WAS: Thermal Imaging Decision Applicable to TEMPEST?

Wed Jun 13 16:22:27 EDT 2001

David Koontz wrote:

>Is the average person susceptible to TEMPEST attacks?

[And more on TEMPEST technics.]

Probably most people are not subject to TEMPEST attacks
in the same way they are not in need in crypto.

And as crypto protection gets built in to consumer products
as understanding for the need increases, it is probable that
similar protection against TEMPEST will be built into common
devices -- as David noted, this will likely come through regulations
of EMI, with lucrative add-ons for "mil-grade" protection.

In the meantime, again as with crypto, those at highest risk
are most definitely seeking TEMPEST protection as they
learn of the capability of intelligence agencies and their
commercial emulators to pry into a wide range of confidential
affairs. So says TEMPEST protection marketers.

Well-to-do persons are buying TEMPEST protection products
after being advised by financial and security consultants to
do so, and they want "mil-grade" stuff to protect against the
justice and tax investigators chasing them from country
to country often helped by intel, even mil-intel, snoops. Drug
kingpins are not the only buyers.

Sellers of TEMPEST products and services claim there is
a huge market, domestic and foreign, for their offerings, which
is hampered by export regs, again like crypto. Export approvals
go through processes similar to those of crypto a few years
back -- submit your product/service, and wait for an answer,
but not receive precise requirements beforehand. NSA does
the crucial review.

Some suspect that analysis of weaknesses of the products
is being done for future application. TEMPEST customers ask 
about this possibility and what could be done about it. And if
not satisfied they go looking to other countries for products.

Global persons are especially fearful of TEMPEST by their
own countries as well as the US -- whom they suspect of
cooperating with law and tax agencies worldwide through
burgeoning law enforcement and intelligence-sharing treaties 
along with export control regimes.

I also notice that more gov/mil advertisements for security
services and products now list TEMPEST requirements
right alongside encryption. Once the TEMPEST requirements
were confidential as were those for encryption.

The TEMPEST industry is booming, relatively speaking, and
look hungrily at the crypto liberation model. The dribs and drabs
we get out of NSA are lapped as if myrhh, not for what they
reveal but for what they portend could be coming.

Snake-oilers are rushing to reshape promo materials to fit
what is being FOIA-ed.

Now, what's coming next in secret comsec technology 
as the defense industry goes after mass markets, scaring
customers, selling them salvation?

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com