How Vulnerable Are Computers to an 80-Year-Old Spy Technique? Congress Wants Answers

The term TEMPEST, coined by the NSA in the 1940s, describes the unintentional radiation of data from electronic devices. Over the decades, side‑channel attacks have evolved from lab curiosities to credible espionage tools, capable of leaking cryptographic keys via electromagnetic or acoustic emissions. While the original focus was on military hardware, the proliferation of personal computers, smartphones, and IoT gadgets has broadened the attack surface, prompting renewed interest from both intelligence agencies and privacy advocates.

In Washington, Senators Wyden and Brown’s recent GAO request signals a shift toward public scrutiny of this obscure threat. Their accompanying CRS report highlights a regulatory gap: unlike classified systems, consumer electronics lack mandated shielding or emission standards. The lawmakers propose that agencies such as the FCC or FTC could require manufacturers to integrate TEMPEST countermeasures or face penalties for deceptive security claims. Such policy moves could reshape product design cycles, increase compliance costs, and create a new market for hardened hardware.

Technical feasibility remains a mixed picture. Academic labs have shown that a $300 antenna or a smartphone’s microphone can capture enough signal to reconstruct encryption keys, yet these demonstrations often require close proximity and sophisticated signal processing. The rise of AI-driven analysis may lower the expertise barrier, making noisy data more exploitable. Meanwhile, modern devices—especially battery‑optimized phones and cloud‑based services—emit less radiation, and major vendors have invested in shielding. Nonetheless, industrial control systems and smart home appliances may still be vulnerable, keeping side‑channel attacks on the radar of both national security officials and high‑value corporate targets.