Date: Sun, 27 Feb 94 09:08:04 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#035
Computer Privacy Digest Sun, 27 Feb 94 Volume 4 : Issue: 035
Today's Topics: Moderator: Leonard P. Levine
Re: Electronic Banking
EFF on FBI Telephony Bill
FWD>FYI: Rivest's response
Networks & Community: Feb 25, 1994
Van Eck Radiation and Privacy
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: Zaf <punjanza@dunx1.ocs.drexel.edu>
Date: Thu, 24 Feb 1994 12:03:28 -0500 (EST)
Subject: Re: Electronic Banking
WHMurray@dockmaster had made some very good points about electronic
banking. He wrote:
History suggests that the adoption of new banking technology is
generational. That is, it requires 10-20 years to be adopted.
Many older people never adopt it. New exchange technology never
replaces old.
My mother's mother never used checks. My mother did not use credit
cards, ATMs, or automatic deposit. On the other hand, my 16 year
old godson has had an ATM card since he was nine.
I beg to differ on the point about his mother;s mother never using
checks. Checks fall under the catogary of negotiable instruments under
article three of the UCC (Uniform Commercial Code) under commercial
paper. As such, checks have been around a very long time.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: Fri, 25 Feb 1994 08:50:27 -0600 (CST)
Subject: EFF on FBI Telephony Bill
Organization: University of Wisconsin-Milwaukee
Electronic Frontier Foundation Statement on FBI Draft Digital Telephony
Bill
EFF has received a draft of the FBI's new, proposed "Digital Telephony"
bill. After initial analysis, we strongly condemn bill, which would
require all common carriers to construct their networks to deliver to
law enforcement agencies, in real time, both the contents of all
communications on their networks and the "signalling" or transactional
information.
In short, the bill lays the groundwork for turning the National
Information Infrastructure into a nation-wide surveillance system, to
be used by law enforcement with few technical or legal safeguards.
This image is not hyperbole, but a real assessment of the power of the
technology and inadequacy of current legal and technical privacy
protections for users of communications networks.
Although the FBI suggests that the bill is primarily designed to
maintain status quo wiretap capability in the face of technological
changes, in fact, it seeks vast new surveillance and monitoring tools.
Among the new powers given to law enforcement are:
1. Real-time access to transactional information creates the ability to
monitor individuals in real time.
The bill would require common carrier network (telephone companies and
anyone who plans to get into the telephone business, such as cable TV
companies) to deliver, in real time, so called "call setup
information." In the simplest case, call setup information is a list of
phone numbers dialed by a given telephone currently under
surveillance. As we all come to use electronic communications for more
and more purposes, however, this simple call setup information could
also reveal what movies we've order, which online information services
we've connected to, which political bulletin boards we've dialed, etc.
With increasing use of telecommunications, this simple transactional
information reveals almost as much about our private lives as would be
learned if someone literally followed us around on the street, watching
our every move.
We are all especially vulnerable to this kind of surveillance, because,
unlike wiretapping the *content* of our communications, it is quite
easy for law enforcement to get permission to obtain this transactional
information. Whereas courts scrutinize wiretap requests very
carefully, authorizations for access to call setup information are
routinely granted with no substantive review. Some federal agencies,
such as the IRS, even have the power to issue administrative subpoenas
on their own, without appearing before a court.
The real impact of the FBI proposal turns, in part, on the fact that it
is easy to obtain court approval for seizing transactional data.
The change from existing law contained in the FBI proposal is that
carriers would have to deliver this call setup information *in real
time*, directly to a remote listening post designated by law
enforcement. Today, the government can obtain this information, but
generally has to install a device (called a 'pen register') which is
monitored manually at the telephone company switching office.
2. Access to communication and signalling information for any mobile
communication, regardless of location allows tracking of an
individual's movements.
