From: rishab@dxm.ernet.in
Date: Mon, 19 Dec 94 13:23:17 PST
To: cypherpunks@toad.com
Subject: Envelopes speak - tracking information flow
Message-ID: <gate.5agmXc1w165w@dxm.ernet.in>
MIME-Version: 1.0
Content-Type: text/plain


Re traffic analysis, cpunk remailers, DC-nets.

Electric Dreams
Weekly column for The Asian Age by Rishab Aiyer Ghosh
#41, 19/December/1994: Envelopes speak - tracking information flow

Digital communication is extremely vulnerable to
interception, sorting and archival. Current electronic
mail systems offer less privacy than open messages on
postcards - at least it's impractical to keep copies of
enormous quantities of paper mail. Encryption, which is
slowly gaining popularity as a means of ensuring a degree
of privacy of e-mail and eventually voice communication,
is analogous to letters in sealed envelopes. This protects
against one invasion of privacy - of communication
content, or what you write and read. However there is at
present little protection against a possibly more serious
invasion of privacy, that of communication context, or to
whom you send and from whom you receive messages. As such
messages can include anything from New Year greetings to a
friend to contract negotiations to CD purchases, there is
a lot that can be known about you from addressing details
on the most secure, encrypted mail - the tale the
envelopes tell.

Currently, whether you make a phone call or send an e-
mail, your communication is routed through a host of
different sites - telephone exchanges or computers around
the world. It may not be technically possible for these
sites to extract the content of your message because of
encryption. It is not feasible, and usually illegal, for
them to archive traffic. But it is very easy to archive
routing information, and such logs are routinely kept by
computers on the e-mail network as well as telephone
exchanges.

The legal process of getting access to addressing
information is much simpler than for intercepting
communication content itself, because it is often assumed
that such information is, on its own, useless. Actually it
is probably more useful than interception. Such traffic
analysis helped track Iranian assassins in France earlier
this year, using records of 20,000 phone calls from public
booths. It could also be used for intrusive monitoring of
your income or hospital visits, or for that matter to
crack down on Tibetan human rights activists.

Cypherpunks - the assorted citizens of cyberspace who try
to protect privacy through the use of technology - may
have a solution. Elated by the success of anonymous
remailers - special e-mail addresses that repost messages
after removing any traces of the original sender,
especially favoured in discussion forums for victims of
sexual abuse - they are now working on methods to reduce,
if not eliminate altogether, the menace of traffic
analysis. Without these, it would be possible to associate
anonymous messages with their original senders by
carefully matching arrival times in various system logs.
Remailers and their users resort to several
countermeasures. They collect incoming mail and repost
anonymized versions in batches of random sizes, to avoid a
correlation between mail arrival times. They route mail
through random groups of remailers, often in different
countries, to make tracing posts back to the source
harder. And of course, they encrypt as much traffic as
possible.

Although remailers prevent reverse traffic analysis -
tracking mail from the recipient to the sender - they
don't protect against traffic analysis from source -
tracking the output of a specific site or individual.
Dining Cryptographer networks, or DC-Nets were developed
almost a decade ago as a networking protocol allowing a
group of people to broadcast messages, while making it
impossible to identify the specific source from within the
group. Unfortunately DC-Nets have not yet gone beyond the
early experiments; but there is hope that they will soon
silence the electronic envelopes of traffic analysis.

Privacy and freedom of expression are basic human rights.
Where laws and international treaties have failed to
protect them, it looks increasingly likely that in a
borderless world of digital signals, technology will.



Rishab Aiyer Ghosh is a freelance technology consultant
and writer. You can reach him through voice mail (+91 11
3760335) or e-mail (rishab@dxm.ernet.in).

--====(C) Copyright 1994 Rishab Aiyer Ghosh. ALL RIGHTS RESERVED====--
 This article may be redistributed in electronic form only, PROVIDED 
 THAT THE ARTICLE AND THIS NOTICE REMAIN INTACT. This article MAY NOT 
 UNDER ANY CIRCUMSTANCES be redistributed in any non-electronic form,
 or redistributed in any form for compensation of any kind, WITHOUT 
PRIOR WRITTEN PERMISSION from Rishab Aiyer Ghosh (rishab@dxm.ernet.in)
--==================================================================--