Date: Mon, 25 Mar 96 12:56:08 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V8#027
Computer Privacy Digest Mon, 25 Mar 96 Volume 8 : Issue: 027
Today's Topics: Moderator: Leonard P. Levine
Re: All Brothers May Be Watching Us
The Stalker's Home Page
Re: MS Internet Assistant Cache
Re: MS Internet Assistant Cache
Re: Privacy and Electronic Commerce
Re: More on SSNs
Re: More on SSNs
Re: 800 ANI
How Do Junk eMailers Get Addresses?
Individual RTP vs. Corporate FOS
Tempest Intrusion [long]
Info on CPD [unchanged since 11/22/95]
----------------------------------------------------------------------
From: huggins@tarski.eecs.umich.edu (James K. Huggins)
Date: 22 Mar 1996 13:37:11 -0500
Subject: Re: All Brothers May Be Watching Us
Organization: University of Michigan EECS Dept., Ann Arbor, MI
References: <comp-privacy8.26.10@cs.uwm.edu>
wjanssen@cs.vu.nl (Wouter Janssen) writes: Big Brother is watching
us? Probably, I don't know for sure, I'm just careful :) but did
you know just anybody can search a database and see what articles
you posted on which newsgroups lately?
<set sarcasm=on>
Did you know that when you post an article to a newsgroup, that just
about anyone can find out that you sent an article to that newsgroup?
Furthermore, did you know that anyone who has access to simple
news-reading software can read every word of that article? Who knows
who might end up with this information about you?
Oh ... you mean that's how Usenet is supposed to work? Never mind ...
<set sarcasm=off>
Seriously, I find it hard to consider this much of a threat to
privacy. Anyone with access to a news feed can accomplish much the
same by doing a simple search over all articles received for a
particular string (e.g. "Huggins"). DejaNews has simply provided a
nicer interface for such searches. They aren't making public any
information which wasn't already public.
I will grant that perhaps DejaNews is making such searches much easier
than possible before, but that isn't necessarily in the same class as,
say, a truly private set of communications being made public. Usenet
has never been truly private (except perhaps in its earliest days when
only an elite few knew about it).
--
Jim Huggins, Univ. of Michigan
"You cannot pray to a personal computer no matter how user-friendly it is."
(PGP key available upon request)
------------------------------
From: glr@ripco.com (Glen L. Roberts)
Date: 21 Mar 96 15:13 CST
Subject: The Stalker's Home Page
http://pages.ripco.com:8080/~glr/stalk.html
This is a page to demonstrate the nature in which single resources can
be combined into something much more significant. Any of the three
items here, alone, may appear to have little impact... but taken
together, you might feel differently.
There are three items on the page:
1) 90 Million name, USA white pages. Search by First few letters of
last name, or phone number!
2) Map of the USA. Once you use #1 to get the street address, use this
to get a map of the neighborhood... zoom in... zoom out... Appear to be
from the area...
3) Make reservations and go visit your prey...
Do it all on-line... do it all in just a moment!
Yes... it is to make a point! Where is YOUR privacy?
--------------------------
Glen L. Roberts
Articles, Catalog, Links, Downloadable Programs:
http://pages.ripco.com:8080/~glr/glr.html
Offset Printing Services & Prices:
http://pages.ripco.com:8080/~glr/printing.html
---------------------------
------------------------------
From: Dean Ridgway <ridgwad@PEAK.ORG>
Date: 22 Mar 1996 12:43:10 -0800
Subject: Re: MS Internet Assistant Cache
Organization: CS Outreach Services, Oregon State University, Corvallis, OR, USA
James K. Huggins points out: Netscape does allow you to change the
size of the cache (even to set it to 0), and to change how it uses
the cache. I don't know if MS Internet Assistant does so as well,
but I would guess it might be possible.
Levine writes: Another side point. Copyright usually is interpreted as
allowing a download of a file for viewing and reading. It usually is
interpreted as not allowing the copying of the file for reprinting and
further publication.
Thats nothing, what about the abuses of law enforcement? I have
recently heard about a police department that recently got caught
"planting" drugs on people. With this cache "feature" I can see future
cases where they begin "planting" child porn into someone's computer.
--
/\-/\ Dean Ridgway | Two roads diverged in a wood, and I-
( - - ) InterNet ridgwad@peak.org | I took the one less traveled by,
=\_v_/= FidoNet 1:357/1.103 | And that has made all the difference.
