|
||
|
24 September 2011 Double Crossing Dual-Use Technologies
Date: Fri, 23 Sep 2011 17:51:06 -0400 Greetings, Folks this is really serious, and I need you attention for a few minutes, so please read the following, ruminate on it, do your own research, and then call or E-Mail the PM/DDTC on the matter on Monday morning. I would like to urge list member to use EXTREME caution when purchasing TSCM equipment, especially if it might be crossing any international borders or boundaries at any time it's life. If you are outside of a country and you bring it in you could have a problem, if you are inside a country and you are shipping it out you could have a problem. If it belongs to you and you carry it with you and you cross a border you can have problems, even if the equipment has belonged to you for years, and you have previously imported and exported and you now merely carry your own property, you STILL have to get clearance each time it crosses an international boundary, even if it does not leave you possession. Also, any and all technical manuals for TSCM equipment, all course note, course textbooks, and anything at all, without exception used to teach TSCM is considered a "defense technical information" and you have to obtain government approval to move the technical book or text book across any international borders. Yes, yes, I know the school is telling you that this is not true, and that the company that makes the gear is claiming what I am saying is not true, and yes, I know that previously there has not been a problem moving you suitcases, but nonetheless, you STILL have to get a license, period, and it is not a matter where someone can utter soem weasel-words and then permit you to smuggle arms. Indeed, ALL TSCM EQUIPMENT WITHOUT EXCEPTION, and ALL TECHNICAL MANUALS, ALL SOFTWARE, ALL DRIVERS, ALL TSCM TOOLS, and anything remotely involved in looking for bugs requires a license from the U.S. State Department, without exception, period. It does not matter at all what the technical parameters are of the equipment, merely that it is for TSCM renders it restricted. So that there can be no misunderstanding I have attached a copy of the U.S. State Department Telephone Directory, and I woudl urge... no insist that you reach out to the PM/DDTC office and speak to them directly right away, and in particular ask to speak to Robert S. Kovac, who is the department head, and he and his staff can help you clear up and "misunderstandings foisted by manufactures, publishers, or schools" The person to whom you wish to speak is named Robert S. Kovac and he may be reached at (202) 647-9023, and he would be more then happy to clarify this matter as it applied to ITAR 121.1. I have attached to this E-Mail the U.S. State Department Phone Directory, he can be found on page 95. If you are about to purchase TSCM equipment you need to immediately do an immediate stop and speak to PM/DDTC and request an opinion from them in writing. If you have TSCM equipment you need to get an opinion from them in writing, and if you have previously possessed equipment you need to contact them and get an opinion in writing, and when you do get that opinion and speak to them, you ned to be sitting down, and you may need a stiff drink. Also if you attended a TSCM course in the United States and you are not a U.S. Citizen, you could be arrested the next time you try to come to the United States, and in some countries you could be charged with arm smuggling for being trained in the United States on TSCM equipment and methods when you can not legally be trained in TSCM (unless you have a State Department license in advance of the training), nor can you possess TSCM technical manuals or training materials. I have been preaching on this issue or many years, but people do not seem to quite get the picture. All TSCM, TEMPEST, SIGINT, and related equipment without exception is all covered by "The United States Munitions List" under ITAR 121.1, Category XI(b) as Military and Space Electronics, as "electronic systems or equipment designed or modified to counteract electronic surveillance or monitoring." In fact, most TSCM gear is considered a Tier 1 device, but some simpler devices can be considered a Tier 2 device. It is actually both a matter of U.S. Law, and international treaty.
