Soft Tempest, Privacy and Software
Cambridge Univeristy, Microsoft and "Soft-Tempest"
The following notes, which were posted Monday on David Farber's IP
list, provide details of a fascinating story which was first reported in
a Saturday Washington Post story by John Burgess. Apparently
Microsoft's recent $20 million donation to Cambridge University was
accompanied by a request for research into technologies that would
prevent users from illegally copying Microsoft's software products.
Working on this problem was Ross Anderson, a well known computer
scientist, known for his work on privacy issues, including medical
records privacy.
According to the Post article, and confirmed below by Ross
Anderson, this involved the development of a technology that would
permit Microsoft or other software vendors to identify unauthorized uses
of software simply by driving surveillance vehicles near places where
software was used, which could monitor faint radio signals from
computers.
In the WP article, and in Ross Anderson's note following the
article, it is reported that Microsoft decided not to use this
particular technology, but also that it is exploring other technological
methods to make it impossible for persons to make unauthorized copies of
Microsoft software. Anderson's seemingly enthusiastic involvement in
the project surprised many observers (it certainly surprised me).
Jamie Love <love@cptech.org>
attached...
John Burgess WP Story "British Technology Might Flush Out Software
Pirates"
Stewart Baker, on ukcrypto, "Ross, Is that really you?"
Ross Anderson to ukcrypto "It is really me - the story of Soft Tempest"
-------------------------------
http://www.washingtonpost.com/wp-srv/WPlate/1998-02/07/060l-020798-idx.html
British Technology Might Flush Out Software Pirates
By John Burgess
Washington Post Foreign Service
Saturday, February 7, 1998; Page H01
CAMBRIDGE, England— It's a technique that intelligence agencies have
used for years: Park a van filled with
monitoring gear near an embassy and listen for the faint radio signals
that computers routinely emit when they are on. Analyze those signals
for clues to the data that are on the computers.
Now researchers at the University of Cambridge, home of groundbreaking
work in intelligence over the years, are trying to adapt this technology
to the fight against software piracy. With special code written into
software, they say, computers could be made to broadcast beacons that
would carry several hundred yards and identify the software they were
running, complete with serial numbers of each copy.
Vans run by anti-piracy groups could pull up outside a company's office
and count the number of software signals emanating from it. If, say, 50
beacons for a particular title were detected but the company had
licensed only two copies of the software, that could become evidence on
which a court would issue a search warrant.
Ross Anderson, a University of Cambridge lecturer who is overseeing the
project, said the idea originated last year when Microsoft Corp.
Chairman Bill Gates visited the university after his private foundation
announced a $20 million donation to the school. Gates told officials
that, among other things, he would love the university to come up with
new anti-piracy techniques.
So far, Microsoft isn't enthusiastic about the university's approach,
Anderson said. "They have some reservations. Obviously there are Big
Brother aspects," he said. A Microsoft spokeswoman said the company has
no plans to adapt the technology.
Emilia Knight, a vice president at BSA Europe, a trade group that
combats software piracy, said such an anti-piracy system might be
technically feasible. But she noted many practical questions on the
legal side, such as how the system would differentiate between companies
pirating software and those legally using multiple copies of programs.
Knight said that concerns of privacy and consumer rights might make the
system a no-go for industrialized countries. But in places like Eastern
Europe, she suggested, where piracy is rampant and there is no tradition
of such protections, the software signal detectors might be acceptable.
Richard Sobel, a political scientist who teaches at Harvard University
and researches privacy issues, called it "an appalling idea."
"If the technology is there to identify what software people are using,
there's the prospect to figure out what people are doing. . . . It
sounds like a horrible violation of privacy," Sobel said.
In Britain, however, it might seem less controversial. Here authorities
have long used similar techniques to ferret out people who fail to pay
the annual license fee of about $150 that the law requires for each TV
set in the country.
Cruising the streets here are vans carrying equipment that can detect
emissions from a TV set's "local oscillator," the part that turns a
station's signal into a picture. If the gear senses a TV set inside a
house from which there is no record of a license payment, this is used
as evidence to levy fines.
The system also can tell what channel people are watching because the
oscillator gives off a slightly different signal for each one.
Anderson's researchers have built a prototype that can detect the type
of software running on a machine from short range -- the hallway outside
the room where the computer is running. Anderson said they are ready to
build prototype hardware with a longer range, at a cost of about
$15,000-$30,000 -- if the lab can find a customer. So far, none has
stepped forward.
© Copyright 1998 The Washington Post Company
----------
Date: Sat, 7 Feb 1998 13:05:45 -0500
From: Stewart Baker <sbaker@steptoe.com>
To: ukcrypto <ukcrypto@maillist.ox.ac.uk>
Subject: Ross, Is that really you?
