On Wednesday 14 December 2005 08:00 pm, nile wrote:

...

Correct me if I'm mistaken, but I believe the laws do not require holding onto the content of the call/data, just the routing information or phone numbers. If so, it's interesting to note that that's exactly what Tor is for - defeating _traffic_ analysis.

It seems to me that traffic analysis is the one major thing Tor is susceptible to. Being a real time, the Tor network can be compromised by someone who has the ability to colate ingress and egress traffic, and this legislation gives the "EU" the ability to sit back and examine an entire regional network at its leisure. [snip] Prior to this "broad" loggin being in place it would have been necessary for Johnny Law to have some prior knowledge. They'd have to suspect Joe, and

retention" on telecom, Net firms [priv]] User-Agent: Mutt/1.5.9i Reply-To: or-talk@freehaven.net On Thu, Dec 15, 2005 at 01:20:19AM -0500, Jeffrey F. Bloss wrote: then

invest the time and resources in logging both Joe and the blog site. Now, they can simply sift through the already collected data looking for people who use Tor connections at the same time the blog is accessed.

Alas, I think Jeffrey has it right. Tor aims to provide protection in a scenario where the adversary cannot observe the whole network (or a substantial piece of it). The EU data retention directives directly threaten the security that the current Tor design can provide. There are some anonymity designs that aim to provide protection against this strong level of adversary -- see e.g. http://mixminion.net/ -- but they carry unacceptably high latency for Tor-style connections. As I understand it we're still a ways off from understanding exactly what laws will be passed in each country, and only a while after that will we start to understand what each law will mean. It may turn out to be impractical (or illegal) to put out a blanket query to every ISP in Europe saying "please tell me all users who connected to any of the following 1000 IP addresses in this 10 second period". But even so, once we have a sense of what sorts of attacks are likely, we can also start looking at some specialized padding techniques for Tor users to blend together better without paying too high a price in overhead. The goal is not to beat arbitrary statistical attacks, but to increase false positives (and maybe false negatives) with respect to specific attacks. We may also be able to take advantage of the fact that these adversaries are only partial attackers: even in the best attacks they can only observe perhaps half the network. We may be able to arrange things to increase the doubt in their findings -- though as Jeffrey points out, a patient attacker will use statistics to become increasingly convinced that he has found his target. It really is a shame that Europe has chosen to cripple the security of its citizens and companies in this way. The bad people will continue to break laws and not get caught by this (breaking into computers around the world and using them as stepping stones, using open wireless networks, using botnets, you name it), and honest people and organizations in Europe will always be wondering who has broken into their ISP and grabbed their traffic data -- for espionage, for advertising purposes, for stalking, for who knows. This is reminiscent of the U.S.'s earlier crypto export fiasco, when they chose to undermine their position as the world leader in cryptography, as well as ensure that the good guys were vulnerable while the bad guys were safe. I wonder how this one will turn out. --Roger ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]