8 February 1998


To: ukcrypto@maillist.ox.ac.uk
Subject: It is really me - the story of Soft Tempest
Date: Sun, 08 Feb 1998 15:09:40 +0000
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>

Bruce Sterling, and others, have asked of the Washington Post story
[see below]:

> Is this story correct?

The Washington Post gives a highly distorted account of some very
important scientific work we have done. I suggest that list members
read our paper - <www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf> - for
themselves before getting carried away.

The story is as follows. Bill G gave our department $20m for a new
building, and his people said that what they really wanted from our
group was a better way to control software copying.  So it would have
been rather churlish of us not to at least look at their `problem'.

Now the `final solution' being peddled by the smartcard industry (and
others) is to make software copying physically impossible, by tying
program execution to a unique tamper-resistant hardware token. We
wouldn't like to see this happen, and we have already done a lot to
undermine confidence in the claims of tamper-proofness made by
smartcard salesmen.

So Markus and I sat down and tried to figure out what we could do for
the Evil Empire. We concluded that 

(1)  large companies generally pay for their software; 

(2)  if you try to coerce private individuals, the political backlash 
     would be too much; 

so 

(3)  if the Evil Empire is to increase its revenue by cracking down on
     piracy, the people to go after are medium sized companies.

So the design goal we set ourselves was a technology that would enable
software vendors to catch the medium-sized offender - the dodgy
freight company that runs 70 copies of Office 97 but only paid for one
- while being ineffective against private individuals.

We succeeded.

In the process we have made some fundamental discoveries about
Tempest. Army signals officers, defence contractors and spooks have
been visibly flabberghasted to hear our ideas or see our demo.

In the old days, Tempest was about expensive hardware - custom
equipment to monitor the enemy's emissions and very tricky shielding
to stop him doing the same to you. It was all classified and strictly
off-limits to the open research community.

We have ended that era. You can now use software to cause the
eavesdropper in the van outside your house to see a completely
different image from the one that you see on your screen. In its
simplest form, our technique uses specially designed `Tempest fonts'
to make the text on your screen invisible to the spooks. Our paper
tells you how to design and code your own.

There are many opportunities for camouflage, deception and misconduct.
For example, you could write a Tempest virus to snarf your enemy's PGP
private key and radiate it without his knowledge by manipulating the
dither patterns in his screen saver. You could even pick up the signal
on a $100 short wave radio. The implications for people trying to
build secure computer systems are non-trivial.

Anyway, we offered Bill G the prospect that instead of Word radiating
the text you're working on to every spook on the block, it would only
radiate a one-way function of its licence serial number.  This would
let an observer tell whether two machines were simultaneously running
the same copy of Word, but nothing more. Surely a win-win situation,
for Bill and for privacy.

But Microsoft turned down our offer. I won't breach confidences, but
the high order bit is that their hearts are set on the kind of
technology the smartcard people are promising - one that will
definitively prevent all copying, even by private individuals. We
don't plan to help them on that, and I expect that if they field
anything that works, the net result will be to get Microsoft
dismembered by the Department of Justice.

Meantime we want our Soft Tempest technology to be incorporated in 
as many products as possible - and not just security products!

So to Rainier Fahs, who asked:

> If these rumors are true, I guess we will face a similar discussion on
> free availability in the area of TEMPEST equipment. Does privacy
> protection also include the free choice of protection mechanism?

I say this: our discovery, that Tempest protection can be done in
software as well as hardware, puts it beyond the reach of effective
export control. So yes, you now have a choice. You didn't before,

Ross Anderson

----------

http://www.washingtonpost.com/wp-srv/WPlate/1998-02/07/060l-020798-idx.html

British Technology Might Flush Out Software Pirates

By John Burgess
Washington Post Foreign Service
Saturday, February 7, 1998; Page H01 

CAMBRIDGE, England— It's a technique that intelligence
agencies have used for years: Park a van filled with
monitoring gear near an embassy and listen for the faint radio
signals that computers routinely emit when they are on.
Analyze those signals for clues to the data that are on the
computers.

