Date: Mon, 25 Mar 96 12:56:08 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V8#027 Computer Privacy Digest Mon, 25 Mar 96 Volume 8 : Issue: 027 Today's Topics: Moderator: Leonard P. Levine Re: All Brothers May Be Watching Us The Stalker's Home Page Re: MS Internet Assistant Cache Re: MS Internet Assistant Cache Re: Privacy and Electronic Commerce Re: More on SSNs Re: More on SSNs Re: 800 ANI How Do Junk eMailers Get Addresses? Individual RTP vs. Corporate FOS Tempest Intrusion [long] Info on CPD [unchanged since 11/22/95] ---------------------------------------------------------------------- From: huggins@tarski.eecs.umich.edu (James K. Huggins) Date: 22 Mar 1996 13:37:11 -0500 Subject: Re: All Brothers May Be Watching Us Organization: University of Michigan EECS Dept., Ann Arbor, MI References: wjanssen@cs.vu.nl (Wouter Janssen) writes: Big Brother is watching us? Probably, I don't know for sure, I'm just careful :) but did you know just anybody can search a database and see what articles you posted on which newsgroups lately? Did you know that when you post an article to a newsgroup, that just about anyone can find out that you sent an article to that newsgroup? Furthermore, did you know that anyone who has access to simple news-reading software can read every word of that article? Who knows who might end up with this information about you? Oh ... you mean that's how Usenet is supposed to work? Never mind ... Seriously, I find it hard to consider this much of a threat to privacy. Anyone with access to a news feed can accomplish much the same by doing a simple search over all articles received for a particular string (e.g. "Huggins"). DejaNews has simply provided a nicer interface for such searches. They aren't making public any information which wasn't already public. I will grant that perhaps DejaNews is making such searches much easier than possible before, but that isn't necessarily in the same class as, say, a truly private set of communications being made public. Usenet has never been truly private (except perhaps in its earliest days when only an elite few knew about it). -- Jim Huggins, Univ. of Michigan "You cannot pray to a personal computer no matter how user-friendly it is." (PGP key available upon request) ------------------------------ From: glr@ripco.com (Glen L. Roberts) Date: 21 Mar 96 15:13 CST Subject: The Stalker's Home Page http://pages.ripco.com:8080/~glr/stalk.html This is a page to demonstrate the nature in which single resources can be combined into something much more significant. Any of the three items here, alone, may appear to have little impact... but taken together, you might feel differently. There are three items on the page: 1) 90 Million name, USA white pages. Search by First few letters of last name, or phone number! 2) Map of the USA. Once you use #1 to get the street address, use this to get a map of the neighborhood... zoom in... zoom out... Appear to be from the area... 3) Make reservations and go visit your prey... Do it all on-line... do it all in just a moment! Yes... it is to make a point! Where is YOUR privacy? -------------------------- Glen L. Roberts Articles, Catalog, Links, Downloadable Programs: http://pages.ripco.com:8080/~glr/glr.html Offset Printing Services & Prices: http://pages.ripco.com:8080/~glr/printing.html --------------------------- ------------------------------ From: Dean Ridgway Date: 22 Mar 1996 12:43:10 -0800 Subject: Re: MS Internet Assistant Cache Organization: CS Outreach Services, Oregon State University, Corvallis, OR, USA James K. Huggins points out: Netscape does allow you to change the size of the cache (even to set it to 0), and to change how it uses the cache. I don't know if MS Internet Assistant does so as well, but I would guess it might be possible. Levine writes: Another side point. Copyright usually is interpreted as allowing a download of a file for viewing and reading. It usually is interpreted as not allowing the copying of the file for reprinting and further publication. Thats nothing, what about the abuses of law enforcement? I have recently heard about a police department that recently got caught "planting" drugs on people. With this cache "feature" I can see future cases where they begin "planting" child porn into someone's computer. -- /\-/\ Dean Ridgway | Two roads diverged in a wood, and I- ( - - ) InterNet ridgwad@peak.org | I took the one less traveled by, =\_v_/= FidoNet 1:357/1.103 | And that has made all the difference. CIS 73225,512 | "The Road Not Taken" - Robert Frost. http://www.peak.org/~ridgwad/ PGP mail encouraged, finger for key: 28C577F3 2A5655AFD792B0FB 9BA31E6AB4683126 ------------------------------ From: "Mark W. Eichin" Date: 23 Mar 1996 00:53:47 -0500 Subject: Re: MS Internet Assistant Cache Have I violated the copyright by the simple act of viewing the home page? Have I violated it by the automatic caching done in my little Well, what you have done is introduce a topic that as far as I can tell is *totally* irrelevant to the list :) as moderator, wouldn't you have quashed that discussion? There is plenty of this discussion in other parts of the net. There's a copyright FAQ in particular which has reasonable