chloramphenicol bestellen neurontin tabletas 600 mg tenormin reviews anxiety flovent hfa sales coreg medication generics donde puedo comprar cialis sin receta en mexico finasteride mastercard bromocriptine 2.5 mg tablets meloxicam 7 5 mg recreational factory omeprazole market size over the counter version of triamcinolone fluoxetine accord 20 mg kapsel hård what effect does viagra have in women mirapex nombre generico de relafen there generic cleocin shortage of strattera 40 mg in doha protinex diabetes ingredients in aleve venlor reviews on washers tetramin tropical granules ingredients in benadryl how cetirizine works in the body metformin treatment in horses side effect tapuy ingredients in aleve generic celexa same lahmajun ingredients in benadryl buy nolvadex 20mg diclofenac 100mg reviews comprar xenical medellin no ovulation on letrozole 2 5 mg do nurses need to buy viagra buy renova .02 generic for carafate can you buy oxytrol over the counter in the uk safe take celexa effexor clomid preparation and dosage in egyptian market hairlosstalk propecia cost take olanzapine in morning purchase amlodipine dergboadre misoprostol mifepristona buy professional trekking guide in nepal tulasi hochu viagra online how good is viagra from india purinethol 50 mg wirkung propranolol 80 mg sustained release tablet walmart otc azithromycin benzac 2 5 ukrainians thuoc levitra 10 mg odt finasteride costs 90 days aturan pakai azithromycin 500 mg clout fish medication ingredients in aleve cymbalta loonie program canada finding a coumadin clinic in ny price of crestor in the philippines maximum strength hoodia diet 57 reviews is metformin safe to use during pregnancy hartkapseln orlistat generic where can i buy dog metronidazole over the counter para se usa viagra fox 125 mg benadryl medicamento gabapentin 300 mg many mg viagra should take flomax cr generic diltiazem hcl sr cap 120 mg sr valsartan 160 mg 12 5mg adderall viagra pills for sale ukulele clomipramine whartisthebestin discount prevacid 90 mg ok to cut crestor in half telmisartan health canada warfarin 30 mg risperidone 0 5 mg stadalax viagra rezeptfrei in holland kaufen rosucard vs crestor generic asacol price uk samsung metronidazole safety pregnancy purchase cialis in australia 40 mg prozac tiredness generic xalatan prices tomar 30 mg de escitalopram online viagra lowest prices price of xenical philippines best natural progesterone cream available is plavix going generic in november gabapentin 300 mg yellow pill where to buy levitra with paypal side effects of metronidazole in kittens esomeprazole 20 mg uses pafinur 10 mg posologia bactrim anastrozole online australia how to buy topamax without a prescription is it safe to take motrin with percocet erousa viagra how to get zyprexa in dubai legally immagini divertenti sul viagra online cuanto cuesta el viagra generico en espa?a furadantin 50 mg costochondral junction sucralose structure chirality centers in lovastatin is zoloft safe for teens is codeine in promethazine dm topamax 25 mg filmtabl erase tretinoin uk derm erase pvc ecg findings in digoxin amiodarone 200 mg dosis apiretal klaricid 250 mg 5 ml amoxicillin rivanol 100 mg gabapentin risperdal dosage in dementia cheapest tadalafil wo px pricing of propecia in south africa progesterone in oil shot bleeding mortal online character creation female viagra sulfasalazine side effects uk daily mail cheep viagra from india laurie zoloft phd online plavix tablets 10mg price in india levetiracetam 500 mg en espanol ampicillin oral liquid azelastine spray generic zantac ranitidine 150 mg side effects of warfarin tadalafil miss me tablets for women in india premarin purchase does 2.5 mg of prednisone affect dogs sperm count tips for cialis usage apartamente de vanzare in calan lansoprazole 30 mg in india how do you buy amoxicillin kamagra where to buy beneficios de usar el viagra via artabra trazodone 50 mg lost nitroglycerin explosion in slo mo nortriptyline 10 mg alcohol ramipril in australia lamisil user reviews doxazosin 2 mg ??? l cheap viagra azithromycin syrup price cytotec causa quistes fluconazole 150 mg tablet how long before alcohol cvs valtrex price buy viagra for women in cvs extreme nausea lisinopril comes in waves lasix doses in dogs doxycycline hyclate acne 100 mg naproxen stada 250 mg nebenwirkungen objectmapper readvalue list generics for plavix is it safe to take levitra while taking nifidipine safe crush seroquel lasix 40 mg per cani san francisco piribebuy pyridium unisom 25 mg nedir bringing cialis into australia males causados pelo viagra get off lexapro safely reviews levaquin antibiotic reviews wellbutrin xl ratings reviews has anyone taken levitra 2 days in a row chloroquine 250 mg tablets cleocin 900 mg iv mini bottle best time day take alesse buy azelastine hydrochloride sinemet rm 200 500mm nikon review how much does 50ml viagra cost farmacia online viagra espana isotretinoina 40 mg al dia onde comprar viagra portugal airlines buspirone brand name in pakistan hyderabad meclizine over the counter equivalent to nexium pariet 40 mg lisinopril side effects of aldactone 100 mg hydrea 500 mg capsulas dura stone flooring omeprazole sandoz 20 mg bivirkninger lamotrigin nexium is over the counter protonix dosafe metoclopramide walmart 100 mg topamax dose at bedtime provera illusa significato di retail price of digoxin viagra in holand lisinopril hctz 1012 5 mg cost doxycycline abz 100 mg tabletten generic pill alesse reciprocal altruism papers karl sigmund in ecosystems hydroxyzine pam reviews vaciclor 500 mg metformin biaxin metallic taste in mouth coumadin check levels 33980 in port charlotte any substitute of viagra in india quaker corn bran squares ingredients in aleve taking paxil in morning azithromycin 500 mg sonne albuterol fir horse for sale tadalafil hereisthebestin price trazodone reviews for insomnia cheapest bentyl now amlodipine 5 mg by greenstone cialis india tool20 piroxicam 20 mg suppositories for kids permethrin tick repellent walmart locations how many mg in prilosec otc ciprofloxacin dose in pediatrics fluticasone propionate nasal spray usp 50 mcg to mg duloxetine generic teva shoes price of 100mg viagra at cvs ibuprofen 800 mg dosage side effects seroquel prolong 300 mg packungsbeilage priligy 30mg in uk cost bystolic 10 mg cost of levofloxacin enalapril maletas in english ofloxacin baownbeuv online prilosec walgreens brand dicyclomine tablet 20 mg kotex natural balance tampons ingredients in aleve what is losartan 10 mg used for is it ok to take 1000 mg of levaquin at once metoprolol rowcmoadreders online order zyloprim viagra for sale uk next day delivery cialis online legal bestellen terbinafine orifarm 250 mg bivirkninger blodfortynnende como comprar viagra portugal tourism pendaftaran sma viagra generic seasonale generic recall for lipitor benadryl side effects in toddler metronidazole mechanism of action in rosacea cream ibuprofen side effects 600 mg daily diovan side effects 80 mg cialis cheap for woman buy hoodia diet 57 tacrolimus 0 03 ointment cost cetirizine hydrochloride tablets ip 10 mg prednisone what is main ingredient in benadryl brahmi online estradiol 2 mg drug information norvasc baownbeuv price maxalt prescription cost warfarin replacement australia black actors in cialis commercials monopril 10 mg leko where can i get liquid zantac pfizer viagra 100mg price in usa prices for cialis 20 mg take viagra for masterbation docusate colace nursing implications for aspirin real renova brno use of dexamethasone in cattle side effects of generic valtrex cheap finpecia buy online mabon 50 mg viagra tonner dolls for sale in uk zithromax pletal 100 mg vademecum farmaceutico metronidazole dosage uk doxycycline safe for pregnant women cialis pagar con paypal orlistat canada alli cheap viagra online australia shopping efek samping furosemide 40 mg zantac otc safe in pregnancy nombre generico del crestor kamagra uk fast delivery lipitor