Now researchers at the University of Cambridge, home of
groundbreaking work in intelligence over the years, are trying
to adapt this technology to the fight against software piracy.
With special code written into software, they say, computers
could be made to broadcast beacons that would carry several
hundred yards and identify the software they were running,
complete with serial numbers of each copy.

Vans run by anti-piracy groups could pull up outside a
company's office and count the number of software signals
emanating from it. If, say, 50 beacons for a particular title
were detected but the company had licensed only two copies
of the software, that could become evidence on which a court
would issue a search warrant.

Ross Anderson, a University of Cambridge lecturer who is
overseeing the project, said the idea originated last year when
Microsoft Corp. Chairman Bill Gates visited the university
after his private foundation announced a $20 million donation
to the school. Gates told officials that, among other things, he
would love the university to come up with new anti-piracy
techniques.

So far, Microsoft isn't enthusiastic about the university's
approach, Anderson said. "They have some reservations.
Obviously there are Big Brother aspects," he said. A
Microsoft spokeswoman said the company has no plans to
adapt the technology.

Emilia Knight, a vice president at BSA Europe, a trade group
that combats software piracy, said such an anti-piracy system
might be technically feasible. But she noted many practical
questions on the legal side, such as how the system would
differentiate between companies pirating software and those
legally using multiple copies of programs.

Knight said that concerns of privacy and consumer rights
might make the system a no-go for industrialized countries.
But in places like Eastern Europe, she suggested, where piracy
is rampant and there is no tradition of such protections, the
software signal detectors might be acceptable.

Richard Sobel, a political scientist who teaches at Harvard
University and researches privacy issues, called it "an
appalling idea."

"If the technology is there to identify what software people are
using, there's the prospect to figure out what people are doing.
. . . It sounds like a horrible violation of privacy," Sobel said.

In Britain, however, it might seem less controversial. Here
authorities have long used similar techniques to ferret out
people who fail to pay the annual license fee of about $150
that the law requires for each TV set in the country.

Cruising the streets here are vans carrying equipment that can
detect emissions from a TV set's "local oscillator," the part
that turns a station's signal into a picture. If the gear senses a
TV set inside a house from which there is no record of a
license payment, this is used as evidence to levy fines.

The system also can tell what channel people are watching
because the oscillator gives off a slightly different signal for
each one.

Anderson's researchers have built a prototype that can detect
the type of software running on a machine from short range --
the hallway outside the room where the computer is running.
Anderson said they are ready to build prototype hardware
with a longer range, at a cost of about $15,000-$30,000 -- if
the lab can find a customer. So far, none has stepped forward.

© Copyright 1998 The Washington Post Company

----------

Date: Sat, 7 Feb 1998 13:05:45 -0500
From: Stewart Baker <sbaker@steptoe.com>
To: ukcrypto <ukcrypto@maillist.ox.ac.uk>
Subject: Ross, Is that really you?
     
     Today's Washington Post claims that a Cambridge research team led by one 
     Ross Anderson is developing technology that would require all personal 
     computers to broadcast the identity of all programs they are running so 
     that anti-piracy investigators can sit outside universities and businesses 
     and check to see whether the folks inside are running more programs than 
     their licenses allow.  
     
     The article says that even Microsoft thinks this might go too far in 
     invading the privacy of computer users. But advocates for the technology 
     claim that it will work fine in benighted Eastern European countries where 
     piracy is rampant and the natives are used to having their privacy invaded.
     
     This raises at least three questions:
     
     1.  Is this story correct?
     
     2.  If so, is the Ross Anderson it describes the same Ross Anderson known 
     on this list for his attacks on Big Brother?
     
     3.  If so, are we to understand that Ross objects not so much to invading 
     privacy as to government competition in that endeavor?
     
     Stewart Baker


For TEMPEST information see: http://www.eskimo.com/~joelm/tempest.html