Doug Humphrey writes:
As I posted once to sci.crypt: encrypted communication is virtually interchangeable with and indistinguishable from communication itself. How does someone `know' that you are encrypting a message?
This is not strictly true. While someone might not be able to tell that you are engaged in the act of encrypting a message, the transmission of encrypted communications is often detectable. Spread spectrum transmissions often look like an increase in the noise floor of certain communications channels, prompting systems to think that there are malfunctions, and to dispatch someone to take a look at the facility. If they throw a spectrum analyser on it, it doesn't look like valid data in most cases, just noise.
With voice communications it is easy to recognize the patterns that speech generates, and they look very different from the randomness that simple crypto produces. Unless one uses a post-crypto wave shaper to simulate the amplitude changes that speech produces, it is simple to build a circut that can make a pretty accurate evaluation of voice/data/crypto going by it. Nothing more difficult in 1993 than was the first 2600 hz detector circut when it was put into widespread production use in the phone network. In fact, given that modern switches are already digitizing the signals, a little DSP hardware should make quick work of the first cut, narrowing down which lines should receive harder evaluation to see if people are trying to protect their privacy.
Why not send your PGP encoded files using V.27 or whatever the 9600 baud fax transmittion modulation is? By the year 2000, there will be around 40 million fax machines in the U.S. Assuming the FBI/NSA/ASPCA can tell apart voice from fax by scanning all the phone trunks in the U.S. with high speed parallel computers, it wouldn't help them if there are around 100 million fax transmissions taking place each day. No way in hell are they going to pick up your signal from the other 99,999,999 fax transmissions taking place that day, and then spend the rest of their lives trying to crack your PGP message. The same can be said about modems. If Prodigy, America Online, and Compuserve keep up their newbie recruitment pace, about 50% of the homes in the U.S. will have modems by the year 2000. And don't tell me they can build computers that can distinguish between a PGP file transmission and some hormone crazed 15 year old dork downloading the latest GIF of Cindy Crawford or a ZIPed ware. I've looked at hexdumps of GIFs and ZIPs and for all practical purposes they look about as random as PGP data. If the NSA can build a parellel computer that scans all the trunks in the U.S. simultaneously AND can tell the difference between PGP streams and ZIP/GIF file data streams, then I just might as well go and shoot myself right now. Thug