Mastering the Internet

[Richard Clayton]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <874ovsuaq3.fsf@mid.deneb.enyo.de>, Florian Weimer
<fw@deneb.enyo.de> writes

>* Richard Clayton:
>
>> viz: the capability envisaged is of reconstructing the streams of data
>> which is flowing back and forth between users and "third parties" (ie:
>> hotmail/gmail/facebook/bebo &c) and then extracting "traffic data" from
>> within those streams of data (and discarding the rest)
>
>I'm still puzzled why this is necessary.  Surely the Googles complain
>with orders to provide such data?!

I'm sure they would uncomplainingly comply :-) but it can be very slow
(if you actually have to use MLAT then you're talking months)

>  Why build a competing system,

because webmail.alqueda.pk doesn't keep logs ?

>whose more elaborate capabilities turn useless as soon as the first
>major site turns on crypto?

Encryption is certainly an issue, but the Government seems to have come
to believe that it isn't used all that much -- certainly not so much on
webmail.freemail.pk (or .sa or .qa or .af) ... and since one doesn't
stick out so much by using such a service... then maybe that's a
sensible choice for the aspiring terrorist ?

>> They consider your login name for hotmail/gmail/facebook/bebo &c to be
>> traffic data, along with details of who when and how much you are
>> communicating with through these systems. They do not consider whatever
>> you say within these systems to be comms data but content.
>
>They need to log message identifiers and movements of messages between
>folders (otherwise, why bother? you have to cover the shared account
>scenario).  

I expect they will have two answers to this: first that they aren't
expecting to get 100% coverage (and after all traffic analysis is all
about playing the percentages in the first place), and secondly if you
find someone who uses an account regularly and doesn't send or receive
email then you can pick out this unusual pattern and change to an
interception model -- or you reprogram the DPI to track it better

>If there's no persistent message identifier in the system,
>you also need to track some content-derived message indicator (date
>and subject line?).

Subject line is of course "content" which gives it magical properties!

>> Essentially this is equivalent to what they'd get from SMTP logs, but
>> there isn't the tedious need to nip over to Mountain View for a copy of
>> those -- Google helpfully provides them in an easy-to-parse way
>
>You also want to trace access to messages which never leave the draft
>folder and are never sent.  (But the Googles likely keep abundant logs
>about those as well.)

Using Google's mail systems and then attracting the attention of the FBI
would be especially unwise!

- -- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSgcXDJoAxkTY1oPiEQJd+gCg1flCLNmTav66NJBV9FZa8JvcPVYAoLXq
9dnNi0NiMcstObW0pbHeFurf
=UoMX
-----END PGP SIGNATURE-----