OK, I've just reread the Seline paper Rob Jackson was referring to (available by ftpat csrc.ncls.nist.gov::/pub/secpubs/tempest.txt--my thanks to Rob for providing the pathname to me). I say "reread" because this is the same 1990 paper that's been reposted several times to sci.crypt and here to the Cypherpunks list. Earlier I said, quoting Rob:
In the US it not illegal to posess TEMPEST-surveillance equipment but it is illegal to take appropriate counter-measures to prevent surveillance. The US government has refused to release details of its
Please provide a reference for this. We've discussed this _many_ times on this List, and the consensus is that no such law exists, nor is it plausible that folks could be told they cannot "shield" their computers.
...stuff elided... Indeed, most of the Seline paper is devoted to the fact that the TEMPEST spec itself is classified, which is undoubtedly true. And the (unconfirmed) assertion that mere possession of RF intercepting gear that could be used to defeat TEMPEST is illegal. (I have doubts about this, given the various types of RF receivers, old television sets with manual tuners, etc. I suppose that if one were caught with an antenna, a tunable CRT able to "tune in" the emissions of a nearby--or distant--computer or CRT and display them the way the NSA's ELINT gadgets undoubtedly do, then this might be considered evidence of criminal intent--like burglar tools, password-cracking tools, etc. [And we've had this debate many times as well, with some saying possession of lockpicking tools is legal, others saying it's not, etc.]) However, nothing in the Seline report, flawed as it is (IMO), says "it is illegal to take appropriate counter-measures to prevent surveillance." That is, go ahead and shield away! What I think the government is saying is this, and I have no idea if this is in fact law or if it would hold up in court: * First, we (the government) have a TEMPEST spec we use to build equipment to. It tells our vendors how good their stuff has to be. We don't tell the public this spec, because this would help the Russkies and the Yellow Hordes, not to mention the French. * Second, we (your public servants) have our own tricks and techniques and dislosing the TEMPEST specs would provide damaging information to our opponents (the Mob, the Serbs, the Cypherpunks, and the Republicans)--so we aren't talking. And we insist TEMPEST contractors also keep their mouths shut. * Third, we (us again) will not allow _eavesdropping_ equipment to be publically sold, whether for intercepting cellular phone calls, CRT emissions, whatever. You may find loopholes (telephoto lenses and giant parabolic mikes, so beloved of dicks), but we've basically outlawed this stuff. (sorry if my irreverent tone and change of point of view is confusing here) So, nothing about shielding or monitoring emissions (commercial RF leakage equipment is widely available and measures stuff down many dB from the unshielded level). Just don't build a Van Eck gadget and let others know about it (though, again, it's not clear how the courts would rule on this). And don't disclose TEMPEST specs. For Cypherpunks, not too much to worry about. We don't want or need to play at being spooks by monitoring nearby systems, and shielding is available. That it's not used much, that we are "soft targets" for determined surveillance teams, and that we use PGP on insecure machines, etc., is all well-known. Everything has a cost, and most of us don't perceive a direct enough threat to our communications and computers to warrant working inside a local, Faraday-caged machine, keeping passwords in a separate laptop we carry with us at all times, etc. What's important for us is to get crypto tools spread ubiquitously. The rest can come later. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power:2**859433 | Public Key: PGP and MailSafe available.