tempest.txt文件.

释放双眼,带上耳机,听听看~!

tempest.txt,

tempest.

txt,tags | paper,窃听数字设备的电磁辐射:加拿大、英国和美国法律版权所有(C)1989克里斯托弗·塞林本文件为草稿.

法律部分是概述.

它们将在下一个版本中显著扩展.

我们这一代人是世界自由之墙的守望者,是命运而非选择.

1-约翰·F·肯尼迪总统在小说《1984》中,乔治·奥威尔预言了一个个人对隐私毫无期望的未来,因为国家垄断了间谍技术.

政府从出生到死亡都在观察臣民的行动.

没有人能保护自己,因为监视和反监视技术是由政府控制的.

本说明探讨了一种被遗憾地称为TEMPEST2的监视技术的法律地位.

利用TEMPEST技术,任何数字设备中的信息都可以被截获并重建成有用的情报,而无需特工接近目标.

该技术特别适用于截获存储在数字计算机中或显示在计算机终端上的信息.

_________________________一.

约翰·F·肯-内迪总统的未送达演讲,达拉斯公民委员会(1963年11月22日)35-36.2.TEMPEST是瞬变电磁脉冲发射标准的缩写.

本标准阐述了美国对设备在不损害其1990年6月7日前发布的信息的情况下可能发出的电磁辐射量的官方意见.

根据美国或英国法律,使用TEMPEST并不违法.

加拿大有专门的法律将偷听暴风雨定为刑事犯罪,但这些法律更多的是为了阻止监视反措施,而不是防止暴风雨监视.

在美国,个人对暴风雨的监视采取有效的反措施是违法的.

这导致了一个难题,即个人和政府侵犯他人隐私是合法的,而个人采取措施保护自己的隐私是非法的.

作者建议,解决这一难题的办法是直截了当的.

有关在TEMPEST下保护隐私的信息应免费提供.

TEMPEST认证的设备应合法提供.

法律应要求拥有私人信息的组织通过良好的计算机安全实践和TEMPEST认证设备的使用来保护该信息.

专业人士将间谍活动分为两大类:人类情报收集(humin)和电子情报收集(ELINT).

顾名思义,胡敏特依靠人类特工,埃丽特依靠技术特工.

在过去,胡敏是唯一收集情报的方法.

4胡敏特工会偷取重要文件,观察部队和武器的移动,引诱人们进入他的密室来获取秘密,站在房屋的窃听器下,窃听住客.

_________________________割礼.

TEM PEST是一种防御标准.

符合此标准的设备称为TEM-PEST认证.

美国政府拒绝解密用于截获非TEMPEST认证设备电磁信息的设备的缩写.

对于本注释,这些设备及其背后的技术也将被称为TEMPEST.

在这种情况下,TEMPEST代表瞬变电磁脉冲监视技术.

美国政府拒绝公布有关TEMPEST的细节,并继续有组织地审查有关TEMPEST的信息传播.

例如,美国国家安全局通过对演讲内容进行分类,并威胁要以泄露机密信息的方式起诉演讲者,从而成功地关闭了王实验室关于TEM-PEST认证设备的演示.[引用来].三.本说明将不讨论1990年6月7日至3日的暴风雨是如何随着技术的进步而进行的曾经只能由人来表演的t已经被机器所取代.

所以一直是间谍活动.

现代卫星技术使部队和武器的移动能够比人类间谍所能达到的更精确、更远的距离被观察到.

文件被盗和窃听对话现在可以通过电子方式进行.

这意味着对人类操作人员的更大安全性,其唯一的参与可能是放置初始的ELINT装置.

这导致了ELINT对humin的优势,因为ELINT设备的放置和监控可能由一名没有间谍技术培训的技术人员执行.

收集到的情报可能由情报专家处理,可能在数千英里之外,不需要实地经验.

ELINT比Humin有很多其他优势.

如果一个间谍被抓住,他的存在可能会使他的雇佣国难堪,他被迫被迫放弃同胞的身份或其他重要信息.

就其本质而言,一个被发现的ELINT设备(bug)不能放弃任何信息.

而bug的普遍性为原则状态提供了貌似否认所有权或参与的能力.

_________________________迟于美国宪法规定的搜查令.

它也不会讨论将外国国民排除在战争要求之外的问题.四.自革命以来,美国一直在使用腐殖质.

”获得好情报的必要性是显而易见的,不必再催促了——我要补充的是,你要尽可能地保守整个事情的秘密.

因为,成功取决于大多数此类企业,而且由于缺乏保密性,它们通常都会被淘汰,无论计划多么周密,都有可能成为一个有利的问题.

《乔治华盛顿来信》(1777年7月26日).5分.”. 我希望你尽一切可能的努力,派遣信任的人到斯塔滕岛,你可以向他倾诉,了解敌人的情况和人数——他们是什么样的部队,他们有什么警卫——他们的力量和驻扎地点.”身份证6.窃听是盎格鲁撒克逊语,指的是用来防止雨水落在房屋地基附近的宽阔的檐檐.

窃听提供了“一个隐蔽的地方,人们可以躲在那里秘密地倾听屋内的谈话.”W.莫里斯和M.莫里斯,《莫里斯词和短语起源词典》,198(1977).

1990年6月7日-4-ELINT设备分为两大类:侵入性和非侵入性.

侵入性错误需要某种类型的侵入才能正常工作.

发射机可能需要对目标场所进行物理入侵才能放置,或者麦克风可能偷偷地附在窗户外面.

电话发射机可以放在电话线上的任何地方,包括中央交换机.

侵入是在物理上连接到电话线上时,或者当它靠近电话线时是感应的.

即使是微波窃听器,也需要将谐振器锥放置在目标场所内.

7个非侵入式ELINT设备在通过乙醚辐射时,通过接收电磁辐射(EMR)工作,不需要放置窃听器.

方法包括拦截卫星、微波和无线电传输的8个信息,包括移动和移动电话传输.

这一信息是故意传递的,目的是让某个或多个有意的人接收到它.

非侵入性ELINT还包括截取从未打算传送的信息.

所有电子设备都会发出电磁辐射.

一些辐射,如无线电波,是用来传输信息的.

这种辐射的大部分不是用来传输信息的,只是目标设备正在进行的任何工作的附带条件.

9这种信息可以被截获并重建成相干的形式.

用目前的暴风雨技术是可能的e重建计算机视频显示终端(VDU)屏幕的内容,最远可达一公里10.

重建计算机存储器的内容或其大容量存储设备的内容更为复杂,必须从较近的距离进行.

11通过EMR重建信息的过程各州政府拒绝解密确切的技术,甚至它的名称12,不仅限于计算机和数字设备,而且适用于所有产生电磁辐射的设备.

13 TEMPEST对vdu尤其有效,因为它们产生非常高的EMR.

14@uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu.

Pursglove,《俄罗斯间谍无线电工作原理》,无线电电子,89-91(1962年1月).8个.拦截是一个间谍术语的艺术,应该区别于其更常见的用法.

当信息被截取时,截取者以及预期的接收者都会收到信息.

截取(Interception)不作为一种艺术术语使用时,指的是一个人接受了为其他人准备的东西.

预期的接受者永远不会接受他打算接受的东西.

1990年6月7日-5-“[C]电缆可作为天线,直接或甚至两者都接收信号,并将其重新发射到离源设备更远的地方.

以这种方式充当天线的电缆有可能比设备本身更有效地传输信号……类似的效果也可能发生在金属管道上,例如用于生活用水的管道.

如果接地[接地]系统的安装不正确,以致电路中有一条电阻非常高的路径(例如,油漆阻止传导并起到绝缘作用),那么整个接地系统很可能以与天线类似的方式工作.

[对于VDU]最强的信号或其谐波通常大约在60-250兆赫之间.

然而,在电视波段和450-800兆赫之间的更高频率出现了非常强的辐射的明显例外.

Potts,排放安全,3计算机法律和安全报告27(1988).

_________________________9号.

有两种类型的发射,传导和辐射.

当部件或电缆作为发射电磁辐射的天线时,辐射发射就形成了.

当辐射沿着电缆或其他连接传导,但没有辐射时,就称为“传导”.

电源包括电缆、接地回路、印刷电路板、内部电线、电源线10.