clear and convincing explanations. While on first glance, these issues may seem subtle and complex, they're actually not... ------------------------------ From: peter@nmti.com (Peter da Silva) Date: 23 Mar 1996 01:07:56 GMT Subject: Re: Privacy and Electronic Commerce Organization: Network/development platform support, NMTI References: Joe Collins wrote: There are many possible fixes. Probably the most likely is the institution of private "privacy brokers". I think a likelier fix is the creation of various kinds of "electronic cash", either something entirely cryyptologically secured like Ecash, or simply the use of the electronic equivalents of passbook accounts. You could establish an electronic passbook account with cash, and send disbursement instructions via PGP-encrypted mail using a key established when you deposited the money. Then you wouldn't have to reveal your identity unless you had a dispute with the electronic bank holding your deposit. The issue isn't that electronic commerce is incompatible with privacy, but that electronic *credit* is. And it's not always clear whan a transaction is based on credit (for example, rentals are basically credit transactions but people don't think of them that way). -- Peter da Silva (NIC: PJD2) `-_-' 1601 Industrial Boulevard Bailey Network Management 'U` Sugar Land, TX 77487-5013 +1 713 274 5180 "Har du kramat din varg idag?" USA Bailey pays for my technical expertise. My opinions probably scare them ------------------------------ From: johnl@iecc.com (John R Levine) Date: 23 Mar 96 17:09 EST Subject: Re: More on SSNs Organization: I.E.C.C., Trumansburg, N.Y. If some other form of identification is used instead of the SSN we will still have the same problem. I heard there is talk of using a some form of a National ID number for all Americans. Privacy is gone today. Well, maybe. Part of the problem with the SSN situation the way it is today is that the SSN is "pseudo-private", that is, in fact it's pretty easy to find out someone's SSN, but far too many organizations act like it's hard. This means that many, many organizations conclude that anyone who presents your name and SSN must be you. This makes identity theft much easier -- there are lots of cases of bad guys presenting a person's name and SSN and very little other data (address, maybe) and getting credit cards. There are also lots of bank by phone systems where with someone's bank account number (printed on every check) and SSN, you can get access to the account and do all sorts of mischief. If we all had our SSNs tatooed on our foreheads, that would at least remove the fiction that knowing someone's SSN means anything other than that you know someone's SSN. There's a separate issue of using the SSN as a common identifier to link unrelatred databases together, and indeed any commonly used ID number could be so used. -- John R. Levine, IECC, POB 640 Trumansburg NY 14886 +1 607 387 6869 johnl@iecc.com "Space aliens are stealing American jobs." - Stanford econ prof ------------------------------ From: Robert Gellman Date: 23 Mar 1996 21:01:17 -0500 Subject: Re: More on SSNs Organization: Capital Area Internet Service info@cais.com 703-448-4470 On Sat, 23 Mar 1996, John R Levine wrote: Just out of nosiness, what's not codified? Ancient obsolete laws? Private bills? Anything that doesn't strike the codifier as interesting? Okay, you asked for it. Some titles of US Code have been enacted into positive law. This means that the whole title was enacted as a public law in one fell swoop. Any future changes to that title must directly amend the title itself. So when the Privacy Act was passed, some parts of the public law enacting the Privacy Act were added to title 5 (which had previously been enacted as positive law). Other parts were not added to title 5 and had no natural place in US Code. Remember that the law is what is found in Statutes At Large. US Code is, more or less, a convevient reorganization of the official laws of the US found in Statutes at Large. For other titles not enacted into positive law, new laws are either done as amendments (e.g., "The Act of March 23, 1943 is amended by adding the following new sections at the end") or as free standing laws. For these laws, the law revision counsel in the House makes decisions about where the laws go into US Code. Title 42 is one of the biggest titles, and it is not positive law and it is a mess. You will find sections with numbers like 42 USC 453vvv because of the need to stuff new laws into a logical sequence with existing ones. The Social Security Act is a complete zoo, for example. This problem tends to happen less with positive titles, but you can see from the cite to the Privacy Act (5 USC 552a) that it had to be squeezed into a logical place where there were no available section numbers. When a title is already positive law, the Congress make the decision about where the new law goes in US Code by direct amendment. Now, back to the Privacy Act. What everyone tends to call the Privacy Act of 1974 is actually section 3 of Public Law 93-579. This section amended title 5, US Code, by adding a new section 552a. The other sections of Public Law 93-579 were not