Congress Demands Investigation Into Cold War Spy Technique That Can Steal Data From Any Computer
Washington, Wednesday, 4 March 2026.
US lawmakers are pushing for a federal investigation into TEMPEST, an 80-year-old surveillance method that allows spies to steal sensitive information by intercepting electromagnetic signals leaked by computers, phones, and keyboards—without ever touching the devices. The technique, which costs as little as $300 to implement, can bypass all traditional cybersecurity measures and poses risks to both government secrets and corporate intellectual property, yet consumer device manufacturers have never been required to build protections against it.
Bipartisan Call for Federal Oversight
On Wednesday, March 3, 2026, Senator Ron Wyden and Representative Shontel Brown released a letter to the Government Accountability Office demanding a comprehensive investigation into the vulnerability of modern computers to TEMPEST-style side-channel attacks [1]. The lawmakers simultaneously commissioned a Congressional Research Service report examining the history of TEMPEST and contemporary side-channel attack threats, marking the first major congressional inquiry into this decades-old surveillance vulnerability [1]. Their letter emphasizes that these techniques “do not just pose a counterintelligence threat to the US government, but these methods can also be exploited by adversaries against the American public, including to steal strategically important technologies from US companies” [1].
The $300 Espionage Technique That Bypasses All Security
TEMPEST, now classified as side-channel attacks, has been a recognized computer security vulnerability for close to eight decades, with roots tracing back to the 1940s when Bell Labs discovered that machines sold to the US military for encrypting messages produced detectable signals on oscilloscopes [1]. The technique’s accessibility became starkly apparent in 2015 when Tel Aviv University researchers demonstrated a radio spying device capable of stealing information from computers for less than $300 [1]. This method exploits unintended electromagnetic and acoustic emissions from electronic devices to reconstruct sensitive data without requiring physical access to targeted systems [GPT]. Unlike traditional cyberattacks that rely on software vulnerabilities or network infiltration, TEMPEST attacks can bypass all conventional cybersecurity measures by capturing and analyzing the involuntary signals that computers, keyboards, and other digital equipment emit during normal operation [GPT].
Government Failure to Protect Consumer Devices
The lawmakers’ letter reveals a significant policy gap in consumer protection, stating that the government has “neither warned the public about this threat, nor imposed requirements on the manufacturers of consumer electronics, such as smartphones, computers and computer accessories, to build technical countermeasures into their products” [1]. This regulatory vacuum has “left the American people vulnerable and in the dark” regarding sophisticated surveillance capabilities that could be exploited by foreign adversaries or malicious actors [1]. Wyden and Brown are urging the GAO to review multiple aspects of the TEMPEST threat, including the scale of the modern privacy risk, the cost and feasibility of implementing protective measures, and potential policy options to mitigate vulnerabilities [1].
Technical Reality Versus Public Concern
Security experts provide nuanced perspectives on the practical threat level for average consumers. Cooper Quintin, a security researcher at the Electronic Frontier Foundation’s Threat Lab, explains that “the takeaway from this letter should not be that every activist needs to build a SCIF and start worrying about side-channel attacks, because I don’t think that’s the case” [1]. Quintin emphasizes that while “these attacks are possible, they’re also technically very difficult” and primarily concern “people in national security or who work in fields where international state-backed industrial espionage is a concern” [1]. Hacker Samy Kamkar notes that modern devices are becoming more resistant to these attacks, observing that “the major manufacturers, companies like Apple and Google, generally aren’t super leaky when it comes to electromagnetic emanations or acoustics” [1]. Additionally, Kamkar points out that phones and laptops are becoming less susceptible to side-channel attacks due to more efficient components [1].
Regulatory Pathways and Future Policy Options
The Congressional Research Service report commissioned by Wyden and Brown explores several regulatory mechanisms through which the US government could pressure technology companies to reduce side-channel attack vulnerabilities [1]. The Federal Communications Commission could impose security requirements through radio equipment regulation, while the Federal Trade Commission could classify inadequate TEMPEST-style attack protection as “unfair or deceptive acts or practices” [1]. The lawmakers suggest that Congress could leverage these existing regulatory frameworks to compel tech companies to add more robust defenses to consumer devices [1]. Beyond regulatory pressure, Wyden and Brown’s letter advocates for increased government transparency, suggesting that federal agencies should share more information about side-channel attack threats with both industry stakeholders and the general public [1].