Thermal Imaging Decision Applicable to TEMPEST?
The Supreme Court's decision against thermal imaging appears to be applicable to TEMPEST emissions from electronic devices. And is it not a first against this most threatening vulnerability in the digital age? And long overdue. Remote acquisition of electronic emissions, say from outside a home, are not currently prohibited by law as far as I know. And the language of the thermal imaging decision makes it applicable to any technology not commonly in use. Conventional wisdom of security wizards are that the emissions are very difficult to acquire from more than a hundred yards or so, but James Bamford claims in his recent "Body of Secrets" that NSA was able to acquire leaky emissions from Russian crypto equipment 6 miles offshore Cuba in the 1960s. Advances in technology would presumbably increase that capability.
I noodled over this in my article: http://www.wired.com/news/politics/0,1283,44444,00.html On Tue, Jun 12, 2001 at 08:58:36AM -0700, John Young wrote:
The Supreme Court's decision against thermal imaging appears to be applicable to TEMPEST emissions from electronic devices. And is it not a first against this most threatening vulnerability in the digital age? And long overdue.
Remote acquisition of electronic emissions, say from outside a home, are not currently prohibited by law as far as I know. And the language of the thermal imaging decision makes it applicable to any technology not commonly in use.
Conventional wisdom of security wizards are that the emissions are very difficult to acquire from more than a hundred yards or so, but James Bamford claims in his recent "Body of Secrets" that NSA was able to acquire leaky emissions from Russian crypto equipment 6 miles offshore Cuba in the 1960s. Advances in technology would presumbably increase that capability.
BTW John your cryptome.org writeup says: "This decisions appears to be applicable to TEMPEST technology, the first instance to make use of this technology illegal." I'm not sure that's accurate. First, this is a Fourth Amendment case, and the court only decided what limits should be placed on police, not private citizens. Second, the ruling would allow TEMPEST monitoring by police if they get a warrant. No reading of it would ban police TEMPEST surveillance outright, and warrants are not that difficult to get. -Declan On Tue, Jun 12, 2001 at 09:21:16AM -0400, Declan McCullagh wrote:
I noodled over this in my article: http://www.wired.com/news/politics/0,1283,44444,00.html
On Tue, Jun 12, 2001 at 08:58:36AM -0700, John Young wrote:
The Supreme Court's decision against thermal imaging appears to be applicable to TEMPEST emissions from electronic devices. And is it not a first against this most threatening vulnerability in the digital age? And long overdue.
Remote acquisition of electronic emissions, say from outside a home, are not currently prohibited by law as far as I know. And the language of the thermal imaging decision makes it applicable to any technology not commonly in use.
Conventional wisdom of security wizards are that the emissions are very difficult to acquire from more than a hundred yards or so, but James Bamford claims in his recent "Body of Secrets" that NSA was able to acquire leaky emissions from Russian crypto equipment 6 miles offshore Cuba in the 1960s. Advances in technology would presumbably increase that capability.
At 09:43 AM 06/12/2001 -0400, Declan McCullagh wrote:
BTW John your cryptome.org writeup says: "This decisions appears to be applicable to TEMPEST technology, the first instance to make use of this technology illegal." I'm not sure that's accurate.
First, this is a Fourth Amendment case, and the court only decided what limits should be placed on police, not private citizens.
TEMPEST really refers to two kinds of technology - keeping equipment quiet, and reading signals from not-quiet-enough equipment. The former category is the main thing that would apply to private citizens, and it's not addressed here. I suppose there's also the issue of whether police can use evidence eavesdropped by private citizens, but there are probably similar cases dealing with cameras.
Second, the ruling would allow TEMPEST monitoring by police if they get a warrant. No reading of it would ban police TEMPEST surveillance outright, and warrants are not that difficult to get.
