs they've found in their work. "This device was commercially made, and probably sold for about $80 about three years ago. There used to be a store n New York City where you could walk in off the street and just buy these. People were buying them by the ton because they knew they'd be made illegal. Now this sort of thing would sell for $250 to $1,000 depending on who made it and where it was being sold. That's because it's illegal. But it's got about $10 worth of parts and maybe $25 in labor. And anyone who's completed electronics one in high school is capable of understanding the technology."
According to Dan, CMSS has located equipment in Ann Arbor far more sophisticated than that used in the Watergate bugging. While they won't talk about any of their clients (confidentiality is a major part of their business), they did admit many of their clients included major firms whose names would be familiar.
"One company where devices were found was very cool about it," tells Dave. "They took their people, flew them out of town and set up this whole soap opera. They came back and played it out in the office. In conversation, they discussed a product they had been thinking about, giving out wrong information on it for three months.
"A competitor brought out a similar product within days of the release date they had used in their drama. The formula was within percentage points of the mixture they had talked about. The quantity and price trade off were not good, because they had informed the competitor it was what they were going to use. The competitor had released $2 1/2 million of this product all over the country the first day. It was a costly use of bugs for that competitor, and it was awful obvious who it was at that point."
Usually, when CMSS finds a bugging device after quietly searching the premises, they leave it there. Anything they find is considered clandestine, and the person is told of the find.
"What they do from there is their business," said Dave. "We're not private detectives. It's really impossible to determine when you find one of these devices whether the law enforcement put it there, a competitor or fly-by-night private detective.
"Once you know your phone is tapped, for example, you can buy a device that will allow you to switch the bug on and off at will for less than $3,000. That's one of your options - you can exist with it and fool it. Or you could get yourself a roll of dimes and start using the phone booth for your calls."
There are cheaper ways to thwart an undesired eavesdropper. At the CMSS office, a radio is constantly playing in the background. Because a microphone does not have the capabilities of the human ear, a background noise will ruin the transmission. A brief experiment with my portable tape recorder quickly confirmed this method's effectiveness. CMSS also sells a pair of "scramblers" which can be used on any phone for about $750 per pair. Such transmissions would at least slow down any eavesdropper, since randomly trying to descramble takes at least 24 hours.
Legal wiretaps are another problem, and CMSS admits that since most of these are done through a phone company's central office, they could not be detected.
"Your local county cop doesn't have any legal wiretap powers," explains Dave. "But we've heard that many purchase devices under the guise of buying extra electronic parts for police radios. We've even heard rumors some cops sell them to private detectives."
The State Police already have extensive wiretap powers. They can authorize a 48 hour wiretap on an emergency basis without a court order, and the tap is legal. After 48 hours, they're supposed to show the evidence to a judge and if she/he believes there is cause, she/he can authorize a warrant. All the evidence gained is admissible in court.
"There have been revelations recently that 22 domestic federal agencies are involved in wiretapping," Dave adds. "The Internal Revenue Service buys more bugging devices than the CIA and FBI put together. The IRS does an incredible amount of snooping on normal, individual citizens with everything imaginable, including night vision equipment. As far as we can tell, this is strictly up to the control of the local IRS field director."
CMSS is unique in one way from all the other counter-surveillance organizations in the country. Of the five or six major firms now operating, Counter Measure Securities Systems is the only major one not started by former law enforcement people.
"The other people have worked offensively for the CIA or the FBI," Dave says. "I can't imagine many people who are our clientele asking these people into their homes. "We are a morally committed firm to debugging; it's a whole different atmosphere. Too many of the most competent men have no moral commitments either way. They don't care - they bug, they debug, and as long as they get their money they do their job. Again, who really wants to hire that?"
Counter Measure Security Systems does debugging anywhere in the country, and their fees are reputed to be about the lowest in the business. Dave said they could do the phones in an average house for about $200. A small law office with about six lawyers would run about $600 per day, and would take two-three days for a complete sweep.
Once debugged, CMSS sells a device which detects anyone coming into a room carrying an active transmitter. They I also warn that a good "garbologist" can learn many secrets, and have a paper shredder which goes for only $139.50.
Most people may never need a debugging firm, but as one-anonymous letter to CMSS said, "I'm glad there's a place like yours around," signed:"name withheld from fear."
There are ten ways to bug the average phone. But clicks, buzzes and pops don't necessarily mean a phone is tapped. In fact, many taps are found on lines with virtually no noise or static.
CMSS has located electronic equipment in Ann Arbor far more sophisticated than the devices used for the Watergate bugging. People have purchased up to $30,000 worth of equipment from CMSS to "debug" homes and offices.