CIS 73225,512 | "The Road Not Taken" - Robert Frost.
http://www.peak.org/~ridgwad/
PGP mail encouraged, finger for key: 28C577F3 2A5655AFD792B0FB 9BA31E6AB4683126
------------------------------
From: "Mark W. Eichin" <eichin@kitten.gen.ma.us>
Date: 23 Mar 1996 00:53:47 -0500
Subject: Re: MS Internet Assistant Cache
Have I violated the copyright by the simple act of viewing the home
page? Have I violated it by the automatic caching done in my
little
Well, what you have done is introduce a topic that as far as I can tell
is *totally* irrelevant to the list :) as moderator, wouldn't you have
quashed that discussion?
There is plenty of this discussion in other parts of the net. There's a
copyright FAQ in particular which has reasonable clear and convincing
explanations. While on first glance, these issues may seem subtle and
complex, they're actually not...
------------------------------
From: peter@nmti.com (Peter da Silva)
Date: 23 Mar 1996 01:07:56 GMT
Subject: Re: Privacy and Electronic Commerce
Organization: Network/development platform support, NMTI
References: <comp-privacy8.26.12@cs.uwm.edu>
Joe Collins <collins@ait.nrl.navy.mil> wrote: There are many
possible fixes. Probably the most likely is the institution of
private "privacy brokers".
I think a likelier fix is the creation of various kinds of "electronic
cash", either something entirely cryyptologically secured like Ecash,
or simply the use of the electronic equivalents of passbook accounts.
You could establish an electronic passbook account with cash, and send
disbursement instructions via PGP-encrypted mail using a key
established when you deposited the money. Then you wouldn't have to
reveal your identity unless you had a dispute with the electronic bank
holding your deposit.
The issue isn't that electronic commerce is incompatible with privacy,
but that electronic *credit* is. And it's not always clear whan a
transaction is based on credit (for example, rentals are basically
credit transactions but people don't think of them that way).
--
Peter da Silva (NIC: PJD2) `-_-' 1601 Industrial Boulevard
Bailey Network Management 'U` Sugar Land, TX 77487-5013
+1 713 274 5180 "Har du kramat din varg idag?" USA
Bailey pays for my technical expertise. My opinions probably scare them
------------------------------
From: johnl@iecc.com (John R Levine)
Date: 23 Mar 96 17:09 EST
Subject: Re: More on SSNs
Organization: I.E.C.C., Trumansburg, N.Y.
If some other form of identification is used instead of the SSN we
will still have the same problem. I heard there is talk of using a
some form of a National ID number for all Americans. Privacy is
gone today.
Well, maybe. Part of the problem with the SSN situation the way it is
today is that the SSN is "pseudo-private", that is, in fact it's pretty
easy to find out someone's SSN, but far too many organizations act like
it's hard.
This means that many, many organizations conclude that anyone who
presents your name and SSN must be you. This makes identity theft much
easier -- there are lots of cases of bad guys presenting a person's
name and SSN and very little other data (address, maybe) and getting
credit cards. There are also lots of bank by phone systems where with
someone's bank account number (printed on every check) and SSN, you can
get access to the account and do all sorts of mischief.
If we all had our SSNs tatooed on our foreheads, that would at least
remove the fiction that knowing someone's SSN means anything other than
that you know someone's SSN.
There's a separate issue of using the SSN as a common identifier to
link unrelatred databases together, and indeed any commonly used ID
number could be so used.
--
John R. Levine, IECC, POB 640 Trumansburg NY 14886 +1 607 387 6869
johnl@iecc.com "Space aliens are stealing American jobs." - Stanford econ prof
------------------------------
From: Robert Gellman <rgellman@cais.cais.com>
Date: 23 Mar 1996 21:01:17 -0500
Subject: Re: More on SSNs
Organization: Capital Area Internet Service info@cais.com 703-448-4470
On Sat, 23 Mar 1996, John R Levine wrote:
Just out of nosiness, what's not codified? Ancient obsolete laws?
Private bills? Anything that doesn't strike the codifier as
interesting?
Okay, you asked for it. Some titles of US Code have been enacted into
positive law. This means that the whole title was enacted as a public
law in one fell swoop. Any future changes to that title must directly
amend the title itself. So when the Privacy Act was passed, some parts
of the public law enacting the Privacy Act were added to title 5 (which
had previously been enacted as positive law). Other parts were not
added to title 5 and had no natural place in US Code. Remember that
the law is what is found in Statutes At Large. US Code is, more or
less, a convevient reorganization of the official laws of the US found
in Statutes at Large.