TEMPEST ELINT算子可以区分同一个房间中的不同vdu,因为homo和异构单元的EMR特性不同.

”[T] 这里很少比较其他可比设备的电磁辐射特性.

只有当[VDU]是用完全相同的组件制造的,才有任何相似之处.

如果某些部件来自不同的批次,以某种方式进行了更新,特别是如果它们来自不同的制造商,则得到完全不同的结果.

这样,同一个[VDU]的不同标记或版本将发出不同的信号.

另外,由于不同县之间制造标准的差异,同一家公司生产的两个(VDU)来自不同县,它们的EMR信号特性将完全不同……由此看来,周围的排放物非常混乱,不可能将它们与任何一个隔离开来特定来源.

同样,情况并非如此.

大多数接收到的信号都有不同的线路1990年6月7日-6日-ELINT不限于政府.

它通常被个人用于自己的目的.

由于设计、反射、干涉或组件公差的变化,几乎所有形式的ELINT都可以提供给具有技术专长的个人,或是有钱雇佣某人进行同步.

例如,如果在同一频率上有三个不同的信号.

通过对射频接收器进行微调NTENA操作和修改线路同步,可以分别锁定三个信号中的每一个,从而读取屏幕信息.

通过类似的技术,完全有可能区分同一房间内设备的各个项目.

”Potts,前注9.

关于暴风雨威胁的讨论,请参见《记忆银行,美国银行家20》(1985年4月1日).

银行计算机系统的排放使窃听变得容易,专家说,《美国银行家1》(1985年3月26日).

阴极射线管间谍:对公司安全的威胁,《个人电脑周》(1987年3月10日).11号.TEMPEST涉及由数字设备产生的瞬态电磁脉冲.

所有电子设备都辐射电子病历,可以进行重建.

数字设备将信息处理为1和0,即开或关.

因此,数字设备发出电磁脉冲.

这些脉冲比模拟设备发出的非脉冲EMR更容易远距离重建.

有关宽带数字信息辐射问题的详细讨论,请参见军事标准MIL-STD-461 REO2.

白色前注9、10.2.12岁.见前注2.13岁.电子情报收集员特别感兴趣的是来自计算机、通信中心和航空电子设备的电子病历.

舒尔茨,击败伊万与风暴,德芬斯电子64(1983年6月).14岁.CRT屏幕上的图片是由在屏幕上排列成一行的图片元素(像素)构成的.

像素是由材料制成的,当受到能量冲击时会发出荧光.

能量是由电子枪在显像管背面发射的电子束产生的.

电子束以有规律的重复方式扫描阴极射线管的屏幕.

当光束的电压很高时,它所聚焦的像素会发射光子,并在屏幕上显示为一个点.

通过选择性地发射枪扫描整个阴极射线管的表面,像素在阴极射线管屏幕上形成字符.

像素只会在很短的时间内发光,必须经常被电子束击中才能保持发光.

保持1990年6月7日-7日所有的光输出-有专业知识.

为了保护政府和民众的隐私,各国政府试图将受试者使用ELINT的行为定为犯罪.

在美国,196815年《综合街道和犯罪法》第三章将非法侵入的ELINT定为故意拦截有线通信的犯罪行为.

16最初,第三章并未禁止非非法侵入的ELINT,17因为法院认为,非有线通信缺乏对p2IIIrivacy的任何期望.

18 1986年《电子通信隐私法》修订了第三编,将非有线通信包括在内.

ECPA是专门为包括电子邮件、计算机间通信和蜂窝电话而设计的.

为了达到这个目的,隐私测试的期望值被消除了.

20个本应被点亮的像素,电子束以每秒60次的速度穿过整个CRT屏幕.

每次光束发射时,都会产生高压电磁辐射.

这个电子病历可以用来重建目标阴极射线管屏幕的内容.

用于重建信息的TEMPEST ELINT设备使其CRT与目标CRT同步.

首先,它使用电子病历来同步它的电子枪和目标阴极射线管中的电子枪.

然后,当TEMPEST ELINT单元检测到EMR指示tar-get CRT对像素发射时,TEMPEST ELINT单元发射其CRT的电子枪.

ELINT-CRT与目标CRT完全同步.

当tar-get点亮一个像素时,TEM-PEST ELINT-CRT上相应的像素点亮.

tar-get CRT上的确切图片将出现在TEMPEST ELINT CRT上.

目标屏幕上的任何更改将立即在TEMPEST ELINT屏幕上重新反射.

TEMPEST认证的设备发出的排放水平太微弱,不容易被检测到.

国家通信安全信息备忘录5100A(NACSIM 5100A)中规定了认证等级.

”[E] 任务级别以时间和频率域、宽带或窄禁带表示d在频域和传导或辐射发射方面.

”白色,前注9,10.1.关于暴风雪的一个彻底但有误导性的讨论,请看范艾克,视频显示设备的电磁辐射:窃听风险?,4计算机与安全269(1985).15岁.酒吧.五十、 编号90-351,82 Stat.197.该法将个人和政府代理人非法侵入埃利特定为犯罪.

参见Katz诉美国,389 U.S.347(1967年)(第四修正案禁止政府而非个人监视)1990年6月7日-8日-经修正后,第三编仍然将电子截取通信定为非法.

“通信”一词表示有人试图与某人通信.

它不是指信息的无意传输.

然而,发射瞬变电磁脉冲(ETEP)的接收和重建是基于获得目标不打算发射的信息.

如果ETEP不打算用作通信,因此没有以接近当前通信协议的形式进行传输,那么它不能被视为国会在修订第三编“接收或拦截”时所设想的通信,经修订的第三编并未将发射的瞬变电磁脉冲定为犯罪.

在英国,198521年《通信拦截法》将监听通过公共电信线路发送的通信定为犯罪.

22电信线路上的通信拦截可以通过实际监听线路进行,或微波或卫星链路的被动拦截.

23这些形式的被动拦截不同于TEMPEST ELINT,因为它们拦截的是预期通信.

TEMPEST ELINT拦截的是非预期通信.

窃听计算机的辐射在任何方面都不构成窃听电信线路,因此不在法令的范围内.

《美国法典》第18卷第2511(1)(a)节.17岁.《美国诉霍尔》,《联邦地区法院判例汇编》第二辑第488卷第193页(第九巡回法庭,1973年)(没有发现任何立法史表明国会有意将该法案包括在无线电通话中).

此外,第三编只将截取“听觉”通信定为刑事犯罪,这包括所有形式的计算机通信.18岁.威拉米特订阅电视诉卡伍德案,《联邦地区法院判例补编》第580卷第1164页(D.或.1984年)(非有线通信缺乏隐私权).19岁.酒吧.五十、 编号99-508,100 Stat.

1848(编入18 U.S.C.2510-710)[以下简称ECPA].Đ9 20.《美国法典》第18卷第2511(1)(a)节将拦截“任何有线、口头或电子通信”定为刑事犯罪,不考虑对隐私的期望.21岁.《1985年通讯截获法》(Long Ti-tle),对邮递或公共通讯系统发送的通讯截获作出新规定并与之相关的法案,以及对《1984年通讯截获法》第45节进行修订的法案.22岁.《1985年通讯截取法1,禁止截取:(1)根据本节下列规定,有意截取com-1990年6月7日-9日-加拿大已采取直接措施限制对计算机的窃听.

1985年《加拿大刑事修正法》将间接使用计算机服务定为刑事犯罪.

25对“电磁装置”的具体提及清楚地表明了立法机关在立法范围内包括使用TEMPEST ELINT设备的意图.

获得“任何计算机服务”的限制确实导致了一些混乱.

加拿大立法机构尚未明确“计算机服务”是指计算机服务局,还是仅仅指计算机服务.

如果加拿大人的意思是访问任何计算机,他们为什么要提到任何“计算机服务”.

考虑到(b)“计算机系统的任何功能”的全部语言,这尤其令人困惑.

即使加拿大的立法将窃听所有电脑的行为定为犯罪,它也不能解决保护pri的问题信息匮乏.

刑法的目的是控制犯罪.