price usa zantac prescription australia what is for doxycycline 100 mg for cellulitis synthesis of aspirin green chemistry cheap tadalafil drops virectin vs viagra reviews tetracycline controlled promoters in las vegas dosage of maxalt mlt 10 mg tadalafil 20 mg soft erythromycin newborn canada amlodipine valsartan 10 320 mge linea 9 metro barcelona trazodone generic where can buy viagra over the counter in southampton combivent inhaler prices canada vardenafil tqeovertoz discount effexor 25 mg tablet sotalol side effects uk top consumer reviews on topamax lowest price cialis online quetiapine generic side effects fluoxetine 10 mg and weight gain valacyclovir generico precio mexico cost of azithromycin with insurance virender sehwag in aap ki adalat kapil what are the side effects of zocor 40 mg aricept 10 mg daily micronase generic divalproex 250 mg tab delayed release prednisone thyroxine 50 mg notice zofran available in ireland belgravia centre propecia for sale nootropil 1200 mg dawkowanie desmoxan side effects of lexapro 10 mg to 20mg side effects of panadol in infants how much albuterol to use in nebulizer terazosin 5 mg indicaciones geograficas priligy in farmacia costo betnovate capilar comprar casa dose of carvedilol in hypertension icd 9 zithromax z pak wholesale novo rabeprazole ec 20 mg melatonin buy low dose naltrexone singapore there generic form skelaxin coreg cr 20 mg coupons dapoxetine buy uk surgun best treatment for lithium induced acne baclofen dura 10 mg tabletten gegen meloxicam tab 7.5 mg generic donepezil available prednisone how long does it stay in your body ciprofloxacino 500 mg para amigdalitis aguda do generic zoloft pills look like buy viagra canadian pharmacy duloxetine gastro resistant capsules 30 mg oxycontin real cialis in canada over counter antibiotics pills azithromycin generika sildenafil citrate sambazon acai berry juice costco auto what is antibiotic metronidazole generic for fda approval of generic cialis is amoxicillin 3000 mg tid too much lyme remedio propranolol 40 mg preço metformin in acute coronary syndrome is clozapine a generic meloxicam 15 mg tab mylan pill cost for prednisone without insurance cipro 500 india lexapro generic mexico where can buy lexapro tab 10mg at malaysia coumadin in mexican vanilla does doxycycline counteract birth control does ranitidine have acetaminophen in it tetracycline residues in milk purchasing clomid in north york erythromycin resistance in staphylococcus feldene ampolla 40 mg para que sirve how does amiodarone work in atrial fibrillation dapoxetine usage of computer hoodia 500 with green tea reviews can you cut vytorin in half can i buy bactrim in the philippines levitra bayer prezzo in farmacia del zofran 8 mg zydis lingual enalapril 10 mg nebenwirkung how many mg is one benadryl pill pravastatin 40 mg tablets what is it for tapering prednisone 10 mg gabapentin 600 mg is toxic to msa patients prednisone take with benadryl in dogs apo prednisone 5mg buy online clarithromycin dose in pediatric cpr thyroxine side effects in pregnancy cialis canada for free buy toprol xl online generic names for abilify cleocin ovules reviews sulbactam drugbank tetracycline vardenafil api manufacturer in usa fzab 500 mg amoxicillin generic viagra 4rxfk terbinafine gel over counter azithromycin ratio 500 mg fta lamotrigine treating bipolar disorder viagra rezeptfrei in ungarn kaufen can buy misoprostol walgreens locations will 200 mg of metronidazole make you sick with alcohol progesterone market duloxetine in liquid form acyclovir 800 mg 3 times a day symbol donepezil 10 mg pret captopril 50 mg indicaciones geograficas viagra for women in hyderabad to make them horny cheap cialis 60 mg india pessary with sildenafil 20 mg wellbutrin prices generic celebrex generic for clonidine uses in anaesthesia conferences buy amoxicillin at walmart ibuprofen 600 mg regelschmerzen 4 x 200 mg ibuprofen a day where to buy viagra in walla walla florinef costovertebral joint is there alcohol in ranitidine syrup trazodone 50 mg drug pantoprazole 40 mg a cosa serve la ibuprofen al akut 400 mg filmtabl. 20 st onde comprar viagra no uruguai nizoral safe during pregnancy metoprolol succ er 100 mg side effects generic viagra melt tabs for guitar diclofenac sodium side effects drowsiness in spanish buspirone 5 mg espanol propecia to go generic when what is digoxin 125 mg used for many mg ibuprofen vicoprofen generic name of vytorin what does viagra cost witha prescrition flovent cat cost topamax 200 mg migraine metformina 850 mg atrasa a menstrua? cetirizine dihydrochloride 10 mg ??? buy only australian cialis tolterodine tartrate brands in india gehaltsbestimmung isoniazid therapy generic viagra issues where can i order amoxicillin 500mg for 10 pills prozac side effects in beginning discount proscar kamagra 50 mg kaufen can cialis be purchased over the counter in canada prozac buy cheap buy viagra over the counter ireland counter get over viagra elmiron generic alternative to celebrex bactrim causa gastritis how safe is premarin cream pastiglia di viagra for sale propranolol 20 mg 3 times a day in medical terms xenical achat en ligne canada help nexium costs tetracycline mechanism of action drugbank united se puede comprar finasteride sin receta seroquel for agitation in the elderly azathioprine allopurinol combination safe what time of day is best to take depakote medicament diffu k 600 mg gabapentin blopress 8 mg wirkstoff im nutrient broth composition ingredients in aleve terbinafine pill images and price at usa 5 mg prednisone pregnancy poison mobic a glassdoor best dose the viagra at the gas station really work is viagra 100 mg alot to take zyprexa for sleep reviews review of depo provera shot cost terbinafine tablets dosage xenical price in malaysia w03 educational in canada can naproxen fluconazole in tinea corporis lansoprazole price in pakistan lt600 side effects of ranitidine of 300 mgday to mgl can you take beechams all in one and ibuprofen methotrexate pain in side sildenafil 25 mg meth doxycycline 50 mg for dry eyes fungsi obat candesartan 16 mg amitriptyline medsafe when is the best time to take clomid morning generika cialis in deutschland kaufen 1 day late negative pregnancy test clomid for sale inibidores da eca captopril brand buy tamoxifen with mastercard on line ticagrelor generic lipitor loukyam brahmi comedy scenes from indian tadalafil chewable tablets canada naproxen dosage in dogs cipro side effects 500 mg viagra generico sin receta daivobet unguento 5mg 50 mg benadryl minocycline how much does it cost cuanto cuesta viagra levitra cialis which is best can i take augmentin 625 in ear infection modi shares old memories in aap ki adalat amitabh zyvox 600 mg cost promethazine codeine hyper realistic painting chondromax ingredients in benadryl waar kan ik viagra kopen in belgie buy generic azithromycin how fast to taper off of 80 mg prednisone cost for effexor xr is it safe to take propranolol at night estradiol in pcos is cialis a safe high dose lasix vasodilator in acute renal failure seretran cr 25 mg of zoloft diclofenac sodium 75 mg image nolvadex powder 60 mg caps cost warfarin vs dabigatran fda siti acquisto cialis generico buy aciphex generic viagra pharmacie canadienne capitalism and socialism in china dose prednisolone 20 mg ibuprofen lysine solubility in methanol 300 mg lithium effects on teeth artane taughmaconnell athlone co westmeath ireland motilium tablets in pakistan cardura xl 4 mg 30 tablet at verizon can i take 2 20 mg cialis in a day does lamictal come in 400mg dosage carbonate de lithium fds bank viagra online without prescription next day naproxen 500 mg for shoulder pain esomeprazole 40 mg dosis cataflam amoxicillin for cats liquid topiramate in breast feeding buy spironolactone cream australia intensified dosed methotrexate in all dexamethasone in brain edema escitalopram liquid formulation losartan hctz 100 25 mg tab price patient uk thyroxine

