<><> Advanced Security Considerations <><> Warning: The things presented in this segment of the document are surveillance techniques employed by various government, private and espionage organizations around the world. These are not likely to be employed to read your mail to your best friend, unless you happen to be conspiring to launch a nuclear missile. Don't lose any sleep over this. o Advanced Security Considerations: Electromagnetic Interference Interception Every electrical device, from digital wristwatches and toasters to televisions and mainframe computers generate electromagnetic interference. There are devices that measure this energy, and in some circumstances can interpret it into being able to tell what a given device is doing. A computer's monitor is controlled by a signal send from the video card to the monitor (electromagnetic interference.) A remote device, carefully tuned in on this signal, could reproduce the image on your monitor remotely for the purpose of taping or monitoring. The same is true with a computer keyboard. Whenever you press a key, a certain signal is sent to the computer, different from other signals sent by other keys. A device like the one described above could essentially carbon copy all of your key presses into a recorder and everything you type could be reproduced. If you want a working example of this concept, look at a typewriter ribbon (especially those found in IBM Selectric series typewriters.) If you look carefully and fill in the spaces mentally, you can see everything the unwary typist has typed. On the Selectric, spaces aren't shown on the ribbon, since the space prints nothing and would be a waste of ribbon to advance the ribbon when you hit it. (Same with Tab, Return, etc.) o Advanced Security Considerations: Hard disk reading If you format your hard drive so that there is no data on it at all, it is still possible to pick up trace magnetic signals where readable data and the previous formatting existed. With special equipment, the contents of your hard drive could be totally reconstructed, despite the formatting. The solution is straight forward: Department of Defense standard Data Deletion, which was described in the beginning. It overwrites the file 3 times with 1's and 0's before deleting, so the residual data is not usable in any scheme. o Advanced Security Considerations: Remote Video Monitoring Obviously it's possible for someone to videotape your computer screen and/or your fingers on the keyboard. This is a standard tactic. This is avoided somewhat by positioning the computer where neither the keyboard or the monitor is visible through a window, and that there is no reflection visible either, as could be seen in the user's glasses, a mirror, a glossy poster, chrome on furniture, etc. o Advanced Security Considerations: Linetap If you were to use PGP on a remote system, your modem line could be compromised by buffering the signal transparently into another computer and thusly reproducing the entire terminal session. For that reason, it's better to use PGP offline and upload encrypted texts. o Advanced Security Considerations: Modifications There is no way to tell if PGP has been modified unless you get the distribution package from it's creators, or get the source code, carefully examine it, and compile it yourself. Even then, it's possible to have a compiler that recognizes security applications and creates a "backdoor". Although there are lots of ways to lessen the likelyhood of tampering, it's a game of Better Mousetrap, Smarter Mouse. The more common scenario is straight-forward: Someone modifies the source on a shared system and gets a dump of everything you've done with PGP on that system. The chance of this is somewhat eliminated by compiling your own copy on the system, or better, simply use your own copy offline!