-----BEGIN PGP SIGNED MESSAGE----- On Tue, 11 Dec 2001, Tim May wrote:

The article was not completely silent on speculations about FBI/LEA efforts: Magic Lantern was mentioned as a way to get the keys.

His example was pretty far-fetched, though. Getting all the ISPs to log all their mail so that all remailer users could be identified would be quite a feat, and then compromising all of them with Magic Lantern would be rather difficult as well. Magic Lantern works if you have a meat-space suspect in mind. If all you have to go on is an anonymous email, it won't help much, unless it were designed to target the remailers themselves (bringing us to your next point).

I'd guess that remops are likely targets for future "sneak and peek" black bag jobs. Warrants are no longer needed, say the criminals in D.C. (though the Constitution differs).

According to current laws? I admit I haven't read Patriot all the way through, but it seems to me that an LEA would still need a warrant to black bag a remailer, if the operator wasn't under suspicion of being a terrorist. (Not that I would expect such warrants to be denied, nor would I be surprised if Son of Patriot permitted warrantless sneak and peek jobs on service providers.)

Packet sniffers are another approach. Remember that we have Shimomura's own words that he was working on such sniffers for various intelligence agencie back during the Mitnick affair.

Yes, and we see them now with Carnivore, etc.

Correlation analysis remains promising. Messages go in, messages leave. Without sufficient traffic to get the N^M entropy, imagine what sophisticate statistical analysis does to establish probable mappings.

As we (again) discussed at this past Saturday's physical meeting, in Santa Cruz, a sparse set of users and messages is almost a toy system. Remailer traffic needs to go up by a large factor, whether actual messages or dummy messages. Remailers need to be more robust (uptime, strong policies) and need to be incentivized (paid remailers, an old topic).

I agree completely. I suppose the question lingering in the back of my mind is "how hard would it be for the FBI to create such a monitoring system?" Correlation analysis can't offer much after the fact for a one-time communication through a remailer. The system would need to be in place and collecting data prior to the message being sent. I suppose it wouldn't be too difficult to deploy something along those lines, though, in US-friendly countries at least. Place a sniffer directly upstream of each remailer (at most 50?) and you'll know the real headers for the accounts each and every remailer user sends mail from. That's within the FBI's ability, I think. Then the problem of what to do with the remailers in countries where getting Carnivore or similar installed wouldn't be so easy. Sniffers on the US border routers probably isn't practical. How much of an increase in dummy-messages could the remailer network withstand? I'm trying to think of interesting ways to create more widespread dummy traffic coming from many different origins, but that could get out of hand rather quickly. - -MW- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iQEVAwUBPBfkvysFU3q6vVI9AQEVKAf/UdIwOluBkEivopga/QY9kkxoBrFSoEHE lhPR8RUbXOKPPwQ2kQblqF1lq92PznUGG6kgAYabnDTfxTg5erT6AaM0AWo7VI2N Umj2YNLCrX8qppc9y/B1zRmZ3BMYwneumJWeXmNQleua/GwCa+4BA6ABV6pndh1Q AErxWdwfJbxSZE2WZLKjiOVoD1AIbB1JSObgURsEAyYWHs3k6ZeND+Mx8Dyh3uWF GrbCayVyGs17JoH4RsLSHk2EG0Jm+BcBZTTb8Piezkj2BaIUC3tyJqCsJwN5Uief I5VUwEMspgBYQ8xur8r2msm8tzeJXh0CgIZXp9SXIspa8s+JwlkdeQ== =vRYw -----END PGP SIGNATURE-----