Agreed. The decision sounded like it there'd have been no issue if the police had obtained a warrant first - after all, they could have no-knocked on the door and come in, if they'd had any actual evidence. And they could have lurked outside the house watching for suspicious-looking visitors if they thought this was commercial. And unfortunately, just because the guy won in the Supremes doesn't mean he gets his dope back :-)
Bill Stewart wrote:
TEMPEST really refers to two kinds of technology - keeping equipment quiet, and reading signals from not-quiet-enough equipment. The former category is the main thing that would apply to private citizens, and it's not addressed here.
Yes, and the confusion between the two sometimes leads to gaps in understanding as well as security. And I don't know the name of the technology that acquires signals by "illumination" of objects bouncing emissions -- some say it is all TEMPEST, others say don't be fooled by that misnomer -- ther really good stuff is several generations beyond what is know as TEMPEST. Maybe that is what NONSTOP and HIJACK and other codewords refer to. We have tried and failed to get NSA to open up more on its standards for both types and blacker stuff. TEMPEST suppliers -- products and services -- have said that it's tough getting NSA to clarify what can be exported and what cannot by any means except by submitting products for review, waiting and getting back a yes or no, but not by getting precise requirements beforehand. Maybe that will change to follow the lead of crypto as demand for TEMPEST picks up. Meanwhile it is probable that NSA is testing TEMPEST products for blacker weaknesses, again like crypto, or rather the systems and programs for crypto use. We've been told by suppliers that the export market for TEMPEST (both types) produce would blossom without restrictions on commercial/private use. Govs get approvals for the best stuff (unspecified mil grade) but not biz and citz. Don't know about banks and telecomms and drug-kingpins, maybe they get special treatment for allowing access to data and dope. Outrageous, sure, but it is reported to happen. Still, as far as this amateur knows, there is no restriction on any type of TEMPEST inside the US, so the standard of protection is victim beware. And don't believe for a second anything you see in public about how far away emissions can be acquired or how to protect against TEMPEST with market-available products. Experts in the employ of the gov whisper you won't see the truth about TEMPEST in public any time soon though there will be a whole lot of smoke. The increasing smoke I can vouch for. Even TSCM's and electronic PI's admit all the public stuff about TEMPEST standards is prefabricated sunshine. Though that might be a DIRT ploy to sell really, really, really totally reliable, better than mil-grade, protection. Did you hear how Joel McNamara was thought to have been killed fighting a forest fire? Remember the A-10 seeming to fly aimlessly over the Rockies? The suppressed AF report on its avionics going haywire? Think NONSTOP, HIJACK.
David Honig wrote:
Two words: antenna design.
A third is signal analysis. A principle argument against being able to sort through the geometric increase in devices that leak emissions since the 1960s is that it is nearly impossible to find a pin in the hugely noisy haystack of the electrogmagnetic spectrum. Help me out here with signal analysis capability even with the niagara of the digital age. Is it not possible to sort through a very large range of signal using readily available algorithms to then pinpoint the signature of types of sources, then home in on subsets of those sources, to finally single out a particular source? With the increase in signal volume has come a corresponding increase in signal analysis capability. Analysis of the full electromagnetic spectrum has been possible for quite a while, if public documents on military research are a reliable guide, and comprehensive analysis is ever being refined with with increasingly fine granularity. While there are billions of electronic devices leaking emissions, there are no where near as many EM slots used by those devices and their emissions. In fact, there are only a small number of public slots -- so long as devices conform to regulations. EM leakage is regulated as well. If the world's devices conform to regulations, and those EM slots are known and catalogued for signal analysis, then there is a question about the leakage of the leakage, that is, emissions that escape regulation, by poor device design, by granularity, or unintentionally. The signature of a device which leaks, or makes noise, in a unique way is what presumably is searched for in sophisticated signal analysis. A few hundred submarines are identified this way, as are potentially billions of people. Are there too many unique device signatures to acquire and identify? Perhaps so, but I suspect that enterprise is being diligently worked on, beginning with data provided by manufacturers, catalogung implanted emissive attributes in the devices, using benchmarks for types of devices, tracking taggants and moles, cooking up new variants on Hidden Markov and the host of search/sort/analyze/ID algos. Jumping off the cliff of ignorance, I suspect that signal analysis, as with cryptanalysis, will be always able to find a way to get around obscurity. If you don't want to be acquired, don't signal. Silencio, mafia.