formally added to title 5 anywhere and had no formal home in US Code. The codifiers could not add the other sections to title 5 because it was positive law. So rather than stuff the other parts (some of which were transitory, like effective dates) as new sections in other uncodified titles, the codifiers stuck these sections in the notes. There are lots of uncodified laws. For example, appropriations laws are not codified. To see some of the other other uncodified laws, go to your law library and ask for US Code Service (not US Code and not US Code Annotated). USCS has a volume of uncodified laws. Otherwise, to find them you have to read the notes in US Code or Statutes at Large. I warned you that you didn't want to know this, but you didn't listen. + + + + + + + + + + + + + + + + + + + + + + + + + + Robert Gellman rgellman@cais.com + + Privacy and Information Policy Consultant + + 431 Fifth Street S.E. + + Washington, DC 20003 + + 202-543-7923 (phone) 202-547-8287 (fax) + + + + + + + + + + + + + + + + + + + + + + + + + + ------------------------------ From: lachman@netcom.com (Hans Lachman) Date: 24 Mar 1996 07:26:15 GMT Subject: Re: 800 ANI Organization: Agency for the Prevention of Evil References: johnl@iecc.com (John R Levine) writes: An important question to start with is how much per month extra you're willing to pay to make 800 numbers blockable. Someone has to pay, and 800 customers certainly don't have any interest in paying for this. If, as I suspect, the answer for most people is "nothing", that suggests that nothing's going to change. I hope you're not a spokesman for the telecom industry, because if you are, that would be a sad commentary on the attitude of the industry. The position I'm advocating is primarily for intuitive user interfaces, and secondarily for privacy. In the mass-market software industry, we engage in expensive usability testing and analysis, with unknown financial benefit. Our Usability group doesn't have any profit to report. Should we fire them? No. Traditionally, the telecom industry too has embraced the notion that intuitive user interfaces are good. Consider the fact that - you can use a telephone without a manual - you don't have to know the difference between "tip" and "ring" - you don't have to dial the country code of people in the same country, or the area code of people in the same area - phone numbers tend to be of a consistent format (at least within a country, usually) - consistent, simple phone numbers for operator, emergency, and directory assistance (all working 24hrs) - you get a meaningful error message if you do something wrong (e.g., "the number has been disconnected" vs. "the number has changed", etc.) instead of a meaningless "turkey tone" - IDDD Other freebies: - free directories (even white pages) - fiber optic communication lines ("pin drop") - "no dial tone" situation far less frequent than industry spec - etc. The above might not be the best examples, but clearly the telecom industry has spent time, money, and effort on intuitive user interfaces and other apparent freebies. If they had fewer design constraints, they could have delivered the technology more cheaply. If cost always won out against intuitive user interfaces, we might all still be using phones with a crank (or whatever). So, how much are you paying for all this increased usability and extra features? Nothing? Hmmm.... The point is that the telecom industry can, does, and should deliver technology that's intuitive for end users, even in cases where they can't charge specific users for specific improvements. Of course, I'm sure they can't take on all requests "just because it's a good idea", but they should consider fixing what appears to be a usability problem in an existing set of features (as was mentioned in the post that got this whole thread started, i.e., *67 not consistently blocking the caller's number, which is confusing for the 90%+ end users who don't (and shouldn't have to) understand technical nuances of the telephone system like the difference between ANI and CLID). I guess I'm not surprised that 800 number owners (I take it you're one of them) are the most vocal opponents of this particular usability improvement. They can come up with endless reasons why this is not technically, financially, or politically feasible, as if they were spokesmen for the telecom industry. They see themselves as protecting their turf, not wanting any change that could reduce the number of calls they get or the amount of information they get about the caller. And they ignore any solution (like mine in CPD vol. 8, iss. 21) that lets both sides have their way, without having any solid argument against it. I suppose that's because they benefit from the status quo, whereby many callers don't know ANI is passed, and therefore 800 number owners get more calls than they otherwise would. If the cost of my original solution (apply CLID blocking options to ANI; see CPD v8#21) is really so prohibitive, I'm sure I can come up with some cheaper solutions (e.g., 800 owners get CLID box instead of ANI; CPD v8#24). Here's an even cheaper solution than that: when a caller makes a call with per-line or per-call blocking turned