A pair of US lawmakers have launched a formal investigation into whether modern consumer electronics are vulnerable to a decades-old surveillance technique that exploits the physics of computing itself, not software flaws.
Senator Ron Wyden and Representative Shontel Brown sent a letter to the Government Accountability Office on Wednesday demanding a review of how exposed everyday Americans are to TEMPEST-style side-channel attacks. These techniques involve monitoring the unintentional radio waves, sounds, and vibrations emitted by computing devices to reconstruct private data and activities.
A Technique That Predates the Internet
The problem dates to the 1940s, when Bell Labs discovered that encryption machines it sold to the US military were leaking readable signals onto an oscilloscope across the room. The machines’ electromagnetic components were effectively broadcasting clues about military cryptography to anyone with the right equipment.
A declassified National Security Agency report from 1972 put the scale of the problem plainly. It warned that classified computers were transmitting “radio frequency or acoustic energy” that could radiate through free space for half a mile or more, or travel even further through nearby power lines and water pipes. The report described the scenario as “absolutely the worst thing that can happen to us” from a communications security standpoint.
The NSA originally codenamed the problem TEMPEST. The broader category it belongs to, side-channel attacks, now covers any method of inferring information from the physical byproducts of a device’s operation rather than from its data directly.
Protected for the Government, Not the Public
The US government has long shielded its own classified operations from these techniques. Sensitive Compartmented Information Facilities, known as SCIFs, are radio-shielded, isolated rooms designed specifically to prevent electromagnetic leakage from reaching outside ears.
No equivalent protections exist for consumers. Wyden and Brown’s letter states directly that the government has “neither warned the public about this threat, nor imposed requirements on the manufacturers of consumer electronics, such as smartphones, computers and computer accessories, to build technical countermeasures into their products.”
The lawmakers argue the gap matters beyond individual privacy. Their letter warns that these methods “can also be exploited by adversaries against the American public, including to steal strategically important technologies from US companies.”
What Congress Is Asking For
Alongside the letter, Wyden and Brown commissioned a Congressional Research Service report surveying the history of TEMPEST and the current threat landscape.
The GAO request asks investigators to assess several specific areas:
- The scale of the modern privacy threat posed by side-channel attacks on consumer devices
- The cost and feasibility of building protections against these attacks into modern hardware
- Policy options for mitigating the threat, including potentially mandating that device manufacturers add countermeasures to their products
That last point signals that Congress may be weighing whether to compel tech companies to act, not merely encourage them.
How frequently side-channel attacks are actually used against civilians by hackers or foreign intelligence services is not well established. The techniques require sensitive equipment and significant expertise to execute. Still, the fact that the US government has treated the threat seriously for nearly 80 years, investing heavily in shielding its own infrastructure, makes the absence of any public-facing policy harder to ignore.
Photo by Nima Motaghian Nejad on Unsplash
This article is a curated summary based on third-party sources. Source: Read the original article
