[liberationtech] RiseUp

[Fabio Pietrosanti (naif)]

Il 10/18/13 10:23 PM, Anthony Papillion ha scritto:
> Generally is not valuable to use only 1 email provider, because email is
> made up of many pieces:
> - Inbound flow
> - Outbound flow
> - Data storage
>
> That require a user to have at least 3 different providers by:
> - Splitting your communication flow
> - Stay on countries with (strong economy & strong privacy law)
> I'm not sure how any of that would help if your upstream connection is
> tapped or if the attacker has a sufficiently large view of the Internet
> as we thing agencies like GCHQ and NSA have.
The choice of the countries and path among the countries is relevant.

The right choice of EU-countries mix would likely challenge GCHQ and NSA
ability to wiretap you.
They can operate massively in their own countries and in international
environment (sea, space), but not everywhere.

They will be able to catch the traffic that you send to recipients that
on NSA/GCHQ monitored communications lines, but you can avoid them to
look at the traffic you make to interact with your email systems
(inbound/outbound/datastorage).

> Assuming they don't have the TLS keys for the particular services you're using, it would be
> trivial to do traffic analysis and grab the data as it's being
> transferred between provider machines. 
With Email, unless you use a closed system and/or non-standard
technology, you need to interoperate with all the other email system,
for that reason you'll never reach a "complete protection".

However, having likely placed yourself outside a massive monitoring
communication path, you should consider to make access to "all your
communications and data" more difficult.

A LEA first need to find the right "target" where to make an inquiry
with an international warrant:
1) If they have an email from you, they will likely ask to seize and/or
intercept traffic and/or metadata at your OUTBOUND provider
2) If they don't have an email from you, they will likely ask to seize
and/or intercept and/or metadata traffic at your INBOUND provider

In all the situations the country selection with high wealth, good
judicial system, good privacy will likely:
- reduce actions from "intelligence cooperation"
- make much more difficult to get an international warrant
- make much more difficult to get cooperation trough corrupted employees
at ISPs/Telcos

In both cases (1 & 2) the "seizure" request will fail, because there's
no email being stored there (but LEA doesn't know about that).

in both cases (1 & 2) the "metadata" request, if available, will only
reveal one-path of your the communications.

By choosing INBOUND/OUTBOUND providers as companies that does not
usually act as ISPs or Telco, it's likely to introduce additional
complexity due to the inability of the provider to comply with a Lawful
requests.
For example:
- Email marketing services are good OUTBOUND providers
- DNS/Domain provider with MX forwarding services are good INBOUND provider

Only after a successfully request of "seizure" at INBOUND provider, the
LEA with a second request (asking why the seizure request failed), would
discover the existance of the STORAGE provider.

They will then need again to repeat the process until LEA is able to
acquire your data at the STORAGE provider.

All that kind of steps are to introduce legal, technical and operational
complexity for a LEA to acquire in one-shot and with one request:
- a copy of your emails (seizure requests)
- traffic logs of your email (metadata inquiry)
- your email traffic activity (interception request)

This is not going to "fix all of your problems" but it's IMHO a
*stronger system* than a single email provider setup, in a single
country, in a GCHQ/NSA massively monitored communication line.


This is obviously for an average user that does not engage in
snowden-grade leaks :)

-- 
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org