For other titles not enacted into positive law, new laws are either
done as amendments (e.g., "The Act of March 23, 1943 is amended by
adding the following new sections at the end") or as free standing
laws. For these laws, the law revision counsel in the House makes
decisions about where the laws go into US Code. Title 42 is one of the
biggest titles, and it is not positive law and it is a mess. You will
find sections with numbers like 42 USC 453vvv because of the need to
stuff new laws into a logical sequence with existing ones. The Social
Security Act is a complete zoo, for example. This problem tends to
happen less with positive titles, but you can see from the cite to the
Privacy Act (5 USC 552a) that it had to be squeezed into a logical
place where there were no available section numbers. When a title is
already positive law, the Congress make the decision about where the
new law goes in US Code by direct amendment.
Now, back to the Privacy Act. What everyone tends to call the Privacy
Act of 1974 is actually section 3 of Public Law 93-579. This section
amended title 5, US Code, by adding a new section 552a. The other
sections of Public Law 93-579 were not formally added to title 5
anywhere and had no formal home in US Code. The codifiers could not
add the other sections to title 5 because it was positive law. So
rather than stuff the other parts (some of which were transitory, like
effective dates) as new sections in other uncodified titles, the
codifiers stuck these sections in the notes.
There are lots of uncodified laws. For example, appropriations laws
are not codified. To see some of the other other uncodified laws, go
to your law library and ask for US Code Service (not US Code and not US
Code Annotated). USCS has a volume of uncodified laws. Otherwise, to
find them you have to read the notes in US Code or Statutes at Large.
I warned you that you didn't want to know this, but you didn't listen.
+ + + + + + + + + + + + + + + + + + + + + + + + +
+ Robert Gellman rgellman@cais.com +
+ Privacy and Information Policy Consultant +
+ 431 Fifth Street S.E. +
+ Washington, DC 20003 +
+ 202-543-7923 (phone) 202-547-8287 (fax) +
+ + + + + + + + + + + + + + + + + + + + + + + + +
------------------------------
From: lachman@netcom.com (Hans Lachman)
Date: 24 Mar 1996 07:26:15 GMT
Subject: Re: 800 ANI
Organization: Agency for the Prevention of Evil
References: <comp-privacy8.18.10@cs.uwm.edu> <comp-privacy8.22.7@cs.uwm.edu> <comp-privacy8.25.5@cs.uwm.edu>
johnl@iecc.com (John R Levine) writes: An important question to
start with is how much per month extra you're willing to pay to
make 800 numbers blockable. Someone has to pay, and 800 customers
certainly don't have any interest in paying for this. If, as I
suspect, the answer for most people is "nothing", that suggests
that nothing's going to change.
I hope you're not a spokesman for the telecom industry, because if you
are, that would be a sad commentary on the attitude of the industry.
The position I'm advocating is primarily for intuitive user interfaces,
and secondarily for privacy. In the mass-market software industry, we
engage in expensive usability testing and analysis, with unknown
financial benefit. Our Usability group doesn't have any profit to
report. Should we fire them? No.
Traditionally, the telecom industry too has embraced the notion
that intuitive user interfaces are good. Consider the fact that
- you can use a telephone without a manual
- you don't have to know the difference between "tip" and "ring"
- you don't have to dial the country code of people in the same
country, or the area code of people in the same area
- phone numbers tend to be of a consistent format (at least within
a country, usually)
- consistent, simple phone numbers for operator, emergency, and
directory assistance (all working 24hrs)
- you get a meaningful error message if you do something wrong
(e.g., "the number has been disconnected" vs. "the number has
changed", etc.) instead of a meaningless "turkey tone"
- IDDD
Other freebies:
- free directories (even white pages)
- fiber optic communication lines ("pin drop")
- "no dial tone" situation far less frequent than industry spec
- etc.
The above might not be the best examples, but clearly the telecom
industry has spent time, money, and effort on intuitive user interfaces
and other apparent freebies. If they had fewer design constraints,
they could have delivered the technology more cheaply. If cost always
won out against intuitive user interfaces, we might all still be using
phones with a crank (or whatever). So, how much are you paying for all
this increased usability and extra features? Nothing? Hmmm....
The point is that the telecom industry can, does, and should deliver
technology that's intuitive for end users, even in cases where they
can't charge specific users for specific improvements. Of course, I'm
sure they can't take on all requests "just because it's a good idea",
but they should consider fixing what appears to be a usability problem
in an existing set of features (as was mentioned in the post that got
this whole thread started, i.e., *67 not consistently blocking the
caller's number, which is confusing for the 90%+ end users who don't
(and shouldn't have to) understand technical nuances of the telephone
system like the difference between ANI and CLID).
