Interception Modernisation Programme

[James Firth]

Richard Clayton wrote:
> It's often suggested that the Bad Guys could avoid traffic analysis by
> heading off for a chat room inside of World of Warcraft (or Second Life
> or whatever).  Now consider a "black box" that is able to pick apart the
> World of Warcraft protocol packets sufficiently to be able to determine
> which chat room you were in (or your virtual world coordinates, say).
> 

The problem I have is that this will become a game of cat-and-mouse.  We may
spend 12bn on our capability, and include in that capability the ability to
unravel WoW and other games' protocols, but sure as you like the real
terrorists and serious criminals will up their game.

If the data is encrypted and the server was based abroad that would pose
more of a challenge.  Okay, it would be easy to spot endpoints if there was
a service used exclusively by undesirables, but that's not to say other
elegant "solutions" won't emerge - just like the terrorists reportedly used
draft emails to communicate with each other several years ago.  Which
reminds me, Googlemail now offers the facility to use encryption as default
on email accounts.  Their servers are based in a "friendly" country, but
another provider may not be.

Given the current rate of technology advance and the easy access to
encryption I'm worried that this will be another Millennium Dome, good only
for stopping low-level criminals and dimwitted wannabe terrorists.