on, the originating CO detects whether the call is to an 800/900 number, and kills the call and returns a message like "the called party does not accept calls with number blocking" or whatever. I used to work on switch software and I can tell you this can be done in about 10 lines of code (100 at most). The cost is probably around one cent per customer per year, paid off in 10 years. I'd be willing to pay that. Problem solved! You're probably not going to like that, either, since you'll be getting less calls on your 800 line. But the only calls you'll lose are those where the caller didn't want you to have their number. You shouldn't even be getting those calls now (but you don't mind that you do). BOTTOM LINE In the interest of intuitive user interfaces, not to mention privacy, the telecom industry should make the meaning of *67 apply consistently across CLID and 800/900. The justification is that the end user rightly wants to think in terms of a simple abstraction like "I push dese buttons, da number not given out". Usability analysts would rightly argue that it's better to provide a UI that's intuitive than to teach millions of people about the nuances of CLID and ANI. There are cheap technical solutions, and expensive, but either way, the cost should be counted as part of the budget to fix usability problems. I'm optimistic that things will eventually change in favor of the end user. After all, technology should conform to the needs of people, not the other way around. But if we want to be cynical and say that they won't change unless they can charge someone for it, then we might consider barraging the telcos with calls asking why *67 doesn't work for 800 numbers; then they'll ask the equipment manufacturers to fix this so they can reduce customer service calls. But that's the approach to use only if we want to be cynical about it. As I said before, this is more a question of attitude toward end-user interests than anything else. It would be enlightening to hear from usability analysts in the telecom industry. -- Hans Lachman ------------------------------ From: lihou@ms2.hinet.net (Lee) Date: 24 Mar 1996 19:28:42 GMT Subject: How Do Junk eMailers Get Addresses? Organization: DCI HiNet Recently I have begun receiving more and more junk e-mail. The most recent example involves a guy from the States (I live in Taiwan) who sent some crazy marketing proposal. Sending junk back (replying) usually doesn't work (sometimes really doesn't work and sometimes doesn't have any effect) As local customers here (and we foreigners together with them) don't enjoy any protection (privacy, customer rights,..), please somebody explain what are possible courses of (re)action an individual can take. I'd also appreciate if someone tell basic facts about how they get other people's email addresses. -- Thanks. Sean ------------------------------ From: sybesma@netcom.com (Steven D. Sybesma) Date: 18 Mar 1996 06:34:18 GMT Subject: Individual RTP vs. Corporate FOS Organization: NETCOM On-line Communication Services (408 261-4700 guest) I am posting here an e-mail message I just sent to Deja News about their business practices. I didn't find out about what their service consisted of (although I had vaguely heard of them) until I read the Rocky Mountain News article from 3/10/96 entitled "Searched, stalked on Internet"). If you find yourself in any sort of agreement with some of the ideas I'm expressing in this message to Deja News, please let them know of your concerns. I'm concerned about the individual's right to privacy which I feel is superior to corporate freedom of speech, since the corporation can exert a much greater damaging influence over an individual than an individual can exert on a corporation, practically speaking. This has been a deeply heartfelt concern of mine for many years, and I got started on this area of concern by fighting over the proliferate practice of selling personal information on mailing lists, for instance. I would sincerely hope that anyone with sharp criticism toward what I have to say here would have at least as deeply a heartfelt concern on the opposite side of the issue as I have. I'm very passionate on this subject. Steven D. Sybesma P.S.--The message follows: ------------------------------------------------------------------------------ Sent to dejanews.com Sun. 3/17/96: It would be nice if you didn't automatically assume that you had a right to compile this information for unlimited usage by anyone, and if you asked permission of a person before you started to do this. I don't believe in censorship in this case, and that's not the issue. The issue is privacy, which I doubt you seriously believe in. After all, what's the difference between what a stalker does and what you do. You didn't ask permission either and that's what bothers me. There are some things I've posted in the past that I'd rather let die, but your obvious plan to systematically collect and store every newsgroup message ever posted will make it virtually impossible for anyone who has ever had a change of mind about what they wrote to ever be allowed a fresh start. This process that you have involved yourself in promotes quiet censorship. Not only