www.democraticfundamentalism.org

Government/Technology

TEMPEST Brewing for PC Privacy?

Home    About    Books    Links    Government     Entertainment   HiTech   Medicine    Victims    News    Take Action

WASHINGTON -- Plenty of people worry about their privacy online, but few consider that someone may be eavesdropping on what they're typing -- through a wall or even across the street.

It's something government snoops have been able to do for at least the last decade, according to newly released documents from the US National Security Agency. (NSA) Spy agencies have dubbed the concept TEMPEST, a code name for technologies used to intercept and decipher the electromagnetic signals that all computers emit

Spooks have known about TEMPEST technologies at least since the 1960s -- some people have even patented ways to shield computers. But details that aren't classified have been relatively scarce.

John Young hopes to change all that. This week he began to publish on his Web site the results of TEMPEST documents he obtained from the NSA through a Freedom of Information Act request.

"People don't know it's out there as a snooping threat," says Young, an architect-turned-archivist who collects cryptographic documents. "Defense contractors have it but it's under nondisclosure. It's pretty carefully guarded."

One study -- one of the few that's not classified -- performed by UK researchers Ross Anderson and Markus Kuhn showed that it was possible to capture images from a remote computer monitor. Government-spec shielded systems ward against this, but are more expensive and in limited supply in the private sector.

What's the most interesting thing Young has found in the 184 pages of technical standards and jargon the NSA handed him?

"They're able to do standoff surveillance without tapping," said Young. "That's the most lethal thing in there."

About half of the pages are blanked out with thick black lines, and nearly all of the vital numbers -- signaling rates, maximum data bandwidth, and frequencies -- are redacted. Citing "national security," the NSA released only two of the 24 documents Young requested.

One of those two documents, entitled "Compromising Emanations Laboratory Test Requirements, Electromagnetics" was prepared by the NSA's Telecommunications and Information Systems Security group. It describes test procedures for measuring the radiation emitted from a computer -- both through radio waves and through telephone, serial, network, or power cables attached to it.

"Equipment meeting the Level I limits of this document provide an acceptable degree of conducted and radiated TEMPEST security at the equipment level. Those complying with the Level II and Level III limits of this document provide an acceptable degree of radiated TEMPEST security at the equipment level when installed in an appropriate protected environment," the manual says.

The radiation limits that the documents specify apparently are used by military bases, contractors, embassies, and some other government offices to protect their computers from surveillance.

The second document the NSA released describes the agency's "Technical Security Program," which is responsible for assessing electronic security and providing "technical security facility countermeasures."

The program also sets security standards for the NSA and its contractors, devises training requirements, and lends the agency's expertise "to other DoD components or other US government departments and agencies."

John Gilmore, co-founder of the Electronic Frontier Foundation, says a lawsuit may be necessary to force the NSA to turn over the remaining 22 documents. "NSA is just playing its usual delay, delay, delay game -- not following the law, and requiring citizens to sue it to make it follow the law."

Young has sent an appeal to the NSA protesting what the agency says is "proper" classification as secret documents. "The documents are classified because their disclosure could reasonably be expected to cause serious damage to the national security," the NSA says.

Privacy experts say that although spy agencies may use TEMPEST technology all too frequently, the law probably would limit how such evidence could be used in a criminal prosecution.

"They would need a court order based on probable cause and the court would likely require them to be compliant with the wiretap statute simply because it's so close to what's covered," says Dave Banisar, co-author of The Electronic Privacy Papers.

And who says the NSA doesn't have a sense of humor? One of the documents cites a new codeword not made public before: TEAPOT.

"TEAPOT: A short name referring to the investigation, study, and control of intentional compromising emanations (i.e., those that are hostilely induced or provoked) from telecommunications and automated information systems equipment."

(c) 2001,2002,2003,2004,2005,2006, 2007 DemocraticFundamentalism.org,      All Rights Reserved

Fair Use Notice: This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in an effort to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: www.law.cornell.edu/uscode/17/107.shtml If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. The views expressed herein are the writers' own and not necessarily those of this site or its associates.