26在通过邮递或通过公共电信系统进行传播的过程中,只有26、2、2、2、2、2、2、2、2、2、2、2、2、1、2、2、2、2、2、1、2、2、2、2、2、2、2、2、1、2、2、1、2、2、1、2、2、2、1、2、2、2、1、2、2、2、1、2、2、1、2、2、2、1、2、2、1、2、2、1、2、2、2、2、1、2、2、2、1、2、2、1、2、2、1、2、2、2、1、2、2、2、2、2、1、2、2、2、1、2、2、2、1、2、2、2、1、2、2、2、1、2、2、2、1、2、2、2、1、2、2、2、1、2、2、2、1、2、2、2、1、2、2、判处两年以下有期徒刑或罚款或两者兼有.23岁.窃听(又称非法窃听)明显违反了法规.

”1985年《通讯截获法》第1条规定的犯罪行为包括窃听计算机通讯的形式,其中包括“窃听”传递信息的电线.

然而,可能出现的一个问题是,所涉通信是否在通过公共电信系统传输的过程中被接受.

从技术上讲,在通信传输的几个阶段拦截通信是可能的,而决定通信进入“公共”领域的阶段可能是一个事实问题.

法律委员会,第110号工作文件:计算机滥用,3.

30(1988年).24岁.”还有一些形式的窃听行为不包括在内.例如.通过监视周围的辐射场来窃听V.D.U.[本文称之为CRT]屏幕,以便在窃听者的屏幕上显示合法用户屏幕上出现的任何内容.

这项活动似乎不构成任何刑事犯罪……“法律委员会,第110号工作文件:滥用计算机,3.

31(1988年).

1990年6月7日-10日-制造风暴埃利特非法将不会控制其使用.

首先,因为它是一种固有的被动犯罪,所以不可能被发现并因此受到惩罚.

第二,如果不采取积极主动的姿态来控制泄露,使这种形式的窃听成为非法,就会给公众一种虚假的安全感.

第三,将拥有暴风雪装置定为刑事犯罪,妨碍了公共部门对反措施的研究.

最后,法律不会阻止对公司计算机中的私人信息的窃听,除非对没有采取充分防范措施的公司和更为常见的简单信息犯罪给予抑制.

27 TEMPEST ELINT是被动的.

计算机或终端发出的有害辐射被TEMPEST设备截获并重建成有用的信息.

不像传统的埃利特,没有必要在身体上用25.

《加拿大刑法》第301.

2(1)条规定,任何人如果没有权利的颜色,(a)直接或间接获得任何计算机服务,(b)通过电磁手段.

或其他设备,直接或间接地截获或导致截获计算机系统的任何功能.

[犯有可公诉的-围栏罪].26岁.美国量刑委员会,《联邦量刑指南手册》(1988年)(关于重新起草初步指南“g”的原则(未知页))27.

关于什么是计算机犯罪,一直存在很大的争论.

有好几种思想流派.

更明确的学派,以及作者所坚持的学派认为计算机犯罪应限于针对计算机的犯罪.

例如,恐怖分子用爆炸物摧毁计算机就属于这一类.

把幽灵雇员放在工资电脑上并收取他们的工资等犯罪行为仅仅是古老的会计欺诈.

如今,这种欺诈与电脑有关,因为记录保存在电脑上.

计算机只是犯罪的附属品.

这被错误地贴上了计算机犯罪的标签,只应被称为借助计算机实施的欺诈.

最后,还有信息犯罪.

这些都是与盗取或篡改信息有关的犯罪.

由于计算机能够保存和访问大量信息,这些犯罪更为常见,也更为有利可图.

暴风雪最好是猫被认为是信息犯罪.

1990年6月7日-11日-非法侵入甚至接近目标.

窃听可以从附近的办公室甚至停在合理距离内的货车上进行.

这意味着没有典型的犯罪现场.

在该法中发现罪犯的可能性很小或根本没有.

28如果发现了犯罪,它将辅助其他一些调查.

例如,如果一个人因内幕交易而被调查,搜查他的住所可能会产生一个暴风雪装置.

这个装置可以解释被告是如何获得内幕信息的.

但是是内幕交易,而不是装置,泄露了犯罪事实.

这尤其适用于由州政府组成的非法风暴.

除非肇事者被当场抓获,否则几乎没有他们从事间谍活动的证据.

可以检测到并定位一种树栖昆虫.

而且,一旦发现,它就提供了犯罪发生的确凿证据.

暴风雪装置由于其固有的被动特性,没有留下任何东西可供探测.

由于政府不太可能犯下可能被发现的附属罪行,所以间谍活动被发现的可能性非常小.

防止窃听的唯一方法是鼓励使用反措施:TEMPEST认证29台计算机和终端.

仅仅使暴风雨般的闪电成为非法,公众就被赋予了安全的假象.

他们被诱骗相信问题已经解决了.

将某些行为定为非法并不能阻止它们的发生.

对于暴风雪尤其如此,因为它是不可探测的.

如果没有被发现的机会,惩罚就是一个空洞的威胁.

没有被发现,就没有恐惧和定罪.

防止某些实体偷听计算机或计算机终端的唯一方法是设备不发出有害的辐射.

它必须经过TEMPEST认证.

_________________________28岁.

例如,比较一下水门事件,窃贼被发现时,他们转向移动一个位置不好的扩频窃听器.29岁.TEMPEST认证是指通过了NACSIM 5100A规定的测试和发射制度的设备.

该机密文件规定了国家安全局认为数字设备在不损害其正在处理的信息的情况下可以发射的发射水平.

TEMPEST认证的设备理论上是安全的,不会被TEMPEST窃听.

NACSIM 5100A和TEMPEST的所有细节均已分类.

为了获得使用权,承包商必须证明政府内部对计划于1990年6月7日至12日使用的特定类型的设备有需求——美国可以通过采取主动姿态来解决这一问题.

国家标准和技术研究所(NIST30)负责制定私营部门的计算机安全标准.

NIST还负责进行基础研究,以提高计算机安全技术.

目前,NIST不与私营部门讨论暴风雨问题.

为了保护隐私,必须将此策略更改为主动策略.

NIST应公布TEMPEST ELINT对计算机安全的威胁,并应建立计算机设备产生的辐射水平评级系统.

31此外,还应制定法律,要求对所有计算机设备的辐射水平及其是否经过TEMPEST认证进行标记.

只有公众知道这个问题,才能开始采取措施解决.

第三编将拥有监视装置定为犯罪,除非它是根据与政府签订的合同生产的.

这意味着,对监视和反监视设备的研究是由政府和一些与政府签订合同的公司垄断的.

如果坦佩斯窃听被定为犯罪,那么拥有坦佩斯埃林设备将是犯罪.

不幸的是,这并不能解决问题.

简单的风暴线设备容易制造.

只要几美元,许多旧的电视机就可以改装成接收和重建电子病历.

对于le一百多美元一个更复杂的风暴线接收器可以生产32.

将拥有TEM-PEST-ELINT设备定为刑事犯罪的问题不仅在于法律对此类设备的使用几乎没有影响,而且还会对反措施研究产生负面影响.

为了成功地设计针对某一特定监视技术的反措施,对该技术如何工作有一个完整的经验理解是至关重要的.

如果没有合法制造监视设备的权利,研究人员就不可能掌握生产有效反措施设备的知识.

这是公理化的:没有一个监视装置,它是一个,一个,一个,一个,一个.

由于标准是保密的,拖拉机不能向非安全政府机构或公众出售设备.

这就防止了对其物理实施的标准,即认证设备的逆向工程.

通过阻止私营部门拥有这种反窃听设备,国家安全局有效地阻止了他们保护自己电脑中的信息.

1990年6月7日-13日-无法测试反措施装置.

许多公司生产从电气设备测量电磁干扰的设备.

其中一些设备是专门为TEMPEST认证设备设计的.

这并不能解决问题.

问题是:在一个特定的频率下,有多少辐射在减弱?目前的答案是参考NACSIM 5100A.

本文件规定了适用于认证的辐射水平.

该文件只提供给有足够安全许可和正在进行的合同为政府生产TEMPEST认证计算机的美国承包商.

此外,国家安全局规定了正确的水平,虽然这些水平足以防止不友好的特工偷听,但不能保证根据NACSIM 5100A认证的设备的水平低到足以防止国家安全局自己偷听.

所谓正确辐射水平的可及性并不能解决防止暴风雨窃听的问题.