that, but don't you just feel a basic privacy issue here? My words are MY words. I think you need to ask my permission before you make any foolish assumptions about public domain. It's called politeness. I'm not asking you to agree with me philosophically, but just to respect my reasonable request. What bothers me so much about this is that I had to find out about Deja News through an article in the Rocky Mountain News (Sun. 3/10/96) about a certain Mr. John Kaufman who was being stalked on the Internet though postings that YOUR COMPANY made available to the public. If it's possible for an individual to spy on someone like Mr. Kaufman, imagine what the government will be able to do using your service. You aren't the censor yourself, but you appear to be the PERFECT INSTRUMENT to carry out individual censorship by making innocent individuals with strong (or otherwise) opinions have to fear being watched by the government, for instance. I don't see the balance between your unlimited right (with no responsibility) to do what you do (without so much as seeking the individual's permission) and my increasingly nominal right to free speech (yet having to be held now forever responsible for what I've said in past postings since your started archiving them). I've had some changes of attitude and heart since some of the more political postings I've made in the past few years, and would not want them used against me because your company didn't let them die naturally within days or weeks as they would have otherwise. Take some moral and common sense responsibility upon yourself (as all good corporations should) and respect the INDIVIDUAL'S right to have a hand in deciding the permanent fate of their personal writings, public or not. It's common courtesy to the innocent poster who is ignorant of your intent, not to mention your very existence. This is my honest opinion, well stated. *---------------------------------------------------------------------------* |****Steven D. Sybesma**Post Office Box 31456**Aurora, CO 80041-0456 USA****| | ****************Phone 1-303-363-6417**************** | |---------------------------------------------------------------------------| |Freedom and Liberty weren't invented here. We simply copied them from God.| |---------------------------------------------------------------------------| |The aim of socialism is for mankind to divorce itself from reliance on God.| *---------------------------------------------------------------------------* ------------------------------ From: SpyKing Date: 24 Mar 96 14:08:16 EST Subject: Tempest Intrusion [long] This may be of interest to your readers. You have my permission to use it. Nowhere to run...Nowhere to hide... The vulnerability of CRT's, CPU's and peripherals to TEMPEST monitoring in the real world. Copyright 1996, All Rights Reserved By Frank Jones CEO Technical Assistance Group 286 Spring Street New York, New York 10013 USA Tel: 212-989-9898 Fax: 212-337-0934 E-Mail: spyking@mne.net URL: http://www.thecodex.com George Orwell wrote the classic "1984" in 1949. He depicted a world in which the government controlled it's citizens and a world devoid of privacy. Many of the things Orwell wrote almost fifty years ago have come to pass. Surveillance technology has progressed to the point that is possible to identify individuals walking city streets from satellites in orbit. Telephone, fax and e-mail communications can routinely be monitored. Personal information files are kept on citizens from cradle to grave. There is nowhere to run...nowhere to hide... The advent of the personal computer has revolutionized the way we do business, keep records, communicate and entertain ourselves. Computers have taken the place of typewriters, telephones, fax and telex machines. The Internet has opened up a new world of high speed and inexpensive communications. How secure and private is it? There are many encryption programs and hardware devices available for security purposes but what about the computer terminal itself? How safe is it? What are it's vulnerabilities? Hackers have been known to cause mischief from time to time...Is it possible for an adversary to snoop on your private data? Can Big Brother? Suppose it was possible to aim a device or an antenna at your apartment or home from across the street or down the block. Suppose you were working on a confidential business project on your PC. Suppose that device down the block could read what you were typing and viewing on the CRT? Feeling uncomfortable? Suppose that device could monitor everything you do on your computer by collecting electromagnetic radiation emitted from your computer's CRT, CPU and/or peripheral equipment, reconstruct those emissions into coherent receivable signals and store them for later review? Feeling faint? Good. The technology exists...and it has for some time.... You don't have to worry about a "middle of the night" break-in by some clandestine government black-bag team to plant a bug. They never have to enter your home or office. Seedy looking private investigators or the information warrior won't be found tampering with your telephone lines in the basement either...it's not necessary...all they