[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TEMPEST
Joel McNamara wrote:
(quoting me)
> >TEMPEST has very little to do with Cypherpunks goals, actually. First,
> >buying such a gadget, tweaking it, exploring capabilities, etc., would
> >lead to what? The ability to park a van in front of someone's house
> >and--maybe--monitor their screens? We already know this is possible.
> >(You all knew that, didn't you?)
>
> If a Cypherpunk goal is to champion electronic privacy, it seems to me that
> it is important to fully understand any threats to the methods used to
> ensure privacy. The old Sun Tzu "know your enemy" philosophy. If I was
> running a Data Haven, I'd want to understand how and if my system could be
> passively eavesdropped on, and what countermeasures to take to minimize the
> risk. (Second or third down the list from knowing my encryption algorithm
> was secure.)
Sure, let us know what you find. I'm not being catty here; I'm making
a serious point about return on investment. My guess is that getting a
reasonable Van Eck capability could cost $10K, maybe less, maybe more.
And what would this show that we basically don't already know in
principle? (We've all seen televisions showing "interference" from
computers, so we know that signals are getting out....)
And if nothing is seen with our $10K of equipment, what does this
prove against an attacker who can easily afford to spend 20 or 30
times that amount to equip a van?
Cypherpunks have been exploiting technology that is comparatively
_much cheaper_ and which changes the equation.
But, again, let me not discourage you (Joel) from becoming our expert
on TEMPEST and Van Eck emissions. You may find it fun, and maybe even
profitable (consulting for corporations to harden their sites, for
example).
I just object to the "we ought to be doing this" mentality. In
general, for reasons many of us have written about here before, and in
particular, because I think spending $10,000 to prove what we already
know--that RF emissions can be detected and demodulated--is a poor use
of money. That $10K would go a long way to getting PGP Phone finished.
> The thing that I find frustrating about TEMPEST, is most informed people say
> "yes, it's possible," but I have encountered only breadcrumbs of real-world,
> technical information and sources on it (the VanEck article, the BBC tape,
> Grady Ward's paper, etc.). This is what prompted the original message to
> the list. Yes, TEMPEST is real. But what I'm trying to do is shift out
> TEMPEST reality (and capabilities) from the magical black-box in parked vans
> tales.
Then go for it. Make this your specialty, your contribution to the
Cause. But beware of empty exhortations that "somebody ought to work
on this."
"We have met the somebody, and he is us."
--Tim May
--
..........................................................................
Timothy C. May | Crypto Anarchy: encryption, digital money,
[email protected] | anonymous networks, digital pseudonyms, zero
| knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
Cypherpunks list: [email protected] with body message of only:
subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay