TEMPEST is an implemented concept which exist in the electronic world. TEMPEST, in a nutshell, is your neighbor watching your computer screen as you surf the net, type an email, etc.. Not through a computer "network" but through a monitor's hums and vibrations. Those little hums your hard drive makes as your computer runs. These vibrations leak-out through your power supply, into your AC electric circuits, to the power line, and down the street. Although every computer on the block will also be leaking out these signals, as well as your deep-freeze and dryer, advanced programs and algorithms can filter out signal frequency and attunation (quality) and tune into a specific source. The following is more on TEMPEST technology and the reality involved with obtaining and implementing such technology.

     This paper is description of electromagnetic security. The issues involving electromagnetic security are a high-profile one which most people need not worry about. The US Department of Defense (DOD) is the main source of its study and use. The first time I even heard of its existance was from an electronic engineer who had served for the US NAVY. You can't have foreign submarines listening in on water vibrations telling Mavric and Goose not to do a "fly-by".

     Tempest is the name of a technology involving the monitoring (and shielding) of devices that emit ElectroMagnetic Radiation (EMR) in a manner that can be used to reconstruct intelligible data. The term's origin is believed to simply be a code word used by the U. S. government in the late 1960s, but at a somewhat later stage, it became an acronym for Telecommunications Electronics Material Protected from Emanating Spurious Transmissions. Today, in military circles, the term has been officially supplanted by Emsec (for Emissions Security); however, Tempest is still widely used in the civilian arena.

     The idea for Tempest dates back to 1918, when a certain Mr. Yardley and his crew at the Black Chamber were commissioned by the U.S. Army to examine ways to counter enemy radio and telephone systems. His investigations revealed that many devices created spurious transmissions that leaked information. Thus, the concept of Tempest was born.

     Today, cathode ray tube (CRT) and to a lesser extent liquid crystal display (LCD) monitors, microchips, and composite devices such as printers and PCs all emit EMR into space or into some conductive medium (such as power lines, communications wires, or even water piping). The EMR that is emitted contains to varying degrees, the information that the device is displaying, creating, storing, or transmitting. With the correct equipment and techniques, it is possible to reconstruct all or a substantial portion of that data. Some equipment is far more susceptible than others. For example, some US Robotics data/fax modems generate incredibly strong EMR when active, which can be read even by comparatively crude equipment. Wireless handsets and office speakerphones are other devices that generate extremely strong EMR signals.

     The range in which an eavesdropper can monitor Tempest emanations varies tremendously according to conditions. In most cases, the emanations can be picked up with proper equipment from a distance of around 200-300 meters. However, in some cases where a signal has been captured by a conductive medium (such as a power line), monitoring can occur over a distance of many kilometers.

     Tempest monitoring devices include various kinds of sensitive receivers, which can monitor a wide range of frequencies, and a combination of hardware and software that is capable of processing the received signals into the original data. The data that is picked up is often corrupted by such things as external EMR interference, signal weakness over distances, and partial transmission. Advanced algorithms can help provide a more complete picture of the original information.

     Shielding of devices from EMR is achieved by a number of methods. The most sophisticated devices use advanced micro-components that have been designed from scratch to minimize Tempest emanations. Generally, shielding involves encompassing the device in a Faraday cage that does not permit stray emanations, along with special modifications to the power source. This usually involves a heavy metal case around an object. Tempest shielding also involves such issues as the design of a room and placement of equipment within it, to ensure that no information can escape.

     For individuals who wish to be more secure against Tempest but cannot invest in this level of equipment, some software products recommend special displays that limit the effectiveness of Tempest monitoring of emanations from a CRT monitor. National Communications Security Committee Directive 4 sets U.S. Tempest standards. The requirements are set out in document NACSIM 5100A, which is classified. Tempest certification for private sector usage is extremely expensive and, as a result, it has led to a newer standard, called ZONE, which is more cost effective, though somewhat less secure. Approved Tempest-shielded devices are classed into 3 categories. Type 1 is extremely secure and available only to the U.S. government and approved contractors, who must undergo strict vetting. Type 2 is somewhat less secure, but still requires government approval to use. Type 3 is for general commercial use.

     In the private arena, there are few individuals who are competent in Tempest technology. With only a handful of exceptions, the only qualifications of significance come from individuals who have served in either the military or intelligence communities and who have attended courses run and approved by the NSA, namely the ones held at Lackland Air Force Base, just outside San Antonio, Texas or at National Cryptologic School at Linthicum, Maryland.

     As a note of warning, there is nothing illegal in the U.S. in attempting to procure equipment that is Tempest-shielded, though some devices are classified and only obtainable to authorized entities. You are free (subject to patent law and FCC guidelines for spurious admissions) to make any modifications to equipment to shield them from Tempest attack. However, securing or attempting to secure Tempest surveillance devices is illegal and can subject all individuals involved to severe penalties. Even "scam" Tempest technology that is completely ineffective will get individuals into trouble, as the law relates also to intention. Full details are available at US Code / Title 18 - Crimes and Criminal Procedures / Part 1 - Crimes / Chapter 119, 2510 to 2521). The only exceptions to this are related to the military, intelligence agencies, and law enforcement bodies with court orders.

Tempest Links

• The Complete, Unofficial TEMPEST Information Page
  
• Engineering and Design - Electromagnetic Pulse (EMP) and Tempest Protection for Facilities (DOD)
  
• The Temptest Method of Computer Data Interception
  
• Electronic Eavesdropping Detection Service
  
• Rise of the TEMPEST
  
• TEMPEST in a teapot
  
• Reception of Electromagnetic Radiation from RS232 Cables