have to do is point an antenna...safely, from a distance away...and collect your private data... This surveillance technique has become known as TEMPEST monitoring. TEMPEST stands for Transient Electromagnetic Pulse Standard. It is the standard by which the government measures electromagnetic computer emissions and details what is safe (allowed to leak) from monitoring. The standards are detailed in NACSIM 5100A, a document which has been classified by the National Security Agency. Devices which conform to this standard are called TEMPEST certified. In 1985, a Dutch scientist Wim van Eck published a paper which was written about in the prestigious "Computers & Security" journal, "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?" Vol 4 (4) pp 269-286. The paper caused a panic in certain government circles and was immediately classified as is just about all TEMPEST information. Wim van Eck's work proved that Video Display Units (CRT's) emitted electromagnetic radiation similar to radio waves and that they could be intercepted, reconstructed and viewed from a remote location. This of course compromises security of data being worked on and viewed by the computer's user. Over the years TEMPEST monitoring has also been called van Eck monitoring or van Eck eavesdropping. In 1990, Professor Erhard Moller of Acchen University in Germany published a paper, "Protective Measures Against Compromising Electromagnetic Radiation Emitted by Video Display Terminals". Moller's paper which updated in detail van Ecks's work also caused a furor. The government's policy of TEMPEST secrecy has created a double edged sword. By classifying TEMPEST standards, they inhibit private citizens and industry by failing to provide the means of adequately shielding PC's and/or computer facilities. There is an old saying, "You can't drive a nail without the hammer". If concerned personnel don't know the minimum standards for protection...how can they shield and protect? Shielding does exist which can prevent individuals and companies from being victims to TEMPEST monitoring. But without knowing the amount of shielding necessary... Perhaps this is the way the government wants it... My work has focused on constructing a countermeasures device to collect and reconstruct electromagnetic emissions from CRT's, CPU's and peripherals to diagnose emission levels and give security personnel a hands-on tool with which they can safeguard their computer data. In testing my countermeasures device I concentrated on interception and reconstruction of the three types of emitted electromagnetic radiation written about in van Eck and Moller's work. 1. Electromagnetic radiation emitted from CRT's - similar to radio waves 2. Shell waves on the surface of connections and cables 3. Compromising radiation conducted through the power line I found my greatest success (distance & quality) was in the collection of emitted radiation from the CRT although we were equally successful in our other experiments. In our opinion the greatest danger of TEMPEST monitoring comes from off premises and we decided early on to concentrate in this area. A workable countermeasures tool would give security personnel a handle on distance from which compromising electromagnetic radiation could be collected. Hopefully full countermeasures would then be implemented. This also is a double edged sword. The device I built albeit a countermeasures tool...can be used as an offensive TEMPEST monitoring device. My concerns however are that if such a device is not made available to the private sector...then the private sector is at the mercy of the information warrior using TEMPEST technology to gain an unfair advantage. TEMPEST MONITORING...HOW IT WORKS TEMPEST monitoring is passive. It cannot be detected. The computer emits compromising radiation which can be reconstructed from a remote location. There is no need to ever come near the target. No reason ever to go back to change a faulty bug like the Watergate burglars...It can be performed from an office or a vehicle with no chance of discovery. The premise is very simple. All electronic devices emit some low level electromagnetic radiation. Whenever an electric current changes in voltage level it generates electromagnetic pulses that radiate invisible radio waves. Similar to the ripples caused by dropping a small rock into a quite pool of water. These electromagnetic radio waves can carry a great distance. Computer monitors like televisions contain an electron gun in the back of the picture tube which transmits a beam of electrons (electric current). When the electrons strike the screen they cause the pixels to fluoresce. This beam scans across the screen from top to bottom very rapidly in a repetitive manner, line by line, flashing on and off, making the screen light and dark, creating the viewed image. These changes in the high voltage system of the monitor, generate the incoherent signal that TEMPEST monitoring equipment receive, reconstruct and view. We have found that most monitors emit signals in the 20 to 250 Mhz range although harmonics are fairly strong and can be intercepted. Radiated harmonics of the video signal bear a remarkable resemblance to