11.6.1. (some of this gets speculative and so may not be to
everyone's liking)
11.6.2. "What is TEMPEST and what's the importance of it?"
- TEMPEST apprarently stands for nothing, and hence is not an
acronym, just a name. The all caps is the standard
spelling.
- RF emission, a set of specs for complying
- Van Eyck (or Van Eck?) radiation
+ Mostly CRTs are the concern, but also LCD panels and the
internal circuitry of the PCs, workstations, or terminals.
- "Many LCD screens can be read at a distance. The signal
is not as strong as that from the worst vdus, but it is
still considerable. I have demonstrated attacks on Zenith
laptops at 10 metres or so with an ESL 400 monitoring
receiver and a 4m dipole antenna; with a more modern
receiver, a directional antenna and a quiet RF
environment there is no reason why 100 metres should be
impossible." [Ross Anderson, Tempest Attacks on Notebook
Computers ???, comp.security.misc, 1994-08-31]
11.6.3. What are some of the New Technologies for Espionage and
Surveillance
+ Bugs
+ NSA and CIA have developed new levels of miniaturized
bugs
- e.g., passive systems that only dribble out intercepted
material when interrogated (e.g., when no bug sweeps
are underway)
- many of these new bugging technologies were used in the
John Gotti case in New York...the end of the Cold War
meant that many of these technologies became available
for use by the non-defense side
- the use of such bugging technology is a frightening
development: conversations can be heard inside sealed
houses from across streets, and all that will be
required is an obligatory warrant
+ DRAM storage of compressed speech...6-bit companded,
frequency-limited, so that 1 sec of speech takes
50Kbits, or 10K when compressed, for a total of 36 Mbits
per hour-this will fit on a single chip
- readout can be done from a "mothership" module (a
larger bug that sits in some more secure location)
- or via tight-beam lasers
+ Bugs are Mobile
- can crawl up walls, using the MIT-built technology for
microrobots
- some can even fly for short distances (a few klicks)
+ Wiretaps
- so many approaches here
- phone switches are almost totally digital (a la ESS IV)
- again, software hacks to allow wiretaps
+ Vans equipped to eavesdrop on PCs and networks
+ TEMPEST systems
+ technology is somewhat restricted, companies doing this
work are under limitations not to ship to some
customers
- no laws against shielding, of course
- these vans are justified for the "war on drugs" and
weapons proliferation controle efforts (N.E.S.T., anti-
Iraq, etc.)
+ Long-distance listening
- parabolic reflectors, noise cancellation (from any off-
axis sources), high gain amplification, phoneme analysis
- neural nets that learn the speech patterns and so can
improve clarity
+ lip-reading
- with electronically stabilized CCD imagers, 3000mm lenses
- neural net-based lip-reading programs, with learning
systems capable of improving performance
- for those in sensitive positions, the availability of new
bugging methods will accelerate the conversion to secure
systems based on encrypted telecommunications and the
avoidance of voice-based systems
11.6.4. Digital Telephony II is a major step toward easier
surveillance
11.6.5. Citizen tracking
+ the governments of the world would obviously like to trace
the movements, or at least the major movements, of their
subjects
- makes black markets a bit more difficult
- surfaces terrorists, illegal immigrants, etc. (not
perfectly)
+ allows tracking of "sex offenders"
- who often have to register with the local police,
announce to their neighbors their previous crimes, and
generally wear a scarlet letter at all times--I'm not
defending rapists and child molesters, just noting the
dangerous precedent this is setting
- because its the nature of bureaucracies to want to know
where "their" subjects are (dossier society = accounting
society...records are paramount)
+ Bill Stewart has pointed out that the national health care
systems, and the issuance of social security numbers to
children, represent a way to track the movements of
children, through hospital visits, schools, etc. Maybe even
random check points at places where children gather (malls,
schools, playgrounds, opium dens, etc.)
- children in such places are presumed to have lesser
rights, hence...
- this could all be used to track down kidnapped children,
non-custodial parents, etc.
- this could be a wedge in the door: as the children age,
the system is already in place to continue the tracking
(about the right timetable, too...start the systme this
decade and by 2010 or 2020, nearly everybody will be in
it)
- (A true paranoid would link these ideas to the child
photos many schools are requring, many local police
departments are officially assisting with, etc. A dossier
society needs mug shots on all the perps.)
- These are all reasons why governments will continue to push
for identity systems and will seek to derail efforts at
providing anonymity
+ Surveillance and Personnel Identification
+ cameras that can recognize faces are placed in many
public places, e.g., airports, ports of entry, government
buildings
- and even in some private places, e.g., casinos, stores
that have had problems with certain customers, banks
that face robberies, etc.
+ "suspicious movements detectors"
+ cameras that track movements, loitering, eye contact
with other patrons
+ neural nets used to classify behvaiors
- legal standing not needed, as these systems are
used only to trigger further surveillance, not to
prove guilt in a court of law
- example: banks have cameras, by 1998, that can
identify potential bank robbers
- camera images are sent to a central monitoring
facility, so the usual ploy of stopping the silent
alarm won't work
- airports and train stations (fears of terrorists),
other public places
11.6.6. Cellular phones are trackable by region...people are getting
phone calls as they cross into new zones, "welcoming" them
- but it implies that their position is already being tracked
11.6.7. coming surveillance, Van Eck, piracy, vans
- An interesting sign of things to come is provided in this
tale from a list member: "In Britain we have 'TV detector
Vans'. These are to detect licence evaders (you need to pay
an annual licence for the BBC channels). They are provided
by the Department of Trade and Industry. They use something
like a small minibus and use Van Eck principles. They have
two steerable detectors on the van roof so they can
triangulate. But TV shops have to notify the Government of
buyers - so that is the basic way in which licence evaders
are detected. ... I read of a case on a bulletin board
where someone did not have a TV but used a PC. He got a
knock on the door. They said he appeared to have a TV but
they could not make out what channel he was watching!
[Martin Spellman, <mspellman@cix.compulink.co.uk>, 1994-
0703]
- This kind of surveillance is likely to become more and more
common, and raises serious questions about what _other_
information they'll look for. Perhaps the software piracy
enforcers (Software Publishers Association) will look for
illegal copies of Microsoft Word or SimCity! (This area
needs more discussion, obviously.)
11.6.8. wiretaps
- supposed to notify targets within 90 days, unless extended
by a judge
- Foreign Intelligence Surveillance Act cases are exempt from
this (it is likely that Cypherpunks wiretapped, if they
have been, for crypto activities fall under this
case...foreigners, borders being crossed, national security
implications, etc. are all plausible reasons, under the
Act)
By Tim May, see README
HTML by Jonathan Rochkind