The bill requires that carriers be able to deliver either the contents
or transactional information associated with any subscriber, even if
that person is moving around from place to place with a cellular or PCS
phone. It is conceivable that law enforcement could use the signalling
information to identify that location of a target, whether that person
is the subject of a wiretap order, or merely a subpoena for call setup
information.
This provision takes a major step beyond current law in that it allows
for a tap and/or trace on a *person*, as opposed to mere surveillance
of a telephone line.
3. Expanded access to electronic communications services, such as the
Internet, online information services, and BBSs.
The privacy of electronic communications services such as electronic
mail is also put at grave risk. Today, a court order is required under
the Electronic Communications Privacy Act to obtain the contents of
electronic mail, for example. Those ECPA provisions would still apply
for the contents of such messages, but the FBI bill suggests that
common carriers might be responsible for delivering the addressing
information associated with electronic mail and other electronic
communications. For example, if a user connects to the Internet over
local telephone lines, law enforcement might be able to demand from the
telephone company information about where the user sent messages, and
into which remote systems that user connects. All of this information
could be obtained by law enforcement without every receiving a wiretap
order.
4. The power to shut down non-compliant networks
Finally, the bill proposes that the Attorney General have the power to
shut down any common carrier service that fails to comply with all of
these requirements. Some have already called this the "war powers"
provision. Granting the Department of Justice such control over our
nation's communications infrastructure is a serious threat to our First
Amendment right to send and receive information, free from undue
government intrusion.
********************************
The posting represents EFF's initial response to the new FBI proposal.
Several documents, including the full text of the proposed bill and a more
detailed section-by-section analysis are available by anonymous ftp on
EFF's ftp site.
This docuemnt is digtel94.announce
The documents can be located via ftp, gopher, or www, as follows:
ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94_bill.draft
ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94_analysis.eff
ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94.announce
for gopher, same but replace first part with:
gopher://gopher.eff.org/00/EFF/...
for WWW, same but replace first part with:
http:/www.eff.org/ftp/EFF/...
********************************
Press inquiries, contact:
Jerry Berman, Executive Director <jberman@eff.org>
Daniel Weitzner, Senior Staff Counsel <djw@eff.org>
+1 202-347-5400
--
Daniel J. Weitzner, Senior Staff Counsel <djw@eff.org>
Electronic Frontier Foundation 202-347-5400 (v)
1001 G St, NW Suite 950 East 202-393-5509 (f)
Washington, DC 20001
------------------------------
From: Dave Banisar <banisar@washofc.cpsr.org>
Date: Fri, 25 Feb 1994 22:43:48 EST
Subject: FWD>FYI: Rivest's response
Organization: CPSR Washington Office
------- Forwarded Message
Date: Fri, 25 Feb 94 16:24:20 EST
To: denning@cs.cosc.georgetown.edu
Cc: efbrick@cs.sandia.gov, hellman@isl.stanford.edu, Rivest@mc.lcs.mit.edu,
silvio@theory.lcs.mit.edu, smb@research.att.com, mab@research.att.com,
jim@rsa.com, diffie@eng.sun.com
Subject: Newsday Editorial
Hi Dorothy --
Thanks for sending me a copy of your editorial. But I find the
reasoning you present misleading and unpersuasive.
First, you argue that the clipper chip will be a useful law
enforcement tool. Given the small number of currently authorized
wiretaps per year (under 1000) and the ease of using alternative
encryption technology or superencryption, it seems plausible to me
that law enforcement could expect at most ten "successful" clipper
wiretaps per year. This is a pretty marginal basis for claiming that
clipper will "block crime".
Second, you seem to believe that anything that will "block crime" must
therefore be a "good thing" and should therefore be adopted. This is
not true, even if it is not subject to government abuse. For example,
a system that could turn any telephone (even when on-hook) into an
authorized listening microphone might help law enforcement, but would
be unacceptable to almost all Americans. As another example, tatooing
a person's social security number on his or her buttocks might help
law enforcement, but would also be objectionable. Or, you could
require all citizens to wear a bracelet that could be remotely queried
(electronically, and only when authorized) to return the location of
that citizen. There are all kinds of wonderfully stupid things one
could do with modern technology that could "help" law enforcement.
