Eric's comment about the complementary natures of a public kiosk and a person's home suggests a hybrid whistleblowing scheme that combines the best of both. The whistleblower creates his file in the privacy of his own home on a floppy disk, encrypts it in the public key of the whistleblowing system, and carries it to a public kiosk where he sends it. This gives the whistleblower plenty of time and quite a bit of privacy as he composes his message (unless the PTB have bugged his home computer, a possibility for a suspected repeat "offender"). The step of physically carrying his file to the kiosk eliminates anything that could be done to the whistleblower's phone (including traffic analysis), although it would not stop physical surveillance of the whistleblower. And if the whistleblower is accosted on his way to the kiosk, all they could seize would be the ciphertext of his message, encrypted in the public key of the whistleblowing service -- which the whistleblower himself would not be able to decrypt even if he wanted to. Think of the kiosk more as a public mailbox than a public phone. Phil
The whistleblower creates his file in the privacy of his own home on a floppy disk, encrypts it in the public key of the whistleblowing system, and carries it to a public kiosk where he sends it.
This is the ideal scenario. I suspect that kiosks for other purposes will eventually contain some form of user-available I/O. I'm guessing it will be infrared, maybe rs232 serial. Diskette drives are too vulnerable and expensive to be feasible in a pay phone environment; they're called armor phones, and for good reason. In particular, sfnet doesn't have diskette access. No bother, we're not going to create the best system on the first revision. A good enough system will drive later systems. Eric
participants (2)
-
Eric Hughes -
karn@qualcomm.com