Warning - ITAR 121.1 (The weather at GITMO)

20 views
Skip to first unread message

James M. Atkinson

unread,
Sep 23, 2011, 5:51:06 PM9/23/11
to tscm-...@googlegroups.com
Greetings,

Folks this is really serious, and I need you attention for a few
minutes, so please read the following, ruminate on it, do your own
research, and then call or E-Mail the PM/DDTC on the matter on Monday
morning.

I would like to urge list member to use EXTREME caution when purchasing
TSCM equipment, especially if it might be crossing any international
borders or boundaries at any time it's life.

If you are outside of a country and you bring it in you could have a
problem, if you are inside a country and you are shipping it out you
could have a problem.

If it belongs to you and you carry it with you and you cross a border
you can have problems, even if the equipment has belonged to you for
years, and you have previously imported and exported and you now merely
carry your own property, you STILL have to get clearance each time it
crosses an international boundary, even if it does not leave you possession.

Also, any and all technical manuals for TSCM equipment, all course note,
course textbooks, and anything at all, without exception used to teach
TSCM is considered a "defense technical information" and you have to
obtain government approval to move the technical book or text book
across any international borders.

Yes, yes, I know the school is telling you that this is not true, and
that the company that makes the gear is claiming what I am saying is not
true, and yes, I know that previously there has not been a problem
moving you suitcases, but nonetheless, you STILL have to get a license,
period, and it is not a matter where someone can utter soem weasel-words
and then permit you to smuggle arms.

Indeed, ALL TSCM EQUIPMENT WITHOUT EXCEPTION, and ALL TECHNICAL MANUALS,
ALL SOFTWARE, ALL DRIVERS, ALL TSCM TOOLS, and anything remotely
involved in looking for bugs requires a license from the U.S. State
Department, without exception, period. It does not matter at all what
the technical parameters are of the equipment, merely that it is for
TSCM renders it restricted.

So that there can be no misunderstanding I have attached a copy of the
U.S. State Department Telephone Directory, and I woudl urge... no insist
that you reach out to the PM/DDTC office and speak to them directly
right away, and in particular ask to speak to Robert S. Kovac, who is
the department head, and he and his staff can help you clear up and
"misunderstandings foisted by manufactures, publishers, or schools"

The person to whom you wish to speak is named Robert S. Kovac and he may
be reached at (202) 647-9023, and he would be more then happy to clarify
this matter as it applied to ITAR 121.1. I have attached to this E-Mail
the U.S. State Department Phone Directory, he can be found on page 95.

If you are about to purchase TSCM equipment you need to immediately do
an immediate stop and speak to PM/DDTC and request an opinion from them
in writing. If you have TSCM equipment you need to get an opinion from
them in writing, and if you have previously possessed equipment you need
to contact them and get an opinion in writing, and when you do get that
opinion and speak to them, you ned to be sitting down, and you may need
a stiff drink.

Also if you attended a TSCM course in the United States and you are not
a U.S. Citizen, you could be arrested the next time you try to come to
the United States, and in some countries you could be charged with arm
smuggling for being trained in the United States on TSCM equipment and
methods when you can not legally be trained in TSCM (unless you have a
State Department license in advance of the training), nor can you
possess TSCM technical manuals or training materials.

I have been preaching on this issue or many years, but people do not
seem to quite get the picture.

All TSCM, TEMPEST, SIGINT, and related equipment without exception is
all covered by "The United States Munitions List" under ITAR 121.1,
Category XI(b) as Military and Space Electronics, as "electronic systems
or equipment designed or modified to counteract electronic surveillance
or monitoring."

In fact, most TSCM gear is considered a Tier 1 device, but some simpler
devices can be considered a Tier 2 device.

It is actually both a matter of U.S. Law, and international treaty.

http://frwebgate.access.gpo.gov/cgi-bin/get-cfr.cgi?TITLE=22&PART=121&SECTION=1&YEAR=2002&TYPE=TEXT

You still have to have a license from the State Department, it does not
matter what the factory tells you.

Yes, you can purchase and own TSCM gear made in the United States or
abroad, and you can own technical manuals, and obtain training, but as
soon as the manuals, equipment, or foreigners cross the U.S. Border all
kinds of very serious legal issues start coming into play. Again, it is
OK to buy it and own it, and export it, and so on, but be supremely
careful, and trust nothing in the form of hard information unless it
come directly from the law or directly from a government official in the
form of a written document.