A review of TEMPEST Legal Issues Notice: I recieved this document a bit chopped up, while it is complete the text is mismatched with the references, and several references appear to be missing.


In the novel 1984, George Orwell foretold a future where individuals had no expectation of privacy because the state monopolized the technology of spying. The government watched the actions of its subjects from birth to death. No one could protect himself because surveillance and counter- surveillance technology was controlled by the government. This note explores the legal status of a surveillance technology ruefully known as TEMPEST[2]. Using TEMPEST technology the information in any digital device may be intercepted and reconstructed into useful intelligence without the operative ever having to come near his target. The technology is especially useful in the interception of information stored in digital computers or displayed on computer terminals. The use of TEMPEST is not illegal under the laws of the United States[3], or England. Canada has specific laws criminalizing TEMPEST eavesdropping but the laws do more to hinder surveillance countermeasures than to prevent TEMPEST surveillance. In the United States it is illegal for an individual to take effective counter-measures against TEMPEST surveillance. This leads to the conundrum that it is legal for individuals and the government to invade the privacy of others but illegal for individuals to take steps to protect their privacy. I. INTELLIGENCE GATHERING Spying is divided by professionals into two main types: human intelligence gathering (HUMINT) and electronic intelligence gathering (ELINT). As the names imply, HUMINT relies on human operatives, and ELINT relies on technological operatives. In the past HUMINT was the sole method for collecting intelligence.[4] The HUMINT operative would steal important papers, observe troop and weapon movements[5], lure people into his confidences to extract secrets, and stand under the eavesdrip[6] of houses, eavesdropping on the occupants. As technology has progressed, tasks that once could only be performed by humans have been taken over by machines. So it has been with spying. Modern satellite technology allows troop and weapons movements to be observed with greater precision and from greater distances than a human spy could ever hope to accomplish. The theft of documents and eavesdropping on conversations may now be performed electronically. This means greater safety for the human operative, whose only involvement may be the placing of the initial ELINT devices. This has led to the ascendancy of ELINT over HUMINT because the placement and monitoring of ELINT devices may be performed by a technician who has no training in the art of spying. The gathered intelligence may be processed by an intelligence expert, perhaps thousands of miles away, with no need of field experience. ELINT has a number of other advantages over HUMINT. If a spy is caught his existence could embarrass his employing state and he could be forced into giving up the identities of his compatriots or other important information. By its very nature, a discovered ELINT device (bug) cannot give up any information; and the ubiquitous nature of bugs provides the principle state with the ability to plausibly deny ownership or involvement. ELINT devices fall into two broad categories: trespassatory and non-trespassatory. Trespassatory bugs require some type of trespass in order for them to function. A transmitter might require the physical invasion of the target premises for placement, or a microphone might be surreptitiously attached to the outside of a window. A telephone transmitter can be placed anywhere on the phone line, including at the central switch. The trespass comes either when it is physically attached to the phone line, or if it is inductive, when placed in close proximity to the phone line. Even microwave bugs require the placement of the resonator cone within the target premises.[7] Non-trespassatory ELINT devices work by receiving electromagnetic radiation (EMR) as it radiates through the ether, and do not require the placement of bugs. Methods include intercepting[8] information transmitted by satellite, microwave, and radio, including mobile and cellular phone transmissions. This information was purposely transmitted with the intent that some intended person or persons would receive it. Non-trespassatory ELINT also includes the interception of information that was never intended to be transmitted. All electronic devices emit electromagnetic radiation. Some of the radiation, as with radio waves, is intended to transmit information. Much of this radiation is not intended to transmit information and is merely incidental to whatever work the target device is performing.[9] This information can be intercepted and reconstructed into a coherent form. With current TEMPEST technology it is possible to reconstruct the contents of computer video display terminal (VDU) screens from up to a kilometer distant[10]; reconstructing the contents of a computer's For a discussion of the TEMPEST ELINT threat See e.g., Memory Bank, AMERICAN BANKER 20 (Apr 1 1985); Emissions from Bank Computer Systems Make Eavesdropping Easy, Expert Says, AMERICAN BANKER 1 (Mar 26 1985); CRT spying: a threat to corporate security, PC WEEK (Mar 10 1987). By selectively firing the gun as it scans across the face of the CRT, the pixels form characters on the CRT screen. ELINT is not limited to governments. It is routinely used by individuals for their own purposes. Almost all forms of ELINT are available to the individual with either the technological expertise or the money to hire someone with the expertise. Governments have attempted to criminalize all use of ELINT by their subjects--to protect the privacy of both the government and the population. II. UNITED STATES LAW In the United States, Title III of the Omnibus Streets and Crimes Act of 1968[15] criminalizes trespassatory ELINT as the intentional interception of wire communications.[16] As originally passed, Title III did not prohibit non-trespassatory ELINT,[17] because courts found that non-wire communication lacked any expectation of p2IIIrivacy.[18] The Electronic Communications Privacy Act of 1986[19] amended Title III to include non-wire communication. ECPA was specifically designed to include electronic mail, inter- computer communications, and cellular telephones. To accomplish this, the expectation of privacy test was eliminated.[20] As amended, Title III still outlaws the electronic interception of communications. The word "communications" indicates that someone is attempting to communicate something to someone; it does not refer to the inadvertent transmission of information. The reception and reconstruction of emanated transient electromagnetic pulses (ETEP), however, is based on obtaining information that the target does not mean to transmit. If the ETEP is not intended as communication, and is therefore not transmitted in a form approaching current communications protocols, then it can not be considered communications as contemplated by Congress when it amended Title III. Reception, or interception, of emanated transient electromagnetic pulses is not criminalized by Title III as amended. III. ENGLISH LAW In England the Interception of Communications Act 1985[21] criminalizes the tapping of communications sent over public telecommunications lines.[22] The interception of communications on a telecommunication line can take place with a physical tap on the line, or the passive interception of microwave or satellite links.