Phil Zimmermann says he doesn't regret creating the Pretty Good Privacy (PGP) strong encryption program, even though terrorists may use it. But while encryption may protect our Internet transactions and routine communications, it would be naive to think that governments or even wealthy companies and individuals can't get around it.
I happen to believe that if our investigative agencies can't crack PGP by now, someone isn't doing his job. But even if PGP has some life left, a couple of recent articles exposed how easy it is to spy on someone. One of the stories discussed a technology that decodes the flashing lights on a modem; the other is about finding out what's on a user's screen from the reflection of a monitor's glow on the user's face.
These technologies aren't really as cutting-edge as they sound, but they have Hollywood written all over them. No doubt the next Mission: Impossible sequel will have Tom Cruise run a video of a suspected terrorist through a computer that transforms the glow on the terrorist's face into a flawless picture of what appeared on his computer's monitor.
By the way, a recent story in US Computerworld described smart mines that wake up and hop over to fill in the gaps after an enemy clears a path through a minefield. I can't wait to see Cruise in a chase scene running away from a hopping explosive.
If there is any lesson to be learned from the stories about spy technology, it's that secrecy is an illusion. And here's a nonsecret for you: It has been that way for a long time. Interpreting the lights on a modem is child's play. It's almost as easy to read the radio emissions from a computer monitor to reconstruct what the person sees on the screen. It's not nearly as easy to reconstruct a monitor's contents from the glow on a person's face because facial contours complicate the process.
But aside from that, it's a reasonably straightforward procedure because we know how monitors work.
Believe it or not, you can do even more sophisticated snooping without having to know why a particular technique works. The trick is to combine digital signal processing with statistics-based pattern recognition. For example, suppose you want to be able to determine what someone is typing simply by pointing a directional microphone at a wall outside that person's office.
It's easy. You record the clicks of the keyboard as the person types and digitize the sounds. Run the data through various analytical routines, such as a fast Fourier transform or a program that detects the envelope of each click. Then put this data through a statistical engine to see which approach best distinguishes one key from another. You don't need to know why one method is better, just the fact that it's better.
Once you choose the best way to interpret the patter, all you need to do is map the distinctive digital signatures of each key to actual letters and characters. This part is no more difficult than solving a cryptogram. After that, you can turn on the microphone, and your snooping device will display in real time exactly what the person types.
I'm not sure when the foundation for spying via digital signal processing was laid, but I know it was well under way by the early '80s when I learned about the keyboard trick. These days, it's probably easier to sneak a keystroke-recording program onto a computer, and there are always brute-force approaches, such as wiretaps, hidden cameras and long-range cameras. But as you can imagine, signal processing opens many possibilities. The keyboard example is actually a trivial problem compared with what people were doing with digital signatures even back in the '80s.
I'd like to think that by now we could bounce a rock off a cave entrance in Afghanistan and tell from the sound whether or not Osama bin Laden is in the cave, if he's wearing underwear, the colour of said undergarment and how long it's been since he washed it. That may be a stretch, but if you start hearing people bounce pebbles off your window, I'd recommend you be careful about your hygiene and what you wear.
Nicholas Petreley can be reached at firstname.lastname@example.org.