Here is parts of the article I posted regarding the legality of the use of emf shielding. Read it carefully, and I suggest you also read the posted document in full as well. This poses many problems to the public in general, and the private sector in specific. PERRY, I suggest you read this. NACSIM 5100A is classified, as are all details of TEMPEST. To obtain access to it, contractor must prove that there is demand within the government for the specific type of equipment that intend to certify. Since the standard is classified, the contractors can not sell the equipment to non-secure governmental agencies or the public. This prevents reverse engineering of the standard for its physical embodiment, the Certified equipment. By preventing the private sector from owning this anti- eavesdropping equipment, the NSA has effectively prevented the them from protecting the information in their computers. A number of companies produce devices to measure the emanations from electrical equipment. Some of these devices are specifically designed for bench marking TEMPEST Certified equipment. This does not solve the problem. The question arises: how much radiation at a particular frequency is compromising? The current answer is to refer to NACSIM 5100A. This document specifies the emanations levels suitable for Certification. The document is only available to United States contractors having sufficient security clearance and an ongoing contract to produce TEMPEST Certified computers for the government. Further, the correct levels are specified by the NSA and there is no assurance that, while these levels are sufficient to prevent eavesdropping by unfriendly operatives, equipment certified under NACSIM 5100A will have levels low enough to prevent eavesdropping by the NSA itself. The accessibility of supposedly correct emanations levels does not solve the problem of preventing TEMPEST eavesdropping. Access to NACSIM 5100A limits the manufacturer to selling the equipment only to United States governmental agencies with the need to process secret information.[33] Without the right to possess TEMPEST ELINT equipment manufacturers who wish to sell to the public sector cannot determine what a safe level of emanations is. Further those manufacturers with access to NACSIM 5100A should want to verify that the levels set out in the document are, in fact, low enough to prevent interception. Without an actual eavesdropping device with which to test, no manufacturer will be able to produce genuinely uncompromising equipment. PERRY, now I put up, now YOU SHUT UP! sheesh. treason@gnu.
"Treason" writes:
Here is parts of the article I posted regarding the legality of the use of emf shielding. [...] PERRY, now I put up, now YOU SHUT UP! sheesh. treason@gnu.
The article you posted is at least 3 years old, if not older. I have not checked on the legal references quote in the article, but I called up Wayne Martin of Lindgren RF Enclosures, and asked him about this. He said that he was not restricted to selling TEMPEST equipment to military or government only, and suggested that if I am looking for TEMPEST-compliant computers, I should call up a computer manufacturer like IBM or Digital, and they would be able to sell such systems to me. Maybe things have changed in the last three years since the article was written, or maybe it was incorrect to begin with. -- Yanek Martinson mthvax.cs.miami.edu!safe0!yanek uunet!medexam!yanek this address preferred -->> yanek@novavax.nova.edu <<-- this address preferred Phone (305) 765-6300 daytime FAX: (305) 765-6708 1321 N 65 Way/Hollywood (305) 963-1931 evenings (305) 981-9812 Florida, 33024-5819
Yanek Martinson makes some very good points about the legality of TEMPEST:
"Treason" writes:
Here is parts of the article I posted regarding the legality of the use of emf shielding. [...] PERRY, now I put up, now YOU SHUT UP! sheesh. treason@gnu.
The article you posted is at least 3 years old, if not older. I have not checked on the legal references quote in the article, but I called up Wayne Martin of Lindgren RF Enclosures, and asked him about this. He said that he was not restricted to selling TEMPEST equipment to military or government only, and suggested that if I am looking for TEMPEST-compliant computers, I should call up a computer manufacturer like IBM or Digital, and they would be able to sell such systems to me.
Maybe things have changed in the last three years since the article was written, or maybe it was incorrect to begin with.
Thanks, Yanek! And could I suggest to all of us that we be very careful in the language we use when disagreeing with others? "Treason's" demand that Perry now "SHUT UP" is intemperate and counterproductive. Our list is not moderated, that is, there is no censor or moderator holding people back when they feel the temptation to spew bile all over the list. With hundred of folks now on this list, great care must be taken. Sorry to waste list bandwidth on this point of list etiquette. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | PGP Public Key: by arrangement.
Date: Thu, 17 Dec 92 12:38:34 -0500 From: treason@gnu.ai.mit.edu Apparently-To: cypherpunks@toad.com Here is parts of the article I posted regarding the legality of the use of emf shielding. Read it carefully, and I suggest you also read the posted document in full as well. We have read it carefully. What your article claims is that NACSIM 5100A is classified, so if something is built to be TEMPEST certified, the design is classified, and the actual device can not be sold to the public, in order to prevent reverse-engineering of the standard. This, however, does not mean that emf shielding is illegal. How to do emf shielding is relatively well understood --- what is classified is how much shielding is enough. As your article itself admits, having the the NACSIM standard isn't very useful anyway, since we can't trust the levels promulgated by the NSA to be sufficient to prevent them from listening in. (What you're saying would be like saying that the NSA has a classified recommendation that RSA keys be at least XXX bits long --- just because the recommendation is classified doesn't mean that we can't use RSA, and if the number of bits were something like 512 bits, if we found out what it was, we'd probably want to use something bigger anyway. :-) As many other people have pointed out, emf shielding can't be illegal, since it's required for FCC requirements. If someone wants to spend additional money, and put a lot more shielding that what's really needed, there shouldn't be any problem with that. Finally, I'm not sure about the complete accuracy of that article you've posted. We have one of the first BBN Safekeeper (tm) boxes at MIT, which is a certificate meter which generates X.509 public key certificates for use in the Privacy Enhanced Mail (PEM) system. It *IS* TEMPEST shielded(*) and BBN is planning on selling it to commercial companies, TEMPEST shielding and all. Therefore, I suspect that the information in that article may be out of date. PERRY, now I put up, now YOU SHUT UP! There's no need to be rude --- especially when you're wrong and can't even interpret the article which you yourself posted. - Ted (*) There is an amusing story about what happened when they took it to get it certified as a FCC Class A computing device (which they needed to do since they were planning on selling it commercially); the FCC tester kept bringing his testing device closer, and closer, and closer to the Safekeeper(tm), and when he was finally on top of it, he tapped his meter and asked: ``Are you sure this is turned on?'' As the story was told to me, the designer of the box was there for the testing, and this was one of his prouder moments. :-)
participants (4)
-
tcmay@netcom.com -
treason@gnu.ai.mit.edu -
tytso@ATHENA.MIT.EDU -
yanek@novavax.nova.edu