There was a time when if you used the word Tempest in public you would have had the FBI knocking on your door – in my case it would have been MI-5. Now, it seems everybody knows that Tempest (should be all capitalized, but I’m only going to do that just once) was/is the code word for both the emanations from an electronic device and the protection of such a device.
People have been trying to listen in on others since the telephone was invented. In the early days (and in many developing countries to this day) crosstalk between telephone circuits was a major – and misunderstood – phenomenon. In WW-I, crosstalk from field telephones was deliberately exploited by the Germans and the British invented a low signal level phone system to prevent it.
In WW-II the Germans again showed inventiveness by tracking shipping and aircraft from submarines by the radiation from the enemy’s local oscillators. From the LO frequency they were also able to figure out the frequencies the British were using, allowing for others to monitor the traffic from on-shore locations. The British responded by shielding the LO valves (tubes). But, for short distances that shielding is rather ineffective and that led to the development of Detector Vans, allowing the British General Post Office (GPO, as it was at the time) to monitor houses to see if they had a television that had not paid for a TV licence. When they knocked on the door of the reprobate they would even tell him what channel he had been watching!
The NSA was started in 1953. That same year the problems of electronic emanations was raised repeatedly and the TEMPEST code was allocated to a project to research the possible problems. (Over the years people have tried to treat the word as a mnemonic, with ridiculous strings of words: it is not.) From that point a government standard was developed with the final version being FS222A (AMSG720B in NATO).
Lots and lots of Tempest-proof products were manufactured and tested and all the departments of the military produced thousands of Tempest-trained technicians. Then something really weird happened. A guy from the Rand Corporation, Willis Ware, stood up at Spring ACM in 1967 and started
talking about Tempest in some detail in a computer security session. I remember seeing the published paper some time afterwards while I was researching something else at the college where I was teaching.
It struck me at the time, and I had only heard about Tempest a short time before, that it was just a slip up. I was wrong. The whole program was declassified at the end of 1965 to allow this paper to be given. Reason? Unknown, but now I would have immediately said “commercial.” And, indeed, vendors have made a lot of money out of Tempest products ever since. Some of the stories about information being picked up from bank computer and other sensitive commercial secrets, etc are probably mostly piffle. But they sell product.
By the early 1990s most government departments were getting wary of Tempest with physical distance rules between Tempest-proofed machines (in case one of them was a plant) causing the biggest headaches in the physical work space.
More studies showed the final commonsense that there was no way anybody with the required receiving equipment could get close enough to hack the more sensitive machines without sticking out like the proverbial sore thumb. In 1992 the
NRO (National Reconnaissance Office) was de-classified following publication of its office location in Chantilly, VA. That same year they pulled the plug on Tempest for all sixteen (publicly known) members of the US intelligence community.
Tempest still continues in the commercial sector and, I would argue, should still continue in the intelligence and military sectors when it comes to laptops. A laptop being used off site is about as vulnerable as it can get. And the argument that I have heard, that an LCD is less likely to be emanating than a CRT, is simply not true.
It is still a surprise to me that Dell, who just announced a
ruggedized laptop -- with a handle! – did not at the same time offer a Tempest-protected version. Dell are targeting, with their Latitude XFR D630, the Panasonic CF-301 with faster system performance (with a faster processor) and 100% compatibility with the Latitude family and their next-day onsite service. Any of the other laptops out there that claim ruggedness are only partially ruggedized.
But no Tempest.
The only laptop I have used that was Tempest certified was at a consulting company that I worked at for a while. The Vietnam-era computers, with LED screens only, had ROM as a program source. There were no drive slots so that it was impossible to use the machine for anything other than the job it was programmed for. The refresh rate was, originally, random as a Tempest protection and it was incredibly heavy and had no battery back-up, making it a real pain at airport security.
The new Dell sounds much more friendly and useful...but I have retired, personally, from a life of extreme temperatures, dust, moisture and altitude. Still, knowing that the keyboard is safe from a spilled drink might be a redeeming feature for when an airplane ride causes a tempest in my teacup.