At 07:36 AM 6/13/01 -0700, John Young wrote:
David Honig wrote:
Two words: antenna design.
A third is signal analysis.
A principle argument against being able to sort through the geometric increase in devices that leak emissions since the 1960s is that it is nearly impossible to find a pin in the hugely noisy haystack of the electrogmagnetic spectrum.
Help me out here with signal analysis capability even with the niagara of the digital age. Is it not possible to sort through a very large range of signal using readily available algorithms to then pinpoint the signature of types of sources, then home in on subsets of those sources, to finally single out a particular source?
Gosh, you just described Seti@home... massive, distributed, fine-toothed combing the spectra received from a very very specific direction. My reference to antenna design meant that you can filter out all the other emitters by using very high gain (ergo very directional) scoops. Look at the milky way ---a glowing cloud. But point a high gain receiver (ie, telescope) and you can pick out individual emitters, and resolve their spectra, which leaks info about their composition. ..... For every net that's gone quiet by using fiber, there's another that just installed a wireless LAN with the default password.
John Young says: ...I suspect that signal analysis, as with cryptanalysis, will be always able to find a way to get around obscurity. If you don't want to be acquired, don't signal. Silencio, mafia.
I completely concur, and this happens to be the rule followed for highly sensitive information. In fact the general assumption is that if it's transmitted (wirelessly), it will end up in the wrong hands...so therefore don't transmit if you don't have to, and if you have to transmit, use obfuscation and cryptography. Unless some super secret govt. agency has discovered a new realm of physics unknown to the "public" physicists (not likely), I have to assume we're all working with the same general principles/limitations. Thus if one is interested in intercepting faint signals from a distance, one needs at least some of the following: - noise cancellation. sophisticated x-ray antenna arrays that focus on the transmissions of one star out of a cluster of thousands or millions, many lightyears away, proves the general noise cancellation approach is pretty good today. the same principles apply to cancelling the noise interfering with signals over distances (and if you're only a few hundred feet away, you don't need huge white antennas :) - highly focused antennas. phased array antennas which provide 2 degrees of focus can be purchased for a few hundred dollars. I'd have to imagine that focused antennas providing 1/10 degree of focus are possible (for more money) so that a particular omni-directional source (whether from monitors or from wireless networks) could be acquired from hundreds or thousands of feet away. In fact, one company I know of (there are many) sells phased array antennas that can interact with 100-500mw omni-directional antennas using the 2.4GHz spectrum (802.11x) from 1,000ft to as much as 15 miles away (the latter using 500mw antenna with clear line of sight.) - a knowledge of which frequency range to focus in on. For military vs. military applications, this is the tricky thing...not knowing which frequencies are being used or when or how. For wireless networks we all use well published frequencies with known handshaking protocols, known encryption strength, easy to understand encyrption algorithms, etc. One point not often addressed is the issue of how much security is enough. An information analogy often used in cryptographic circles is figher pilot communications vs. tactical battle plans. A fighter pilot's communications are generally important for the duration of the engagement and therefore one only needs enough cryptographic sophistication to protect the communication for, say, 15 minutes. Whereas battle plans require enough cryptographic sophistication to survive, say, 100 years of cryptanalysis(even given moore's laws.) This approach not only translates into hardware/software cost savings, but also cuts back on R&D expenses considerably (for example the $100M in equipment which landed in China recently probably cost billions in R&D and hundreds of man-years to develop.) phillip
excerpt from the article: "...Civil disobedience in the face of copyright laws promotes the democratic ideal that information is a public good, thereby sustaining the Internet community's founding belief that 'information wants to be free.' " i didn't know (as the article explains) that the EU no longer has 'work for hire' boundaries. rip away... phillip http://news.cnet.com/news/0-1276-210-6269374-1.html?tag=bt_pr