I guess I'm not surprised that 800 number owners (I take it you're one
of them) are the most vocal opponents of this particular usability
improvement. They can come up with endless reasons why this is not
technically, financially, or politically feasible, as if they were
spokesmen for the telecom industry. They see themselves as protecting
their turf, not wanting any change that could reduce the number of
calls they get or the amount of information they get about the caller.
And they ignore any solution (like mine in CPD vol. 8, iss. 21) that
lets both sides have their way, without having any solid argument
against it. I suppose that's because they benefit from the status quo,
whereby many callers don't know ANI is passed, and therefore 800 number
owners get more calls than they otherwise would.
If the cost of my original solution (apply CLID blocking options to
ANI; see CPD v8#21) is really so prohibitive, I'm sure I can come up
with some cheaper solutions (e.g., 800 owners get CLID box instead of
ANI; CPD v8#24). Here's an even cheaper solution than that: when a
caller makes a call with per-line or per-call blocking turned on, the
originating CO detects whether the call is to an 800/900 number, and
kills the call and returns a message like "the called party does not
accept calls with number blocking" or whatever. I used to work on
switch software and I can tell you this can be done in about 10 lines
of code (100 at most). The cost is probably around one cent per
customer per year, paid off in 10 years. I'd be willing to pay that.
Problem solved!
You're probably not going to like that, either, since you'll be getting
less calls on your 800 line. But the only calls you'll lose are those
where the caller didn't want you to have their number. You shouldn't
even be getting those calls now (but you don't mind that you do).
BOTTOM LINE
In the interest of intuitive user interfaces, not to mention privacy,
the telecom industry should make the meaning of *67 apply consistently
across CLID and 800/900. The justification is that the end user
rightly wants to think in terms of a simple abstraction like "I push
dese buttons, da number not given out". Usability analysts would
rightly argue that it's better to provide a UI that's intuitive than to
teach millions of people about the nuances of CLID and ANI. There are
cheap technical solutions, and expensive, but either way, the cost
should be counted as part of the budget to fix usability problems.
I'm optimistic that things will eventually change in favor of the end
user. After all, technology should conform to the needs of people, not
the other way around. But if we want to be cynical and say that they
won't change unless they can charge someone for it, then we might
consider barraging the telcos with calls asking why *67 doesn't work
for 800 numbers; then they'll ask the equipment manufacturers to fix
this so they can reduce customer service calls. But that's the
approach to use only if we want to be cynical about it. As I said
before, this is more a question of attitude toward end-user interests
than anything else.
It would be enlightening to hear from usability analysts in the telecom
industry.
--
Hans Lachman
------------------------------
From: lihou@ms2.hinet.net (Lee)
Date: 24 Mar 1996 19:28:42 GMT
Subject: How Do Junk eMailers Get Addresses?
Organization: DCI HiNet
Recently I have begun receiving more and more junk e-mail. The most
recent example involves a guy from the States (I live in Taiwan) who
sent some crazy marketing proposal. Sending junk back (replying)
usually doesn't work (sometimes really doesn't work and sometimes
doesn't have any effect)
As local customers here (and we foreigners together with them) don't
enjoy any protection (privacy, customer rights,..), please somebody
explain what are possible courses of (re)action an individual can
take.
I'd also appreciate if someone tell basic facts about how they get
other people's email addresses.
--
Thanks.
Sean
------------------------------
From: sybesma@netcom.com (Steven D. Sybesma)
Date: 18 Mar 1996 06:34:18 GMT
Subject: Individual RTP vs. Corporate FOS
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
I am posting here an e-mail message I just sent to Deja News about
their business practices. I didn't find out about what their service
consisted of (although I had vaguely heard of them) until I read the
Rocky Mountain News article from 3/10/96 entitled "Searched, stalked on
Internet").
If you find yourself in any sort of agreement with some of the ideas
I'm expressing in this message to Deja News, please let them know of
your concerns. I'm concerned about the individual's right to privacy
which I feel is superior to corporate freedom of speech, since the
corporation can exert a much greater damaging influence over an
individual than an individual can exert on a corporation, practically
speaking.
This has been a deeply heartfelt concern of mine for many years, and I
got started on this area of concern by fighting over the proliferate
practice of selling personal information on mailing lists, for
instance.