Please call or E-Mail Mr. Kovac, he will be of great value in you
getting to the reality of what the law says.

He may be reached at: "Robert S. Kovac, PM/DDTC, U.S. State Department"
<Kov...@state.gov> or you can reach him by phone at (202) 647-9023, but
plan to have a stiff drink after the call, and relay to this list and to
me what he has to say on the matter.

If you are on other lists (TSCM Lists, Security Lists, Technical Lists,
etc) I would ask that you repost this warning to those other lists, so
that this warning is quickly circulated, to hopefully limit your and
others massive exposure. If you have a website, feel free to post this
warning to that website.

There is nothing quite like flying to the United States from Italy to
attended a one week stress-free TSCM course only to find yourself
snatched up and shipped off to GITMO as an arms smuggler and you and
your wife being the other end of a orifice probing and formal
water-boarding merely because you did not get a State Department license
to attend the course (or for that matter a conference), and Saints help
you if your are carrying books or manuals with you, or worse yet any
reference or records of equipment purchases wherein you did not obtain a
license first.

The weather in Cuba is nice most of the year, and the facility where you
will learn about these things (ITAR 121.1, Section XI(b) compliance)
does have a nice view of the ocean, but you might not like the flight,
or the check-in protocols for the visit, or appreciate the finer
aspects of begin able to breath water. Seriously folks, I am not
kidding, you MUST obtain your license before you do anything else, and
plan for the approval to take a solid six months or more (current
published State Department statistics say 153 days, but you can usually
drop this to under 45 days if you get pre-approvals in place in advance).

Give Robert a call, and feel free to mention that I referred you to his
office.

If you woudl like legitimate equipment, in a legitimate transaction,
from a legitimate company that has been around longer (seriously) way
longer then any other TSCM company in the United Stated (I not kidding)
then please give us a call. But we play no games, shoot straight, and
any and all exports of TSCM gear, manuals, or software, and and all
training of anybody who is not a U.S. Citizen will not take place unless
*** YOU *** first get permission from the U.S. State Department, and
then they (the PM/DDTC) grant Granite Island Group a license to provide
the equipment, manuals, software, or training to the foreigner. We also
will not deal with middlemen, dealers, or brokers, only the actual end
users who will be using the gear without exception.

If you are a U.S. citizen, we are happy to provide training with no
restrictions, but do not be surprised if you are required to cough-up
your passport when you show up for the first day, or when you register
for the course.

-jma

--
James M. Atkinson
President and Sr. Engineer
"Leonardo da Vinci of Bug Sweeps and Spy Hunting"
Granite Island Group
jm...@tscm.com
http://www.tscm.com/
(978) 546-3803

State Department Phone List state-phones.pdf

High Frequency

unread,
Sep 23, 2011, 7:47:29 PM9/23/11
to tscm-...@googlegroups.com
Interesting list. Does this mean it is illegal to import a Canadian or UK TSCM receiver into the US without first obtaining a licence?

Would a Canadian company be able to buy a US made general purpose receiver, add on TSCM-specific software and re-sell that receiver in the US or is that receiver or software or both now considered to be on the munitions list?

This could pose quite a dilemma for TSCM companies trying to do business in the US.

I think some variation of these rules might also apply in Canada by virtue of the North American Defense treaties but they seem to be hard to find on- line.

Do penalties, if they exist, only apply to the purchaser or is the seller also implicated even if he sells into the US from Canada or the UK who are all parties to the various 'five-eyes' defense conventions?

What a can of worms!


Sent from my iPad

> <State Department Phone List state-phones.pdf>

James M. Atkinson

unread,
Sep 23, 2011, 10:01:09 PM9/23/11
to tscm-...@googlegroups.com
If you *** IMPORT or EXPORT *** the rules are the same.

If you take a U.S. made receiver and add a  non-U.S. software package to it to turn the receiver into a TSCM instrument then it breaks both U.S. and Canadian law unless you have formal permission of both governments. Usually the Canadians will let it go on for a period and then after a couple of years start arresting people in Canada to get them to turn in their customers, and other times that will go after the person and have no interest in making a deal. The Canadians are particularly interested in ex law enforcement and ex military people in this regard.

