Mime-Version: 1.0 (NeXT Mail 3.3 v118.2)
From: Peter Langston <psl>
Date: Wed, 11 Feb 98 18:56:07 -0800
Subject: Soft Tempest
Forwarded-by: Nev Dull <email@example.com>
Forwarded-by: Joe Ilacqua <firstname.lastname@example.org>
Forwarded-by: Eric Pearce <email@example.com>
Forwarded-by: firstname.lastname@example.org (Tim O'Reilly)
Forwarded-by: Dave Farber <email@example.com>
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
Bruce Sterling, and others, have asked of the Washington Post story
> Is this story correct?
The Washington Post gives a highly distorted account of some very important
scientific work we have done. I suggest that list members read our paper --
<www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf> -- for themselves before getting
The story is as follows. Bill G gave our department $20m for a new building,
and his people said that what they really wanted from our group was a better
way to control software copying. So it would have been rather churlish of
us not to at least look at their `problem'.
Now the `final solution' being peddled by the smartcard industry (and
others) is to make software copying physically impossible, by tying program
execution to a unique tamper-resistant hardware token. We wouldn't like to
see this happen, and we have already done a lot to undermine confidence in
the claims of tamper-proofness made by smartcard salesmen.
So Markus and I sat down and tried to figure out what we could do for the
Evil Empire. We concluded that
(1) large companies generally pay for their software;
(2) if you try to coerce private individuals, the political backlash
would be too much; so
(3) if the Evil Empire is to increase its revenue by cracking down on
piracy, the people to go after are medium sized companies.
So the design goal we set ourselves was a technology that would enable
software vendors to catch the medium-sized offender -- the dodgy freight
company that runs 70 copies of Office 97 but only paid for one -- while
being ineffective against private individuals.
In the process we have made some fundamental discoveries about Tempest.
Army signals officers, defence contractors and spooks have been visibly
flabberghasted to hear our ideas or see our demo.
In the old days, Tempest was about expensive hardware -- custom equipment
to monitor the enemy's emissions and very tricky shielding to stop him doing
the same to you. It was all classified and strictly off-limits to the open
We have ended that era. You can now use software to cause the eavesdropper
in the van outside your house to see a completely different image from the
one that you see on your screen. In its simplest form, our technique uses
specially designed `Tempest fonts' to make the text on your screen invisible
to the spooks. Our paper tells you how to design and code your own.
There are many opportunities for camouflage, deception and misconduct. For
example, you could write a Tempest virus to snarf your enemy's PGP private
key and radiate it without his knowledge by manipulating the dither patterns
in his screen saver. You could even pick up the signal on a $100 short wave
radio. The implications for people trying to build secure computer systems
Anyway, we offered Bill G the prospect that instead of Word radiating the
text you're working on to every spook on the block, it would only radiate
a one-way function of its licence serial number. This would let an observer
tell whether two machines were simultaneously running the same copy of Word,
but nothing more. Surely a win-win situation, for Bill and for privacy.
But Microsoft turned down our offer. I won't breach confidences, but the
high order bit is that their hearts are set on the kind of technology the
smartcard people are promising -- one that will definitively prevent all
copying, even by private individuals. We don't plan to help them on that,
and I expect that if they field anything that works, the net result will be
to get Microsoft dismembered by the Department of Justice.
Meantime we want our Soft Tempest technology to be incorporated in as many
products as possible -- and not just security products!
So to Rainier Fahs, who asked:
> If these rumors are true, I guess we will face a similar discussion on
> free availability in the area of TEMPEST equipment. Does privacy
> protection also include the free choice of protection mechanism?
I say this: our discovery, that Tempest protection can be done in software
as well as hardware, puts it beyond the reach of effective export control.
So yes, you now have a choice. You didn't before,
British Technology Might Flush Out Software Pirates
By John Burgess
Washington Post Foreign Service
Saturday, February 7, 1998; Page H01
CAMBRIDGE, England=97 It's a technique that intelligence agencies have used
for years: Park a van filled with monitoring gear near an embassy and listen
for the faint radio signals that computers routinely emit when they are on.
Analyze those signals for clues to the data that are on the computers.
Now researchers at the University of Cambridge, home of groundbreaking work
in intelligence over the years, are trying to adapt this technology to the
fight against software piracy. With special code written into software,
they say, computers could be made to broadcast beacons that would carry
several hundred yards and identify the software they were running, complete
with serial numbers of each copy.
Vans run by anti-piracy groups could pull up outside a company's office and
count the number of software signals emanating from it. If, say, 50 beacons
for a particular title were detected but the company had licensed only two
copies of the software, that could become evidence on which a court would
issue a search warrant.
Ross Anderson, a University of Cambridge lecturer who is overseeing the
project, said the idea originated last year when Microsoft Corp. Chairman
Bill Gates visited the university after his private foundation announced a
$20 million donation to the school. Gates told officials that, among other
things, he would love the university to come up with new anti-piracy
So far, Microsoft isn't enthusiastic about the university's approach,
Anderson said. "They have some reservations. Obviously there are Big
Brother aspects," he said. A Microsoft spokeswoman said the company has no
plans to adapt the technology.
Emilia Knight, a vice president at BSA Europe, a trade group that combats
software piracy, said such an anti-piracy system might be technically
feasible. But she noted many practical questions on the legal side, such as
how the system would differentiate between companies pirating software and
those legally using multiple copies of programs.
Knight said that concerns of privacy and consumer rights might make the
system a no-go for industrialized countries. But in places like Eastern
Europe, she suggested, where piracy is rampant and there is no tradition of
such protections, the software signal detectors might be acceptable.
Richard Sobel, a political scientist who teaches at Harvard University and
researches privacy issues, called it "an appalling idea."
"If the technology is there to identify what software people are using,
there's the prospect to figure out what people are doing. ... It sounds
like a horrible violation of privacy," Sobel said.
In Britain, however, it might seem less controversial. Here authorities have
long used similar techniques to ferret out people who fail to pay the annual
license fee of about $150 that the law requires for each TV set in the
Cruising the streets here are vans carrying equipment that can detect
emissions from a TV set's "local oscillator," the part that turns a
station's signal into a picture. If the gear senses a TV set inside a house
from which there is no record of a license payment, this is used as evidence
to levy fines.
The system also can tell what channel people are watching because the
oscillator gives off a slightly different signal for each one.
Anderson's researchers have built a prototype that can detect the type of
software running on a machine from short range -- the hallway outside the
room where the computer is running. Anderson said they are ready to build
prototype hardware with a longer range, at a cost of about $15,000-$30,000
-- if the lab can find a customer. So far, none has stepped forward.
(c) Copyright 1998 The Washington Post Company
© 1998 Peter Langston