But merely being of assistance to law enforcement doesn't make a
proposal a good thing; many such ideas are objectionable and
unacceptable because of the unreasonably large cost/benefit ratio
(real or psychological cost). The clipper proposal, in
my opinion, is of exactly this nature.
Third, you seem unnecessarily polly-annish about our government and the
potential for abuse. The clipper proposal places all trust for its
management within the executive branch; a corrupt president could
direct that it be used for inappropriate purposes. The unspecified
nature of many of the associated procedures leaves much room to
speculate that there are "holes" that could be exploited by government
officials to abuse the rights of American citizens. Even if the
proposal were modified to split the trust among the various branches
of government, one might still reasonably worry about possible abuse.
Merely because you've met the current set of representatives of
various agencies, and feel you can trust them, doesn't mean that such
trust can be warranted in their successors. One should build in
institutional checks and balances that overcome occasional moral
lapses in one or more office holders.
Fourth, your discussion of "searching your home and seizing your
papers" is misleading. You seem to imply that because law enforcement
can be issued a warrant to search your home, that we should adopt
clipper. Yet this analogy only makes sense if individuals were
required to deposit copies of their front door keys with the
government. I can build any kind of house I wish (out of steel, for
example), and put any kind of locks on it, and wire up any kind of
intrusion detectors on it, etc. The government, armed with a search
warrant, is not guaranteed an "easy entry" into my home at all. The
appropriate analogical conclusion is that individuals should be able
to use any kind of encryption they want, and the government should be
allowed (when authorized, of course) to try and break their
encryption.
Finally, you argue (elsewhere, not in this editorial) that the decision
rests in part on "classified" information. Such an argument only makes
sense if there is a specific law-enforcement situation that makes such
classified information timely and relevant. (E.g., if there was a
current investigation as to whether the Department of the Treasury had
been infiltrated by organized crime.) The use of "classified information"
is otherwise generally inappropriate in discussing communications policy
that will last over decades.
This hardly covers all of the relevant issues, but it covers the
points that came immediately to mind in reading your editorial...
Cheers,
Ron
P.S. Feel free to pass along, quote, or otherwise re-distribute this...
-
----------------------------------------------------------------------------
--
Return-Path: <@axp1.acc.georgetown.edu:denning@cs.cosc.georgetown.edu>
Date: Wed, 23 Feb 1994 16:16:09 -0500 (EST)
From: Dorothy Denning <denning@cs.cosc.georgetown.edu>
Subject: Newsday Editorial
To: efbrick@cs.sandia.gov, hellman@isl.stanford.edu, Rivest@mc.lcs.mit.edu,
silvio@theory.lcs.mit.edu, smb@research.att.com,
mab@research.att.com
Cc: denning@guvax.acc.georgetown.edu
Content-Transfer-Encoding: 7BIT
======================================================================
| Newsday, Tuesday, February 22, 1994, Viewpoints |
======================================================================
The Clipper Chip Will Block Crime
By Dorothy E. Denning
Hidden among the discussions of the information highway is a fierce
debate, with huge implications for everyone. It centers on a tiny
computer chip called the Clipper, which uses sophisticated coding to
scramble electronic communications transmitted through the phone
system.
The Clinton administration has adopted the chip, which would allow
law enforcement agencies with court warrants to read the Clipper codes
and eavesdrop on terrorists and criminals. But opponents say that, if
this happens, the privacy of law-abiding individuals will be a risk.
They want people to be able to use their own scramblers, which the
government would not be able to decode.
If the opponents get their way, however, all communications on the
information highway would be immune from lawful interception. In a
world threatened by international organized crime, terrorism, and rogue
governments, this would be folly. In testimony before Congress, Donald
Delaney, senior investigator with the New York State Police, warned
that if we adopted an encoding standard that did not permit lawful
intercepts, we would have havoc in the United States.
