Jack Straw on the 'Today' programme

[Roger Bisson]

--- Matthew Pemble <matthew@idrach.com> wrote:
> <snip>
> > > Surely, you'd actually have top ban _all_
> > > international calls. Just because
> > > something is stated as 'data' or 'voice' doesn't
> > > stop the other going
> > > through, indeed it wouldn't be too difficult to
> steg
> > > a datastream in the
> > > background 'noise' of a voice call.
> 
> Yes, entirely right. I had thought about adding "but
> as all data is
> digital by the time you get to the big telecomms
> switches, so
> distinguishing between the different traffic types
> is non-trivial."  I
> then looked for my nomex suit ...

I'm not sure about this, but do telcos local exchanges
pre-classify calls to assist in compression/QoS
issues? - a cheap fax/voice answer machine is able to
distinguish these traffic types easily enough, so I
wouldn't be too suprised if multi-million pound
telephone exchanges could (or already do).
 
> > 
> > However, reference steg on voice/data .. is lossy
> > compression of the sort used by telephone
> operators
> > likely to preserve watermarked data?
> > 
> > I suspect low bandwidth covert data might get
> through,
> > but high bandwidth data surely would get lost
> along
> > the way.
> > 
> 
> However, if you want to include "hijack flight x on
> 29 Oct", that isn't
> actually a lot of data - one flight number (8 bytes,
> say) and one date
> (two bytes if you assume the current year).  Hiding
> 10 bytes of data in
> an otherwise meaningless phone call is low
> bandwidth.

Agreed, the final instruction may be small and concise
if you have 100% reliable communication and people to
execute that instruction - otherwise, you have to
inject *some* redundancy, and acknowledgements in your
comms to acheive the desired results.

Various analysts have suggested that large amounts of
money and organisation had to be involved in the
events of Sept 11, so this would suggest a fair amount
of information being communicated between the
different parties.

> > Also, convergence over time of telephone and data
> > communications and voice/video conferencing
> protocols
> > may contribute to the ability for governments to
> > identify anomolous comms which -- as with the
> > transmission of raw PGP encryption now -- could
> lead
> > the security services to ask questions sooner
> rather
> > than later.
> 
> Rather less sure about this.  How many identifying
> marks does a raw
> bitstream have?  At what point are you going to run
> into the halting
> problem?  Most especially, as the consumer useage of
> digital systems
> increases, how is any government going to resource
> interception,
> decoding and analysis of all traffic.  

You do not need to analyse all traffic all of the time
- you just need to identify questionnable traffic.
Internet users connecting via http/https to wellknown
ecommerce sites could, I suggest, largely be left
alone (or subject to spot checks).

I suggest that drops out the bulk of encrypted
internet comms. The rest will stick out like a sore
thumb and, thereafter, be subject to further analysis
not necessarily in real time.

It is far
> simpler to attempt,
> imperfectly, to identify known or potential
> miscreants and concentrate
> on them.  Of course, you will always miss some,
> which is why appropriate
> and effective real-world security measures are
> essential.

Yes, agreed. I suspect governments will have greater
interest in the online search profiles of individuals
to assist in this (particularly where most search
engines do not have any encryption enabled).

Law enforcement agencies already use fingerprinting on
library books dealing with certain subjects - such as
poisons - when investigating murder, so 

Roger

__________________________________________________
Do You Yahoo!?
Listen to your Yahoo! Mail messages from any phone.
http://phone.yahoo.com