NACSIM 5100A的使用限制了制造商仅向需要处理机密信息的美国政府机构出售设备.

33没有权利拥有TEMPEST ELINT设备制造商谁希望出售给公共部门不能确定什么是安全水平的放射.

_________________________30岁.

以前是标准局.

NIST是商务部的一个部门.31岁.在这种情况下,计算机设备将包括所有外围计算机设备.

如果打印机或调制解调器未经认证,使用TEMPEST认证的计算机是没有用的.32岁.国家安全局试图限制TEMPEST信息的可用性,以防止设备的扩散.

关于第一修正案和事先限制的讨论,见,例如,美利坚合众国诉进步公司467 F.

Supp 990(1979,WD Wis.

)(打算出版核武器计划的杂志.

发布事先限制禁令),reh.兽穴.美国诉进步公司486 F.

Supp 5(1979,WD Wis.

),motion den Morland诉Sprecher 443 US 709(1979)(强制令),motion denied United States诉进步公司5 Media L R(1979,第七巡回法庭),驳回.没有op.U.S.v.Progressive,Inc.610 F.2d 819(1979年,第七巡回法庭).

纽约时报,Co.v.联合国国际贸易试验所,403 U.S.713(1971年)(每居里)(五角大楼文件案:规定政府无法满足的优先限制标准).T.艾默生,《出口自由制度》——6月7日,1990-14-此外,那些有权访问NACSIM 5100A的制造商应该想核实文件中规定的水平,事实上,低到足以防止拦截.

没有一个真正的窃听设备进行测试,任何制造商都无法生产出真正不妥协的设备.

即使法律允许公众拥有TEMPEST认证的设备,即使公众是知情人士对于TEMPEST对隐私的威胁,个人的隐私信息不一定会受到保护.

个人可以选择在自己的计算机上保护自己的信息.

公司可以选择是否保护自己的私人信息.

但持有个人私人信息的公司必须采取措施保护这些信息.

在英国,198434年的《数据保护法》对任何将个人信息35存储在计算机上并且未能采取合理措施防止该信息泄露的人实施制裁.

该法规定,除非计算机局或数据用户36已根据该法进行登记,否则不得将个人数据存储在任何计算机中.

37该法规定了一个中央登记处,并跟踪哪些公司或个人维护个人信息数据库.

数据使用者及决策局必须证明其拥有个人资料的需要及目的.

该法为任何人提供了侵权救济,即“科学自由与国家安全之间的平衡”,23 JURIMETRICS J.

1(1982)(限制科学和技术表达的现行法律法规超出了国家安全的正当需要).Hon.M、 费尔德曼,为什么第一修正案不符合国家安全,遗产基金会报告(1987年1月14日).

比较博克,中立原则和一些第一修正案的问题,47 IND.L.J.1(第一修正案只适用于政治演讲).G.Lewy,民主能保守秘密吗,26 POLICY REVIEW 17(1983)(赞同反映英国制度的严厉保密法).33岁.例如,美国国家安全局最近刚刚允许缉毒局(DEA)购买TEMPEST认证的计算机设备.

缉毒局想要安全的电脑设备,因为有钱的毒枭使用的是TEMPEST窃听设备.34岁.管理与个人有关的自动处理信息的使用和提供此类信息服务的法律.

1984年数据保护法,长标题.

1990年6月7日—15日—因泄露个人数据而受损.

38合理谨慎防止泄露是一种抗辩.

39英国法院尚未裁定何种程度的计算机安全措施构成合理谨慎.

考虑到TEMPEST ELINT可能的入侵程度,现在应该清楚的是,未使用TEMPEST认证的设备显然是不合理的谨慎.

该法的补救措施部分鼓励这些实体成功地保护个人数据不被披露或非法访问.

不保护数据会造成金钱损失.

从经济效率的角度来看,这可以被看作是将披露成本分配给最有能力承担这些成本,也最有能力防止披露的人.

存储个人数据的数据用户将使用TEMPEST认证的设备作为其计算机安全计划的一部分,以挫败潜在的窃听者.

_________________________35岁.

”“个人数据”是指由与可从该信息(或从该信息和数据用户拥有的其他信息)中识别的活着的个人有关的信息组成的数据,包括关于个人的任何意见表达,但不包括数据用户对该个人意图的任何表示.

1984年数据保护法1(3)36.

”“数据使用者”是指持有数据的人,如果(a)该数据构成上文第(2)款所述由该人或代表该人处理或打算处理的数据集合的一部分.

[第(2)款定义“数据”],(b)该人(单独或联合或与其他人共同)控制数据,则该人“持有”该数据集合中包含的数据的内容和使用.

以及(c)数据的形式,如上文(a)段所述,它们已经被或打算被处理.

或者(虽然暂时不是这样)数据的形式,在被处理后已经被转换成这样的形式,以期进一步所以在随后的会议上处理.

数据保护法1(5).37岁.《1984年数据保护法》,4,5.38岁.个人谁是个人资料的主体由资料使用者持有.

遭受(1)(c)之子的伤害.

未经上述授权而披露数据或获得数据访问权的,有权向数据用户获得补偿.

因…而遭受的任何痛苦.

1990年6月7日—16日—1984年的《数据保护法》将风险分配给那些最能承受风险的人,并鼓励他们将其他个人的数据保密.

美国应该通过这项法案,作为打击暴风雨窃听的全谱计划的一部分.

通过适当的计算机安全,数据用户处于防止泄露的最佳位置.

只有让他们对-16-ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ.

不要把暴风雪定为犯罪.

暴风雨埃利特会帮助的大多数犯罪,如内幕交易,已经是非法的.

现行法律是足够的.

-16-ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ.

只有当个人意识到威胁时,他们才能采取适当的预防措施或决定是否有必要采取任何预防措施.

-16-ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ.

如果个人要选择保护自己,他们必须能够作出一个明智的决定,多少保护是足够的.

-16-ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7TEMPEST认证设备应提供给私营部门.

目前禁止向非政府机构出售信息的禁令,使需要保护信息的个人无法拥有这样做的技术.

-拥有暴风雪装备不应被视为非法.

TEMPEST ELINT设备固有的被动性和简单的设计意味着非法拥有不会阻止犯罪.

设备易于制造,不可能被发现.

限制其可用性只会垄断政府的反措施研究、信息和设备.

这会阻止私营部门测试、设计和制造反措施.

-16-ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7ĕ7应制定反映1984年英国数据保护法的立法.

只有给持有个人数据的公司一个保护的理由,才能防止个人数据泄露.

如果数据用户对其未能采取合理的安全预防措施负有责任,他们将开始采取合理的安全预防措施,包括使用TEMPEST认证的设备.

 9[]敬请提交,Christopher J.

Seline cjs@cwru.cwru.edu cjs@cwru.

bitnet  199年6月9日.

,网络安全教程tempest.txt,tags |
paper,

Eavesdropping On the Electromagnetic Emanations of
Digital Equipment: The Laws of Canada, England and
the United States

Copyright (C) 1989 By Christopher Seline

This document is a rough draft. The Legal Sections
are overviews. They will be significantly
expanded in the next version.

We in this country, in this generation, are -- by
destiny rather than choice -- the watchmen on the
walls of world freedom.1
-President John F. Kennedy

In the novel 1984, George Orwell foretold a future where
individuals had no expectation of privacy because the state
monopolized the technology of spying. The government
watched the actions of its subjects from birth to death. No
one could protect himself because surveillance and counter-
surveillance technology was controlled by the government.

This note explores the legal status of a surveillance
technology ruefully known as TEMPEST2. Using TEMPEST
technology the information in any digital device may be
intercepted and reconstructed into useful intelligence
without the operative ever having to come near his target.
The technology is especially useful in the interception of
information stored in digital computers or displayed on
computer terminals.

_________________________
1. Undelivered speech of President John F. Ken-
nedy, Dallas Citizens Council (Nov. 22, 1963) 35-36.
2. TEMPEST is an acronym for Transient Electromag-
netic Pulse Emanation Standard. This standard sets
forth the official views of the United States on the
amount of electromagnetic radiation that a device may
emit without compromising the information it is pro-

June 7, 1990

- 2 -

The use of TEMPEST is not illegal under the laws of the
United States3, or England. Canada has specific laws
criminalizing TEMPEST eavesdropping but the laws do more to
hinder surveillance countermeasures than to prevent TEMPEST
surveillance. In the United States it is illegal for an
individual to take effective counter-measures against
TEMPEST surveillance. This leads to the conundrum that it
is legal for individuals and the government to invade the
privacy of others but illegal for individuals to take steps
to protect their privacy.