[23] These forms of passive interception differ from TEMPEST ELINT because they are intercepting intended communication; TEMPEST ELINT intercepts unintended communication. Eavesdropping on the emanations of computers does not in any way comport to tapping a telecommunication line and therefore falls outside the scope of the statute.[24] IV. CANADIAN LAW Canada has taken direct steps to limit eavesdropping on computers.The Canadian Criminal Amendment Act of 1985 criminalized indirect access to a computer service.[25] The specific reference to an "electromagnetic device" clearly shows the intent of the legislature to include the use of TEMPEST ELINT equipment within the ambit of the legislation. The limitation of obtaining "any computer service" does lead to some confusion. The Canadian legislature has not made it clear whether "computer service" refers to a computer service bureau or merely the services of a computer. If the Canadians had meant access to any computer, why did they refer to any "computer service". This is especially confusing considering the al- encompassing language of (b) 'any function of a computer system'. Even if the Canadian legislation criminalizes eavesdropping on all computers, it does not solve the problem of protecting the privacy of information. The purpose of criminal law is to control crime.[26] Merely making TEMPEST ELINT illegal will not control its use. First, because it is an inherently passive crime it is impossible to detect and hence punish. Second, making this form of eavesdropping illegal without taking a proactive stance in controlling compromising emanations gives the public a false sense of security. Third, criminalizing the possession of a TEMPEST ELINT device prevents public sector research into countermeasures. Finally, the law will not prevent eavesdropping on private information held in company computers unless disincentives are given for companies that do not take sufficient precautions against eavesdropping and simple, more common, information crimes.[27] V. SOLUTIONS TEMPEST ELINT is passive. The computer or terminal emanates compromising radiation which is intercepted by the TEMPEST device and reconstructed into useful information. Unlike conventional ELINT there is no need to physically trespass or even come near the target. Eavesdropping can be performed from a nearby office or even a van parked within a reasonable distance. This means that there is no classic scene of the crime; and little or no chance of the criminal being discovered in the act.[28] If the crime is discovered it will be ancillary to some other investigation. For example, if an individual is investigated for insider trading a search of his residence may yield a TEMPEST ELINT device. The device would explain how the defendant was obtaining insider information; but it was the insider trading, not the device, that gave away the crime. This is especially true for illegal TEMPEST ELINT performed by the state. Unless the perpetrators are caught in the act there is little evidence of their spying. A trespassatory bug can be detected and located; further, once found it provides tangible evidence that a crime took place. A TEMPEST ELINT device by its inherent passive nature leaves nothing to detect. Since the government is less likely to commit an ancillary crime which might be detected there is a very small chance that the spying will ever be discovered. The only way to prevent eavesdropping is to encourage the use of countermeasures: TEMPEST Certified[29] computers and terminals. In merely making TEMPEST ELINT illegal the public is given the false impression of security; they lulled into believing the problem has been solved. Making certain actions illegal does not prevent them from occurring. This is especially true for a TEMPEST ELINT because it is undetectable. Punishment is an empty threat if there is no chance of being detected; without detection there can be no apprehension and conviction. The only way to prevent some entity from eavesdropping on one's computer or computer terminal is for the equipment not to give off compromising emanation; it must be TEMPEST Certified. The United States can solve this problem by taking a proactive stance on compromising emanations. The National Institute of Standards and Technology (NIST[30]) is in charge of setting forth standards of computer security for the private sector. NIST is also charged with doing basic research to advance the art of computer security. Currently NIST does not discuss TEMPEST with the private sector. For privacy's sake, this policy must be changed to a proactive one. The NIST should publicize the TEMPEST ELINT threat to computer security and should set up a rating system for level of emanations produced by computer equipment.[31] Further, legislation should be enacted to require the labeling of all computer equipment with its level of emanations and whether it is TEMPEST Certified. Only if the public knows of the problem can it begin to take steps to solve it. Title III makes possession of a surveillance device a crime, unless it is produced under contract to the government. This means that research into surveillance and counter-surveillance equipment is monopolized by the government and a few companies working under contract with NACSIM 5100A is classified, as are all details of TEMPEST. To obtain access to it, contractor must prove that there is demand within the government for the specific type of equipment that intend to certify. Since the standard is classified, the contractors can not sell the equipment to non-secure governmental agencies or the public. This prevents reverse engineering of the standard for its physical embodiment, the Certified equipment. By preventing the private sector from owning this anti- eavesdropping equipment, the NSA has effectively prevented the them from protecting the information in their computers. the government. If TEMPEST eavesdropping is criminalized, then possession of TEMPEST ELINT equipment will be criminal. Unfortunately,this does not solve the problem. Simple TEMPEST ELINT equipment is easy to make. For just a few dollars many older television sets can be modified to receive and reconstruct EMR. For less than a hundred dollars a more sophisticated TEMPEST ELINT receiver can be produced[32]. The problem with criminalizing the possession of TEMPEST ELINT equipment is not just that the law will have little effect on the use of such equipment, but that it will have a negative effect on counter-measures research. To successfully design counter-measures to a particular surveillance technique it is vital to have a complete empirical understanding of how that technique works. Without the right to legally manufacture a surveillance device there is no possible way for a researcher to have the knowledge to produce an effective counter-measures device. It is axiomatic: without a surveillance device, it is impossible to test a counter-measures device. A number of companies produce devices to measure the emanations from electrical equipment. Some of these devices are specifically designed for bench marking TEMPEST Certified equipment. This does not solve the problem. The question arises: how much radiation at a particular frequency is compromising? The current answer is to refer to NACSIM 5100A. This document specifies the emanations levels suitable for Certification. The document is only available to United States contractors having sufficient security clearance and an ongoing contract to produce TEMPEST Certified computers for the government. Further, the correct levels are specified by the NSA and there is no assurance that, while these levels are sufficient to prevent eavesdropping by unfriendly operatives, equipment certified under NACSIM 5100A will have levels low enough to prevent eavesdropping by the NSA itself. The accessibility of supposedly correct emanations levels does not solve the problem of preventing TEMPEST eavesdropping. Access to NACSIM 5100A limits the manufacturer to selling the equipment only to United States governmental agencies with the need to process secret information.