Moreover, the Clipper coding offers safeguards against casual
government intrusion. It requires that one of the two components of
a key embedded in the chip be kept with the Treasury Department and the
other component with the Commerce Department's National Institute of
Standards and Technology. Any law enforcement official wanting to
wiretap would need to obtain not only a warrant but the separate
components from the two agencies. This, plus the superstrong code and
key system would make it virtually impossible for anyone, even corrupt
government officials, to spy illegally.
But would terrorists use Clipper? The Justice Department has
ordered $8 million worth of Clipper scramblers in the hope that they
will become so widespread and convenient that everyone will use them.
Opponents say that terrorists will not be so foolish as to use
encryption to which the government holds the key but will scramble
their calls with their own code systems. But then who would have
thought that the World Trade Center bombers would have been stupid
enough to return a truck that they had rented?
Court-authorized interception of communications has been essential
for preventing and solving many serious and often violent crimes,
including terrorism, organized crime, drugs, kidnaping, and political
corruption. The FBI alone has had many spectacular successes that
depended on wiretaps. In a Chicago case code-named RUKBOM, they
prevented the El Rukn street gang, which was acting on behalf of the
Libyan government, from shooting down a commercial airliner using a
stolen military weapons system.
To protect against abuse of electronic surveillance, federal
statutes impose stringent requirements on the approval and execution
of wiretaps. Wiretaps are used judiciously (only 846 installed
wiretaps in 1992) and are targeted at major criminals.
Now, the thought of the FBI wiretapping my communications appeals to
me about as much as its searching my home and seizing my papers.
But the Constitution does not give us absolute privacy from
court-ordered searches and seizures, and for good reason. Lawlessness
would prevail.
Encoding technologies, which offer privacy, are on a collision
course with a major crime-fighting tool: wiretapping. Now the
Clipper chip shows that strong encoding can be made available in a way
that protects private communications but does not harm society if it
gets into the wrong hands. Clipper is a good idea, and it needs
support from people who recognize the need for both privacy and
effective law enforcement on the information highway.
======================================================================
| Copyright Newsday. All rights reserved. This article can be freely |
| distributed on the net provided this note is kept intact, but it may |
| not be sold or used for profit without permission of Newsday. |
======================================================================
------------------------------
From: Sam Sternberg <SAMSAM@VM1.YORKU.CA>
Date: Fri, 25 Feb 1994 15:29:32 EST
Subject: Networks & Community: Feb 25, 1994
---------- Forwarded message ----------
Date: Fri, 25 Feb 1994 15:29:32 EST
From: Sam Sternberg <SAMSAM@VM1.YORKU.CA>
To: Multiple recipients of list COMMUNET
<COMMUNET%UVMVM.BITNET@uga.cc.uga.edu>
Subject: Networks & Community: Feb 25, 1994
NETWORKS AND COMMUNITY : feb 25, 1994
Networks and Community is devoted to encouraging
LOCAL resource creation & GLOBAL resource sharing.
The 10th report of 1994 is the 16th weekly survey.
-------------------------------------------------
This special issue is devoted to a discussion of several U.S.
government proposals to eliminate privacy for the average citizen,
including all users of the Internet and the phone system.
I will attempt to show that the Internet related proposal is so flawed
technically as to endanger the security of the country and that the
other proposals contribute to a possible loss of liberty for all
citizens.
While I am not a resident of the United States, I am an active user of
the internet and a promoter of its global utilization. In particular as
a advocate of civic networks I feel compelled to point out how U.S.
regulations and legislation will impact both the U.S and other
nations.
LEGISLATION
===========
The U.S. government, through the actions of various police and
intelligence agencies is undertaking a fundamental revision of the
traditional role of the state in the western industrial world. Many of
its activities related to privacy are being debated or contested by
users of the Internet. Many others are not.
