From: Tim May <tcmay@got.net>
To: cypherpunks@cyberpass.net
Message Hash: 25811db2b98d0bb2b5204186bf2825f223d77b4da63cb333a24571f150e0fbc6
Message ID: <v03130315b2618c270619@[209.66.100.110]>
Reply To: <v04003a02b26144df04eb@[24.1.50.17]>
UTC Datetime: 1998-11-01 04:59:08 UTC
Raw Date: Sun, 1 Nov 1998 12:59:08 +0800
From: Tim May <tcmay@got.net>
Date: Sun, 1 Nov 1998 12:59:08 +0800
To: cypherpunks@cyberpass.net
Subject: TEMPEST laptops
In-Reply-To: <v04003a02b26144df04eb@[24.1.50.17]>
Message-ID: <v03130315b2618c270619@[209.66.100.110]>
MIME-Version: 1.0
Content-Type: text/plain
At 3:44 PM -0800 10/31/98, John Young wrote:
>Steve Schear wrote:
>
>>That's why some recommend that all secret e-mail be composed and encrypted
>>on a laptop while disconected from the AC mains, and better yet operated in
>>an open area (a park) or a place with lots of other electrical noise (a
>>mall).
>
>Not to beat an NDA horse but while we're waiting for NSA to
>process our FOIA request for TEMPEST docs, are there
>products available to shield a desktop box, or better, a laptop?
I haven't been following this FOIA request for TEMPEST docs. It seems
pointless, for several reasons:
1. No doubt a lot of stuff will be classified, and FOIA can't break
classification, generally.
2. The physics is what's important, not TEMPEST specs on specfific pieces
of equipment the government may be using, etc.
3. Direct tests on current equipment is more important, anyway.
>We're so ignorant of what's allegedly in the classified docs
>that we're trying to design a glass box with RF glazing materials
>supplied by a corp that makes it for buildings.
Why would something designed for large-scale structures like buildings be
all that useful for shielding a laptop? While it _might_ be useful, there
are building tradeoffs that don't apply to shielding smaller objects.
Why not just go with copper, for example? Or mu-metal? Or even mesh?
>It would fit over
>the box, keyboard and monitor, and should shield them, but
>leaves cables and power lines to solve, not counting how to get
>our hands into the keyboard. As an alternative we're looking at
>a reengineered CAD tablet with puck to select letters and/or
>words/phrases, or maybe a voice gadget. Yeh, yeh, bugs in
>the lamp, but one solution at a time.
>
I don't know who you're doing this project for, but I would approach it
from a different point of view.
* Laptop under battery power...no leakage through a.c. lines
* inside a copper box made of, say, 10-gauge copper. All joints soldered.
* viewing through a kind of viewing hood, with each eye having a couple of
layers of mesh close to the eyes...this should not interfere too much with
viewing the screen (some experimentation would be needed).
* control of keyboard could be done in a couple of ways, e.g.,
-- flexibible gloves coated with conductive material (the skin depth is
likely insufficient to block RF to 80 or so dB, but the combination of
attenuation and limited exit diameter (at the wrists) may be sufficient
-- a new external keyboard with only fiber-optic connections to the
computer, and with no significant local processing, and only low
voltages...I would not be surprised if a keyboard with essentially no
key-varying RF emissions could be built (operating frequency can of course
be very, very low, e.g., a kilohertz or less, and with low voltages, etc.)
-- mouse input, if necessary, can be done with optical mice with infrared
links (helped along with light pipes). No RF to speak of, though this would
have to be characterized in detail.
>If we get it to work, or at least credibly marketable to people more
>techno-stupid than we are, following the cryptography model,
>we figure we'll position it as an upscale decorative hot shit
>privacy fashion statement, an anti-spy-tech ensemble made of
>temperature sensitive glass to change thoughout the day or as
>passions wax and wane with the market and self-image.
I'll follow your business plans with interest.
Not to sound like a cynic (you all know I am, though), but this kind of
"crypto chic" marketing ploy seems doomed to failure. "Privacy fashion
statement" indeed.
>Retail price: oh, maybe, $25,000 for 100% assured RF protection
>("Not Even NSA Can Snoop!) of your secret business communications
>and sordid affairs, give or take a few leakages that'll never be missed
>until the mate's PI burgles the crystal.
What more can I say?
>
>Someone's going to suggest a copper screen sandwiched in pinstriped
>serge, but how do you see the monitor? Or a Frank Gehry-warped
>Faraday cage, or god knows what's under the NDA blanket. However,
>time's running out: when NSA releases those 12 TEMPEST docs next
>summer that 1000% percent markup on classified TEMPEST products
>is going down.
>
>The market's going to be flooded with certified fakes, ours leading.
>The brand name's a secret but you'll see it on the ticker.
Well, I got trolled, it appears, by one of John Young's coleridged rhymes
(and rimes).
I wasted my time addressing what I thought 'til the end was a semi-real, if
flaky, proposal to market a TEMPESTed computer. How stupid of me. I should
know by now never to take John seriously.
--Tim May
Y2K: A good chance to reformat America's hard drive and empty the trash.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Licensed Ontologist | black markets, collapse of governments.
Return to November 1998
Return to “Tim May <tcmay@got.net>”