The author would like to suggest that the solution to this
conundrum is straightforward. Information on pro-
tecting privacy under TEMPEST should be made freely
available; TEMPEST Certified equipment should be legally
available; and organizations possessing private information
should be required by law to protect that information
through good computer security practices and the use of
TEMPEST Certified equipment.

Spying is divided by professionals into two main types:
human intelligence gathering (HUMINT) and electronic
intelligence gathering (ELINT). As the names imply, HUMINT
relies on human operatives, and ELINT relies on
technological operatives. In the past HUMINT was the sole
method for collecting intelligence.4 The HUMINT operative
would steal important papers, observe troop and weapon
movements5, lure people into his confidences to extract
secrets, and stand under the eavesdrip6 of houses,
eavesdropping on the occupants.

_________________________
cessing. TEMPEST is a defensive standard; a device
which conforms to this standard is referred to as TEM-
PEST Certified.
The United States government has refused to declassi-
fy the acronym for devices used to intercept the
electromagnetic information of non-TEMPEST Certified
devices. For this note, these devices and the
technology behind them will also be referred to
as TEMPEST; in which case, TEMPEST stands for
Transient Electromagnetic Pulse Surveillance Technolo-
gy.
The United States government refuses to release
details regarding TEMPEST and continues an organized
effort to censor the dissemination of information
about it. For example the NSA succeeded in shut-
ting down a Wang Laboratories presentation on TEM-
PEST Certified equipment by classifying the contents
of the speech and threatening to prosecute the
speaker with revealing classified information. [cite
coming].
3. This Note will not discuses how TEMPEST re-

June 7, 1990

- 3 -

As technology has progressed, tasks that once could only
be performed by humans have been taken over by
machines. So it has been with spying. Modern satellite
technology allows troop and weapons movements to be observed
with greater precision and from greater distances than a
human spy could ever hope to accomplish. The theft of
documents and eavesdropping on conversations may now be
performed electronically. This means greater safety for the
human operative, whose only involvement may be the placing
of the initial ELINT devices. This has led to the
ascendancy of ELINT over HUMINT because the placement and
monitoring of ELINT devices may be performed by a technician
who has no training in the art of spying. The gathered
intelligence may be processed by an intelligence expert,
perhaps thousands of miles away, with no need of field
experience.

ELINT has a number of other advantages over HUMINT. If a
spy is caught his existence could embarrass his employing
state and he could be forced into giving up the identities
of his compatriots or other important information. By its
very nature, a discovered ELINT device (bug) cannot give up
any information; and the ubiquitous nature of bugs provides
the principle state with the ability to plausibly deny
ownership or involvement.
_________________________
lates to the Warrant Requirement under the United
States Constitution. Nor will it discuss the Consti-
tutional exclusion of foreign nationals from the War-
rant Requirement.
4. HUMINT has been used by the United States
since the Revolution. "The necessity of procuring
good intelligence is apparent & need not be further
urged -- All that remains for me to add is, that you
keep the whole matter as secret as possible. For
upon Secrecy, Success depends in Most Enterprises of
the kind, and for want of it, they are generally de-
feated, however well planned & promising a favorable
issue." Letter of George Washington (Jul. 26, 1777).
5. "... I wish you to take every possible pains in
your powers, by sending trusty persons to Staten
Island in whom you can confide, to obtain Intelli-
gence of the Enemy's situation & numbers -- what
kind of Troops they are, and what Guards they have
-- their strength & where posted." Id.
6. Eavesdrip is an Anglo-Saxon word, and refers to
the wide overhanging eaves used to prevent rain from
falling close to a house's foundation. The eavesdrip
provided "a sheltered place where one could hide to
listen clandestinely to conversation within the
house." W. MORRIS & M. MORRIS, MORRIS DICTIONARY OF
WORD AND PHRASE ORIGINS, 198 (1977).

June 7, 1990

- 4 -

ELINT devices fall into two broad categories:
trespassatory and non-trespassatory. Trespassatory bugs
require some type of trespass in order for them to function.
A transmitter might require the physical invasion of the
target premises for placement, or a microphone might be
surreptitiously attached to the outside of a window. A
telephone transmitter can be placed anywhere on the phone
line, including at the central switch. The trespass comes
either when it is physically attached to the phone line, or
if it is inductive, when placed in close proximity to the
phone line. Even microwave bugs require the placement of
the resonator cone within the target premises.7

Non-trespassatory ELINT devices work by receiving
electromagnetic radiation (EMR) as it radiates through the
aether, and do not require the placement of bugs. Methods
include intercepting8 information transmitted by satellite,
microwave, and radio, including mobile and cellular phone
transmissions. This information was purposely transmitted
with the intent that some intended person or persons would
receive it.

Non-trespassatory ELINT also includes the interception of
information that was never intended to be transmitted.
All electronic devices emit electromagnetic radiation. Some
of the radiation, as with radio waves, is intended to
transmit information. Much of this radiation is not
intended to transmit information and is merely incidental to
whatever work the target device is performing.9 This
information can be intercepted and reconstructed into a
coherent form. With current TEMPEST technology it is
possible to reconstruct the contents of computer video
display terminal (VDU) screens from up to a kilometer
distant10; reconstructing the contents of a computer's
memory or the contents of its mass storage devices is more
complicated and must be performed from a closer distance.11
The reconstruction of information via EMR, a process for
which the United States government refuses to declassify
either the exact technique or even its name12, is not
limited to computers and digital devices but is applicable
to all devices that generate electromagnetic radiation.13
TEMPEST is especially effective against VDUs because they
produce a very high level of EMR.14
_________________________
7. Pursglove, How Russian Spy Radios Work, RADIO
ELECTRONICS, 89-91 (Jan 1962).
8. Interception is an espionage term of art and
should be differentiated from its more common usage.
When information is intercepted, the interceptor as
well as the intended recipient receive the informa-
tion. Interception when not used as a term of art
refers to one person receiving something intended for
someone else; the intended recipient never receives
what he was intended to receive.

June 7, 1990

- 5 -

"[C]ables may act as an antenna to transmit
the signals directly or even both receive the
signals and re-emit them further away from the
source equipment. It is possible that cables
acting as an antenna in such a manner could
transmit the signals much more efficiently
than the equipment itself...A similar effect
may occur with metal pipes such as those for
domestic water supplies. ... If an earthing
[(grounding)] system is not installed correctly
such that there is a path in the circuit with
a very high resistance (for example where paint
prevents conduction and is acting as an insu-
lator), then the whole earthing system could
well act in a similar fashion to an antenna. ...
[For a VDU] the strongest signals, or harmonics
thereof, are usually between 60-250 MHz approx-
imately. There have however been noticeable
exception of extremely strong emissions in
the television bands and at higher frequencies
between 450-800 MHz. Potts, Emission Security,
3 COMPUTER LAW AND SECURITY REPORT 27 (1988).