Some of its efforts along this line have already been prevented by an
aware Congress. Hopefully the current crop will all be given a very
thorough examination; and where they lack merit - will be rejected.
Of particular note among the already rejected efforts is the
legislative proposal introduced in January of 1993 by Robert Solomon
(R-NY). His bill, HR380, would have required intelligence committee
members and their staff to submit to random polygraph testing to
prevent unauthorized disclosure of matters being considered by the
committee. The bill was rejected because it inverted the traditional
role of Congress and the Federal Agencies. It would have made congress
subject to the decisions of individuals who's only claim to
representation of public it the fact that they were public employees.
This week's arrest of Mr. Ames shows that mere employment - even
employment that requires regular submission to polygraph testing - is
no guarantee of loyalty to the best interests of the country.
Readers may recall that 2 weeks ago I raised exactly this issue of the
corruptibility of Intelligence staff in my discussion of the clipper
chip proposal.
Particularly noteworthy in the Ames case is the small amount of money
alleged to have been required to gain Mr. Ames assistance for Russia.
He may have been paid a princely $150,000 a year for his efforts. That
sum isn't even a drop in the bucket for any country or reasonable sized
business. For that pittance he is alleged to have compromised the
entire overseas intelligence network of the U.S.
He may not have been the first official in his position to have
compromised U.S. intelligence. James Jesus Angleton, head of U.S.
counterintelligence for nearly 30 years, was removed from office under
a similar cloud of suspicion. I will return to the issue of Mr.
Angleton's removal at the end of this report.
FLAWS IN THE CLIPPER CHIP PROPOSAL
The clipper chip proposal suffers from numerous flaws. The most
devastating are technical. The most worrisome would result from the
consequences of its implementation.
TECHNICAL
This proposal is based on the use of a "split key encryption system".
Such systems are not uncrackable. Instead they are time consuming to
crack. But every set of keys is crackable by a well known approach,
given enough time. The security the system provides lies in the
technical fact that the average time to crack such a set of keys with a
particular computer is currently many years. This does not mean that
some keys won't be randomly cracked in a few minutes. That can happen.
Its just that on average the time required might be many years.
Such a system normally permits the user to choose any key and to change
keys as often as the user desires. The adminstration's proposal freezes
the key once its chosen.
The ability to change keys provides the user with an additional
guarantee that even if his prior key was broken - his new key will
offer some assurance of privacy for a time.
The ability to choose any key permits the user to make his key longer
as the technical means of key cracking improves. The longer the key the
more time it takes to crack.
By freezing the key length and value the NSA provided proposal
guarantees that any country or company with sufficient money will soon
be able to crack any key rapidly.
The problem is simple - we are moving into an era of mutli-cpu
computers and of course the rate of change in computational power
is not slowing either.
The administration reports that the current scheme will take an
average of 35 years to crack. That's well and good - but they do
not report which computer chip that estimate was based on. Assuming
the fastest available chip was used; all that is needed to turn
the problem into just one days work, is a bank of 35 x 365
computers - or 12,775 computers. But wait. Machines are now on the
market that incorporate from 1,000 to 64 thousand cpu chips in a
single [ relatively inexpensive ] system. The 64k cpu system could
crack the code in about 3 hours on average.
In addition current lab systems using optical computing elements
look like they will provide a 1,000 fold increase in power within
the next 5 years. That would take the current scheme and make it
possible for a 64Kcpu system to crack the codes in under 1 second.
So any foreign nation or large corporation with some money and some
technical skill could just capture as much traffic as feasible and
then save it for a few years before being able to examine it at
will. This saving of old traffic has already been done and proved
useful by the allies. They found material captured during the
second world war and then stored; to be of use even decades later.
At the same time those nasties could systematicly attack the codes
used by their major competitors or rivals. You know, 3 hours and
you've got all the IBM traffic another 3 hours and you've cracked
the White House flows.
