1993-05-21 - SIGINT and TEMPEST follies

Header Data

From: fergp@sytex.com (Paul Ferguson)
To: cypherpunks@toad.com
Message Hash: 9603ab900aa062b4048426a41256200bf7973abdc736b78ee580c5c1f848675e
Message ID: <PoLw4B1w165w@sytex.com>
Reply To: N/A
UTC Datetime: 1993-05-21 18:42:25 UTC
Raw Date: Fri, 21 May 93 11:42:25 PDT

Raw message

From: fergp@sytex.com (Paul Ferguson)
Date: Fri, 21 May 93 11:42:25 PDT
To: cypherpunks@toad.com
Subject: SIGINT and TEMPEST follies
Message-ID: <PoLw4B1w165w@sytex.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 20 May 93 18:33:52 EDT,
 Bill_Stewart <anchor.ho.att.com!wcs> wrote -
 
> This is distinctly not the case.  You can take any countermeasures
> you want. The precise standards are classified (some SECRET, some
> CONFIDENTIAL COMSEC), so you can't find out how good the
> government's abilities to eavesdrop are, or precisely what level of
> protection the government thinks is necessary to protect classified
> information, or how good the NSA thinks the Russians are, but as long
> as you're not using classified information as your sources, you can
> do anything you want.  (If you're not protecting yourself *enough*,
> the FCC will get on your case, but over-protection is fine.)
 
 I beg your pardon, but this is _not_ the case. TEMPEST requirements
 are _not_ classified and are available for public scrutiny. (You
 obviously do not know where to look.) I _know_ this to be true: I
 working in the COMSEC arena within the US military for the better
 part of five years. In fact, I helped design and construct the first
 tactically-based, X.25 packet switched, PC based, uHF interfaced
 network in Europe back in the early '80's using  Zenith Z-248's and
 KG-84's. We did everything from designing the cabling pin-out's on
 up.
 
> TEMPEST isn't particularly about transients or electromagnetic pulses,
> it's about overall electromagnetic emissions.
 
 You're trying to separate issues that are one and the same. With the
 proper equipment, I can put you and an IBM Selectric (tm) typewriter
 on a wooden raft in the middle of Lake Superior, monitor and realize
 every keystroke that you make and you'd not be the wiser. This type
 of monitoring is easily defeated by low yield TEMPEST requirements.
 I've worked in this area, Bill, and have tested these _facts_. I
 don't care how you care to word it, it _is_ transient
 electromagnetic emissions.
 
> Electromagnetic Pulses are the big fast spikes you get from nuclear
> explosions (or similar slower spikes from lightning, etc.) and the
> techniques you use for protection against EMP don't solve your
> TEMPEST problems, and vice versa, though both kinds of protection
> are some help for the other.
 
> In my previous incarnation as a Tool of the Military-Industrial
> Complex, I never saw TEMPEST expanded as an acronym in any of the
> documents I read.
 
 As I stated above (and I place myself in jeopardy of being accosted
 by Big Brother by admitting it), I was a COMSEC flunky during my
 junket with the US Army. Originally, I was a 31S(ierra) and later a
 29S(ierra) when two MOS's (Military Occupational Specialties, in Army
 jargon) were later merged. I was also a COMSEC Custodian (alternate,
 actually) and I can admit that I have a deep understanding of
 cryptographic key systems, cryptographic theory, cryptographic
 hardware design and integration and "BLACK" and "RED" separation
 principles. This type of technology does not require a rocket
 scientist (trust me, I've worked with them too at NASA)(oh yeah, I
 forgot -- I've also done contract work for Bell Labs and AT&T Secure
 Systems).
 
> In the case of the Crippler Chip, however, you knew it had a built-in
> wiretap when you bought it, which changes some of the reasonable
> expectations about privacy a bit.
 
 This issue is one where I must disagree with you emphatically. The
 majority of the American public don't even know about Clipper. Hell,
 most of them think those AT&T commercials (Aretha singing "Freedom")
 are cute. Personally, I think its pretty sick, considering how they
 worked in collusion with Big Brother (No Such Agency) and announce
 that they would be immediately using this "technology" on the same
 day that the NIST made its announcement that Clipper would be the
 "weapon of choice" in their war on drugs, would-be criminals and the
 American public (April 16, 1993).
 
 I know the technical specifics of TEMPEST (it is an acronym, BTW) and
 the reason it was developed as a SIGINT (SIGnal INTelligence) standard.
 
 Cheers.
 

Paul Ferguson               |  The future is now.
Network Integrator          |  History will tell the tale;
Centreville, Virginia USA   |  We must endure and struggle
fergp@sytex.com             |  to shape it.
 
          Stop the Wiretap (Clipper/Capstone) Chip.





Thread