At 05:07 PM 6/13/2001 -0400, you wrote:
excerpt from the article:
"...Civil disobedience in the face of copyright laws promotes the democratic ideal that information is a public good, thereby sustaining the Internet community's founding belief that 'information wants to be free.' "
i didn't know (as the article explains) that the EU no longer has 'work for hire' boundaries. rip away... phillip
http://news.cnet.com/news/0-1276-210-6269374-1.html?tag=bt_pr
An interesting article, but not entirely factual. The author states that, "Historically, copyright protections were afforded to promote expressive discourse fundamental to a democratic society." I think a bit of digging shows that not to be the case. ================================================ From http://webserver.law.yale.edu/censor/samuelson.htm The Anglo-American copyright system grew from a private sector function of the English Stationers' Guild in the 15-16th century. It mainly functioned to regulate the book trade to ensure that members of the guild enjoyed monopolies in the books they printed. Conveniently for English authorities, the guild's practices provided an infrastructure for controlling (i.e., suppressing) publication of heretical and seditious materials. The English kings and queens were quite willing to grant to the Stationers' Guild control over the publication of books in the realm in exchange for the guild's promise to refrain from printing such dangerous materials. Until its abolition, the Star Chamber was available to back up judgments emanating from the stationers' private enforcement and censorship system. If the pre-modern copyright system promoted freedom of expression by making books more widely available, this was an incidental byproduct of the market that arose for books, not an intended purpose of the then-prevailing copyright system. Far more harmonious was the relationship between copyright and censorship in that era. Men burned at the stake for writing texts that were critical of the Crown or of established religion. The stationers' copyright regime was part of the apparatus aimed at ensuring that these texts would not be printed or otherwise be widely accessible to the public. ================================================== I think it would be much more accurate to say that copyright's "modern era," which began with the Statute of Anne is about to celebrate its 300 anniversary. However, the fact that a private, pre-modern, copyright form lasted for over a century, which was motivated by the profit of monopoly control and with the government's help censorship, is an important example in understanding how revisionist history is created and should not be ignored. Steve Schear "War is just a racket ... something that is not what it seems to the majority of people. Only a small group knows what its about. It is conducted for the benefit of the very few at the expense of the masses." --- Major General Smedley Butler, 1933
Steve Schear posted: [...]
================================================ From http://webserver.law.yale.edu/censor/samuelson.htm
[...]
Far more harmonious was the relationship between copyright and censorship in that era. Men burned at the stake for writing texts that were critical of the Crown or of established religion. The stationers' copyright regime was part of the apparatus aimed at ensuring that these texts would not be printed or otherwise be widely accessible to the public.
Which men, in England, were burned at the stake for "burned at the stake for writing texts that were critical of the Crown"? Decapitated maybe, but not burned at the stake... definite revisionist history in the making here. Ken
At 12:01 PM 6/19/2001 +0100, Ken Brown wrote:
Steve Schear posted:
[...]
================================================ From http://webserver.law.yale.edu/censor/samuelson.htm
[...]
Far more harmonious was the relationship between copyright and censorship in that era. Men burned at the stake for writing texts that were critical of the Crown or of established religion. The stationers' copyright regime was part of the apparatus aimed at ensuring that these texts would not be printed or otherwise be widely accessible to the public.
Which men, in England, were burned at the stake for "burned at the stake for writing texts that were critical of the Crown"?
Decapitated maybe, but not burned at the stake... definite revisionist history in the making here.
You'll have to take this up with Pam, as this was quoted from her material. steve
participants (7)
-
Bill Stewart
-
David Honig
-
Declan McCullagh
-
John Young
-
Ken Brown
-
Phillip H. Zakas
-
Steve Schear