This flaw is fundamental to the proposal. But other problems of a
technical nature also exist.
1. Where are the keys kept.
The keys are to be kept with 2 separate agencies. Those agencies
are unfortunately both vitally linked to the intelligence
community.
NIST has long acted as a front agency for the NSA. Its cover
identity allows NSA staff to attend conferences without arousing
suspicion from wary academics and business people. The current
budget request an near doubling of the level of funding for NIST.
TREASURY is the home of the Secret Service and INTERPOL.
2. How are the keys sent and received.
They will be networked. So little wires will come out of the back
of each black box. Its efficient, but since these devices will be
kept in heavily guarded locations who will know just were the other
connections on this network are. There could for instance be more
than 2 boxes produces. None of us will ever be in a position to
know.
3. Who will guarantee that the keys won't be captured in transit.
They could be easily duplicated and sent to other machines.
REBIRTH OF THE DOMESTIC INTELLIGENCE STATE
These flaws are not trivial. But any scheme that attempts to meet
both the needs of police and of the citizenry will be flawed.
The danger lies in the natural tendency of policing agencies to
suspect everyone. It comes with the territory. The problem is not
new.
In 1989, William W. Keller, on the staff of the congressional
Office of Technical Assessment's program on international security
- which was examining the problem of international terrorism,
published an important study. His book is "The Liberals and J.
Edgar Hoover - RISE AND FALL OF A DOMESTIC INTELLIGENCE STATE. He
wrote it because he became fascinated by the history of counter
terrorism work in the U.S. In it he articulately and carefully
shows how a well intentioned FBI program to defend black civil
rights in the south turned into the Legendary COINTELLPRO program.
Congress dismantled the program once its excesses were exposed.
That program did not go forward without high level approval. The
highest level Justice official to approve it is now the U.S.
Secretary of State.
Mr. Keller closes his book with a warning that the domestic
intelligence state could return. He points out that new technology
will make it even harder to control if its starts up again. I think
his warning was prescient and needs attention now.
In the past both Congress and the White House have been subject to
monitoring and manipulation by elements of the police and
intelligence community.
THE DANGER FOR CONGRESS
During the Hoover years every phone in congress was taped.
Hoover liked to greet freshman congresspersons and let it slip that
he was privy to a conversation they recently had with someone in
the Halls of congress. This trick was made possible by the phone
taps. Someone calling an associate and reporting a conversation
made this possible.
It put the fear of Hoover and the mistrust of other congress people
uppermost in the minds of a freshman. The information from taps was
also used for planning on bills the community wanted passed over
opposition.
The Church committee hearings delved into these matters. Much was
covered in closed sessions. The final public report sanitized the
findings and reported that only 5 people had their phones tapped.
Any congressperson with suitable clearances can examine the
committee minutes in the classified stacks of the Library of
Congress. But most current congressional reps don't have the
clearances and were not serving at the time those hearings took
place. So history gets lost and forgotten.
At the very least Congress should not permit "low level" [ to use
Mr. Gore's disingenuous description of those making decisions on
the clipper chip proposal ] officials to choose its security system
for data services. Each office would be best served by purchasing
its own facilities. Preferably a software based system that was
more generally usable.
THE DANGER FOR THE WHITEHOUSE
As the ensign Radford incident shows, - during the Nixon years -
anxious members of the military were not beyond taping White House
phones when they are uncomfortable with administration positions
or actions. President Kennedy would have sensitive discussions
while walking in the White House garden. He was convinced that his
offices were tapped.
THE DANGER FOR THE INTELLIGENCE COMMUNITY
As the Ames case and the many that have gone before it show -
information made secret for whatever reason, becomes the target of
espionage. With the secrets of commerce and civic discourse
available to the intelligence community they too will become
targets. The next Mr. Ames will endanger far more the espionage
establishment if the clipper chip proposal and its companion bills
are passed.
