This is an interesting extract that I came across this morning. I thought that I'd post a portion of it (the entire paper is almost 900 lines) to the group since the topic of TEMPEST had surfaced - I'd like to see the whole thing, but I don't guarantee I'll read it. In fact, I don't believe it. The use of TEMPEST is not illegal under the laws of the United States[3], or England. Canada has specific laws criminalizing TEMPEST eavesdropping but the laws do more to hinder surveillance countermeasures than to prevent TEMPEST surveillance. In the United States it is illegal for an individual to take effective counter-measures against TEMPEST surveillance. I can't speak for England or Canada, but neither statement is true about the U.S. Note the text of footnote [3]: 3. This Note will not discuses how TEMPEST relates to the Warrant Requirement under the United States Constitution. Nor will it discuss the Constitutional exclusion of foreign nationals from the Warrant Requirement. The ``warrant'' requirement is precisely the point. Spying on individuals who have a reasonable expectation of privacy is prohibited. In the case of wiretaps, that was in a Supreme Court ruling in, as I recall, 1967. In fact, the original wiretap statute (18 USC 2510 et seq), later amended by the ECPA, was passed (as part of the Ombnibus Safe Streets and Crime Control Act of 1968) in direct response to that ruling, to set forth procedures, grounds, etc., for legal wiretaps and surveillance. I don't have the citation handy, but the concept was discussed clearly and at some length in Kemp v Block (1985) 607 F Supp 1262. A TEMPEST pickup would appear to run afoul of the wiretap laws. Consider the following language in 18 USC 2511(2)(f): procedures in this chapter and the Foreign Intelligence Surveillance Act of 1978 shall be the exclusive means by which electronic surveillance, as defined in section 101 of such Act, and the interception of domestic wire and oral communications may be conducted. I'll return to the FISA later; note, though, that it and 18 USC 2510 are the *only* means by which anything resembling TEMPEST surveillance can be performed. The only grounds on which such intercepts can be justified, given the language of this section, is from 18 USC 2511(3)(g): It shall not be unlawful under this chapter or chapter 121 of this title for any person -- (i) to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public; Is TEMPTEST ``readily accessible to the general public''? At least since the adoption of the FCC requirements on spurious RFI, I'd tend to doubt it. And as I noted earlier, eavesdropping of any sort is legal if and only if the targets have no reasonable expectation of privacy; given that 99+% of the American public has never heard of TEMPEST, I'd call it a fair bet that someone using a computer in a private room does, in fact, assume that he or she has such an expectation. The Foreign Intelligence Surveillance Act (50 USC 1801 et seq.) specifies the conditions under which foreign agents may be subject to surveillance. Unless there is ``no substantial likelihood'' that an American's conversations will be observed, an order from a special court is needed. Again -- for the most part, there is a requirement for due process. Now -- I'm certainly not going to claim that these niceties are always observed. But that they're ignored doesn't make them legal. Finally, the claim that taking counter-measures against TEMPEST is illegal strikes me as balloon juice, plain and simple. Last I heard, the FCC wanted you to do anything you could to reduce spurious emissions. True, they're not telling how sensitive their detectors are -- but that's a far cry from saying you're not allowed to try to defeat them. Please -- there are real enemies to personal freedom. Let's not waste energy chasing chimeras. --Steve Bellovin