retention" on telecom, Net firms [priv]] User-Agent: KMail/1.7 Reply-To: or-talk@freehaven.net -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 15 December 2005 02:49 am, David Benfell wrote:

On Thu, 15 Dec 2005 01:20:19 -0500, Jeffrey F. Bloss wrote:

...

With this new logging in place XYZ might be able to force law enforcement to perform a simple query of the data to discover exactly who is posting the information. It's a simple (?) matter of searching for connection times to the blog, and comparing them to times that "Joe" makes connections to a Tor node. If Joe builds a new circuit at 2PM and the blog is updated at 2:00:01 PM, and this relationship can be demonstrated for some period of time, it's pretty clear that it won't take 6 months of data to prove beyond any reasonable doubt Joe is the blog owner.

Suppose the blog is hosted outside Europe, and the blog software introduces a random delay before actually posting Joe's entry?

Sure, anything that removes influence or power from an "attacker" is a generally good thing, but... Jurisdictional borders aren't the panacea they use to be, if they ever really were. Treaties and agreements between nations can make collecting information from foreign sources a matter of an attorney filing the proper form in triplicate. In some number of places that depends completely on specific laws governing each jurisdiction, this is even an advantage for some attackers because getting around local laws and/or security is more difficult than simply asking a foreign official to collect the information for you. There's a depressingly increasing number of jurisdictions where some appointed official can walk through the door and confiscate, log, back door, etc any system on nothing more than a whim. It's theorized that this is why things like ECHELON were deployed outside US borders... to circumvent requirements like showing cause and obtaining warrants. This isn't to say that there's no jurisdictions that might make you safer, just that they're few, far between, and not near as safe as they once were. In fact, I don't believe mandatory logging is anything new even within EU Member Nations. I believe for some of them this is a step backwards if they're somehow restricted to the 6/12 month and "connection only" logging dictated by this new policy. The *real* threat is in the organization and broad scope of the thing. It will effectively transform all of Europe and then some, into one big surveillance tool. :( Anyway, the latency thing probably wouldn't make much difference at all either. It might fool a casual observer who is assessing the published content, but with these sweeping logging requirements there's no need to wait for the page to change when you hit the [refresh] button. ;-) The blog owner logging in to make the changes is what's being automagically logged, or what can be "force" logged from outside a jurisdiction. And half the puzzle is already relatively trivial to solve due to the forced connection logging. You have to assume that an attacker will absolutely know either the origin, or the destination of every packet, and have the ability to do what they will with that data. It's also important to note that blogging was just an out-of-thin-air example, and other types of communications can't be subject to any similar sort of latency. That's my semi-literate layperson's take on things. This EU logging policy is a problem of great concern as I see it. In theory at least, it could make Tor and any other similar distributed "anonymous" network completely and utterly useless for serious users in that jurisdiction, and far less secure for people who cross those jurisdictional lines in either direction. - -- Hand crafted on December 15, 2005 at 12:09:56 -0500 Outside of a dog, a book is a man's best friend. Inside of a dog, it's too dark to read. -Groucho Marx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDoa80RHqalLqKnCkRAmBfAJ40LDCQWPe7+Qn/BiTDXnPpTQBNGQCdHXvo o11JZbb9ft0AuBvclLnNW9I= =0Oh3 -----END PGP SIGNATURE----- ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]