Today's Washington Post claims that a Cambridge
research team led by one Ross Anderson is developing
technology that would require all personal
computers to broadcast the identity of all programs
they are running so that anti-piracy investigators can
sit outside universities and businesses and check to
see whether the folks inside are running more programs than
their licenses allow.
The article says that even Microsoft thinks this might
go too far in invading the privacy of computer users.
But advocates for the technology claim that it will work
fine in benighted Eastern European countries
where piracy is rampant and the natives are used to having
their privacy invaded.
This raises at least three questions:
1. Is this story correct?
2. If so, is the Ross Anderson it describes the
same Ross Anderson known on this list for his
attacks on Big Brother?
3. If so, are we to understand that Ross objects not
so much to invading privacy as to government
competition in that endeavor?
Stewart Baker
--------------
Subject: IP: Soft Tempest
Date: Mon, 09 Feb 1998 21:28:33 -0500
From: Dave Farber <farber@cis.upenn.edu>
To: ip-sub-1@majordomo.pobox.com
To: ukcrypto@maillist.ox.ac.uk
Subject: It is really me - the story of Soft Tempest
Date: Sun, 08 Feb 1998 15:09:40 +0000
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
Bruce Sterling, and others, have asked of the Washington Post story
[see below]:
> Is this story correct?
The Washington Post gives a highly distorted account of some very
important scientific work we have done. I suggest that list members read
our paper - <www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf> - for themselves
before getting carried away.
The story is as follows. Bill G gave our department $20m for a new
building, and his people said that what they really wanted from our
group was a better way to control software copying. So it would have
been rather churlish of us not to at least look at their `problem'.
Now the `final solution' being peddled by the smartcard industry (and
others) is to make software copying physically impossible, by tying
program execution to a unique tamper-resistant hardware token. We
wouldn't like to see this happen, and we have already done a lot to
undermine confidence in the claims of tamper-proofness made by smartcard
salesmen.
So Markus and I sat down and tried to figure out what we could do for
the Evil Empire. We concluded that
(1) large companies generally pay for their software;
(2) if you try to coerce private individuals, the
political backlash would be too much;
so
(3) if the Evil Empire is to increase its revenue by
cracking down on piracy, the people to go after
are medium sized companies.
So the design goal we set ourselves was a technology that would enable
software vendors to catch the medium-sized offender - the dodgy freight
company that runs 70 copies of Office 97 but only paid for one - while
being ineffective against private individuals.
We succeeded.
In the process we have made some fundamental discoveries about Tempest.
Army signals officers, defence contractors and spooks have been visibly
flabberghasted to hear our ideas or see our demo.
In the old days, Tempest was about expensive hardware - custom equipment
to monitor the enemy's emissions and very tricky shielding to stop him
doing the same to you. It was all classified and strictly off-limits to
the open research community.
We have ended that era. You can now use software to cause the
eavesdropper in the van outside your house to see a completely different
image from the one that you see on your screen. In its simplest form,
our technique uses specially designed `Tempest fonts' to make the text
on your screen invisible to the spooks. Our paper
tells you how to design and code your own.
There are many opportunities for camouflage, deception and misconduct.
For example, you could write a Tempest virus to snarf your enemy's PGP
private key and radiate it without his knowledge by manipulating the
dither patterns in his screen saver. You could even pick up the signal
on a $100 short wave radio. The implications for people trying to build
secure computer systems are non-trivial.
Anyway, we offered Bill G the prospect that instead of Word radiating
the text you're working on to every spook on the block, it would only
radiate a one-way function of its licence serial number. This would
let an observer tell whether two machines were simultaneously running
the same copy of Word, but nothing more. Surely a win-win situation, for
Bill and for privacy.
But Microsoft turned down our offer. I won't breach confidences, but the
high order bit is that their hearts are set on the kind of technology
the smartcard people are promising - one that will definitively prevent
all copying, even by private individuals. We don't plan to help them on
that, and I expect that if they field
anything that works, the net result will be to get Microsoft dismembered
by the Department of Justice.
Meantime we want our Soft Tempest technology to be incorporated in as
many products as possible - and not just security products!
So to Rainier Fahs, who asked:
> If these rumors are true, I guess we will face a
> similar discussion on free availability in the area
> of TEMPEST equipment. Does privacy protection also
> include the free choice of protection mechanism?
I say this: our discovery, that Tempest protection can be done in
software as well as hardware, puts it beyond the reach of effective
export control. So yes, you now have a choice. You didn't before,
Ross Anderson