ietf
[Top] [All Lists]

Re: How security could benefit from high volume spam

2005-12-14 08:25:29
Hadmut Danisch wrote:
How security could benefit from high volume spam


The parliament of the European Union today has passed a law that
electronical call detail records, such as phone numbers, e-mail addresses,
web accesses of all 450 million EU citizens are to be recorded and
stored for 6 to 24 months. So everyone will be subject of
complete surveillance of telecommunication. No place to hide.

The given reasons are the need to investigate and prosecute terrorism
and severe crime. But there is no evidence that this law
actually has this effect, and that it is worth to sacrifice democracy
and civil rights. Our constitution protects the right to communicate
confidentially, for all citizens, and especially for lawyers,
journalists, priests, etc. So terrorists finally begin to
succeed in destructing our european, modern, democratic, and free way
of life and civil rights. It is ridiculous that the modern world has
not been attacked by a large army, but by just about 30-40 people with
knives and a few bombs. The attack is not the primary attack
itself. The main attack is to provocate overextended counter
measures. Technically spoken, a denial-of-civil-rights-attack. And the
EU proved to be vulnerable to this kind of attack. A patch is not
available yet.

Another threat to privacy and civil rights is the intellectual
property industry. We have seen Sony attacking and sabotaging private
computers, revealing private data, taking secretly control over
people's communication and working equipment. We have seen a mother of
five been sued into bankruptcy in the USA just for listening to music.
This is perverse. We currently see governments considering to outlaw
open source software or any kind of data processing or communication
device without a digital rights management. There are good reasons to
assume, that the European Union's collection of all telecommunication
details will be abused to allow the intellectual property industry to
completely track every communication. Just having received any e-mail
from someone who had illegally downloaded music could be enough to have
your home searched, your computer confiscated, and find yourself sued
or prosecuted.

The art and science of communication security will have to realign and
focus on new goals. When designing telecommunication protocols we have
to take much more care about what communication could reveal about the
communication parties and the contents. It is not enough to just put
some kind of simple encryption on a message body. We need to protect
against traffic analysis, in particular the one without democratic
legitimation.
What does that mean?

When designing a protocol we should take more care than we did to
describe its vulnerability for and resistance against traffic
analysis. Not just whether the contents are encrypted, but what an
eavesdropper can tell about the communicating parties.  We need to
incorporate techniques like oblivious transfer and traffic hiding.

An important component of such protection methods is noise. Plenty of
noise. Something to hide in, to cover, to overload recording of call
details. We should think about and research how to produce noise. We already have some noise. Its called spam.

I would not call this SPAM. It is potentially sensitive information.
Secret messages of Al Kaida could be in there - without our service
people even beeing aware of it :)


Some of you might know that I am one of the early days fighters
against spam. I tried to eliminate as much spam as possible.
But now, there could be a positive aspect about spam, virus mails, and
other mass mails. Maybe it could become an advantage to receive a
million mails per day from any senders. Maybe that is what is needed
to hide my personal e-mails. Maybe that's the answer I have to give
when someone blames me to have received e-mail from the wrong person:
"I have no idea what you are talking about. I received about 150,000
virus and spam e-mails that day from arbitrary addresses, and didn't
read a single one of them. I have just deleted them." When designing
measures against spam, we should take this into consideration.



Maybe in near future the advantages of that noise produced by millions
of bots will outweigh the disadvantages?


Comments are welcome.

Hadmut Danisch


I see. No more need to hide my email address. :>

Next I will switch my spam filter off, at gmx. It was counterproductive anyhow.

How can I convince them to get rid of sorbs? I filters my own emails but it does
not filter spam.

Cheers
Peter and Karin

--
Peter and Karin Dambier
The Public-Root Consortium
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter(_at_)peter-dambier(_dot_)de
mail: peter(_at_)echnaton(_dot_)serveftp(_dot_)com
http://iason.site.voila.fr


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf