7 August 2000
Source: US national business newspaper, August 7, 2000, front page. Intratext links by Cryptome.
For comprehensive Tempest information see: http://www.eskimo.com/~joelm/tempest.html
By MICHAEL J. MCCARTHY Staff Reporter
When most computer users worry about privacy in the digital age, they wonder who's reading their e-mail or watching where they go online. But inside the U.S. government, security officials have a much greater fear: Is someone with the right surveillance equipment tuning in to what is on their computer monitors from a nearby office, or a floor below or even across the street?
It can be done through thin air-no phone lines needed. Everyone's video-display terminal emits unique radio-frequency waves that can be isolated and captured with a "directional" antenna focused on a particular computer or room. Those signals can then be amplified with fairly inexpensive equipment and reconstructed to show precisely what is on your screen.
Letter by letter, a sales proposal, an R&D report or a note to a lawyer can be captured from as far away as several hundred yards.
Aside from scientists' demonstrations and one televised stunt in England in the 1980s, instances of this kind of computer surveillance haven't come to light.
But U.S. military and intelligence agencies have been concerned since at least the 1980s, and maybe earlier, about what they call in official documents "compromising emanations" from computers. The Department of Defense operates a classified program known as Tempest, under which it is designing and acquiring technology to defend against computer-screen surveillance, according to defense contractors and ex-military officials. The government is looking for protective materials and anti-surveillance monitoring tools that cap keep foreign spies from collecting stray signals from computers in defense labs or U.S. embassies.
A cottage industry of mostly small companies has quietly emerged to market such protective equipment. The main buyers are U.S. agencies and government-approved contractors. The official specifications for such equipment are classified.
But people involved in this shadowy trade say that it is possible that nonapproved corporations also are acquiring the technology -- or making it for themselves, as the ingredients and designs aren't particularly esoteric. And while suppliers all say they sell only defensive equipment, some of them concede that their products could easily be adjusted to do offensive surveillance.
Some large companies are also jumping into this cloak-and-dagger market. On its Web site, Siemens AG, the German engineering and electronics giant, advertises several "emission-proof PCs," including its Tempest Deskbook and Tempest PC-DZ0.
The secretive National Security Agency, the government's main communications-intelligence organization, has listed 18 companies on its Web site, including Motorola Inc., whose computer-protection equipment or testing services meet government standards. An NSA spokeswoman, however, refuses in a telephone interview to answer questions on the subject, saying the only information available is on the bare-bones Web page.
While it shops for computer-protection devices, the military is trying to make sure that other potential buyers are thwarted. Codex Data Systems Inc. has marketed over the Internet a scanner with which you can check whether a VDT, once shielded, is still leaking radio waves strong enough for snoops to pick up. The Army has begun buying the $20,000 units, according to the company. But Codex also says that it has agreed to a Pentagon request that it halt sales to anyone else.
Fearing the dissemination of this kind of equipment, the U.S. government has banned its sale abroad without a license. Last summer, the Federal Bureau of Investigation arrested a man in Virginia, who has since been sentenced to prison for trying to export a computer-monitor surveillance system.
The legality of spying on someone's VDT from afar is far from clear. States have anti-eavesdropping laws that may apply but which vary widely, from highly permissive to very restrictive.
Federal criminal law specifically bars intercepting and disclosing "any wire, oral or electronic communication." That rules out using a radio receiver to eavesdrop on someone's cell-phone call. But the federal law doesn't contemplate computer surveillance through the air and may not bar it, legal scholars say. Courts haven't yet had a chance to examine the question.
"Typing to yourself is not a 'communication,' which requires two parties," says Michael Froomkin, a University of Miami law professor who studies privacy and computers. "It's a real open question."
Some engineers and security experts say the threat of computer-screen spying has been overblown. They argue that there has been an explosion of devices, from PCs to cell phones, all emitting oceans of radio-frequency waves, which makes it harder to pinpoint the relatively weak radio waves from a single computer.
While technically feasible, the whole exercise of retrieving signals covertly, from vans parked outside offices, or otherwise, could be costly and difficult, these skeptics add. It would be simpler in the corporate context, for example, to bribe a janitor or a disloyal employee to infiltrate the company and nab coveted data, according to this view.
Capturing the contents of a computer screen is a surprisingly rudimentary process. Wim van Eck, a Dutch research scientist, laid out the specifics as far back as 1985, in an article in Computers & Security, a technical journal. One of his conclusions: "If no preventive measures are taken, eavesdropping on a video-display unit is possible at several hundreds of metres distance, using only a normal black-and-white TV receiver, a directional antenna and an antenna amplifier."
In a computer, some of the most powerful radiation emanates from the monitor, a cathode-ray tube in which electron guns fire streams of electrons more than 60 times a second to produce the images displayed. That bombardment produces wave frequencies, some of which overlap with the familiar VHF and UHF television bands.
In short, the invisible, information-bearing radio waves from a monitor are remarkably similar to a broadcast TV signal. A spy's scanner need only tune in the waves and process them line by line to replicate the image on the original screen.
