ietf
[Top] [All Lists]

Re: proposal for built-in spam burden & email privacy protection

2004-02-13 19:10:00


Dean Anderson wrote:

On Thu, 12 Feb 2004, Ed Gerck wrote:

You can't make it more expensive without shooting yourself in the foot.
In information theory-speak, you can't prevent a covert channel** unless
you have no channel at all.

By the addition of a correction channel (Shannon's 10th theorem),
a covert channel can be detected with a probability as close to 100%
as I wish.

Err, I think that allows you to correct _errors_ in transmission. 

Shannon distinguished messages --or intended information-- from noise. 
The distinction beween noise and information is that information is
what the sender wants to send or, alternatively, what the receiver
wants to receive. If the channel is a covert channel, it is fair to
assume that either the sender or the receiver (or both) do not intend
it to exist (otherwise, it would not be a covert channel). Thus, a 
covert channel transmits information that can be considered for modeling 
purposes as a source of noise. Since the 10th theorem applies to any 
source of noise, it also applies here. 

The devil are in the details, though. The 10th theorem does not
tell you how to do it -- just that it is possible and that the
noise (covert channel information) can be detected with a probability
as close to 100% as desired.

Easy. By applying Shannon's 10th theorem. Sample enough mail at
distribution centers (going back to the source, which is possible
even without a legal mandate to open the  envelopes) and bar the
culprits from sending govt. mail until the probability that any
mail is incorrectly using govt. envelopes is a close to zero as desired.

Unfortunately, you described a detection mechanism:  Whack-a-mole.

Actually, I described a detection AND a correction mechanism. The 
correction mechanism uses a correction channel as given by the 10th
theorem. BTW, just sampling 1% of mail might be enough to prevent 
misuse to almost 100% confidence.

But we are looking for (and you promised) a mechanism which makes it
impossible for them send it in the first place:  No more whack-a-mole.

The "impossible" promised by Shannon's 10th theorem is "probability
as close to zero as you wish". That's what I also promised and 
delivered. It should be good enough for you ;-)
 
Clearly, in the sampling example, they can use invisible ink to fool the
censors, or write their messages in an ordinary looking code that looks
like official business (steganography).  

Either can be detected, and corrected. If you are following the whole
DRM and music copyright issue, you have many examples why steganography
is at most a deterrent, not a secure technique.

This example isn't nearly as hypothetical as it sounds. The
US [and other governments] really used to open international mail to look
for secret messages. We used to also test letters for the presence of a
number of invisible inks. The Germans invented an invisible ink that was
inpervious to testing for a long time.  The US censors would even re-write
personal letters using slightly different words to preclude the use of
special code words.  Then came micro-dots and so forth.  Each channel
detected led to the creation of new channels (either different people,
same method, or new methods) within the postal mail system.  But it did
not lead to any situation in which sneaky channels were impossible.

Your examples actually show how a correction channel can work. Your 
argument that a sneaky channel is still possible is also included in
Shannon's 10th theorem -- the correction channel needs to have a larger
capacity than the noise channel. If you have an unaccounted-for 
noise channel (e.g., a covert channel), your system is still not good
enough.

Fault tolerance doesn't seem to be helpful.  To design a system that can't
send spam, 

This is not our goal -- the problem is at the receiving end, since the 
sending end can use anything (even non-conformant systems). The issue 
in the proposal is to design a system where *receiving* spamm can
be made as hard as the recipient wants.

you have to first identify the properties of spam in such a way
that a person dedicated to breaking the rules would be prevented from
sending spam.  Information theory tells us that such a goal is impossible
to obtain when it tells us that a covert channel can't be proven not to
exist.

When the recipient detects a spam message, the existence of at least one
covert channel is exposed. As I envision the proposal, the recipient should
be in control of how to react -- since different users will have different
goals. For example, according the number of spam messages received, the 
recipient can be more or less demanding on the sender of ANY message for 
senders without a previous relationship. Thus, the sender can be reduce the 
covert channel's capacity as much as the recipient wants.
 
When you outlaw spam, only the outlaws spam. So what? The
problem still remains, even if you call them outlaws.

Actually, genuine spam is not outlawed. 

It depends how you define spam. Genuine "spammers" would quibble
with you calling them spammers. I'd call them email senders.

Only the spam sent by people who
are not genuine businesses is outlawed. 

Not true. If a genuine business continues to send me messages
after I unsub, it is spam. The classification of spam is not
based on who sends the message. 

I expect that this abuse is sent
by a very small group of people.  Prosecuting this small group should be
relatively easy.

It has not been and it will only get worse.


Also, users should not have to sue spammers, or have any other burden,
in order to protect the users' resources. Imagine if I would have to
manage 300 lawsuits a day (the average spam rate that my system cannot
automatically detect as spam)?

This is an exaggeration. There aren't 300 unique spammers per internet
user per day.

Agreed  -- it's an understatement. I believe there are perhaps
1000x 300 unique spammers per day. Some I don't hear from (they're
local -- for example -- for Korean readers), some are in burst mode
and I only hear them once in a while, some morph under different
names and hosts, some I blacklist, some I detect and some I drop.



<Prev in Thread] Current Thread [Next in Thread>