I would sincerely hope that anyone with sharp criticism toward what I
have to say here would have at least as deeply a heartfelt concern on
the opposite side of the issue as I have. I'm very passionate on this
subject.
Steven D. Sybesma
P.S.--The message follows:
------------------------------------------------------------------------------
Sent to dejanews.com Sun. 3/17/96:
It would be nice if you didn't automatically assume that you had a
right to compile this information for unlimited usage by anyone, and if
you asked permission of a person before you started to do this.
I don't believe in censorship in this case, and that's not the issue.
The issue is privacy, which I doubt you seriously believe in.
After all, what's the difference between what a stalker does and what
you do.
You didn't ask permission either and that's what bothers me.
There are some things I've posted in the past that I'd rather let die,
but your obvious plan to systematically collect and store every
newsgroup message ever posted will make it virtually impossible for
anyone who has ever had a change of mind about what they wrote to ever
be allowed a fresh start.
This process that you have involved yourself in promotes quiet
censorship.
Not only that, but don't you just feel a basic privacy issue here?
My words are MY words. I think you need to ask my permission before
you make any foolish assumptions about public domain. It's called
politeness.
I'm not asking you to agree with me philosophically, but just to
respect my reasonable request.
What bothers me so much about this is that I had to find out about Deja
News through an article in the Rocky Mountain News (Sun. 3/10/96) about
a certain Mr. John Kaufman who was being stalked on the Internet though
postings that YOUR COMPANY made available to the public.
If it's possible for an individual to spy on someone like Mr. Kaufman,
imagine what the government will be able to do using your service.
You aren't the censor yourself, but you appear to be the PERFECT
INSTRUMENT to carry out individual censorship by making innocent
individuals with strong (or otherwise) opinions have to fear being
watched by the government, for instance.
I don't see the balance between your unlimited right (with no
responsibility) to do what you do (without so much as seeking the
individual's permission) and my increasingly nominal right to free
speech (yet having to be held now forever responsible for what I've
said in past postings since your started archiving them).
I've had some changes of attitude and heart since some of the more
political postings I've made in the past few years, and would not want
them used against me because your company didn't let them die naturally
within days or weeks as they would have otherwise.
Take some moral and common sense responsibility upon yourself (as all
good corporations should) and respect the INDIVIDUAL'S right to have a
hand in deciding the permanent fate of their personal writings, public
or not.
It's common courtesy to the innocent poster who is ignorant of your
intent, not to mention your very existence.
This is my honest opinion, well stated.
*---------------------------------------------------------------------------*
|****Steven D. Sybesma**Post Office Box 31456**Aurora, CO 80041-0456 USA****|
| ****************Phone 1-303-363-6417**************** |
|---------------------------------------------------------------------------|
|Freedom and Liberty weren't invented here. We simply copied them from God.|
|---------------------------------------------------------------------------|
|The aim of socialism is for mankind to divorce itself from reliance on God.|
*---------------------------------------------------------------------------*
------------------------------
From: SpyKing <spyking@mne.net>
Date: 24 Mar 96 14:08:16 EST
Subject: Tempest Intrusion [long]
This may be of interest to your readers. You have my permission to use
it.
Nowhere to run...Nowhere to hide... The vulnerability of CRT's, CPU's
and peripherals to TEMPEST monitoring in the real world.
Copyright 1996, All Rights Reserved
By
Frank Jones
CEO
Technical Assistance Group
286 Spring Street
New York, New York 10013 USA
Tel: 212-989-9898
Fax: 212-337-0934
E-Mail: spyking@mne.net
URL: http://www.thecodex.com
George Orwell wrote the classic "1984" in 1949. He depicted a world in
which the government controlled it's citizens and a world devoid of
privacy. Many of the things Orwell wrote almost fifty years ago have
come to pass.
Surveillance technology has progressed to the point that is possible to
identify individuals walking city streets from satellites in orbit.
Telephone, fax and e-mail communications can routinely be monitored.
Personal information files are kept on citizens from cradle to grave.
There is nowhere to run...nowhere to hide...
The advent of the personal computer has revolutionized the way we do
business, keep records, communicate and entertain ourselves. Computers
have taken the place of typewriters, telephones, fax and telex
machines.
The Internet has opened up a new world of high speed and inexpensive
communications. How secure and private is it? There are many encryption
programs and hardware devices available for security purposes but what
about the computer terminal itself? How safe is it? What are it's
vulnerabilities? Hackers have been known to cause mischief from time
to time...Is it possible for an adversary to snoop on your private
data? Can Big Brother?
