Tim May wrote:
TEMPEST has very little to do with Cypherpunks goals, actually. First, buying such a gadget, tweaking it, exploring capabilities, etc., would lead to what? The ability to park a van in front of someone's house and--maybe--monitor their screens? We already know this is possible. (You all knew that, didn't you?)
If a Cypherpunk goal is to champion electronic privacy, it seems to me that it is important to fully understand any threats to the methods used to ensure privacy. The old Sun Tzu "know your enemy" philosophy. If I was running a Data Haven, I'd want to understand how and if my system could be passively eavesdropped on, and what countermeasures to take to minimize the risk. (Second or third down the list from knowing my encryption algorithm was secure.) Granted, I'd spend more efforts with firewalls because a hacker/cracker attack would be a more realistic threat, but if there was even the most remote chance that a government agency/well-funded concern with TEMPEST capability was interested in me, I'd sure like to make their job more difficult. The thing that I find frustrating about TEMPEST, is most informed people say "yes, it's possible," but I have encountered only breadcrumbs of real-world, technical information and sources on it (the VanEck article, the BBC tape, Grady Ward's paper, etc.). This is what prompted the original message to the list. Yes, TEMPEST is real. But what I'm trying to do is shift out TEMPEST reality (and capabilities) from the magical black-box in parked vans tales. Joel McNamara joelm@eskimo.com - finger for PGP key
Joel McNamara wrote: (quoting me)
TEMPEST has very little to do with Cypherpunks goals, actually. First, buying such a gadget, tweaking it, exploring capabilities, etc., would lead to what? The ability to park a van in front of someone's house and--maybe--monitor their screens? We already know this is possible. (You all knew that, didn't you?)
If a Cypherpunk goal is to champion electronic privacy, it seems to me that it is important to fully understand any threats to the methods used to ensure privacy. The old Sun Tzu "know your enemy" philosophy. If I was running a Data Haven, I'd want to understand how and if my system could be passively eavesdropped on, and what countermeasures to take to minimize the risk. (Second or third down the list from knowing my encryption algorithm was secure.)
Sure, let us know what you find. I'm not being catty here; I'm making a serious point about return on investment. My guess is that getting a reasonable Van Eck capability could cost $10K, maybe less, maybe more. And what would this show that we basically don't already know in principle? (We've all seen televisions showing "interference" from computers, so we know that signals are getting out....) And if nothing is seen with our $10K of equipment, what does this prove against an attacker who can easily afford to spend 20 or 30 times that amount to equip a van? Cypherpunks have been exploiting technology that is comparatively _much cheaper_ and which changes the equation. But, again, let me not discourage you (Joel) from becoming our expert on TEMPEST and Van Eck emissions. You may find it fun, and maybe even profitable (consulting for corporations to harden their sites, for example). I just object to the "we ought to be doing this" mentality. In general, for reasons many of us have written about here before, and in particular, because I think spending $10,000 to prove what we already know--that RF emissions can be detected and demodulated--is a poor use of money. That $10K would go a long way to getting PGP Phone finished.
The thing that I find frustrating about TEMPEST, is most informed people say "yes, it's possible," but I have encountered only breadcrumbs of real-world, technical information and sources on it (the VanEck article, the BBC tape, Grady Ward's paper, etc.). This is what prompted the original message to the list. Yes, TEMPEST is real. But what I'm trying to do is shift out TEMPEST reality (and capabilities) from the magical black-box in parked vans tales.
Then go for it. Make this your specialty, your contribution to the Cause. But beware of empty exhortations that "somebody ought to work on this." "We have met the somebody, and he is us." --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay
participants (2)
-
joelm@eskimo.com -
tcmay@netcom.com