8 February 1998
To: ukcrypto@maillist.ox.ac.uk Subject: It is really me - the story of Soft Tempest Date: Sun, 08 Feb 1998 15:09:40 +0000 From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk> Bruce Sterling, and others, have asked of the Washington Post story [see below]: > Is this story correct? The Washington Post gives a highly distorted account of some very important scientific work we have done. I suggest that list members read our paper - <www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf> - for themselves before getting carried away. The story is as follows. Bill G gave our department $20m for a new building, and his people said that what they really wanted from our group was a better way to control software copying. So it would have been rather churlish of us not to at least look at their `problem'. Now the `final solution' being peddled by the smartcard industry (and others) is to make software copying physically impossible, by tying program execution to a unique tamper-resistant hardware token. We wouldn't like to see this happen, and we have already done a lot to undermine confidence in the claims of tamper-proofness made by smartcard salesmen. So Markus and I sat down and tried to figure out what we could do for the Evil Empire. We concluded that (1) large companies generally pay for their software; (2) if you try to coerce private individuals, the political backlash would be too much; so (3) if the Evil Empire is to increase its revenue by cracking down on piracy, the people to go after are medium sized companies. So the design goal we set ourselves was a technology that would enable software vendors to catch the medium-sized offender - the dodgy freight company that runs 70 copies of Office 97 but only paid for one - while being ineffective against private individuals. We succeeded. In the process we have made some fundamental discoveries about Tempest. Army signals officers, defence contractors and spooks have been visibly flabberghasted to hear our ideas or see our demo. In the old days, Tempest was about expensive hardware - custom equipment to monitor the enemy's emissions and very tricky shielding to stop him doing the same to you. It was all classified and strictly off-limits to the open research community. We have ended that era. You can now use software to cause the eavesdropper in the van outside your house to see a completely different image from the one that you see on your screen. In its simplest form, our technique uses specially designed `Tempest fonts' to make the text on your screen invisible to the spooks. Our paper tells you how to design and code your own. There are many opportunities for camouflage, deception and misconduct. For example, you could write a Tempest virus to snarf your enemy's PGP private key and radiate it without his knowledge by manipulating the dither patterns in his screen saver. You could even pick up the signal on a $100 short wave radio. The implications for people trying to build secure computer systems are non-trivial. Anyway, we offered Bill G the prospect that instead of Word radiating the text you're working on to every spook on the block, it would only radiate a one-way function of its licence serial number. This would let an observer tell whether two machines were simultaneously running the same copy of Word, but nothing more. Surely a win-win situation, for Bill and for privacy. But Microsoft turned down our offer. I won't breach confidences, but the high order bit is that their hearts are set on the kind of technology the smartcard people are promising - one that will definitively prevent all copying, even by private individuals. We don't plan to help them on that, and I expect that if they field anything that works, the net result will be to get Microsoft dismembered by the Department of Justice. Meantime we want our Soft Tempest technology to be incorporated in as many products as possible - and not just security products! So to Rainier Fahs, who asked: > If these rumors are true, I guess we will face a similar discussion on > free availability in the area of TEMPEST equipment. Does privacy > protection also include the free choice of protection mechanism? I say this: our discovery, that Tempest protection can be done in software as well as hardware, puts it beyond the reach of effective export control. So yes, you now have a choice. You didn't before, Ross Anderson ---------- http://www.washingtonpost.com/wp-srv/WPlate/1998-02/07/060l-020798-idx.html British Technology Might Flush Out Software Pirates By John Burgess Washington Post Foreign Service Saturday, February 7, 1998; Page H01 CAMBRIDGE, England It's a technique that intelligence agencies have used for years: Park a van filled with monitoring gear near an embassy and listen for the faint radio signals that computers routinely emit when they are on. Analyze those signals for clues to the data that are on the computers. Now researchers at the University of Cambridge, home of groundbreaking work in intelligence over the years, are trying to adapt this technology to the fight against software piracy. With special code written into software, they say, computers could be made to broadcast beacons that would carry several hundred yards and identify the software they were running, complete with serial numbers of each copy. Vans run by anti-piracy groups could pull up outside a company's office and count the number of software signals emanating from it. If, say, 50 beacons for a particular title were detected but the company had licensed only two copies of the software, that could become evidence on which a court would issue a search warrant. Ross Anderson, a University of Cambridge lecturer who is overseeing the project, said the idea originated last year when Microsoft Corp. Chairman Bill Gates visited the university after his private foundation announced a $20 million donation to the school. Gates told officials that, among other things, he would love the university to come up with new anti-piracy techniques. So far, Microsoft isn't enthusiastic about the university's approach, Anderson said. "They have some reservations. Obviously there are Big Brother aspects," he said. A Microsoft spokeswoman said the company has no plans to adapt the technology. Emilia Knight, a vice president at BSA Europe, a trade group that combats software piracy, said such an anti-piracy system might be technically feasible. But she noted many practical questions on the legal side, such as how the system would differentiate between companies pirating software and those legally using multiple copies of programs. Knight said that concerns of privacy and consumer rights might make the system a no-go for industrialized countries. But in places like Eastern Europe, she suggested, where piracy is rampant and there is no tradition of such protections, the software signal detectors might be acceptable. Richard Sobel, a political scientist who teaches at Harvard University and researches privacy issues, called it "an appalling idea." "If the technology is there to identify what software people are using, there's the prospect to figure out what people are doing. . . . It sounds like a horrible violation of privacy," Sobel said. In Britain, however, it might seem less controversial. Here authorities have long used similar techniques to ferret out people who fail to pay the annual license fee of about $150 that the law requires for each TV set in the country. Cruising the streets here are vans carrying equipment that can detect emissions from a TV set's "local oscillator," the part that turns a station's signal into a picture. If the gear senses a TV set inside a house from which there is no record of a license payment, this is used as evidence to levy fines. The system also can tell what channel people are watching because the oscillator gives off a slightly different signal for each one. Anderson's researchers have built a prototype that can detect the type of software running on a machine from short range -- the hallway outside the room where the computer is running. Anderson said they are ready to build prototype hardware with a longer range, at a cost of about $15,000-$30,000 -- if the lab can find a customer. So far, none has stepped forward. © Copyright 1998 The Washington Post Company ---------- Date: Sat, 7 Feb 1998 13:05:45 -0500 From: Stewart Baker <sbaker@steptoe.com> To: ukcrypto <ukcrypto@maillist.ox.ac.uk> Subject: Ross, Is that really you? Today's Washington Post claims that a Cambridge research team led by one Ross Anderson is developing technology that would require all personal computers to broadcast the identity of all programs they are running so that anti-piracy investigators can sit outside universities and businesses and check to see whether the folks inside are running more programs than their licenses allow. The article says that even Microsoft thinks this might go too far in invading the privacy of computer users. But advocates for the technology claim that it will work fine in benighted Eastern European countries where piracy is rampant and the natives are used to having their privacy invaded. This raises at least three questions: 1. Is this story correct? 2. If so, is the Ross Anderson it describes the same Ross Anderson known on this list for his attacks on Big Brother? 3. If so, are we to understand that Ross objects not so much to invading privacy as to government competition in that endeavor? Stewart Baker
For TEMPEST information see: http://www.eskimo.com/~joelm/tempest.html