What gets ugly is when the U.S. company who makes the receiver gets contracted by a second party to write a software packs for TSCM so that the secondary party can sell the software outside of the United States to a third party. Unless the originating company (who makes the receiver)  obtains very specific permission from the U.S. State Department, then they are committing a serious felony by writing the program (it is what is defined by law as a "Defense Service"). Then for every copy they ship of the software to the foreign country they violate the law with "defense technical data" or "defense technical services", or if they send only one copy and somebody else reproduces it then every single copy, even if they did not duplicate it themselves comes back to roost on their heads to a tune of a half million dollars per copy. Then if the software gets imported back into the United States another round of felonies gets committed as the product travels over the border yet once again.

People who write code for TSCM, TEMPEST, or SIGINT purposes know this, have known this for years, and know that software is way messier them hardware as once it gets loose and people start duplicating it the legal costs can be astounding. With TSCM hardware, it is easier to control, is a weird sort of way due to the size and bulk.

With software the source code can zip around the globe with the flick of a finger and a million copies can shoot around the world in merely seconds. But with hardware it becomes easier to track because you simply can not shove a radio into an E-Mail or cram a spectrum analyzer onto a CD-ROM... not really. Software becomes to move around, but it is just as illegal to move as the hardware, and will get someone in just as much trouble as hardware.

There are ZERO variations to these rules between the U.S. and Canadian companies.

In fact if I go to Canada to do a sweep I have to take great care not to take anything even remotely from the United States to Canada at all (or the other way either), of any sort, other then the "thoughts in my mind, and the clothing in my luggage" because if anything at all has the taint of TSCM, TEMPEST, or SIGINT on it then I risk arrest crossing the border either way, or if I get caught with gear in Canada and can not prove it is Canadian in origin or legally licensed though the U.S. State Department for export and then the Canadian government for import there will be all kinds of hell to pay.  So this ends up with someone having one set of gear on the Canadian side, and one set of gear on the U.S. side, and neither capable to crossing one to the other without a 6-9 month delay, and a huge volume of paperwork. Indeed, if there is a clever little program that I have written while in the U.S. to do something cool in regards to TSCM I can not legally put it on a CD or laptop and bring it to Canada with me to use on a sweep, even if I am sweeping my own home in Canada (as a U.S. Citizen), unless the DOS issues a license. Then if I am in Canada and suddenly get a moment of inspiration and I modify the software, I can not then come back to the United States unless I  go though the same routine. Yes, I know, it is MY software, on my laptop, running my equipment, doign sweeps in my own home, but it woudl still be illegal to transport unless there were formal blessings all around.

The same it true for training, if a U.S. Citizen flies (or swims) to England to attend a TSCM course they are seeking a service which the British government will skin them alive for if they get caught. If the U.S. catches them bringing a graduation certificate back from the school (or God forbid, a textbook) then they can legitimately pop them for arm smuggling (as training in a defense service, and the textbook as "defense technical data"). The secret it to soak up the training in a single trip, but not bring back no more then a single scrap of paper referencing that you every attended the training, not a book, not a certificate, and if possible no laptop, Blackberry, or phone that even remotely reference TSCM or TEMPEST least it jam you up in some way. No, No, No, just do not do it.

If you wish to go to London once a year for Christmas, or to Berlin in the Spring, take care not to arrange to attend TSCM training while you are there, or if perhaps you just happen to find a book about TSCM methods or a technical manual then ensure that it does not in any way find its way across any international borders.

The reason that you can not find "variations due to treaty" is simply because there are no variation, but rather flat out prohibitions, and very steep penalties.

TSCM and TEMPEST are unlike other military specialties such as SIGINT. With SIGINT were are countless thousands of people on Earth who do it, and billions of dollars per year spent of equipment, not so with TEMPEST, and even less so with TSCM (the market for both is fairly small) and while nobody may really recognize the TSCM gear as a munition, it nonetheless is a munition, and it is just as controlled as TEMPEST or other SIGINT gear.

A Canadian company can not purchase a U.S. made receiver and run a piece of Canadian software to do anything remotely involved in TSCM as this violates both Canadian and U.S. law unless they have a horde of government approvals on both sides of the border.

Give Mr. Kovac a call on Monday (see the number below), he will provide great clarity on the matter. But you need to have the alcohol sitting nearby when you call as you may need a few shots during the call, and then a fifth or so afterwards.