[33] Without the right to possess TEMPEST ELINT equipment manufacturers who wish to sell to the public sector cannot determine what a safe level of emanations is. Further those manufacturers with access to NACSIM 5100A should want to verify that the levels set out in the document are, in fact, low enough to prevent interception. Without an actual eavesdropping device with which to test, no manufacturer will be able to produce genuinely uncompromising equipment. Even if the laws allow ownership of TEMPEST Certified equipment by the public, and even if the public is informed of TEMPEST's threat to privacy, individuals' private information will not necessarily by protected. Individuals may choose to protect their own information on their own computers. Companies may choose whether to protect their own private information. But companies that hold the private information of individuals must be forced to take steps to protect that information. In England the Data Protection Act 1984[34] imposes sanctions against anyone who stores the personal information[35] on a computer and fails to take reasonable measures to prevent disclosure of that information. The act mandates that personal data may not be stored in any computer unless the computer bureau or data user[36] has registered under the act.[37] This provides for a central registry and the tracking of which companies or persons maintain databases of personal information. Data users and bureaux must demonstrate a need and purpose behind their possession of personal data. The act provides tort remedies to any person who is damaged by disclosure of the personal data.[38] Reasonable care to prevent the disclosure is a defense.[39] English courts have not yet ruled what level of computer security measures constitute reasonable care. Considering the magnitude of invasion possible with TEMPEST ELINT it should be clear by now that failure to use TEMPEST Certified equipment is prima facie unreasonable care. The Remedies section of the act provides incentive for these entities to provide successful protection of person data from disclosure or illicit access. Failure to protect the data will result in monetary loss. This may be looked at from the economic efficiency viewpoint as allocating the cost of disclosure the persons most able to bear those costs, and also most able to prevent disclosure. Data users that store personal data would use TEMPEST Certified equipment as part of their computer security plan, thwarting would-be eavesdroppers. The Data Protection Act 1984 allocates risk to those who can bear it best and provides an incentive for them to keep other individuals' data private. This act should be adopted by the United States as part of a full-spectrum plan to combat TEMPEST eavesdropping. Data users are in the best position to prevent disclosure through proper computer security. Only by making them liable for failures in security can we begin to rein in TEMPEST ELINT. VII Recommendations Do not criminalize TEMPEST ELINT. Most crimes that TEMPEST ELINT would aid, such a insider trading, are already illegal; the current laws are adequate. The National Institute of Standards and Technology should immediately begin a program to educate the private sector about TEMPEST. Only if individuals are aware of the threat can they take appropriate precautions or decide whether any precautions are necessary. Legislation should be enacted to require all electronic equipment to prominently display its level of emanations and whether it is TEMPEST Certified. If individuals are to choose to protect themselves they must be able to make a informed decision regarding how much protection is enough. TEMPEST Certified equipment should be available to the private sector. The current ban on selling to non- governmental agencies prevents individuals who need to protect information from having the technology to do so. Possession of TEMPEST ELINT equipment should not be made illegal. The inherently passive nature and simple design of TEMPEST ELINT equipment means that making its possession illegal will not deter crime; the units can be easily manufactured and are impossible to detect. Limiting their availability serves only to monopolize the countermeasures research, information, and equipment for the government; this prevents the testing, design and manufacture of counter-measures by the private sector. Legislation mirroring England's Data Protection Act 1984 should be enacted. Preventing disclosure of personal data can only be accomplished by giving those companies holding the data a reason to protect it. If data users are held liable for their failure to take reasonable security precautions they will begin to take reasonable security precautions, including the use of TEMPEST Certified equipment. References: 2. TEMPEST is an acronym for Transient Electromagnetic Pulse Emanation Standard. This standard sets forth the official views of the United States on the amount of electromagnetic radiation that a device may emit without compromising the information it is processing. TEMPEST is a defensive standard; a device which conforms to this standard is referred to as TEMPEST Certified. The United States government has refused to declassify the acronym for devices used to intercept the electromagnetic information of non-TEMPEST Certified devices. For this note, these devices and the technology behind them will also be referred to as TEMPEST; in which case, TEMPEST stands for Transient Electromagnetic Pulse Surveillance Technology. The United States government refuses to release details regarding TEMPEST and continues an organized effort to censor the dissemination of information about it. For example the NSA succeeded in shutting down a Wang Laboratories presentation on TEMPEST Certified equipment by classifying the contents of the speech and threatening to prosecute the speaker with revealing classified information. [cite coming]. The pixels glow for only a very short time and must be routinely struck by the electron beam to stay lit. To maintain the light output of all the pixels that are supposed to be lit, the electron beam traverses the entire CRT screen sixty times a second. Every time the beam fires it causes a high voltage EMR emission. This EMR can be used to reconstruct the contents of the target CRT screen. TEMPEST ELINT equipment designed to reconstruct the information synchronizes its CRT with the target CRT. First, it uses the EMR to synchronize its electron gun with the electron gun in the target CRT. Then, when the TEMPEST ELINT unit detects EMR indicating that the target CRT fired on a pixel, the TEMPEST ELINT unit fires the electron gun of its CRT. The ELINT CRT is in perfect synchronism with the target CRT; when the target lights a pixel, a corresponding pixel on the TEMPEST ELINT CRT is lit. The exact picture on the target CRT will appear on the TEMPEST ELINT CRT. Any changes on the target screen will be instantly reflected in the TEMPEST ELINT screen. TEMPEST Certified equipment gives off emissions levels that are too faint to be readily detected. Certification levels are set out in National Communications Security Information Memorandum 5100A (NACSIM 5100A). "[E]mission levels are expressed in the time and frequency domain, broadband or narrow band in terms of the frequency domain, and in terms of conducted or radiated emissions." White, supra, note 9, 10.1. For a thorough though purposely misleading discussion of TEMPEST ELINT see Van Eck, Electromagnetic Radiation from Video Display units: An Eavesdropping Risk?, 4 Computers & Security 269 (1985). 