Interception Modernisation Programme

Richard Clayton ukcrypto at chiark.greenend.org.uk
Wed, 8 Oct 2008 15:43:41 +0100 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <86EA67666B1A4DFCA9DDC173208E8110@Jinja>, James Firth
<james2@jfirth.net> writes

>Richard Clayton wrote:
>> It's often suggested that the Bad Guys could avoid traffic analysis by
>> heading off for a chat room inside of World of Warcraft (or Second Life
>> or whatever).  Now consider a "black box" that is able to pick apart the
>> World of Warcraft protocol packets sufficiently to be able to determine
>> which chat room you were in (or your virtual world coordinates, say).
>> 
>
>The problem I have is that this will become a game of cat-and-mouse.  

It already is, this is the cat's latest move

>We may
>spend 12bn on our capability, and include in that capability the ability to
>unravel WoW and other games' protocols, but sure as you like the real
>terrorists and serious criminals will up their game.
>
>If the data is encrypted and the server was based abroad that would pose
>more of a challenge.  

but WoW [which I use merely as an example] is currently not encrypted,
and there are economic pressures to resist it becoming encrypted

>Okay, it would be easy to spot endpoints if there was
>a service used exclusively by undesirables, 

yes indeed

>but that's not to say other
>elegant "solutions" won't emerge - just like the terrorists reportedly used
>draft emails to communicate with each other several years ago.  

if your webmail system allowed a snooper to determine which account was
logged in to, then the pattern would show up in the traffic analysis...

viz: this feline initiative tackles precisely this mouse tactic

>Which
>reminds me, Googlemail now offers the facility to use encryption as default
>on email accounts.  

not everyone uses Google... especially given that they are said to
process all of the contents of the emails anyway!

>Their servers are based in a "friendly" country, but
>another provider may not be.
>
>Given the current rate of technology advance and the easy access to
>encryption I'm worried that this will be another Millennium Dome, good only
>for stopping low-level criminals and dimwitted wannabe terrorists.

you could say the same about the processing of mobile phone traffic
data, but I note that both the Sevenoaks and M40 trials, that are
currently proceeding, both feature call traffic analysis as an important
part of the prosecutions' case

Dissing IMP as useless isn't productive, since it will have some uses. 

It is rather more productive (IMO of course) to take the principled view
(which is hardly a stretch for anyone who doesn't bemoan the passing of
the Stasi) that it isn't compatible with how free citizens should be
treated -- and at the same time one just goggles at the cost!

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSOzHHZoAxkTY1oPiEQKR8ACg5B5MOJ0EZyTbqQ1mN9qHollRQo8An3oQ
DsG58RYOWHO9NqpW42kLW3qX
=RmUm
-----END PGP SIGNATURE-----