-jma

Thomas Shaddack

unread,
Sep 23, 2011, 11:48:16 PM9/23/11
to tscm-...@googlegroups.com

That's an entire barrel of worms. The 55-gal sized one. Especially when we
count in the dual-usefulness of many many technologies and the similarity
of fields.

Where is the line between TSCM and non-TSCM? How can one figure out if a
piece of equipment he himself modified will qualify or not, especially
when all the mod needed can be apparently some scripting code and an
ATmega-microcontroller enhancement for a radio receiver?

This is especially thorny question in the world of software-defined radio,
where the difference between hardware and software is not certain anymore.
Which could be quite a nightmare for the bureaucrats, as a perfectly
civilian piece of gear can gain entirely different set of capabilities
just by reflashing the firmware. And a civilian device can get its
capabilities enhanced often by just a slight hardware mod.

I assume a lot of TSCM techniques is overlapping with the standard
industry fields; case in point is electromagnetic compatibility and
interference. Finding the cause of interference in an industrial system
seems to be somewhat similar to finding a clandestine transmitter.
Therefore either an engineer can get in trouble for hauling in their test
equipment, or alternatively a rogue TSCMer can avoid trouble by traveling
under pretense of resolving a company's EMI issue while intending to do a
sweep of the CEO's office. Finding a bug is just a very special kind of
finding a source of electromagnetic signal and isolating it from the mess
of other signals in the background.

Similar for telco equipment; TDRs are used for locating all sorts of
anomalies in wiring, not just for finding bugs. Phone tap is just a
specific kind of anomaly.

The TEMPEST issues are overlapping not just with EMC/EMI, but also with
countering side-channel attacks on smartcards. The techniques to counter
differential power analysis seem to me to be usable for reducing the EM
signatures, as the signatures are nothing but differential-power issues,
except that they are radiated out instead of directly captured from the
wires.
http://en.wikipedia.org/wiki/Power_analysis

With continuing computerization of everything, computer security may
overlap into this area. A lot can be done by breaking into a CEO's laptop
and then using its microphone and wifi or bluetooth transmitter as a
remote bug. Smartphone security is increasingly relevant here as well, as
the devices are now full-fledged computers.


There are some oddities in the ITAR text file. Just some for laugh and/or
head-scratching:

XIII e), paints for e.g. reducing radiated thermal signature. But that can
be achievable with infrared-reflecting paints, which are used not only for
thermal camo but also in civilian segment for reducing thermal load on
buildings and vehicles by solar radiation.

XIII i), metal embrittling agents. Therefore it is illegal to
export/import mercury and gallium? What about galinstan alloy in (for)
thermometers?
For fun, two videos included, of mercury and gallium attack of aluminium:
http://www.youtube.com/watch?v=FaMWxLCGY0U
http://www.youtube.com/watch?v=Z7Ilxsu-JlY

XIV c), detectors of biological agents. WHAT??? That includes systems for
rapid identification of any airborne or surface-adsorbed germs, as any
system for detecting generic "civilian" germs can be used to detect the
much smaller range of weaponizable agents. Same for identification of
chemical contaminants, as a generic gas chromatography-mass spectrometry
rig or chemical imaging system can be used for industrial pollution
sampling as well as for detection/analysis of a chemical warfare agent,
as the spectra of the things are commonly available in spectrum libraries.
http://en.wikipedia.org/wiki/Chemical_imaging
This section could be interpreted as indirectly endangering non-US
civilians worldwide.

XIV d), milspec radiation detectors. Does that include Russian Geiger
tubes from sovtube.com? Because some of the Soviet military tubes are
pretty common on e.g. eBay, of a nicely robust design, and the price is
usually right. (And the sellers often declare them as "diodes" or "used
audio tube", because they are reasonable and want to avoid customs trouble
for the customers. Guess what? It works!)


On a related thought, some time ago I read about the Tactical Laser. From
the power and beam divergence stated in the article I calculated power per
square meter at a distance. The figure, according to firefighting
literature available via Google Books, was in the same ballpark as heat
flux per square meter from a nearby structure fire, and the same passive
firefighting measures used to protect against radiated heat, e.g.
intumescent paints, could therefore likely be used to increase
survivability of a vehicle or a facility against such kind of an attack.

(Another thought, less related. The rail guns being tested for Navy, how
will their EM signature of projectile launch be handled? That sort of
power is not something that could be shielded easily and the pulse will be
heard wide and far. Its spatial characteristics, obtainable by correlation
of signal from several shore-located receivers, could then reveal the
direction of the gun and therefore the projectile, providing the crucial
several seconds of advance warning.)

