Law in the Internet Society

View   r3  >  r2  ...
DavidHambrickPaper1 3 - 17 Dec 2008 - Main.DavidHambrick
Line: 1 to 1
META TOPICPARENT name="WebPreferences"
Why is so much network traffic still unencrypted? Strong encryption has been a legal possibility in many countries for more than a decade and a technical possibility for even longer, but an end-to-end encrypted network does not yet exist. Is the eventual widespread adoption of strong encryption inevitable? Here I propose that adoption of strong encryption will be less extensive or will occur more slowly, if at all, under those regimes most likely and least likely to abuse their surveillance powers.
Line: 24 to 24
 -- JohnPowerHely - 10 Dec 2008

David: I see one possible flaw in your argument here that you may wish to address. "If encryption which prevents communications from being understood by the government is used only or mostly for criminal communication, the government can use its limited resources to gain information from the frequency or origin or destination of the encrypted traffic where it is legal and technically possible to do so. But if everyone encrypts, it will be impossible for any information to be gained through such traffic analysis." Here is my problem. If the government is only going to 'read' encrypted traffic it will still be spoofing all traffic. Depending on the protocol being used, the level at which the encryption is placed, etc. this may end up meaning that they have to read your data to see if it is encrypted. Yes, if someone is using a common and low-layer protocol like L2TP? /IPsec VPN Tunnel they can strip the headers off the UDP packet and have a pretty good guess that it is an encrypted packet. It is also easy to guess if the communication is traveling on a standard port for encrypted communications. But what of other circumstances? If it is traveling on an unassigned port, if only the payload data is encrypted, if it is encrypted at a higher level, say the app layer like TLS or SSL, then the only way to really know if the data is encrypted is to reassemble the packets and try to make sense of the data. And here lies the rub. once the government is doing that, does that not automatically raise the government's conduct to the level of oppressive or abusive? Now again, perhaps the government is better at detecting the use of data encryption than are civilians. There has been some excellent work done in this area recently that may support that possibility. But I still think you may want to give that paragraph a second look. After all, with the apparent exception of some pretty high-end Bayesian analysis, one UDP or TCP packet looks a lot like another. \ No newline at end of file



I really appreciate this comment, John. Since my understanding of how traffic analysis works is fairly poor, I was hoping that someone would chime in and challenge that argument. I think that my point still stands, but perhaps in a weaker form. You note one method for detecting encrypted traffic and there may be others, or others under development. If it is mostly criminals who use encryption, then the study of encrypted traffic detection will continue to develop and perhaps new discoveries will be made. An arms-race will exist between those trying to detect encrypted traffic and those trying to hide it. (Is it clear that the government will lose such a race?) But work like the article you link to will fall by the wayside if everyone uses encryption. And, as you suggest, it may in fact already be the case that the government is much better at detecting encryption than civilians. It may also be the case that terrorists or other criminals using encryption will not be able to consistently find new ways to encrypt at a higher level to avoid detection if the government continues to seek out more advanced ways of analyzing traffic.

-- DavidHambrick - 17 Dec 2008


Revision 3r3 - 17 Dec 2008 - 17:05:46 - DavidHambrick
Revision 2r2 - 10 Dec 2008 - 01:47:33 - JohnPowerHely
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM