Encryption protects data in transit and at rest. It does almost nothing about a more physical leak: the fact that electronic equipment radiates. Every time a wire carries a changing current, it acts as a small antenna. Every time a display refreshes a pixel, it emits a tiny pulse of electromagnetic energy. Those emissions are not random. They are correlated with the data being processed, and with the right receiver they can be turned back into that data.
The military codename for the study and control of these compromising emanations is TEMPEST. The public demonstration of intercepting them is named after Wim van Eck, the researcher whose 1985 paper showed it could be done with a few hundred dollars of consumer gear rather than a national lab. The two terms point at opposite sides of the same physics: TEMPEST is the defense, Van Eck phreaking is the attack.
Why a screen is also a transmitter
A display builds its image by driving pixels in a fast, regular pattern. On the old cathode-ray tubes Van Eck studied, an electron beam swept across the screen line by line, and the sharp voltage changes at the edges of bright and dark areas produced broadband radio emissions. A receiver tuned to the right frequency and synchronized to the screen's refresh timing could rebuild the image, because the timing of those emissions maps directly onto the position of each pixel.
The natural assumption was that flat-panel LCD and digital displays killed this off. They did not. The digital video cables feeding modern monitors carry pixel data as high-speed serial signals, and those signals radiate too. Researcher Markus Kuhn at the University of Cambridge demonstrated through the 2000s that flat-panel displays and their cables leak recoverable signals, and that the digital encoding can even make certain text patterns easier to pick out, not harder.
This is a side channel. The attacker does not break the encryption or touch the machine. They exploit a physical byproduct of computation that the system was never designed to suppress. The information leaks through a path nobody intended to be a communication channel.
It is not only screens
Once you see displays as antennas, the same logic extends to almost everything that computes. Academic work over the past two decades has extracted secrets from a surprising range of emanations.
- Keyboards. Wired and wireless keyboards emit distinguishable signals per keystroke; researchers have recovered typed text from the electromagnetic pulses of key presses meters away.
- Power lines. A computer's power draw fluctuates with what it is doing. Power-analysis attacks have pulled cryptographic keys out of these fluctuations on smartcards and embedded devices.
- Cables as accidental antennas. Work on techniques nicknamed for the antennas they exploit has shown that USB cables, GPIO pins, and even memory buses can be driven to emit signals that carry data out of an isolated machine.
- Air-gapped machines. Researchers at Ben-Gurion University have repeatedly shown that even a computer with no network connection can leak data through electromagnetic, acoustic, optical, and thermal channels, which is part of why air-gapping alone is not a complete defense.
This family of techniques overlaps with the broader category of side-channel attacks, where timing, power, sound, and emanation all become avenues for extracting secrets that the math itself never gave up.
How the leak is suppressed
Defending against emanation attacks is an exercise in physics rather than software. The standard controls are about containment and noise.
| Defense | What it does |
|---|---|
| Shielding | Conductive enclosures and shielded cabling block emissions from escaping. A fully shielded room is a Faraday cage for the whole workspace. |
| Zoning | Keeping sensitive equipment at a controlled distance from any point an attacker could reach, because signal strength falls off sharply with distance. |
| Filtering | Power-line and signal filters stop emissions from riding out along cables that leave the protected area. |
| Soft TEMPEST | Kuhn and Ross Anderson showed displays can use specially designed fonts and filtered rendering that reduce the high-frequency content an eavesdropper relies on. |
Governments maintain detailed TEMPEST standards and certify equipment against them, but most of the precise emission limits remain classified. The general shape is public: shield, separate, filter, and where possible shape the signal so the leaked version carries less usable information.
Who actually needs to worry
Here is the honest threat assessment. Van Eck interception requires the attacker to bring a tuned receiver into physical proximity, often within tens of meters, and to deal with interference from every other electronic device nearby. It is a targeted, resource-intensive attack. It is firmly within reach of a well-funded intelligence service, and it has been demonstrated by university labs on a modest budget, but it is not how anyone harvests data at scale.
For the overwhelming majority of people, emanation surveillance is the wrong thing to lose sleep over. Data brokers, phishing, weak passwords, and unencrypted backups will compromise far more people than any antenna in a van. Threat modeling means spending your attention where the realistic risk is.
But the small set of people for whom this matters is exactly the set that secure tools exist to protect: a journalist in a hostile jurisdiction, a dissident under state attention, a target of a national intelligence service. For them, the lesson is that the device and its physical environment are part of the threat surface, not just the software. Working from a shielded space, keeping displays away from exterior windows and walls, and treating physical proximity as a real risk are all part of a serious threat model.
What this says about encryption
Emanation attacks are a useful reminder of where encryption's job ends. End-to-end encryption protects the message as it travels and as it sits on a server. It cannot do anything about the moment the message is rendered on a screen for a human to read, because at that instant the plaintext exists as light and as the radio shadow of that light. The endpoints are always the soft spot. This is the same truth behind evil maid attacks and device forensics: strong cryptography raises the cost of attacking the channel so high that an adversary goes after the endpoint instead.
That does not make encryption less valuable. It makes it the floor rather than the ceiling. Encrypting your communication forces a serious adversary out of the cheap, scalable, remote attacks and into the expensive, physical, one-target-at-a-time attacks like parking a receiver near your window. For almost everyone, pushing the adversary onto that ground is the whole point.