Suppose it was possible to aim a device or an antenna at your apartment
or home from across the street or down the block. Suppose you were
working on a confidential business project on your PC. Suppose that
device down the block could read what you were typing and viewing on
the CRT? Feeling uncomfortable? Suppose that device could monitor
everything you do on your computer by collecting electromagnetic
radiation emitted from your computer's CRT, CPU and/or peripheral
equipment, reconstruct those emissions into coherent receivable signals
and store them for later review? Feeling faint? Good. The technology
exists...and it has for some time....
You don't have to worry about a "middle of the night" break-in by some
clandestine government black-bag team to plant a bug. They never have
to enter your home or office. Seedy looking private investigators or
the information warrior won't be found tampering with your telephone
lines in the basement either...it's not necessary...all they have to do
is point an antenna...safely, from a distance away...and collect your
private data...
This surveillance technique has become known as TEMPEST monitoring.
TEMPEST stands for Transient Electromagnetic Pulse Standard. It is the
standard by which the government measures electromagnetic computer
emissions and details what is safe (allowed to leak) from monitoring.
The standards are detailed in NACSIM 5100A, a document which has been
classified by the National Security Agency. Devices which conform to
this standard are called TEMPEST certified.
In 1985, a Dutch scientist Wim van Eck published a paper which was
written about in the prestigious "Computers & Security" journal,
"Electromagnetic Radiation from Video Display Units: An Eavesdropping
Risk?" Vol 4 (4) pp 269-286. The paper caused a panic in certain
government circles and was immediately classified as is just about all
TEMPEST information.
Wim van Eck's work proved that Video Display Units (CRT's) emitted
electromagnetic radiation similar to radio waves and that they could be
intercepted, reconstructed and viewed from a remote location. This of
course compromises security of data being worked on and viewed by the
computer's user. Over the years TEMPEST monitoring has also been called
van Eck monitoring or van Eck eavesdropping.
In 1990, Professor Erhard Moller of Acchen University in Germany
published a paper, "Protective Measures Against Compromising
Electromagnetic Radiation Emitted by Video Display Terminals". Moller's
paper which updated in detail van Ecks's work also caused a furor.
The government's policy of TEMPEST secrecy has created a double edged
sword. By classifying TEMPEST standards, they inhibit private citizens
and industry by failing to provide the means of adequately shielding
PC's and/or computer facilities. There is an old saying, "You can't
drive a nail without the hammer". If concerned personnel don't know the
minimum standards for protection...how can they shield and protect?
Shielding does exist which can prevent individuals and companies from
being victims to TEMPEST monitoring. But without knowing the amount of
shielding necessary...
Perhaps this is the way the government wants it... My work has focused
on constructing a countermeasures device to collect and reconstruct
electromagnetic emissions from CRT's, CPU's and peripherals to diagnose
emission levels and give security personnel a hands-on tool with which
they can safeguard their computer data.
In testing my countermeasures device I concentrated on interception and
reconstruction of the three types of emitted electromagnetic radiation
written about in van Eck and Moller's work.
1. Electromagnetic radiation emitted from CRT's - similar to radio waves
2. Shell waves on the surface of connections and cables
3. Compromising radiation conducted through the power line
I found my greatest success (distance & quality) was in the collection
of emitted radiation from the CRT although we were equally successful
in our other experiments. In our opinion the greatest danger of TEMPEST
monitoring comes from off premises and we decided early on to
concentrate in this area. A workable countermeasures tool would give
security personnel a handle on distance from which compromising
electromagnetic radiation could be collected. Hopefully full
countermeasures would then be implemented.
This also is a double edged sword. The device I built albeit a
countermeasures tool...can be used as an offensive TEMPEST monitoring
device. My concerns however are that if such a device is not made
available to the private sector...then the private sector is at the
mercy of the information warrior using TEMPEST technology to gain an
unfair advantage.
TEMPEST MONITORING...HOW IT WORKS
TEMPEST monitoring is passive. It cannot be detected. The computer
emits compromising radiation which can be reconstructed from a remote
location. There is no need to ever come near the target. No reason
ever to go back to change a faulty bug like the Watergate burglars...It
can be performed from an office or a vehicle with no chance of
discovery. The premise is very simple.
All electronic devices emit some low level electromagnetic radiation.
Whenever an electric current changes in voltage level it generates
electromagnetic pulses that radiate invisible radio waves. Similar to
the ripples caused by dropping a small rock into a quite pool of water.
These electromagnetic radio waves can carry a great distance.