_________________________
9. There are two types of emissions, conducted and
radiated. Radiated emissions are formed when com-
ponents or cables act as antennas for transmit the
EMR; when radiation is conducted along cables or other
connections but not radiated it is referred to as "con-
ducted". Sources include cables, the ground loop,
printed circuit boards, internal wires, the power
supply to power line
10. The TEMPEST ELINT operator can distinguish between
different VDUs in the same room because of
the different EMR characteristics of both homo and
heterogeneous units. "[T]here is little comparison
between EMR characteristics from otherwise comparable
equipment. Only if the [VDU] was made with exactly
the same components is there any similarity. If
some of the components have come from a different
batch, have been updated in some way, and especial-
ly if they are from a different manufacturer,
then completely different results are obtained. In
this way a different mark or version of the same [VDU]
will emit different signals. Additionally because
of the variation of manufacturing standards between
counties, two [VDUs] made by the same company but
sourced from different counties will have entirely
different EMR signal characteristics...From this it way
be thought that there is such a jumble of emissions
around, that it would not be possible to isolate those
from any one particular source. Again, this is not the
case. Most received signals have a different line

June 7, 1990

- 6 -

ELINT is not limited to governments. It is routinely used
by individuals for their own purposes. Almost all
forms of ELINT are available to the individual with either
the technological expertise or the money to hire someone
_________________________
synchronization, due to design, reflection, in-
terference or variation of component tolerances. So
that if for instance there are three different
signals on the same frequency ... by fine tuning
of the RF receiver, antenna manipulation and
modification of line synchronization, it is possi-
ble to lock onto each of the three signals separately
and so read the screen information. By similar
techniques, it is entirely possible to discriminate
between individual items of equipment in the same
room." Potts, supra note 9. For a discussion of
the TEMPEST ELINT threat See e.g., Memory Bank,
AMERICAN BANKER 20 (Apr 1 1985); Emissions from Bank
Computer Systems Make Eavesdropping Easy, Expert
Says, AMERICAN BANKER 1 (Mar 26 1985); CRT spying:
a threat to corporate security, PC WEEK (Mar 10
1987).
11. TEMPEST is concerned with the transient elec-
tromagnetic pulses formed by digital equipment. All
electronic equipment radiates EMR which may be
reconstructed. Digital equipment processes informa-
tion as 1's and 0's--on's or off's. Because of this,
digital equipment gives off pulses of EMR. These
pulses are easier to reconstruct at a distance than
the non-pulse EMR given off by analog equipment.
For a thorough discussion the radiation problems of
broadband digital information see e.g. military
standard MIL-STD-461 REO2; White supra note 9,
10.2.
12. See supra note 2.
13. Of special interest to ELINT collectors are
EMR from computers, communications centers and
avionics. Schultz, Defeating Ivan with TEMPEST, DE-
FENSE ELECTRONICS 64 (June 1983).
14. The picture on a CRT screen is built up
of picture elements (pixels) organized in lines
across the screen. The pixels are made of materi-
al that fluoresces when struck with energy. The en-
ergy is produced by a beam of electrons fired from an
electron gun in the back of the picture tube. The
electron beam scans the screen of the CRT in a regular
repetitive manner. When the voltage of the beam is
high then the pixel it is focused upon emits photons
and appears as a dot on the screen. By selective-
ly firing the gun as it scans across the face of
the CRT, the pixels form characters on the CRT screen.
The pixels glow for only a very short time
and must be routinely struck by the electron beam to
stay lit. To maintain the light output of all the

June 7, 1990

- 7 -

with the expertise. Governments have attempted to
criminalize all use of ELINT by their subjects--to protect
the privacy of both the government and the population.

In the United States, Title III of the Omnibus Streets and
Crimes Act of 196815 criminalizes trespassatory ELINT as the
intentional interception of wire communications.16 As ori-
ginally passed, Title III did not prohibit non-
trespassatory ELINT,17 because courts found that non-wire
communication lacked any expectation of p2IIIrivacy.18 The
Electronic Communications Privacy Act of 198619 amended
Title III to include non-wire communication. ECPA was
specifically designed to include electronic mail, inter-
computer communications, and cellular telephones. To
accomplish this, the expectation of privacy test was
eliminated.20
_________________________
pixels that are supposed to be lit, the electron beam
traverses the entire CRT screen sixty times a second.
Every time the beam fires it causes a high voltage
EMR emission. This EMR can be used to reconstruct
the contents of the target CRT screen. TEMPEST
ELINT equipment designed to reconstruct the informa-
tion synchronizes its CRT with the target CRT. First,
it uses the EMR to synchronize its electron gun with
the electron gun in the target CRT. Then, when the
TEMPEST ELINT unit detects EMR indicating that the tar-
get CRT fired on a pixel, the TEMPEST ELINT unit fires
the electron gun of its CRT. The ELINT CRT is in
perfect synchronism with the target CRT; when the tar-
get lights a pixel, a corresponding pixel on the TEM-
PEST ELINT CRT is lit. The exact picture on the tar-
get CRT will appear on the TEMPEST ELINT CRT. Any
changes on the target screen will be instantly re-
flected in the TEMPEST ELINT screen.
TEMPEST Certified equipment gives off emissions
levels that are too faint to be readily detected.
Certification levels are set out in National
Communications Security Information Memorandum
5100A (NACSIM 5100A). "[E]mission levels are
expressed in the time and frequency domain, broadband
or narrow band in terms of the frequency domain, and
in terms of conducted or radiated emissions." White,
supra, note 9, 10.1.
For a thorough though purposely misleading dis-
cussion of TEMPEST ELINT see Van Eck, Electromagnetic
Radiation from Video Display units: An Eavesdropping
Risk?, 4 Computers & Security 269 (1985).
15. Pub. L. No. 90-351, 82 Stat. 197. The Act
criminalizes trespassatory ELINT by individuals as
well as governmental agents. cf. Katz v. United
States, 389 U.S. 347 (1967) (Fourth Amendment prohibits
surveillance by government not individuals.)

June 7, 1990

- 8 -

As amended, Title III still outlaws the electronic
interception of communications. The word "communications"
indicates that someone is attempting to communicate
something to someone; it does not refer to the inadvertent
transmission of information. The reception and
reconstruction of emanated transient electromagnetic pulses
(ETEP), however, is based on obtaining information that the
target does not mean to transmit. If the ETEP is not
intended as communication, and is therefore not transmitted
in a form approaching current communications protocols, then
it can not be considered communications as contemplated by
Congress when it amended Title III. Reception, or
interception, of emanated transient electromagnetic pulses
is not criminalized by Title III as amended.

In England the Interception of Communications Act
198521 criminalizes the tapping of communications sent over
public telecommunications lines.22 The interception of
communications on a telecommunication line can take place
with a physical tap on the line, or the passive interception
of microwave or satellite links.23 These forms of passive
interception differ from TEMPEST ELINT because they are
intercepting intended communication; TEMPEST ELINT
intercepts unintended communication. Eavesdropping on the
emanations of computers does not in any way comport to
tapping a telecommunication line and therefore falls outside
the scope of the statute.24
_________________________
16. 18 U.S.C. 2511(1)(a).
17. United States v. Hall, 488 F.2d 193 (9th Cir.
1973) (found no legislative history indicating
Congress intended the act to include radio-telephone
conversations). Further, Title III only criminalized
the interception of "aural" communications which ex-
cluded all forms of computer communications.
18. Willamette Subscription Television v. Cawood,
580 F.Supp 1164 (D. Or. 1984) (non-wire communications
lacks any expectation of privacy).
19. Pub. L. No. 99-508, 100 Stat. 1848 (codified at 18
U.S.C. 2510-710) [hereinafter ECPA].
9 20. 18 U.S.C. 2511(1)(a) criminalizes the
interception of "any wire, oral or electronic com-
munication" without regard to an expectation of
privacy.
21. Interception of Communications Act 1985, Long Ti-
tle, An Act to make new provision for and in connection
with the interception of communications sent by
post or by means of public telecommunications
systems and to amend section 45 of the Telecom-
munications Act 1984.
22. Interception of Communications Act 1985 1,
Prohibition on Interception:
(1) Subject to the following provisions of this sec-
tion, a person who intentionally intercepts a com-

9 June 7, 1990

- 9 -

Canada has taken direct steps to limit eavesdropping on com-
puters. The Canadian Criminal Amendment Act of 1985
criminalized indirect access to a computer service.25 The
specific reference to an "electromagnetic device" clearly
shows the intent of the legislature to include the use of
TEMPEST ELINT equipment within the ambit of the legislation.

The limitation of obtaining "any computer service" does lead
to some confusion. The Canadian legislature has not made
it clear whether "computer service" refers to a com-
puter service bureau or merely the services of a
computer. If the Canadians had meant access to any
computer, why did they refer to any "computer service".
This is especially confusing considering the al-
encompassing language of (b) 'any function of a computer
system'.