http://frwebgate.access.gpo.gov/cgi-bin/get-cfr.cgi?TITLE=22PART=121&SECTION= You still have to have a license from the State Department, it does not matter what the factory tells you. Yes, you can purchase and own TSCM gear made in the United States or abroad, and you can own technical manuals, and obtain training, but as soon as the manuals, equipment, or foreigners cross the U.S. Border all kinds of very serious legal issues start coming into play. Again, it is OK to buy it and own it, and export it, and so on, but be supremely careful, and trust nothing in the form of hard information unless it come directly from the law or directly from a government official in the form of a written document. Please call or E-Mail Mr. Kovac, he will be of great value in you getting to the reality of what the law says. He may be reached at: "Robert S. Kovac, PM/DDTC, U.S. State Department" <KovacRS[at]state.gov> or you can reach him by phone at (202) 647-9023, but plan to have a stiff drink after the call, and relay to this list and to me what he has to say on the matter. If you are on other lists (TSCM Lists, Security Lists, Technical Lists, etc) I would ask that you repost this warning to those other lists, so that this warning is quickly circulated, to hopefully limit your and others massive exposure. If you have a website, feel free to post this warning to that website. There is nothing quite like flying to the United States from Italy to attended a one week stress-free TSCM course only to find yourself snatched up and shipped off to GITMO as an arms smuggler and you and your wife being the other end of a orifice probing and formal water-boarding merely because you did not get a State Department license to attend the course (or for that matter a conference), and Saints help you if your are carrying books or manuals with you, or worse yet any reference or records of equipment purchases wherein you did not obtain a license first. The weather in Cuba is nice most of the year, and the facility where you will learn about these things (ITAR 121.1, Section XI(b) compliance) does have a nice view of the ocean, but you might not like the flight, or the check-in protocols for the visit, or appreciate the finer aspects of begin able to breath water. Seriously folks, I am not kidding, you MUST obtain your license before you do anything else, and plan for the approval to take a solid six months or more (current published State Department statistics say 153 days, but you can usually drop this to under 45 days if you get pre-approvals in place in advance). Give Robert a call, and feel free to mention that I referred you to his office. If you woudl like legitimate equipment, in a legitimate transaction, from a legitimate company that has been around longer (seriously) way longer then any other TSCM company in the United Stated (I not kidding) then please give us a call. But we play no games, shoot straight, and any and all exports of TSCM gear, manuals, or software, and and all training of anybody who is not a U.S. Citizen will not take place unless *** YOU *** first get permission from the U.S. State Department, and then they (the PM/DDTC) grant Granite Island Group a license to provide the equipment, manuals, software, or training to the foreigner. We also will not deal with middlemen, dealers, or brokers, only the actual end users who will be using the gear without exception. If you are a U.S. citizen, we are happy to provide training with no restrictions, but do not be surprised if you are required to cough-up your passport when you show up for the first day, or when you register for the course. -jma --
James M. Atkinson
Date: Sat, 24 Sep 2011 05:48:16 +0200 (CEST) That's an entire barrel of worms. The 55-gal sized one. Especially when we count in the dual-usefulness of many many technologies and the similarity of fields. Where is the line between TSCM and non-TSCM? How can one figure out if a piece of equipment he himself modified will qualify or not, especially when all the mod needed can be apparently some scripting code and an ATmega-microcontroller enhancement for a radio receiver? This is especially thorny question in the world of software-defined radio, where the difference between hardware and software is not certain anymore. Which could be quite a nightmare for the bureaucrats, as a perfectly civilian piece of gear can gain entirely different set of capabilities just by reflashing the firmware. And a civilian device can get its capabilities enhanced often by just a slight hardware mod. I assume a lot of TSCM techniques is overlapping with the standard industry fields; case in point is electromagnetic compatibility and interference. Finding the cause of interference in an industrial system seems to be somewhat similar to finding a clandestine transmitter. Therefore either an engineer can get in trouble for hauling in their test equipment, or alternatively a rogue TSCMer can avoid trouble by traveling under pretense of resolving a company's EMI issue while intending to do a sweep of the CEO's office. Finding a bug is just a very special kind of finding a source of electromagnetic signal and isolating it from the mess of other signals in the background. Similar for telco equipment; TDRs are used for locating all sorts of anomalies in wiring, not just for finding bugs. Phone tap is just a specific kind of anomaly. The TEMPEST issues are overlapping not just with EMC/EMI, but also with countering side-channel attacks on smartcards. The techniques to counter differential power analysis seem to me to be usable for reducing the EM signatures, as the signatures are nothing but differential-power issues, except that they are radiated out instead of directly captured from the wires. http://en.wikipedia.org/wiki/Power_analysis With continuing computerization of everything, computer security may overlap into this area. A lot can be done by breaking into a CEO's laptop and then using its microphone and wifi or bluetooth transmitter as a remote bug. Smartphone security is increasingly relevant here as well, as the devices are now full-fledged computers. There are some oddities in the ITAR text file. Just some for laugh and/or head-scratching: XIII e), paints for e.g. reducing radiated thermal signature. But that can be achievable with infrared-reflecting paints, which are used not only for thermal camo but also in civilian segment for reducing thermal load on buildings and vehicles by solar radiation. XIII i), metal embrittling agents. Therefore it is illegal to export/import mercury and gallium? What about galinstan alloy in (for) thermometers? For fun, two videos included, of mercury and gallium attack of aluminium: http://www.youtube.com/watch?v=FaMWxLCGY0U http://www.youtube.com/watch?v=Z7Ilxsu-JlY XIV c), detectors of biological agents. WHAT??? That includes