[liberationtech] NSA, FBI, Verizon caught red handed spying on US citizens in the US

Seth David Schoen schoen at eff.org
Fri Jun 7 00:23:58 PDT 2013 

Anthony Papillion writes:

> It's up to us to protect ourselves and, thankfully, we have the
> technology to do just that.

(As I suggested in a previous message, I strongly support greater use
of privacy-enhancing technologies, and finding tactics to increase the
demand for them.)

I think it's become clear that traffic and location data is much harder to
protect technologically than "content".  Advocates for privacy-enhancing
technology sometimes don't appreciate or don't effectively communicate
the scope of this problem.  I've seen a lot of people in the last day
or so referring to the need to encrypt everything.

Encrypting everything is surely of tremendous benefit for privacy, but
in low-latency packet-switched networks, it has no effect at all on the
ability to perform traffic analysis.  In order to get networks that we
don't control to deliver our communications to the parties we choose, we
have to tell the intermediaries who run the networks where to send the
communications, affixing identifiers like IP addresses and PSTN numbers.
Then the network operators can record and disclose all of that
information.  And the implications of that information are significant,
especially when it includes or implies location data.

We just recently had a discussion here that touched on how difficult
it might be to make a mobile phone that doesn't allow location
tracking.  I think it's possible with a significant engineering
effort, but the easiest ways to design and deploy mobile communications
networks all automatically make users' locations trackable.

The best widely-used tool to defend against traffic analysis is Tor,
but Tor's developers readily concede that it has a lot of important
limitations and that there's no obvious path around many of them.
Two of these important limitations (not the only ones) are:

① Anonymization adds latency to communications.  Better anonymization
usually adds more latency.  Everywhere else, communications engineers
are struggling to take the latency out of people's communications.
At least in some systems, anonymity engineers are struggling to put
it in.

② Network adversaries can notice that things coming out of a system
correspond to things going in.

Here's one of many statements of these two issues as they relate to
systems like Tor:

   Furthermore, Onion Routing makes no attempt to stop timing attacks
   using traffic analysis at the network endpoints. They assume that
   the routing infrastructure is uniformly busy, thus making passive
   intra-network timing difficult. However, the network might not
   be statistically uniformly busy, and attackers can tell if two
   parties are communicating via increased traffic at their respective
   endpoints. This endpoint-linkable timing attack remains a difficulty
   for all low-latency networks.

http://www.freehaven.net/src/related-comm.thtml

These issues are less severe if people are using e-mail or (maybe
better yet) forum posting, over an encrypted channel to a popular
service that many people use.  But they're quite serious for voice
calls, video conferencing, and even instant messaging.

-- 
Seth Schoen  <schoen at eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107

More information about the liberationtech mailing list