THE DANGER FOR INDUSTRY AND COMMERCE
As I have previously pointed out. The intelligence and police
communities are too easily corrupted to be trusted with the
capacity to capture and reveal the private actions of American
firms. The problem is that their work breeds cynicism. While most
staff accept the cynicism and serve honourably; it only takes a few
dishonest individuals to subvert the commercial future of the U.S.
Those few having grown cynical, become greedy. The rest as they say
is "history".
THE DANGER FOR CIVIC DISCOURSE
The right of citizens to work on legislation or to engage privately
in any activity is paramount to a well functioning society. The
tendency of police states to evolve - as Mr Keller warns - is a
constant danger to the exercise of such rights by the citizenry.
Traditional police work cracked the World Trade Center bombing. It
will serve equally well in the future.
WHAT ACTION CAN BE TAKEN TO PROMOTE NATIONAL SECURITY
and PERSONAL OR COMMERCIAL PRIVACY
The most appropriate action - after reject this bill and the
companion bills on telecom and FBI rights to obtain personal
records without a court hearing - is to encourage additional
research on cryptographic security systems. The results should be
incorporated in technology including software that is readily
available. If the U.S. does not keep up with technical advances its
capacity to both defend itself and compete commercially will be
irreparably damaged.
There are many promising areas for research in improved security
systems. With a diversity of systems available it really does
become possible to attempt to safeguard governmental, commercial
and individual privacy. Many systems makes cracking more difficult.
Modernizing systems also helps prevent intrusion. As anyone who
has ever dealt with a virus on his system knows. The most
unexpected things can turn up on your system. Unless you can defeat
efforts to harm you or steal your secrets - you are vulnerable.
Cryptography defeating systems will evolve just as readily as
viruses. Only ongoing research will defeat these dangers.
ANOTHER LESSON FROM THE PAST
I mentioned the case of Mr Angleton earlier. There may be a lesson
to be learned from it. Mr Angleton effectively disrupted the U.S.
and allied intelligence communities for decades through his
excessive paranoia and his incompetent methods. He was finally
stopped when one official, Clare George, [ staff to the CIA ] wrote
a report pointing out that it really didn't matter if Mr Angleton
was sincere or a Soviet Mole. His behaviour was as disruptive as
if he was in fact a mole. Mr George's report was acted on.
Mr Angleton was retired, given a good pension, and other
indications of the appreciation of a grateful republic.
Perhaps the various groups responsible for this round of dangerous
nonsense should also be examined. It just might be the case that
they too deserve early retirement, a good pension, and the thanks
of a grateful republic.
==============================================
NETWORKS and COMMUNITY is a public service of FUTURE DATA; but this
issue is entirely the responsibility of Sam Sternberg
<samsam@vm1.yorku.ca>
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: Sun, 27 Feb 1994 08:37:32 -0600 (CST)
Subject: Van Eck Radiation and Privacy
Organization: University of Wisconsin-Milwaukee
Taken from the Risks-Forum Digest Saturday 26 February 1994 (15:59)
Peter G. Neumann, moderator
Date: Thu, 24 Feb 94 14:13:19 -0500
From: "Winn Schwartau" <p00506@psilink.com>
Subject: Van Eck Radiation Helps Catch Spies
Van Eck in Action
Over the last several years, I have discussed in great detail how the
electromagnetic emissions from personal computers (and electronic gear
in general) can be remotely detected without a hard connection and the
information on the computers reconstructed. Electromagnetic
eavesdropping is about insidious as you can get: the victim doesn't and
can't know that anyone is 'listening' to his computer. To the
eavesdropper, this provides an ideal means of surveillance: he can
place his eavesdropping equipment a fair distance away to avoid
detection and get a clear representation of what is being processed on
the computer in question. (Please see previous issues of Security
Insider Report for complete technical descriptions of the techniques.)
