[Cryptography] Regulations of Tempest protections of buildings
Tom Mitchell
mitch at niftyegg.com
Mon Apr 3 21:54:58 EDT 2017
On Sun, Apr 2, 2017 at 11:11 AM, Perry E. Metzger <perry at piermont.com> wrote:
>
> On Sun, 2 Apr 2017 17:48:54 +0200 mok-kong shen
> <mok-kong.shen at t-online.de> wrote:
> > I wrote previously in a follow-up to a thread that I vaguely
> > remember to have read
> > that in US a permission is needed for Farady shielding of rooms,
> > whereupon a few
> > readers doubted its correctness. I have just succeeded to again
> > find the source:
> >
> > A. Stanoyevitch, Discrete Structures with Contemporary
> > Applications. CRC Press,
> > 2011. On p.301 there is:
> >
> > Buildings can be fitted using a special insulation procedure
> > that protects
> > against tempest devices, but any company or individual in the
> > US who has
> > this insulation must first obtain a license from the federal
> > Government.
>
> Although I believe that this book makes such a claim, and that
> the author likely believed it to be true, I'm afraid I do not believe
> there is in fact any law whatsoever that prohibits putting foil or
> metal mesh in your walls. You would need to track down the actual law
> before I would believe in its existence.
I suspect it is important to understand the authors audience and
the authors liability.
Tempest devices and the like are classified as munitions.
A contractor constructing a corporate board room for Apple in the USA
might simply need to file a one page form.
A portable container that could be any place on the globe inside of 24 hours
would have other issues.
Installing the same room in the building of a foreign national company
or individual
could be more interesting.
Since I have no classified knowledge on this I might be safeish to improvise one
and scan it with a spectrum analyser as I would to comply with Part-15
requirements
for digital devices. Part 15 does allow room testing as installed and
non interference
can be outside the walls of the room. If however I had classified knowledge of
frequency and power levels I would not be advised to write a contract
that meets those
unpublished levels without agency knowledge.
The issue of munitions in general (classified as munitions) is
slippery legally and
requires caution.
I would give the author room to be cautious.
>From the first below URI.
(III) IMPLEMENT ACTIVE OR PASSIVE ECCM USED TO COUNTER ACTS OF COMMUNICATION
DISRUPTION (E.G., RADIOS THAT INCORPORATE HAVE QUICK I/II, SINCGARS, SATURN);
(IV) SPECIALLY DESIGNED, RATED, CERTIFIED, OR OTHERWISE SPECIFIED OR
DESCRIBED TO BE IN COMPLIANCE WITH U.S. GOVERNMENT NSTISSAM TEMPEST
1-92 STANDARDS OR CNSSAM TEMPEST 01-02, TO IMPLEMENT TECHNIQUES TO
SUPPRESS COMPROMISING EMANATIONS OF INFORMATION BEARING SIGNALS;OR
(V) TRANSMIT VOICE OR DATA SIGNALS SPECIALLY DESIGNED TO ELUDE
ELECTROMAGNETIC DETECTION;
https://www.gpo.gov/fdsys/pkg/CFR-2016-title22-vol1/xml/CFR-2016-title22-vol1-part121.xml
I had to look up some mumble foo in the above.
https://cryptome.org/nsa-tempest.htm
Some might say "beware the Bear" but not our Bear ;-)
And there are a number of companies in the bay area that do conduct
classified work
as part of their day to day actions. They would need and be required
to have fully
shielded rooms.
If no other reason than to serve FISA warrants locally in contrast to
demanding a personal visit to a federal building so equipped. Google
and Apple apparently get enough letters... to store and work on....
Some in Silly Valley recall the Blue Cube, I am sure it had 60's to decommission
Tempest qualifying facilities (but do not know). HP, Fairchild... all the old
names for sure.
--
T o m M i t c h e l l
More information about the cryptography
mailing list