Computer monitors like televisions contain an electron gun in the back
of the picture tube which transmits a beam of electrons (electric
current). When the electrons strike the screen they cause the pixels
to fluoresce. This beam scans across the screen from top to bottom
very rapidly in a repetitive manner, line by line, flashing on and off,
making the screen light and dark, creating the viewed image. These
changes in the high voltage system of the monitor, generate the
incoherent signal that TEMPEST monitoring equipment receive,
reconstruct and view.
We have found that most monitors emit signals in the 20 to 250 Mhz
range although harmonics are fairly strong and can be intercepted.
Radiated harmonics of the video signal bear a remarkable resemblance to
broadcast TV signals although various forms of sync must be restored.
Associated unshielded cabling can act as an antenna and increase
interception range. Emissions can be conducted down power cables and
supplies. Computers attached to unshielded telephone lines are easy
prey as the telephone line acts as an excellent antenna. Printers and
their cables are not immune either. The average computer setup in the
home or office could be compared to a base station transmitting it's
signals all over the neighborhood.
Put quite simply, it is easy for someone with basic electronics
knowledge to eavesdrop on you, while you are using a computer. They
might not be able to steal everything from the hard disk but they can
view anything you do....see anything you see...
HOW IT'S DONE...THE COMPONENTS
A good commercial wide band radio receiver preferably designed for
surveillance (requires a little modification) with spectrum display.
Sensitivity and selectivity are paramount. Not all receivers will do
the job adequately
Horizontal and vertical sync generator. Commercially available and will
require some modification.
Video Monitor with Shielded cables
Active Directional Antenna (phased antenna array) with shielded
cables. Think radio telescope.
Video tape recording equipment. For capture and later review.
WHAT WE WERE ABLE TO CAPTURE...
Bench testing of the unit was quite successful in and around the
office. Several computers were targeted and interception of the data
was simple after injecting and restoring vertical and horizontal sync.
We had no problem viewing computer screens on adjacent floors in the
building (we were sometimes hindered by noise) and were able to
differentiate (to my surprise) between different computers in a large
office. We aimed our device out the window across the street at an
adjacent office building and were able to view CRT screens without too
much difficulty.
I should mention here that during the field tests NO DATA WAS STORED
FROM TARGET COMPUTERS. We were not on an eavesdropping mission. We
simply were interested in testing OUR equipment not spying on others.
Field testing of the unit was quite different and required continuing
manipulation of the equipment. From a vehicle in a suburban area we
were able to view active televisions inside homes ( the
cable/pay-per-view people could have a field day) and what programs
residents were watching. When we came across homes with active
computers we were able to view CRTs. Average range was approximately
300 yards.
We continued to test the device in a suburb of New York City with
startling results. We were able to view CRT screens at ATM machines,
banks, the local state lottery machine in a neighborhood candy store, a
doctor's office, the local high school, the fire department, the local
police department doing a DMV license plate check, a branch office of a
securities trader making a stock trade and the local gas station
tallying up his days receipts. We didn't expect that any of our
"targets" would be TEMPEST certified and we were correct.
BIGGER FISH IN A BIGGER POND
We took our DataScan device, as we named it, to New York City. The Big
Apple. We were interested in testing the integrity of various computer
facilities and also wanted to see how our device would operate in an
urban environment.
Let me start off by saying New York is in a lot of trouble. We started
at Battery Park (the southern tip of Manhattan Island) and headed north
to Wall Street. The US Customs building leaks information as well as
the Federal Reserve. Wall Street itself was a wealth of information for
anyone interested. With hundreds of securities and brokerage companies
located within a few blocks of each other, all an information warrior
need do is rent an office with a view and aim his antenna. We were able
to view CRT's in MANY executive offices.
The World Trade Center was fertile. It afforded open parking areas
nearby with millions of glass windows to snoop...we were most
successful snooping the lower floors from the street. We borrowed a
friends office at mid-tower in the south building and were able to view
CRT's in the north building easily.
We headed east towards the New York Post newspaper offices and read the
latest news off their monitors (which was printed the next day). We
headed north towards City Hall and NYPD Police Headquarters. Guess
what? They're not TEMPEST certified either...Neither is the United
Nations, any of the midtown banks, Con Edison (the power company) on
First Avenue, New York Telephone on 42nd Street or Trump Tower!
Citicorp's computer center in the SkyRink building on West 33rd Street
was a wealth of information also...
We found that with the proper frequency tuning, antenna manipulation,
reintroduction of sync and vehicle location , we could monitor just
about anyone, anywhere, anytime. There is no doubt in my mind that
TEMPEST eavesdropping is here to stay and something that must be dealt
with by computer and security professionals.