The problem, though, is that too many so called security experts, (some
prominent ones who really should know better) pooh-pooh the whole
concept, maintaining they've never seen it work. Well, I'm sorry that
none of them came to my demonstrations over the years, but Van Eck
radiation IS real and does work. In fact, the recent headline grabbing
spy case illuminates the point.
Exploitation of Van Eck radiation appears to be responsible, at least
in part, for the arrest of senior CIA intelligence officer Aldrich
Hazen Ames on charges of being a Soviet/Russian mole. According to the
Affidavit in support of Arrest Warrant, the FBI used "electronic
surveillance of Ames' personal computer and software within his
residence," in their search for evidence against him. On October 9,
1993, the FBI "placed an electronic monitor in his (Ames') computer,"
suggesting that a Van Eck receiver and transmitter was used to gather
information on a real-time basis. Obviously, then, this is an ideal
tool for criminal investigation - one that apparently works quite
well. (From the Affidavit and from David Johnston, "Tailed Cars and
Tapped Telephones: How US Drew Net on Spy Suspects," New York Times,
February 24, 1994.)
>From what we can gather at this point, the FBI black-bagged Ames'
house and installed a number of surveillance devices. We have a high
confidence factor that one of them was a small Van Eck detector which
captured either CRT signals or keyboard strokes or both. The device
would work like this:
A small receiver operating in the 22MHz range (pixel frequency) would
detect the video signals minus the horizontal and vertical sync
signals. Since the device would be inside the computer itself, the
signal strength would be more than adequate to provide a quality
source. The little device would then retransmit the collected data in
real-time to a remote surveillance vehicle or site where the
video/keyboard data was stored on a video or digital storage medium.
At a forensic laboratory, technicians would recreate the original
screens and data that Mr. Ames entered into his computer. The
technicians would add a vertical sync signal of about 59.94 Hz, and a
horizontal sync signal of about 27KHz. This would stabilize the roll
of the picture. In addition, the captured data would be subject to
"cleansing" - meaning that the spurious noise in the signal would be
stripped using Fast Fourier Transform techniques in either hardware or
software. It is likely, though, that the FBI's device contained within
it an FFT chip designed by the NSA a couple of years ago to make the
laboratory process even easier.
I spoke to the FBI and US Attorney's Office about the technology used
for this, and none of them would confirm or deny the technology used
"on an active case."
Of course it is possible that the FBI did not place a monitoring device
within the computer itself, but merely focused an external antenna at
Mr. Ames' residence to "listen" to his computer from afar, but this
presents additional complexities for law enforcement.
1. The farther from the source the detection equipment sits means
that the detected information is "noisier" and requires additional
forensic analysis to derive usable information.
2. Depending upon the electromagnetic sewage content of the
immediate area around Mr. Ames' neighborhood, the FBI surveillance
team would be limited as to what distances this technique would
still be viable. Distance squared attenuation holds true.
3. The closer the surveillance team sits to the target, the more
likely it is that their activities will be discovered.
In either case, the technology is real and was apparently used in this
investigation. But now, a few questions arise.
1. Does a court surveillance order include the right to remotely
eavesdrop upon the unintentional emanations from a suspect's
electronic equipment? Did the warrants specify this technique or
were they shrouded under a more general surveillance
authorization? Interesting question for the defense.
2. Is the information garnered in this manner admissible in
court? I have read papers that claim defending against this
method is illegal in the United States, but I have been unable to
substantiate that supposition.
3. If this case goes to court, it would seem that the
investigators would have to admit HOW they intercepted signals,
and a smart lawyer (contradictory allegory :-) would attempt to
pry out the relevant details. This is important because the
techniques are generally classified within the intelligence
community even though they are well understood and explained in
open source materials. How will the veil of national security be
dropped here?
To the best of my knowledge, this is the first time that the Government
had admitted the use of Van Eck (Tempest Busting etc.) in public. If
anyone knows of any others, I would love to know about it.
------------------------------
------------------------------
End of Computer Privacy Digest V4 #035
******************************
.