At 11:40 AM 7/3/96, David Wagner wrote:
Jim Bell brought up the really nifty point that someday soon we may be able to receive these message pools by satellite dish-- hurray for true broadcasting! That would provide most excellent security (unless `they' started requiring licenses, waiting periods, ... to own a dish-- unlikely). I can't wait.
Yeah, and I should have mentioned the "PageSat" Usenet distribution model, too. (It was a really hot topic 3-4 years ago, but I've heard little of it in the past couple of years...the rise of the Web has made passive downloads of Usenet a lot less interesting.) Someone mentioned the Ku-band dishes that are used by PageSat (or whatever it is now called....). My DSS system, which is technically a Ku-band receiver, has a digital i/o connector of some sort on the back, and it is rumored that this will someday be available for PageSat-like uses. (I have a feeling this may be years off, for admin reasons if not technical reasons.) The point being that there are already _many_ ways to read NetNews almost untraceably. With more to come. (NetNews also used to be available on CD-ROM; the volume is now so high that this just isn't practical anymore. But it underscores the point that NetNews is so "distributed" that attempts to track who is reading "alt.anonymous.messages," and _particular_ messages in such a group, are nearly hopeless.) Finally, the threat model has two angles to consider: 1. The authorities want to know all those who have read a particular message--call it "ToAlice" to keep in the "Alice" and "Bob" framework. 2. The authorities already have identified a suspect, call him "Bob," and wish to know if he reading (and perhaps decrypting) messages to "Alice." As several of us have noted, #1 is tough--real tough. The authorities would have to contact 10,000 or more ISPs who have local newsfeeds and subpoena their logs of who read which newsgroups...assuming such logs are even kept (I don't know the granularity of such logs, whether any logs are kept of specific newsgroups and specific messages within newsgroups). The authorities would have to also check on the other distribution "vectors," including _subscriptions_ to NetNews newsgroups (where a newsgroup is _mailed_ to recipients...I heard this is an option for some). And PageSat, and so on. The second angle, #2, is formally equivalent to wiretapping a target. Once identified, and tapped, anything the target reads can presumably be read by the authorities. (Quibbles: I really mean a "black bag" type of surveillance, where the target's local machine has been compromised/tapped.) The bottom line is this: were I an FBI agent given the task of finding out who is reading a specific message or series of messages, e.g., the "ToAlice" encrypted messages posted in alt.anonymous.messages, I would tell my bosses it is economically impractical. --Tim May (P.S. I think this recent discussion of message pools, started by Hal and continued by this latest thread, is very important. Message pools have fewer of the kinds of "correlations" that can allow sender-recipient correlations to be made.) Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."