I’m reading Richard J. Aldrich’s book GCHQ – The Uncensored Story of Britains Most Secret Intelligence Agency (2010; available as 28MB .pdf here) and thought the following paragraphs about TEMPEST in the 1960s offer an interesting bit of historic perspective to modern day weakening of crypto (such as DUAL_EC) as part of NSA’s Bullrun and GCHQ’s Edgehill program:
What none of these accounts captures is the exquisite dilemma of offence versus defence. With Tempest, the conflicting demands of offensive sigint and defensive communications security were so complex as to make the head spin. The optimum solution was for GCHQ and NSA to be able to read the traffic of minor allies and neutral countries themselves, but to provide them with enough defensive expertise to make their communications immune to similar code-breaking efforts by the sigint specialists of the KGB. Tempest allowed GCHQ and NSA to launch innovative attacks on all sorts of machines that had not yet been broken, but this was only an unalloyed virtue if the Soviets were lagging behind in its use. This, in turn, raised another awkward question: how much did the Soviets know?
Stannard explained that the most awkward issue presented by Tempest was ‘how we may best distribute our responsibilities for advising our allies, particularly in NATO’. Tempest was a nuisance in terms of security, but of course it was beneficial for offensive sigint operations by GCHQ. The British did not want information about Tempest to spread to ‘countries or organisations from which signal intelligence is required’. Where the balance of advantage fell depended on the relative importance attached to either sigint or security. Understandably, perhaps, there were some arguments between GCHQ and LCSA over this matter. [Footnote 64: ‘What is Being Done About Radiation’, Stannard (D/LCSA), address to 38th mtg of the [Canadian] Cipher Policy Committee, Apr. 1958, File TS 1325-3 ‘Communications Security – Crypto Systems’, Canadian Department of National Defence, (…)]
By the early 1960s the awkward NATO Tempest question was gradually being resolved. A handbook was provided to the European allies that explained how to install cypher equipment so as to minimise radiation risks from Tempest. [Footnote 65: The handbook was designated AMSP522.] However, LCSA emphasised that, within the inner circle constituted by the British, Americans and Canadians, the standard NATO briefing had always to be accompanied by ‘advice on certain aspects of the problem which it is undesirable to disseminate to NATO at large’. This circumlocutory language suggests that Britain was offering some of its NATO partners incomplete advice, leaving open certain avenues for exploitation. At the same time, GCHQ hoped fervently that the KGB was not using the same techniques. [Footnote 66: LCSC (59) 10 (Final), ‘Radiation: Review of Measures Taken or in Hand’, 19.06.59, File TS 1325-3 ‘Communications Security – Crypto Systems’, Canadian Department of National Defence, (…).]
At last, after two troublesome decades, Britain’s code-breakers and code-makers were finally getting to grips with Tempest. The issue, together with independent cryptography by European NATO allies and neutrals, had presented sensitive and costly problems. However, there had also been enormous achievements, many of which are still shrouded in deep secrecy, which provided continuous access to many streams of diplomatic traffic around the world. The main beneficiaries were K Division at GCHQ, whose task it was to read non-Soviet systems. However, these triumphs also owed much to the work of the unsung heroes of communications security, hiding out in one of Britain’s least-known secret service headquarters in Palmer Street in central London. In 1969, their last year of independent operation before they were merged with GCHQ, Fred Stannard’s colleagues declared that their secretive influence over cypher machines was the surest route to good intelligence: ‘There is no better way to successful Sigint than to influence selected target countries by Comsec advice to use a source of equipment desired by Sigint.’ This, they added with quiet satisfaction, ‘can sometimes be done’. [Footnote 67: Burrough to Ryland, 03.06.69, attached ‘Report of the CESD Working Party’, DEFE 32118, cited in Easter, ‘GCHQ and British External Policy in the 1960s’, p.692.]