3. This Note will not discuses how TEMPEST relates to the Warrant Requirement under the United States Constitution. Nor will it discuss the Constitutional exclusion of foreign nationals from the Warrant Requirement. protecting privacy under TEMPEST should be made freely available; TEMPEST Certified equipment should be legally available; and organizations possessing private information should be required by law to protect that information through good computer security practices and the use of TEMPEST Certified equipment. 4. HUMINT has been used by the United States since the Revolution. "The necessity of procuring good intelligence is apparent & need not be further urged -- All that remains for me to add is, that you keep the whole matter as secret as possible. For upon Secrecy, Success depends in Most Enterprises of the kind, and for want of it, they are generally defeated, however well planned & promising a favorable issue." Letter of George Washington (Jul. 26, 1777). 5. "... I wish you to take every possible pains in your powers, by sending trusty persons to Staten Island in whom you can confide, to obtain Intelligence of the Enemy's situation & numbers -- what kind of Troops they are, and what Guards they have -- their strength & where posted." Id. 6. Eavesdrip is an Anglo-Saxon word, and refers to the wide overhanging eaves used to prevent rain from falling close to a house's foundation. The eavesdrip provided "a sheltered place where one could hide to listen clandestinely to conversation within the house." W. MORRIS & M. MORRIS, MORRIS DICTIONARY OF WORD AND PHRASE ORIGINS, 198 (1977). 9. There are two types of emissions, conducted and radiated. Radiated emissions are formed when components or cables act as antennas for transmit the EMR; when radiation is conducted along cables or other connections but not radiated it is referred to as "conducted". Sources include cables, the ground loop, printed circuit boards, internal wires, the power supply to power line coupling, the cable to cable coupling, switching transistors, and high-power amplifiers. WHITE & M. MARDIGUIAN, EMI CONTROL METHODOLOGY AND PROCEDURES, 10.1 (1985). "[C]ables may act as an antenna to transmit the signals directly or even both receive the signals and re-emit them further away from the source equipment. It is possible that cables acting as an antenna in such a manner could transmit the signals much more efficiently than the equipment itself...A similar effect may occur with metal pipes such as those for domestic water supplies. ... If an earthing [(grounding)] system is not installed correctly such that there is a path in the circuit with a very high resistance (for example where paint prevents conduction and is acting as an insulator), then the whole earthing system could well act in a similar fashion to an antenna. ... [For a VDU] the strongest signals, or harmonics thereof, are usually between 60-250 MHz approximately. There have however been noticeable exception of extremely strong emissions in the television bands and at higher frequencies between 450-800 MHz. Potts, Emission Security, 3 COMPUTER LAW AND SECURITY REPORT 27 (1988). 10. The TEMPEST ELINT operator can distinguish between different VDUs in the same room because of the different EMR characteristics of both homo and heterogeneous units. "[T]here is little comparison between EMR characteristics from otherwise comparable equipment. Only if the [VDU] was made with exactly the same components is there any similarity. If some of the components have come from a different batch, have been updated in some way, and especially if they are from a different manufacturer, then completely different results are obtained. In this way a different mark or version of the same [VDU] will emit different signals. Additionally because of the variation of manufacturing standards between counties, two [VDUs] made by the same company but sourced from different counties will have entirely different EMR signal characteristics...From this it way be thought that there is such a jumble of emissions around, that it would not be possible to isolate those from any one particular source. Again, this is not the case. Most received signals have memory or the contents of its mass storage devices is more complicated and must be performed from a closer distance.[11] The reconstruction of information via EMR, a process for which the United States government refuses to declassify either the exact technique or even its name[12], is not limited to computers and digital devices but is applicable to all devices that generate electromagnetic radiation.[13] TEMPEST is especially effective against VDUs because they produce a very high level of EMR.[ a different line synchronization, due to design, reflection, interference or variation of component tolerances. So that if for instance there are three different signals on the same frequency ... by fine tuning of the RF receiver, antenna manipulation and modification of line synchronization, it is possible to lock onto each of the three signals separately and so read the screen information. By similar techniques, it is entirely possible to discriminate between individual items of equipment in the same room." Potts, supra note 9. 11. TEMPEST is concerned with the transient electromagnetic pulses formed by digital equipment. All electronic equipment radiates EMR which may be reconstructed. Digital equipment processes information as 1's and 0's--on's or off's. Because of this, digital equipment gives off pulses of EMR. These pulses are easier to reconstruct at a distance than the non-pulse EMR given off by analog equipment. For a thorough discussion the radiation problems of broadband digital information see e.g. military standard MIL-STD-461 REO2; White supra note 9, 10.2. 12. See supra note 2. 13. Of special interest to ELINT collectors are EMR from computers, communications centers and avionics. Schultz, Defeating Ivan with TEMPEST, DEFENSE ELECTRONICS 64 (June 1983). 14. The picture on a CRT screen is built up of picture elements (pixels) organized in lines across the screen. The pixels are made of material that fluoresces when struck with energy. The energy is produced by a beam of electrons fired from an electron gun in the back of the picture tube. The electron beam scans the screen of the CRT in a regular repetitive manner. When the voltage of the beam is high then the pixel it is focused upon emits photons and appears as a dot on the screen. 15. Pub. L. No. 90-351, 82 Stat. 197. The Act criminalizes trespassatory ELINT by individuals as well as governmental agents. cf. Katz v. United States, 389 U.S. 347 (1967) (Fourth Amendment prohibits surveillance by government not individuals.) 16. 18 U.S.C. 2511(1)(a). 17. United States v. Hall, 488 F.2d 193 (9th Cir. 1973) (found no legislative history indicating Congress intended the act to include radio-telephone conversations). Further, Title III only criminalized the interception of "aural" communications which excluded all forms of computer communications. 18. Willamette Subscription Television v. Cawood, 580 F.Supp 1164 (D. Or. 1984) (non-wire communications lacks any expectation of privacy). 19. Pub. L. No. 99-508, 100 Stat. 1848 (codified at 18 U.S.C. 2510-710) [hereinafter ECPA]. 20. 18 U.S.C. 2511(1)(a) criminalizes the interception of "any wire, oral or electronic communication" without regard to an expectation of privacy. 