From: smb@research.att.com
To: fergp@sytex.com (Paul Ferguson)
Message Hash: 3b0b9acf5d4cf0c8b5ec247eb6856dc935450a430274ee9b90f4af3178a365de
Message ID: <9305201906.AA20919@toad.com>
Reply To: N/A
UTC Datetime: 1993-05-20 19:07:01 UTC
Raw Date: Thu, 20 May 93 12:07:01 PDT
From: smb@research.att.com
Date: Thu, 20 May 93 12:07:01 PDT
To: fergp@sytex.com (Paul Ferguson)
Subject: Re: TEMPEST and other "neat stuff"
Message-ID: <9305201906.AA20919@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
This is an interesting extract that I came across this morning.
I thought that I'd post a portion of it (the entire paper is almost
900 lines) to the group since the topic of TEMPEST had surfaced -
I'd like to see the whole thing, but I don't guarantee I'll read it.
In fact, I don't believe it.
The use of TEMPEST is not illegal under the laws of the
United States[3], or England. Canada has specific laws
criminalizing TEMPEST eavesdropping but the laws do more to
hinder surveillance countermeasures than to prevent TEMPEST
surveillance. In the United States it is illegal for an
individual to take effective counter-measures against
TEMPEST surveillance.
I can't speak for England or Canada, but neither statement is true about
the U.S. Note the text of footnote [3]:
3. This Note will not discuses how TEMPEST relates to the
Warrant Requirement under the United States Constitution. Nor
will it discuss the Constitutional exclusion of foreign nationals
from the Warrant Requirement.
The ``warrant'' requirement is precisely the point. Spying on
individuals who have a reasonable expectation of privacy is
prohibited. In the case of wiretaps, that was in a Supreme Court
ruling in, as I recall, 1967. In fact, the original wiretap statute
(18 USC 2510 et seq), later amended by the ECPA, was passed (as part of
the Ombnibus Safe Streets and Crime Control Act of 1968) in direct
response to that ruling, to set forth procedures, grounds, etc., for
legal wiretaps and surveillance. I don't have the citation handy, but
the concept was discussed clearly and at some length in Kemp v Block
(1985) 607 F Supp 1262. A TEMPEST pickup would appear to run afoul of
the wiretap laws. Consider the following language in 18 USC 2511(2)(f):
procedures in this chapter and the Foreign Intelligence
Surveillance Act of 1978 shall be the exclusive means by which
electronic surveillance, as defined in section 101 of such Act,
and the interception of domestic wire and oral communications
may be conducted.
I'll return to the FISA later; note, though, that it and 18 USC 2510
are the *only* means by which anything resembling TEMPEST surveillance
can be performed.
The only grounds on which such intercepts can be justified, given the
language of this section, is from 18 USC 2511(3)(g):
It shall not be unlawful under this chapter or chapter 121
of this title for any person --
(i) to intercept or access an electronic communication
made through an electronic communication system
that is configured so that such electronic
communication is readily accessible to the general
public;
Is TEMPTEST ``readily accessible to the general public''? At least
since the adoption of the FCC requirements on spurious RFI, I'd tend to
doubt it. And as I noted earlier, eavesdropping of any sort is legal
if and only if the targets have no reasonable expectation of privacy;
given that 99+% of the American public has never heard of TEMPEST, I'd
call it a fair bet that someone using a computer in a private room
does, in fact, assume that he or she has such an expectation.
The Foreign Intelligence Surveillance Act (50 USC 1801 et seq.)
specifies the conditions under which foreign agents may be subject to
surveillance. Unless there is ``no substantial likelihood'' that an
American's conversations will be observed, an order from a special
court is needed. Again -- for the most part, there is a requirement
for due process.
Now -- I'm certainly not going to claim that these niceties are always
observed. But that they're ignored doesn't make them legal.
Finally, the claim that taking counter-measures against TEMPEST is
illegal strikes me as balloon juice, plain and simple. Last I heard,
the FCC wanted you to do anything you could to reduce spurious
emissions. True, they're not telling how sensitive their detectors are
-- but that's a far cry from saying you're not allowed to try to defeat
them.
Please -- there are real enemies to personal freedom. Let's not waste
energy chasing chimeras.
--Steve Bellovin
Return to May 1993
Return to “smb@research.att.com”
1993-05-20 (Thu, 20 May 93 12:07:01 PDT) - Re: TEMPEST and other “neat stuff” - smb@research.att.com