TEMPEST is a formerly classified codeword for shielding equipment and buildings to minimize compromising emanations. There is a good page at eskimo.com with plenty of information, most declassified but some not, but I’ve lost the exact URL. Try Yahoo!
Although TEMPEST-attacks had their heyday in the 70’s and 80’s, it is believed that due to the huge amount of sources of EM in modern homes and offices TEMPEST-attacks nowadays are pretty fruitless. I ran across a page where a retired Naval intelligence officer leaked that TEMPEST is a waste of time because now every cigarette lighter has a microchip.
So, can information gathered through TEMPEST-attacks be used as evidence in a court of law if the error rate is as high as believed?
I know nothing about TEMPEST perticularly, but it seems from your post that the problem now is too much noise, not that there’s a problem with signal. So if signal could be somehow isolated that would presumably be admissable (as long as it’s not an illegal search.)
Yes, according to that TEMPEST information site I mentioned, the word itself was classified until 4.5 years ago.
And Poloin99, although people have tried to make an acronym out of it, it was originally just a common word picked for a code name. Military classified code names aren’t acronyms, but random words that may or may not refer to the thing they represent.
Please refer to that page I mentioned in the OP. There you will find plenty of testimony from engineers and declassified documents that shows that TEMPEST was not conceived as an acronym, even through it can conveniently be made into one. However, few acronym-makers agree on what words the acronym represents.
My OP still stands, however. With the amount of EM around us, what is to say that the gathered information is reliable? So, is evidence which will even under the best of circumstances contain gaps, misreadings, and distortion admissible as evidence?
Hello!!?? I just told you that it is an acronym. My training manuals that are related to ICBMs talk about TEMPEST. When it references TEMPEST the book gives the meaning of the acronym.
The website is not correct. Can you comprehend this information?
I comprehend you just fine, I’m just doubting your attestation. TEMPEST was not originally conceived as an acronym, and any two sources which use it as an acronym rather use it to mean the same words.
The site isn’t wrong, it is just that after the code name was coined people made an acronym out of it. If you wish to argue this point further, take it to the Pit, as I’d like to get back to the GQ in the OP.
It’s been possible for some time now to remote view monitor screens by capturing the RF signals that leak from the unshielded monitor case. The equipment necessary to do this is still rather bulky and would need a vehicle (a van) to contain it. Also, the van would need to be parked in close proximity (within a hundred feet) to get a halfway decent signal. I imagine if you lived in a large apartment, proving that the signal came from your monitor would be problematic.
Military computers in the U.S. need to conform to the Orange Book Standard in order to be TEMPEST certified. Lots of hardware and software modifications need to be made.
That’s raster scan monitoring, which is the easiest and most reliable kind of TEMPEST-attack. For the OP, I was really visualizing the more technical kinds of attack, such as reading what a person is typing on a typewriter by monitoring the EM (which 20 years ago was common), or reading a monitor by EM leaked from the monitor into copper wiring in a home.
IANAL, but I’ll throw a WAG at the OP. There’s nothing that precludes gathering radiated information for evidence. In court the defense would certainly challenge the validity of the evidence in the same way they challenge everything. The defense experts will testify that the level of noise precludes useful signal acquisition and the “evidence” was clearly manufactureed by DSM algorithms. The prosecution will testify that their techniques are honest and valid. The judge will decide which set is credible and admit the evidence or not (or it may come down to a jury to decide).
For precedent, I’d point to toward two similar situations. First, look at the first few cases to introduce DNA evidence at trail. The validity was questioned extensively and it took a long time for it to be generally accepted. Second, check the ongoing trial of an East Coast mafia figure where the feds used a keystroke monitor to capture his PGP passphrase. They argue that they didn’t need a wiretap permit because the keystroke monitor did not transmit in real time (it was placed in one authorized search and retrieved in another). Their arguments could be paraphrased to pertain to whether or not collecting radiated information required a search warrant.
FWIW, all my training sides with UnoMondo in the acronym debate: TEMPEST was a codeword for the shielding and other preventative measures, and only became an acronym after the fact. Note that the acronym is rather inappropriate given that TEMPEST refers to the “defense” not the “offense”.
Oh, oh. But thanks, anyway (for some tossing and turning ).
I think that NutWrench might be talking about the way the Brits charge for “Telly” reception—having TV-cops drive down the streets with TV monitoring equipment.
I was told about 12-14 years ago by (what I hope was) an unclass source that an Apple IIe monitor could be “watched” up to 6 miles away, by some not-particularly-sophisticated equipment.
What kind of data were you thinking of, UnuMondo? (More than just a tape of key-strokes on a monitor, I suspect.) Are you thinking about picking stuff out of a processor? Now, IMHO, that would be some neat trick !
Well, that does explain why I had to take the polygraph and urinalysis and list all my close friends and associates to see a play at the Shakespeare theater.
Well, that does explain why I had to take the polygraph and urinalysis and list all my close friends and associates to see a play at the Shakespeare theater.
).