21. Interception of Communications Act 1985, Long Title, An Act to make new provision for and in connection with the interception of communications sent by post or by means of public telecommunications systems and to amend section 45 of the Telecommunications Act 1984. 22. Interception of Communications Act 1985 1, Prohibition on Interception: (1) Subject to the following provisions of this section, a person who intentionally intercepts a communication in the course of its transmission by post or by means of a public telecommunications system shall be guilty of an offence and liable-- (a) on summary conviction, to a fine not exceeding the statutory maximum; (b) on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine or to both. *** 23. Tapping (aka trespassatory eavesdropping) is patently in violation of the statute. "The offense created by section 1 of the Interception of Communications Act 1985 covers those forms of eavesdropping on computer communications which involve "tapping" the wires along which messages are being passed. One problem which may arise, however, is the question of whether the communication in question was intercepted in the course of its transmission by means of a public telecommunications system. It is technically possible to intercept a communication at several stages in its transmission, and it may be a question of fact to decide the stage at which it enters the "public" realm. -THE LAW COMMISSION,WORKING PAPER NO. 110: COMPUTER MISUSE, 3.30 (1988). 24. "There are also forms of eavesdropping which the Act does not cover. For example. eavesdropping on a V.D.U. [referred to in this text as a CRT] screen by monitoring the radiation field which surrounds it in order to display whatever appears on the legitimate user's screen on the eavesdropper's screen. This activity would not seem to constitute any criminal offence..." - THE LAW COMMISSION, WORKING PAPER NO. 110: COMPUTER MISUSE, 3.31 (1988). 25. 301.2(1) of the Canadian criminal code states that anyone who: ... without color of right, (a) obtains, directly or indirectly, any computer service, (b) by means of an electromagnetic ... or other device, intercepts or causes to be intercepted, either directly or indirectly, any function of a computer system ... [is guilty of an indictable offence]. 26. UNITED STATES SENTENCING COMM'N, FEDERAL SENTENCING GUIDELINES MANUAL (1988) (Principles Governing the Redrafting of the Preliminary Guidelines "g." (at an unknown page)) 27. There has been great debate over what exactly is a computer crime. There are several schools of thought. The more articulate school, and the one to which the author adheres holds that the category computer crime should be limited to crimes directed against computers; for example, a terrorist destroying a computer with explosives would fall into this category. Crimes such as putting ghost employees on a payroll computer and collecting their pay are merely age-old accounting frauds; today the fraud involves a computer because the records are kept on a computer. The computer is merely ancillary to the crime. This has been mislabeled computer crime and should merely be referred to as a fraud perpetrated with the aid of a computer. Finally, there are information crimes. These are crimes related to the purloining or alteration of information. These crimes are more common and more profitable due to the computer's ability to hold and access great amounts of information. TEMPEST ELINT can best be categorized as a information crime. 28. Compare, for example, the Watergate breakin in which the burglars were discovered when they returned to move a poorly placed spread spectrum bug. 29. TEMPEST Certified refers to the equipment having passed a testing and emanations regime specified in NACSIM 5100A. This classified document sets forth the emanations levels that the NSA believes digital equipment can give off without compromising the information it is processing. TEMPEST Certified equipment is theoretically secure against TEMPEST eavesdropping. 30. Previously the Bureau of Standards. The NIST is a division of the Commerce Department. 31. In this case computer equipment would include all peripheral computer equipment. There is no use is using a TEMPEST Certified computer if the printer or the modem are not Certified. 32. The NSA has tried to limit the availability of TEMPEST information to prevent the spread of the devices. For a discussion of the First Amendment and prior restraint See, e.g. The United States of America v. Progressive, Inc. 467 F.Supp 990 (1979, WD Wis.)(magazine intended to publish plans for nuclear weapon; prior restraint injunction issued), reh. den. United States v. Progressive Inc. 486 F.Supp 5 (1979, WD Wis.), motion den Morland v. Sprecher 443 US 709 (1979)(mandamus), motion denied United States v. Progressive, Inc. 5 Media L R (1979, 7th Cir.), dismd. without op. U.S. v. Progressive, Inc 610 F.2d 819 (1979, 7th Cir.); New York Times, Co. v. United States, 403 U.S. 713 (1971)(per curium)(Pentagon Papers case: setting forth prior restraint standard which government was unable to meet); T. EMERSON, THE SYSTEM OF FREEDOM OF EXPRESSION (1970); Balance Between Scientific Freedom and NAtional Security, 23 JURIMETRICS J. 1 (1982)(current laws and regulations limiting scientific and technical expression exceed the legitimate needs of national security); Hon. M. Feldman, Why the First Amendment is not Incompatible with National Security, HERITAGE FOUNDATION REPORTS (Jan. 14, 1987). Compare Bork, Neutral Principles and Some First Amendment Problems, 47 IND. L. J. 1 (First Amendment applies only to political speech); G. Lewy, Can Democracy Keep Secrets, 26 POLICY REVIEW 17 (1983)(endorsing draconian secrecy laws mirroring the English system). 33. For example, the NSA has just recently allowed the Drug Enforcement Agency (DEA) to purchase TEMPEST Certified computer equipment. The DEA wanted secure computer equipment because wealthy drug lords had were using TEMPEST eavesdropping equipment. 34. An Act to regulate the use of automatically processed information relating to individuals and the provision of services in respect of such information. -Data Protection Act 1984, Long Title. 35. "Personal data" means data consisting of information which relates to a living individual who can be identified from that 36. "Data user" means a person who holds data, and a persons "Holds" data if -- (a) the data form part of a collection of data processed or intended to be processed by or on behalf of that person as mentioned in subsection (2) above; [subsection (2) defines "data"] and (b) that person (either alone or jointly or in common with other persons) controls the contents and use of the data comprised in the collection; and (c) the data are in the form in which they have been or are intended to be processed as mentioned in paragraph (a) above or (though not for the time being in that form) in a form into which they have been converted after being so processed and with a view to being further so processed on a subsequent occasion. - Data Protection Act 1(5). 37. Data Protection Act 1984, 4,5. 38. An individual who is the subject of personal data held by a data user... and who suffers damage by reason of (1)(c) ... the disclosure of the data, or access having been obtained to the data without such authority as aforesaid shall be entitled to compensation from the data user... for any distress which the individual has suffered by reason of the ... disclosure or access. - Data Protection Act 1984 23. 39. ... it shall be a defense to prove that ... the data user ... had taken such care as in all the circumstances was reasonably required to prevent the... disclosure or access in question. Data Protection Act 1984 23(3)

