From: fergp@sytex.com (Paul Ferguson)
To: cypherpunks@toad.com
Message Hash: b2f9e52a734eb27481da9b6ff1d71fbf5347e4222ec4f02753ab7356247c3c82
Message ID: <yBwu4B1w165w@sytex.com>
Reply To: N/A
UTC Datetime: 1993-05-20 16:45:29 UTC
Raw Date: Thu, 20 May 93 09:45:29 PDT
From: fergp@sytex.com (Paul Ferguson)
Date: Thu, 20 May 93 09:45:29 PDT
To: cypherpunks@toad.com
Subject: TEMPEST and other "neat stuff"
Message-ID: <yBwu4B1w165w@sytex.com>
MIME-Version: 1.0
Content-Type: text/plain
This is an interesting extract that I came across this morning.
I thought that I'd post a portion of it (the entire paper is almost
900 lines) to the group since the topic of TEMPEST had surfaced -
8<------ Snip, Snip ------[ edited ]------
(c) 1990 Christopher J. Seline
cjs@cwru.cwru.edu
cjs@cwru.bitnet
Eavesdropping On
the Electromagnetic Emanations
of Digital Equipment:
The Laws of Canada,
England and the United States
This document is a rough
draft. The Legal
Sections are overviews.
T h e y w i l l b e
significantly expanded in
the next version.
We in this country, in this generation, are -- by
destiny rather than choice -- the watchmen on the
walls of world freedom.[1]
-President John F.
Kennedy
_____________________
1. Undelivered speech of President John F. Kennedy,
Dallas Citizens Council (Nov. 22, 1963) 35-36.
In the novel 1984, George Orwell foretold a future
where individuals had no expectation of privacy because the
state monopolized the technology of spying. The government
watched the actions of its subjects from birth to death. No
one could protect himself because surveillance and counter-
surveillance technology was controlled by the government.
This note explores the legal status of a surveillance
technology ruefully known as TEMPEST[2]. Using TEMPEST
technology the information in any digital device may be
intercepted and reconstructed into useful intelligence
without the operative ever having to come near his target.
The technology is especially useful in the interception of
information stored in digital computers or displayed on
computer terminals.
The use of TEMPEST is not illegal under the laws of the
United States[3], or England. Canada has specific laws
criminalizing TEMPEST eavesdropping but the laws do more to
hinder surveillance countermeasures than to prevent TEMPEST
surveillance. In the United States it is illegal for an
individual to take effective counter-measures against
TEMPEST surveillance. This leads to the conundrum that it
is legal for individuals and the government to invade the
privacy of others but illegal for individuals to take steps
to protect their privacy.
The author would like to suggest that the solution to
this conundrum is straightforward. Information on
_____________________
2. TEMPEST is an acronym for Transient Electromagnetic Pulse
Emanation Standard. This standard sets forth the official views
of the United States on the amount of electromagnetic radiation
that a device may emit without compromising the information it is
processing. TEMPEST is a defensive standard; a device which
conforms to this standard is referred to as TEMPEST Certified.
The United States government has refused to declassify the
acronym for devices used to intercept the electromagnetic
information of non-TEMPEST Certified devices. For this note,
these devices and the technology behind them will also be
referred to as TEMPEST; in which case, TEMPEST stands for
Transient Electromagnetic Pulse Surveillance Technology.
The United States government refuses to release details
regarding TEMPEST and continues an organized effort to censor the
dissemination of information about it. For example the NSA
succeeded in shutting down a Wang Laboratories presentation on
TEMPEST Certified equipment by classifying the contents of the
speech and threatening to prosecute the speaker with revealing
classified information. [cite coming].
3. This Note will not discuses how TEMPEST relates to the
Warrant Requirement under the United States Constitution. Nor
will it discuss the Constitutional exclusion of foreign nationals
from the Warrant Requirement.
<New page>
protecting privacy under TEMPEST should be made freely
available; TEMPEST Certified equipment should be legally
available; and organizations possessing private information
should be required by law to protect that information
through good computer security practices and the use of
TEMPEST Certified equipment.
Paul Ferguson | The future is now.
Network Integrator | History will tell the tale;
Centreville, Virginia USA | We must endure and struggle
fergp@sytex.com | to shape it.
Stop the Wiretap (Clipper/Capstone) Chip.
Return to May 1993
Return to “fergp@sytex.com (Paul Ferguson)”
1993-05-20 (Thu, 20 May 93 09:45:29 PDT) - TEMPEST and other “neat stuff” - fergp@sytex.com (Paul Ferguson)