Even if the Canadian legislation criminalizes
eavesdropping on all computers, it does not solve the
problem of protecting the privacy of information. The
purpose of criminal law is to control crime.26 Merely
_________________________
munication in the course of its transmission by post
or by means of a public telecommunications system
shall be guilty of an offence and liable--
(a) on summary conviction,to a fine not exceeding the
statutory maximum;
(b) on conviction on indictment, to imprisonment for a
term not exceeding two years or to a fine or to both.
23. Tapping (aka trespassatory eavesdropping) is
patently in violation of the statute. "The offense
created by section 1 of the Interception of Communica-
tions Act 1985 covers those forms of eavesdropping on
computer communications which involve "tapping" the
wires along which messages are being passed. One
problem which may arise, however, is the question
of whether the communication in question was inter-
cepted in the course of its transmission by means of
a public telecommunications system. It is technically
possible to intercept a communication at several
stages in its transmission, and it may be a question
of fact to decide the stage at which it enters the
"public" realm. THE LAW COMMISSION,WORKING PAPER NO.
110: COMPUTER MISUSE, 3.30 (1988).
24. "There are also forms of eavesdropping which the
Act does not cover. For example. eavesdropping on a
V.D.U. [referred to in this text as a CRT] screen by
monitoring the radiation field which surrounds it in
order to display whatever appears on the legitimate
user's screen on the eavesdropper's screen. This
activity would not seem to constitute any criminal
offence..." THE LAW COMMISSION, WORKING PAPER NO. 110:
COMPUTER MISUSE, 3.31 (1988).

June 7, 1990

- 10 -

making TEMPEST ELINT illegal will not control its use.
First, because it is an inherently passive crime it is
impossible to detect and hence punish. Second, making this
form of eavesdropping illegal without taking a proactive
stance in controlling compromising emanations gives the
public a false sense of security. Third, criminalizing the
possession of a TEMPEST ELINT device prevents public sector
research into countermeasures. Finally, the law will not
prevent eavesdropping on private information held in company
computers unless disincentives are given for companies that
do not take sufficient precautions against eavesdropping and
simple, more common, information crimes.27

TEMPEST ELINT is passive. The computer or terminal
emanates compromising radiation which is intercepted by the
TEMPEST device and reconstructed into useful information.
Unlike conventional ELINT there is no need to physically
_________________________
25. 301.2(1) of the Canadian criminal code states
that anyone who without color of right,
(a) obtains, directly or indirectly, any computer ser-
vice,
(b) by means of an electromagnetic ... or oth-
er device, intercepts or causes to be intercept-
ed, either directly or indirectly, any function of a
computer system ... [is guilty of an indictable of-
fence].
26. UNITED STATES SENTENCING COMM'N, FEDERAL
SENTENCING GUIDELINES MANUAL (1988) (Principles Govern-
ing the Redrafting of the Preliminary Guidelines "g."
(at an unknown page))
27. There has been great debate over what exactly is
a computer crime. There are several schools of
thought. The more articulate school, and the one to
which the author adheres holds that the category com-
puter crime should be limited to crimes directed
against computers; for example, a terrorist destroying
a computer with explosives would fall into this
category. Crimes such as putting ghost employees
on a payroll computer and collecting their pay are
merely age-old accounting frauds; today the fraud in-
volves a computer because the records are kept on a
computer. The computer is merely ancillary to the
crime. This has been mislabeled computer crime and
should merely be referred to as a fraud perpetrated
with the aid of a computer. Finally, there are infor-
mation crimes. These are crimes related to the pur-
loining or alteration of information. These crimes
are more common and more profitable due to the
computer's ability to hold and access great amounts of
information. TEMPEST ELINT can best be categorized as
a information crime.

June 7, 1990

- 11 -

trespass or even come near the target. Eavesdropping can be
performed from a nearby office or even a van parked within a
reasonable distance. This means that there is no classic
scene of the crime; and little or no chance of the criminal
being discovered in the act.28

If the crime is discovered it will be ancillary to some
other investigation. For example, if an individual is
investigated for insider trading a search of his residence
may yield a TEMPEST ELINT device. The device would explain
how the defendant was obtaining insider information; but it
was the insider trading, not the device, that gave away the
crime.

This is especially true for illegal TEMPEST ELINT per-
formed by the state. Unless the perpetrators are caught in
the act there is little evidence of their spying. A
trespatory bug can be detected and located; further, once
found it provides tangible evidence that a crime took place.

A TEMPEST ELINT device by its inherent passive nature leaves
nothing to detect. Since the government is less likely to
commit an ancillary crime which might be detected there is a
very small chance that the spying will ever be discovered.
The only way to prevent eavesdropping is to encourage the
use of countermeasures: TEMPEST Certified29 computers and
terminals.

In merely making TEMPEST ELINT illegal the public is
given the false impression of security; they lulled into
believing the problem has been solved. Making certain
actions illegal does not prevent them from occurring. This
is especially true for a TEMPEST ELINT because it is
undetectable. Punishment is an empty threat if there is no
chance of being detected; without detection there can be no
apprehension and conviction. The only way to prevent some
entity from eavesdropping on one's computer or computer
terminal is for the equipment not to give off compromising
emanation; it must be TEMPEST Certified.
_________________________
28. Compare, for example, the Watergate breakin in
which the burglars were discovered when they re-
turned to move a poorly placed spread spectrum bug.
29. TEMPEST Certified refers to the equipment having
passed a testing and emanations regime specified in
NACSIM 5100A. This classified document sets forth the
emanations levels that the NSA believes digital equip-
ment can give off without compromising the information
it is processing. TEMPEST Certified equipment is
theoretically secure against TEMPEST eavesdropping.
NACSIM 5100A is classified, as are all details
of TEMPEST. To obtain access to it, contractor
must prove that there is demand within the govern-
ment for the specific type of equipment that intend to

June 7, 1990

- 12 -

The United States can solve this problem by taking a
proactive stance on compromising emanations. The National
Institute of Standards and Technology (NIST30) is in charge
of setting forth standards of computer security for the
private sector. NIST is also charged with doing basic
research to advance the art of computer security. Currently
NIST does not discuss TEMPEST with the private sector. For
privacy's sake, this policy must be changed to a proactive
one. The NIST should publicize the TEMPEST ELINT threat to
computer security and should set up a rating system for
level of emanations produced by computer equipment.31

Further, legislation should be enacted to require the
labeling of all computer equipment with its level of
emanations and whether it is TEMPEST Certified. Only if the
public knows of the problem can it begin to take steps to
solve it.

Title III makes possession of a surveillance device a
crime, unless it is produced under contract to the
government. This means that research into surveillance and
counter-surveillance equipment is monopolized by the
government and a few companies working under contract with
the government. If TEMPEST eavesdropping is criminalized,
then possession of TEMPEST ELINT equipment will be criminal.
Unfortunately,this does not solve the problem. Simple
TEMPEST ELINT equipment is easy to make. For just a few
dollars many older television sets can be modified to
receive and reconstruct EMR. For less than a hundred
dollars a more sophisticated TEMPEST ELINT receiver can be
produced32.

The problem with criminalizing the possession of TEM-
PEST ELINT equipment is not just that the law will have
little effect on the use of such equipment, but that it will
have a negative effect on counter-measures research. To
successfully design counter-measures to a particular
surveillance technique it is vital to have a complete
empirical understanding of how that technique works.
Without the right to legally manufacture a surveillance
device there is no possible way for a researcher to have the
knowledge to produce an effective counter-measures device.
It is axiomatic: without a surveillance device, it is
_________________________
certify. Since the standard is classified, the con-
tractors can not sell the equipment to non-secure
governmental agencies or the public. This prevents re-
verse engineering of the standard for its physical
embodiment, the Certified equipment. By preventing
the private sector from owning this anti-
eavesdropping equipment, the NSA has effectively
prevented the them from protecting the information in
their computers.

June 7, 1990

- 13 -

impossible to test a counter-measures device.

A number of companies produce devices to measure the ema-
nations from electrical equipment. Some of these devices
are specifically designed for bench marking TEMPEST
Certified equipment. This does not solve the problem. The
question arises: how much radiation at a particular
frequency is compromising? The current answer is to refer
to NACSIM 5100A. This document specifies the emanations
levels suitable for Certification. The document is only
available to United States contractors having sufficient
security clearance and an ongoing contract to produce
TEMPEST Certified computers for the government. Further,
the correct levels are specified by the NSA and there is no
assurance that, while these levels are sufficient to prevent
eavesdropping by unfriendly operatives, equipment certified
under NACSIM 5100A will have levels low enough to prevent
eavesdropping by the NSA itself.