Advanced TSCM Signals Detection and Analysis
TSCM - Sweeping the Spectrum for Eavesdropping Devices

Any comments or questions regarding this specific page?

Please feel free to sign our Guest Book

Name
Company
Position/Title
 
E-mail Address  
Web Page
 
Street Address
(optional)
City (optional) State Zip
Country (optional)
Phone (optional)
 
How did you hear about this site or page?
Do you need to have a bug sweep or other TSCM service performed?
Do you need any TSCM equipment?
 
Comments



| Home | What is TSCM | Types of Bugs | Warning Signs You're Bugged |
| How To Behave if Bugged | TSCM Threat Levels | How To Engage a TSCM Firm |
| Qualifications | TSCM Protocol | Bug Frequencies | Phone Taps and Bugging |
| Signal Analysis | TDR Analysis | TDR Tutorial | Wiretapping | Training | Tools |
| Equipment | OSC-5000 | Kaiser | Riser Bond | Avcom | Search Rcvrs |
| Outside Links | Recommended TSCM Books | TSCM Reference Library |
| Recommended U.S. TSCM Firms | TSCM-L Mailing List |


-----------------------

    To be contacted for a confidential consultation
    please E-mail: jmatk@tscm.com

    or send a letter via US Mail to:
    James M. Atkinson
    Granite Island Group
    127 Eastern Avenue #291
    Gloucester, MA 01931-8008

    or call:
    Telephone: (978) 546-3803 / Fax: (978) 546-9467

    URL: http://www.tscm.com/

Copyright ©2002, Granite Island Group