Mr. van Eck did a little high-tech grandstanding 15 years ago, bringing along a crew from British Broadcasting Corp. to film him as he used an antenna-equipped van to snoop on computers inside buildings in London. The BBC featured the caper on a show called "Tomorrow's World," but Mr. van Eck didn't reveal any of the information he had viewed.
At the time, his demonstration was seen as an oddity. Desktop computers weren't yet fixtures in most offices or homes, processing everything from personal bank records to corporate secrets.
Concern was growing in the U.S. military, though, which stepped up its Tempest program in the mid-1980s, according to defense contractors and ex-military people. The Pentagon took steps such as building "secure compartmentalized information facilities," or SCIFs: whole rooms wrapped in screening made of copper and other metals. Elsewhere, individual military computers and monitors were similarly sheathed. The term Tempest is believed to be an abbreviation for "transient electromagnetic pulse standard." The "standard" refers to the level at which the military estimates computers can safely "leak" radio waves and remain undetectable to snooping antennas.
Lately, private companies are cropping up to sell the government things such as portable tents, which shield computer equipment and can be quickly pitched and dismantled. BEMA Inc., based in Manassas, Va., sold more than 25 of the tents last year, mostly to the State Department and defense agencies, says president Robert E. Thomas, a former Army computer specialist. The tents, which run $30,000 each and up, are made of highly conductive fabric, plated with copper and nickel. This material diminishes the strength of unintended computer emissions.
Mr. Thomas says he expects to sell even more tents this year, including a fresh order for 10 from the State Department's Bureau of Diplomatic Security. A spokesman for the bureau, which protects U.S. embassies world-wide, confirms that it ordered BEMA tents but will say only that information about their use is classified.
Air Force Maj. Joe Wassel, Defense Secretary William Cohen's military assistant for communications, confirms that the Pentagon has "purchased BEMA products" but won't comment further.
The Army signed a contract with Codex Data Systems 18 months ago to acquire "under a dozen" of the Nanuet, N.Y company's DataScan Tempest Monitoring Systems, says Codex's Mr. Jones. The System, which alerts users to potentially Compromising signals from VDTs, employs a receiver that resembles a ham radio and an electronic box the size of a cigarette carton, called a convertor, which reconstructs signals. It also includes a four-foot arrow-shaped aerial of the sort used by amateur radio operators.
Mr. Jones says that this hardware is intended to be used defensively. But "it could also be used offensively," meaning to spy on other people's computers, he adds.
The Army, Mr. Jones says, told him it wanted to test his system at the White Sands Missile Range in New Mexico. Strikingly, the Army also asked him not to sell the equipment to anyone else, until it completes its testing, he adds. Mr. Jones says he agreed, in hopes that the Army will become a steady customer.
Officials at the White Sands range refer inquires about the DataScan system to Maj. William Bigelow, an Army spokesman at the Pentagon, who declines to comment.
In the meantime, Codex still has information about the DataScan system on an old Web site. Mr. Jones says the site has drawn inquiries from security directors at large U.S. corporations, which he declines to name, and from companies in China. Mr. Jones says he ignores all of these inquiries.
Little Corporate Knowledge
Mr. Jones's account of corporate curiosity notwithstanding, relatively few U.S. companies outside of defense-contractor circles appear to know much about the threat of computer-monitor surveillance or the government's Tempest program.
Louis Gnecco, president of Tempest Inc., in Herndon, Va., which supplies government agencies with equipment to test shielding, as well as testing services, says that over the years, corporate-security directors have occasionally contacted him about his wares. "They say, 'If you think my computer can be read from across the street, then show me.' And I have to say, 'That's a classified demonstration.' "
U.S. law enforcement is on the prowl for people who try to evade criminal restrictions on shipping equipment overseas that could be used for either computer surveillance or protection against it. Such equipment is specifically mentioned in a 1992 federal regulation that lists export restrictions on U.S. weaponry, including ballistic missiles, tanks and howitzers.
An FBI Sting
In what is apparently the first case of its kind, the FBI in July of last year arrested Shalom Shaphyr, an Israeli citizen who was in the U.S. under a business visa, for attempting to export a monitoring system that could be used to spy on computers. An informant told the FBI that Mr. Shaphyr was in Virginia, hunting for the equipment on behalf of the Vietnamese government, according to an FBI affidavit filed in the U.S. district court in Alexandria, Va.
With that tip, the FBI and U.S. Customs Service launched a sting operation. After meeting with an undercover FBI agent posing as a surveillance-equipment salesman, Mr. Shaphyr agreed to pay $30,000 for "computer-intercept equipment," according to the FBI affidavit. He completed shipping papers, dishonestly labeling the gear as "video-reception test equipment," with a value of about $1,500, the affidavit said.
After pleading guilty to attempting to export defense equipment without a license, the 54-year-old Mr. Shaphyr was sentenced to 15 months in federal prison in January. According to the affidavit, he told the undercover agent that the monitoring equipment "would be used in an urban environment to view computer screens in buildings and offices without the knowledge or consent of the computer users."