The accessibility of supposedly correct emanations lev-
els does not solve the problem of preventing TEMPEST
eavesdropping. Access to NACSIM 5100A limits the
manufacturer to selling the equipment only to United States
governmental agencies with the need to process secret
information.33 Without the right to possess TEMPEST ELINT
equipment manufacturers who wish to sell to the public
sector cannot determine what a safe level of emanations is.

_________________________
30. Previously the Bureau of Standards. The NIST is
a division of the Commerce Department.
31. In this case computer equipment would include all
peripheral computer equipment. There is no use is us-
ing a TEMPEST Certified computer if the printer or the
modem are not Certified.
32. The NSA has tried to limit the availability
of TEMPEST information to prevent the spread of the
devices.
For a discussion of the First Amendment and prior
restraint See, e.g. The United States of America v.
Progressive, Inc. 467 F.Supp 990 (1979, WD
Wis.)(magazine intended to publish plans for nuclear
weapon; prior restraint injunction issued), reh.
den. United States v. Progressive Inc. 486 F.Supp 5
(1979, WD Wis.), motion den Morland v. Sprecher
443 US 709 (1979)(mandamus), motion denied United
States v. Progressive, Inc. 5 Media L R (1979, 7th
Cir.), dismd. without op. U.S. v. Progressive, Inc 610
F.2d 819 (1979, 7th Cir.); New York Times, Co. v. Un-
ited States, 403 U.S. 713 (1971)(per
curium)(Pentagon Papers case: setting forth prior
restraint standard which government was unable to
meet); T. EMERSON, THE SYSTEM OF FREEDOM OF EXPRES-

June 7, 1990

- 14 -

Further those manufacturers with access to NACSIM 5100A
should want to verify that the levels set out in the
document are, in fact, low enough to prevent interception.
Without an actual eavesdropping device with which to test,
no manufacturer will be able to produce genuinely
uncompromising equipment.

Even if the laws allow ownership of TEMPEST Certified
equipment by the public, and even if the public is informed
of TEMPEST's threat to privacy, individuals' private
information will not necessarily by protected. Individuals
may choose to protect their own information on their own
computers. Companies may choose whether to protect their
own private information. But companies that hold the
private information of individuals must be forced to take
steps to protect that information.

In England the Data Protection Act 198434 imposes
sanctions against anyone who stores the personal
information35 on a computer and fails to take reasonable
measures to prevent disclosure of that information. The act
mandates that personal data may not be stored in any
computer unless the computer bureau or data user36 has
registered under the act.37 This provides for a central
registry and the tracking of which companies or persons
maintain databases of personal information. Data users and
bureaux must demonstrate a need and purpose behind their
possession of personal data.

The act provides tort remedies to any person who is
_________________________
SION (1970); Balance Between Scientific Freedom and
NAtional Security, 23 JURIMETRICS J. 1
(1982)(current laws and regulations limiting scien-
tific and technical expression exceed the legitimate
needs of national security); Hon. M. Feldman, Why the
First Amendment is not Incompatible with National
Security, HERITAGE FOUNDATION REPORTS (Jan. 14,
1987). Compare Bork, Neutral Principles and Some
First Amendment Problems, 47 IND. L. J. 1 (First
Amendment applies only to political speech); G. Lewy,
Can Democracy Keep Secrets, 26 POLICY REVIEW 17
(1983)(endorsing draconian secrecy laws mirroring the
English system).
33. For example, the NSA has just recently allowed
the Drug Enforcement Agency (DEA) to purchase TEMPEST
Certified computer equipment. The DEA wanted
secure computer equipment because wealthy drug lords
had were using TEMPEST eavesdropping equipment.
34. An Act to regulate the use of automatically
processed information relating to individuals and the
provision of services in respect of such information.
Data Protection Act 1984, Long Title.

June 7, 1990

- 15 -

damaged by disclosure of the personal data.38 Reasonable
care to prevent the disclosure is a defense.39 English
courts have not yet ruled what level of computer security
measures constitute reasonable care. Considering the
magnitude of invasion possible with TEMPEST ELINT it should
be clear by now that failure to use TEMPEST Certified
equipment is prima facie unreasonable care.

The Remedies section of the act provides incentive for
these entities to provide successful protection of person
data from disclosure or illicit access. Failure to protect
the data will result in monetary loss. This may be looked
at from the economic efficiency viewpoint as allocating the
cost of disclosure the persons most able to bear those
costs, and also most able to prevent disclosure. Data users
that store personal data would use TEMPEST Certified
equipment as part of their computer security plan, thwarting
would-be eavesdroppers.

_________________________
35. "Personal data" means data consisting of informa-
tion which relates to a living individual who can be
identified from that information (or from that and
other information in the possession of the data user),
including any expression of opinion about the indivi-
dual but not any indication of the intentions of the
data user in respect of that individual.
Data Protection Act 1984 1(3)
36. "Data user" means a person who holds data, and
a persons "Holds" data if --
(a) the data form part of a collection of data pro-
cessed or intended to be processed by or on behalf of
that person as mentioned in subsection (2) above;
[subsection (2) defines "data"] and
(b) that person (either alone or jointly or in common
with other persons) controls the contents and use of
the data comprised in the collection; and
(c) the data are in the form in which they have been
or are intended to be processed as mentioned in para-
graph (a) above or (though not for the time being in
that form) in a form into which they have been con-
verted after being so processed and with a view to
being further so processed on a subsequent occa-
sion.
Data Protection Act 1(5).
37. Data Protection Act 1984, 4,5.
38. An individual who is the subject of personal data
held by a data user... and who suffers damage by rea-
son of (1)(c) ... the disclosure of the data, or ac-
cess having been obtained to the data without such
authority as aforesaid shall be entitled to compen-
sation from the data user... for any distress which
the individual has suffered by reason of the ...

June 7, 1990

- 16 -

The Data Protection Act 1984 allocates risk to those who
can bear it best and provides an incentive for them to
keep other individuals' data private. This act should be
adopted by the United States as part of a full-spectrum plan
to combat TEMPEST eavesdropping. Data users are in the best
position to prevent disclosure through proper computer
security. Only by making them liable for failures in

- 16 -
77777777777security can we begin to rein in TEMPEST ELINT. Do not
criminalize TEMPEST ELINT. Most crimes that TEMPEST ELINT
would aid, such a insider trading, are already illegal; the
current laws are adequate.

- 16 -
777777777The National Institute of Standards and Technology should
immediately begin a program to educate the private sector
about TEMPEST. Only if individuals are aware of the threat
can they take appropriate precautions or decide whether
any precautions are necessary.

- 16 -
7777777777Legislation should be enacted to require all elec-
tronic equipment to prominently display its level of
emanations and whether it is TEMPEST Certified. If
individuals are to choose to protect themselves they must be
able to make a informed decision regarding how much
protection is enough.

- 16 -
77777777777TEMPEST Certified equipment should be available to the
private sector. The current ban on selling to non-
governmental agencies prevents individuals who need to
protect information from having the technology to do so.

- 16 -
777777777Possession of TEMPEST ELINT equipment should not be made
illegal. The inherently passive nature and simple
design of TEMPEST ELINT equipment means that making its
possession illegal will not deter crime; the units can be
easily manufactured and are impossible to detect. Limiting
their availability serves only to monopolize the
countermeasures research, information, and equipment for the
government; this prevents the testing, design and
manufacture of counter-measures by the private sector.

- 16 -
77777777777777Legislation mirroring England's Data Protection Act 1984
should be enacted. Preventing disclosure of personal data
can only be accomplished by giving those companies hold-
ing the data a reason to protect it. If data users are
held liable for their failure to take reasonable security
precautions they will begin to take reasonable security
precautions, including the use of TEMPEST Certified
equipment.

9 [] Respectfully submitted,

Christopher J. Seline cjs@cwru.cwru.edu
cjs@cwru.bitnet

9

June 7, 1990

人已赞赏
安全工具

<p>tr993.<p>ps公司.</p>

2020-2-6 3:16:35

安全工具

<p>subversion.htm版本.</p>

2020-2-6 3:16:38

0 条回复 A文章作者 M管理员
    暂无讨论,说说你的看法吧
个人中心
购物车
优惠劵
今日签到
有新私信 私信列表
搜索