broadcast TV signals although various forms of sync must be restored. Associated unshielded cabling can act as an antenna and increase interception range. Emissions can be conducted down power cables and supplies. Computers attached to unshielded telephone lines are easy prey as the telephone line acts as an excellent antenna. Printers and their cables are not immune either. The average computer setup in the home or office could be compared to a base station transmitting it's signals all over the neighborhood. Put quite simply, it is easy for someone with basic electronics knowledge to eavesdrop on you, while you are using a computer. They might not be able to steal everything from the hard disk but they can view anything you do....see anything you see... HOW IT'S DONE...THE COMPONENTS A good commercial wide band radio receiver preferably designed for surveillance (requires a little modification) with spectrum display. Sensitivity and selectivity are paramount. Not all receivers will do the job adequately Horizontal and vertical sync generator. Commercially available and will require some modification. Video Monitor with Shielded cables Active Directional Antenna (phased antenna array) with shielded cables. Think radio telescope. Video tape recording equipment. For capture and later review. WHAT WE WERE ABLE TO CAPTURE... Bench testing of the unit was quite successful in and around the office. Several computers were targeted and interception of the data was simple after injecting and restoring vertical and horizontal sync. We had no problem viewing computer screens on adjacent floors in the building (we were sometimes hindered by noise) and were able to differentiate (to my surprise) between different computers in a large office. We aimed our device out the window across the street at an adjacent office building and were able to view CRT screens without too much difficulty. I should mention here that during the field tests NO DATA WAS STORED FROM TARGET COMPUTERS. We were not on an eavesdropping mission. We simply were interested in testing OUR equipment not spying on others. Field testing of the unit was quite different and required continuing manipulation of the equipment. From a vehicle in a suburban area we were able to view active televisions inside homes ( the cable/pay-per-view people could have a field day) and what programs residents were watching. When we came across homes with active computers we were able to view CRTs. Average range was approximately 300 yards. We continued to test the device in a suburb of New York City with startling results. We were able to view CRT screens at ATM machines, banks, the local state lottery machine in a neighborhood candy store, a doctor's office, the local high school, the fire department, the local police department doing a DMV license plate check, a branch office of a securities trader making a stock trade and the local gas station tallying up his days receipts. We didn't expect that any of our "targets" would be TEMPEST certified and we were correct. BIGGER FISH IN A BIGGER POND We took our DataScan device, as we named it, to New York City. The Big Apple. We were interested in testing the integrity of various computer facilities and also wanted to see how our device would operate in an urban environment. Let me start off by saying New York is in a lot of trouble. We started at Battery Park (the southern tip of Manhattan Island) and headed north to Wall Street. The US Customs building leaks information as well as the Federal Reserve. Wall Street itself was a wealth of information for anyone interested. With hundreds of securities and brokerage companies located within a few blocks of each other, all an information warrior need do is rent an office with a view and aim his antenna. We were able to view CRT's in MANY executive offices. The World Trade Center was fertile. It afforded open parking areas nearby with millions of glass windows to snoop...we were most successful snooping the lower floors from the street. We borrowed a friends office at mid-tower in the south building and were able to view CRT's in the north building easily. We headed east towards the New York Post newspaper offices and read the latest news off their monitors (which was printed the next day). We headed north towards City Hall and NYPD Police Headquarters. Guess what? They're not TEMPEST certified either...Neither is the United Nations, any of the midtown banks, Con Edison (the power company) on First Avenue, New York Telephone on 42nd Street or Trump Tower! Citicorp's computer center in the SkyRink building on West 33rd Street was a wealth of information also... We found that with the proper frequency tuning, antenna manipulation, reintroduction of sync and vehicle location , we could monitor just about anyone, anywhere, anytime. There is no doubt in my mind that TEMPEST eavesdropping is here to stay and something that must be dealt with by computer and security professionals. Passwords, files, proprietary data and records are all vulnerable to the information warrior using TEMPEST monitoring equipment in a non TEMPEST certified world. POTENTIAL USERS OF TEMPEST MONITORING Big Brother: Yes, that's