From: pmetzger@shearson.com (Perry E. Metzger)
To: cypherpunks@toad.com
Message Hash: c8916fc7359b7b75543f8ad9d66a5e280c0b0e16313a04e0adc5edd4b26c629f
Message ID: <9212171925.AA04923@maggie.shearson.com>
Reply To: N/A
UTC Datetime: 1992-12-17 20:53:31 UTC
Raw Date: Thu, 17 Dec 92 12:53:31 PST
From: pmetzger@shearson.com (Perry E. Metzger)
Date: Thu, 17 Dec 92 12:53:31 PST
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9212171925.AA04923@maggie.shearson.com>
MIME-Version: 1.0
Content-Type: text/plain
Close, but no cigar, Mr. "Treason". Anyone reading your "proof" can see
for themselves that there is no law making it illegal to shield your computers,
only some regulations on people that sell equipment to the government can't
tell other people what their specifications are. Big deal.
The line in the article saying
Without the right to possess TEMPEST ELINT
equipment manufacturers who wish to sell to the public
sector cannot determine what a safe level of emanations is.
is mostly bull, in the sense that people can probably judge what is safe
without knowing the government standards. In any case, you have demonstrated
nothing making it illegal to shield your computers, and we've already seen
a post containing a dozen purveyors of shielding equipment. Repeating,
you don't know what you are talking about. Now go away.
Perry
Original message included for reference:
> From cypherpunks-request@toad.com Thu Dec 17 14:13:11 1992
> Date: Thu, 17 Dec 92 12:38:34 -0500
> From: treason@gnu.ai.mit.edu
> Content-Length: 3194
>
> Here is parts of the article I posted regarding the legality of the use
> of emf shielding. Read it carefully, and I suggest you also read the
> posted document in full as well. This poses many problems to the public
> in general, and the private sector in specific.
> PERRY, I suggest you read this.
>
> NACSIM 5100A is classified, as are all details of TEMPEST.
> To obtain access to it, contractor must prove that there is
> demand within the government for the specific type of equipment
> that intend to certify. Since the standard is classified, the
> contractors can not sell the equipment to non-secure governmental
> agencies or the public. This prevents reverse engineering of the
> standard for its physical embodiment, the Certified equipment.
> By preventing the private sector from owning this anti-
> eavesdropping equipment, the NSA has effectively prevented the
> them from protecting the information in their computers.
> A number of companies produce devices to measure the
> emanations from electrical equipment. Some of these devices
> are specifically designed for bench marking TEMPEST
> Certified equipment. This does not solve the problem. The
> question arises: how much radiation at a particular
> frequency is compromising? The current answer is to refer
> to NACSIM 5100A. This document specifies the emanations
> levels suitable for Certification. The document is only
> available to United States contractors having sufficient
> security clearance and an ongoing contract to produce
> TEMPEST Certified computers for the government. Further,
> the correct levels are specified by the NSA and there is no
> assurance that, while these levels are sufficient to prevent
> eavesdropping by unfriendly operatives, equipment certified
> under NACSIM 5100A will have levels low enough to prevent
> eavesdropping by the NSA itself.
> The accessibility of supposedly correct emanations
> levels does not solve the problem of preventing TEMPEST
> eavesdropping. Access to NACSIM 5100A limits the
> manufacturer to selling the equipment only to United States
> governmental agencies with the need to process secret
> information.[33] Without the right to possess TEMPEST ELINT
> equipment manufacturers who wish to sell to the public
> sector cannot determine what a safe level of emanations is.
> Further those manufacturers with access to NACSIM 5100A
> should want to verify that the levels set out in the
> document are, in fact, low enough to prevent interception.
> Without an actual eavesdropping device with which to test,
> no manufacturer will be able to produce genuinely
> uncompromising equipment.
>
> PERRY, now I put up, now YOU SHUT UP!
>
> sheesh.
>
> treason@gnu.
>
Return to December 1992
Return to “pmetzger@shearson.com (Perry E. Metzger)”
1992-12-17 (Thu, 17 Dec 92 12:53:31 PST) - No Subject - pmetzger@shearson.com (Perry E. Metzger)