An email from Techtarget drew my attention to a response by Michael Cobb to a question about the vulnerability of encryption systems, following revelations by researchers at Princeton University that the contents of DRAM memory can hold traces of data, including perhaps encryption keys, for some time after power off. Is it a serious problem?
I've never underestimated the vulnerability of technology or people to highly sophisticated attacks. No real-life system is foolproof. But just consider the context. You have to gain direct, physical access to equipment, within minutes of a person vacating the equipment. You need specialist skills and equipment, as well as inside information to know that something is worth stealing. And the technique is unreliable. You can't guarantee a result.
All of this makes it a highly unattractive method of attack, unless you're out to prove a point. There will no doubt be easier and more reliable ways of obtaining the data.
We need to avoid the paranoia of the cold war days, when governments wasted millions of dollars on unnecessary electromagnetic screening to prevent equipment from radiating signals to nearby spies. But there wasn't anyone there.
Postscript:
My good friend Andrew Yeomans rightly points out that I should have said "powering off and unplugging" rather than "vacating", as attacks are of course possible on equipment left out on charge, or in hibernate or sleep mode.
But the threat assessment remains the same. It's extremely rare for a physical break-in to be mounted by a technical expert carrying specialist equipment, unless you happen to be operating in an extremely hostile environment, where the local authorities are keen to steal your data
If the information on your laptop is so valuable that you feel it would make you such a target, then you should always lock it away when not in use. Valuable assets should always be afforded defence-in-depth protection.