right. He does bug businesses. Sometimes with a court order and sometimes without one. It's unclear under present American law whether or not a court order would to needed to collect TEMPEST information. You never know when Big Brother's on a witchhunt. Maybe he suspects you of being a tax cheat, of insider trading, leftist sympathies, etc. Remember Watergate? Now, the FBI wants to be able to tap EVERY telephone, fax and data line in America at the turn of a switch and they want US to pay for it...Using TEMPEST technology they need never enter or come near your home or business. Foreign Intelligence Services: In the last days of the Bush Administration, the mission of the CIA was partially changed to spy on foreign businesses and steal trade secrets in response to the every growing surveillance of American industry by foreign competitors and foreign intelligence services. The Japanese are the worst. Most of the Japanese students living and attending school the USA are economic trade spies. The French intelligence service regularly bugged ALL the first class seats on AIR FRANCE flights to eavesdrop on traveling foreign businessmen. EVERY foreign service in the world is involved in corporate espionage to gain an economic advantage for their own companies. Do you have a foreign competitor? Then the chances are good that a foreign intelligence agency will spy on you. TEMPEST technology is becoming the medium of choice . The Activist: Dedicated, yet misguided activists may wish to further their own cause by releasing your private disclosures to the media. Every company circulates confidential memos that would be embarrassing if released to the public. TEMPEST technology makes corporate snooping simple. The Dissident: Dissidents want to damage more than your company's reputation. They may use TEMPEST technology as a means of compromising your internal security, valuable products and equipment, and even executive travel plans in order to commit crimes against your person, family or property! Financial Operators Unethical financiers can benefit greatly from prior knowledge of a company's financial dealings. TEMPEST attacks can be mounted quickly and from a distance with virtually no chance of discovery. Competitors: Competitors may seek to gain information on product development, marketing strategies or critical vulnerabilities. Imagine the consequences of a concerted TEMPEST attack on Wall Street. How much are you going to offer for that stock next week? You need to buy how many shares for control? Unions: Unscrupulous union negotiators may use TEMPEST technology to gain knowledge of a company's bargaining strategies and vulnerabilities. Is your company is having labor problems? Is your company is involved in any type of litigation or lawsuit with a union? Does your company have layoffs pending? Employees: One of your company's employees might use TEMPEST technology on another to further his own career and to discredit his adversary. It would be a simple matter for an adversary to plant a mole in your company who could position TEMPEST monitoring equipment in the right direction even though they might not be allowed to enter a specific restricted area... The Information Warrior: Brokers may profit from selling your company's secrets to the highest bidder, or maybe even to anyone who wants to know! Does your company have stock that is traded publicly? Or will be soon? With TEMPEST technology there is nowhere to run...nowhere to hide...Keep in mind that anybody with money, power, influence, or sensitive information is at serious risk. FINDINGS AND RECOMMENDATIONS Using simple off-the-shelf components with minor modifications we were able to monitor computer CRTs "at-will" in suburban and urban environments. We did not recreate the wheel. The TEMPEST monitoring premise is simple and anyone with a basic knowledge of electronics could construct such a device and use it with impunity. Our DataScan device differs from earlier models because of the unique signal amplification and directional antenna array used which we believe enhances the collection process greatly. It appears from our research that most individuals and companies do not use TEMPEST certified equipment and most have never even heard of TEMPEST. I believe the media should be made aware of the problem in hope that publicity about potential TEMPEST attacks will force the government to release the information necessary to allow private citizens and industry the means to properly secure their proprietary data. Check out our WEB SITE - The Codex Privacy Page URL: http://www.thecodex.com The Codex Surveillance & Privacy Newsletter DataScan - Diagnostic TEMPEST Evaluation System Design and Fabrication of Specialized Systems Technical Surveillance CounterMeasures (TSCM) Forensic Audio Restoration & Audio Tape Enhancement ------------------------------ From: "Prof. L. P. Levine" Date: 17 Mar 1996 09:14:50 -0600 (CST) Subject: Info on CPD [unchanged since 11/22/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the Subject: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Web browsers will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V8 #027 ****************************** .