(Yet another thought, about lasers. I assume an adaptive laser mirror and
the algorithms for correction for atmospheric turbulence for a
weapon-grade laser would be restricted - but the same technology is
already available from astronomers, who use it for their telescopes.)


There is apparently no clear difference between civilian and military.
Everything is potentially dual-use. And a lot of apparently "restricted"
information is already in public domain and out there for everybody, just
find it in its specific industrial field and apply it where you need it. A
solid understanding of underlying physics, electronics, and sometimes
chemistry is helpful here.

Where is a line between what will and will not anger the bureaucrats? As
seen above, the rules often do not make much sense in wider context,
especially as the technological development marches forward.

John Young

unread,
Sep 24, 2011, 7:01:06 AM9/24/11
to tscm-...@googlegroups.com
Dual-use technologies are a challenge for countries to regulate.
In addition to each countries export-import laws, munitions lists
and prohibitions, there are several ongoing international treaty
endeavors to blend national controls while still advancing the
highly lucrative arms trade that all the major countries avidly
promote, lie about and betray each other.

A principal international munitions control treaty is called the
Wassenaar Arrangement which is updated as technologies
evolve, evasions determined, deceptions exchanged, investigations
launched, and deals set to favor the treaty's parties over those
outside.

Breaking munitions treaties and laws and secrecy agreements
is obligatory by every nation to advance its political and economic
interests. That's a prime purpose of spies, their contractors and
willing individuals, and the technology spy and counterspy industry
is particularly active these days due to the rise in dual use
technologies and the very aspects Thomas alludes to.

Some cynics claim it is far more profitable to break munitions
treaties than to abide them. That the treaties increase the price
of prohibited technologies and fees for peddling and distributing
them on the black market -- spies the most deep-pocketed
purchasers, swappers, snitches and black job burglaries.

Dual-use, as might be expected, applies to governments, producers
and security professionals, for it is a rare opportunity to play both
sides at the same time: to enforce laws as well as break them,
to promote law enforcement as well as covertly inform on
miscreants (run stings, rat, trick, lie, business as usual), to
warn of high penalties for law-breaking while earning fees to
show how to do just that and get away with -- the prime way
to make out like a bandit on the outside after being on the
inside, to be sure, maintaining close ties with those still
inside. I, too, am a professional state-licensed to protect you
while keeping you dependent. Gitmos are us.

No spy is ever an ex-spy unless you understand that an
ex-spy is a spy still at work, work that is always dual-use,
or as they say in fiction, double-cross.

Dual-use as a term was invented to lightly cloak perfidy,
like sterling reputation or virginity. Simply presenting a
human face to a scheming beast out to eat your vitals.

BTW, beware getting in the database of an official, not that
there is any way to avoid that, particularly if you are dumb
enough to communicate by "secure means." To officials
there are no innocents. To ex-officials there are only
customers to scare into submission.

John Young

unread,
Sep 24, 2011, 10:56:11 AM9/24/11
to tscm-...@googlegroups.com
What is diabolical is that government officials authorize the
breaking of laws governments are established and empowered
by citizens to enforce.

This is done in secret thus unchecked by the citizens.

State secrets are an abomination inherited from royalty blessed
by godspeak.

Laws governing secrecy are themselves secret in part or in
whole in some instances, as are their implementation. This
is a system which perpetuates itself secretly, thus cannot
be challenged by those without access to the secrets. The
few who have access and try to revise the system are systematically
attacked, imprisoned, destroyed, partly in the open, but mostly
in secret by enforcement of secrecy provisions not in the public
domain.

This is done in secret thus mostly unknown by the citizens except
for misleading public accounts.

Governments are far from alone using these practices, and may
pose less of a threat to the public than anti-governmental practitioners
inside and outside governments who eagerly abuse governments as
tools, as cover and as scapegoat.

Swinish ex-government officials are prime candidates for recruiters of
anti-government secrecy abusers. And vice-versa. The few resisters
are silenced by throttling of perks and exemplar prosecutions.

d...@geer.org

unread,
Sep 24, 2011, 11:29:51 PM9/24/11
to tscm-...@googlegroups.com

John Young is right; all security technology is dual use.

--dan

Reply all
Reply to author
Forward
0 new messages