Passwords, files, proprietary data and records are all vulnerable to
the information warrior using TEMPEST monitoring equipment in a non
TEMPEST certified world.
POTENTIAL USERS OF TEMPEST MONITORING
Big Brother:
Yes, that's right. He does bug businesses. Sometimes with a court order
and sometimes without one. It's unclear under present American law
whether or not a court order would to needed to collect TEMPEST
information. You never know when Big Brother's on a witchhunt. Maybe he
suspects you of being a tax cheat, of insider trading, leftist
sympathies, etc. Remember Watergate? Now, the FBI wants to be able to
tap EVERY telephone, fax and data line in America at the turn of a
switch and they want US to pay for it...Using TEMPEST technology they
need never enter or come near your home or business.
Foreign Intelligence Services:
In the last days of the Bush Administration, the mission of the CIA was
partially changed to spy on foreign businesses and steal trade secrets
in response to the every growing surveillance of American industry by
foreign competitors and foreign intelligence services. The Japanese are
the worst. Most of the Japanese students living and attending school
the USA are economic trade spies. The French intelligence service
regularly bugged ALL the first class seats on AIR FRANCE flights to
eavesdrop on traveling foreign businessmen. EVERY foreign service in
the world is involved in corporate espionage to gain an economic
advantage for their own companies. Do you have a foreign competitor?
Then the chances are good that a foreign intelligence agency will spy
on you. TEMPEST technology is becoming the medium of choice .
The Activist:
Dedicated, yet misguided activists may wish to further their own cause
by releasing your private disclosures to the media. Every company
circulates confidential memos that would be embarrassing if released to
the public. TEMPEST technology makes corporate snooping simple.
The Dissident:
Dissidents want to damage more than your company's reputation. They may
use TEMPEST technology as a means of compromising your internal
security, valuable products and equipment, and even executive travel
plans in order to commit crimes against your person, family or
property!
Financial Operators
Unethical financiers can benefit greatly from prior knowledge of a
company's financial dealings. TEMPEST attacks can be mounted quickly
and from a distance with virtually no chance of discovery.
Competitors:
Competitors may seek to gain information on product development,
marketing strategies or critical vulnerabilities. Imagine the
consequences of a concerted TEMPEST attack on Wall Street. How much are
you going to offer for that stock next week? You need to buy how many
shares for control?
Unions:
Unscrupulous union negotiators may use TEMPEST technology to gain
knowledge of a company's bargaining strategies and vulnerabilities. Is
your company is having labor problems? Is your company is involved in
any type of litigation or lawsuit with a union? Does your company have
layoffs pending?
Employees:
One of your company's employees might use TEMPEST technology on another
to further his own career and to discredit his adversary. It would be a
simple matter for an adversary to plant a mole in your company who
could position TEMPEST monitoring equipment in the right direction even
though they might not be allowed to enter a specific restricted
area...
The Information Warrior:
Brokers may profit from selling your company's secrets to the highest
bidder, or maybe even to anyone who wants to know! Does your company
have stock that is traded publicly? Or will be soon? With TEMPEST
technology there is nowhere to run...nowhere to hide...Keep in mind
that anybody with money, power, influence, or sensitive information is
at serious risk.
FINDINGS AND RECOMMENDATIONS
Using simple off-the-shelf components with minor modifications we were
able to monitor computer CRTs "at-will" in suburban and urban
environments. We did not recreate the wheel. The TEMPEST monitoring
premise is simple and anyone with a basic knowledge of electronics
could construct such a device and use it with impunity.
Our DataScan device differs from earlier models because of the unique signal
amplification and directional antenna array used which we believe enhances
the collection process greatly.
It appears from our research that most individuals and companies do not
use TEMPEST certified equipment and most have never even heard of
TEMPEST.
I believe the media should be made aware of the problem in hope that
publicity about potential TEMPEST attacks will force the government to
release the information necessary to allow private citizens and
industry the means to properly secure their proprietary data.
Check out our WEB SITE - The Codex Privacy Page URL:
http://www.thecodex.com
The Codex Surveillance & Privacy Newsletter
DataScan - Diagnostic TEMPEST Evaluation System
Design and Fabrication of Specialized Systems
Technical Surveillance CounterMeasures (TSCM)
Forensic Audio Restoration & Audio Tape Enhancement
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 17 Mar 1996 09:14:50 -0600 (CST)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V8 #027
******************************
.