systems for rapid identification of any airborne or surface-adsorbed germs, as any system for detecting generic "civilian" germs can be used to detect the much smaller range of weaponizable agents. Same for identification of chemical contaminants, as a generic gas chromatography-mass spectrometry rig or chemical imaging system can be used for industrial pollution sampling as well as for detection/analysis of a chemical warfare agent, as the spectra of the things are commonly available in spectrum libraries. http://en.wikipedia.org/wiki/Chemical_imaging This section could be interpreted as indirectly endangering non-US civilians worldwide. XIV d), milspec radiation detectors. Does that include Russian Geiger tubes from sovtube.com? Because some of the Soviet military tubes are pretty common on e.g. eBay, of a nicely robust design, and the price is usually right. (And the sellers often declare them as "diodes" or "used audio tube", because they are reasonable and want to avoid customs trouble for the customers. Guess what? It works!) On a related thought, some time ago I read about the Tactical Laser. From the power and beam divergence stated in the article I calculated power per square meter at a distance. The figure, according to firefighting literature available via Google Books, was in the same ballpark as heat flux per square meter from a nearby structure fire, and the same passive firefighting measures used to protect against radiated heat, e.g. intumescent paints, could therefore likely be used to increase survivability of a vehicle or a facility against such kind of an attack. (Another thought, less related. The rail guns being tested for Navy, how will their EM signature of projectile launch be handled? That sort of power is not something that could be shielded easily and the pulse will be heard wide and far. Its spatial characteristics, obtainable by correlation of signal from several shore-located receivers, could then reveal the direction of the gun and therefore the projectile, providing the crucial several seconds of advance warning.) (Yet another thought, about lasers. I assume an adaptive laser mirror and the algorithms for correction for atmospheric turbulence for a weapon-grade laser would be restricted - but the same technology is already available from astronomers, who use it for their telescopes.) There is apparently no clear difference between civilian and military. Everything is potentially dual-use. And a lot of apparently "restricted" information is already in public domain and out there for everybody, just find it in its specific industrial field and apply it where you need it. A solid understanding of underlying physics, electronics, and sometimes chemistry is helpful here. Where is a line between what will and will not anger the bureaucrats? As seen above, the rules often do not make much sense in wider context, especially as the technological development marches forward.
To: tscm-l2006[at]googlegroups.com Cryptome: Dual-use technologies are a challenge for countries to regulate. In addition to each countries export-import laws, munitions lists and prohibitions, there are several ongoing international treaty endeavors to blend national controls while still advancing the highly lucrative arms trade that all the major countries avidly promote, lie about and betray each other. A principal international munitions control treaty is called the Wassenaar Arrangement which is updated as technologies evolve, evasions determined, deceptions exchanged, investigations launched, and deals set to favor the treaty's parties over those outside. Breaking munitions treaties and laws and secrecy agreements is obligatory by every nation to advance its political and economic interests. That's a prime purpose of spies, their contractors and willing individuals, and the technology spy and counterspy industry is particularly active these days due to the rise in dual use technologies and the very aspects Thomas alludes to. Some cynics claim it is far more profitable to break munitions treaties than to abide them. That the treaties increase the price of prohibited technologies and fees for peddling and distributing them on the black market -- spies the most deep-pocketed purchasers, swappers, snitches and black job burglaries. Dual-use, as might be expected, applies to governments, producers and security professionals, for it is a rare opportunity to play both sides at the same time: to enforce laws as well as break them, to promote law enforcement as well as covertly inform on miscreants (run stings, rat, trick, lie, business as usual), to warn of high penalties for law-breaking while earning fees to show how to do just that and get away with -- the prime way to make out like a bandit on the outside after being on the inside, to be sure, maintaining close ties with those still inside. I, too, am a professional state-licensed to protect you while keeping you dependent. Gitmos are us. No spy is ever an ex-spy unless you understand that an ex-spy is a spy still at work, work that is always dual-use, or as they say in fiction, double-cross. Dual-use as a term was invented to lightly cloak perfidy, like sterling reputation or virginity. Simply presenting a human face to a scheming beast out to eat your vitals. BTW, beware getting in the database of an official, not that there is any way to avoid that, particularly if you are dumb enough to communicate by "secure means." To officials there are no innocents. To ex-officials there are only customers to scare into submission. _______ Cryptome follow-up, 24 September 2011: What is diabolical is that government officials authorize the breaking of laws governments are established and empowered by citizens to enforce. This is done in secret thus unchecked by the citizens. State secrets are an abomination inherited from royalty blessed by godspeak. Laws governing secrecy are themselves secret in part or in whole in some instances, as are their implementation. This is a system which perpetuates itself secretly, thus cannot be challenged by those without access to the secrets. The few who have access and try to revise the system are systematically attacked, imprisoned, destroyed, partly in the open, but mostly in secret by enforcement of secrecy provisions not in the public domain. This is done in secret thus mostly unknown by the citizens except for misleading public accounts. Governments are far from alone using these practices, and may pose less of a threat to the public than anti-governmental practitioners inside and outside governments who eagerly abuse governments as tools, as cover and as scapegoat. Swinish ex-government officials are prime candidates for recruiters of anti-government secrecy abusers. And vice-versa. The few resisters are silenced by throttling of perks and exemplar prosecutions.
|