CDR: Re: New email could confound law enforcement

Ray Dillinger bear at sonic.net
Mon Sep 25 11:16:44 PDT 2000 


On Sun, 24 Sep 2000 anonymous at openpgp.net wrote:

>AbsoluteFuture.com of Bellvue, Wash., has dubbed its service "SafeMessage," describing it as a "direct messaging" service that transmits messages from party to party without the use of a central server. 
>
>This distinction is significant because email, which always passes through mail servers, leaves a trace copy of itself that can be subpoenaed, read or otherwise accessed by unauthorized readers. 
>
>Besides bypassing a central server, the messages are heavily encrypted and are programmed to be automatically erased after a period of time designated by the sender. The encryption not only prevents outsiders from reading the message, but also limits the message recipient's ability to forward, cut and paste, or print the message. 
>

WRONG!  If data can be displayed by the recipient's computer, then it 
can be captured.  Wanna bet somebody can't hang a screen-copying utility 
on their keystroke interrupt and capture the information that way?

While this kind of stunt (actually just leaving those functions 
out of the GUI) may give people "warm fuzzies", it does not 
materially add to security, because fundamentally, the user has 
physical access to his/her own machine and can do whatever he/she 
wants to on it. 

And while it's probably good to notice that servers can get 
compromised and bypass them, does anyone here think routers can't 
be compromised?  Let's face it, if the bits go from you to the 
other person over the Internet, there are always going to be 
lots of places where someone with fingers in the network can get 
a copy of them. Keeping a copy is not normal behavior for routers, 
but if someone wants to log traffic at a router they own, they 
certainly can. 


>Rival products include HushMail, ZixMail, Disappearing Inc. and Authentica. 

As the owner of Disappearing Inc. I can tell you right now that we 
do not yet have a product in this space and do not have one under 
development at the current time. We have completed a feasibility 
study, in the context of a larger product encompassing a lot of 
different protocols, and that is all.  A product, *IF* we decide 
to go ahead with one, is still over two years out. 

>
>Unlike AbsoluteFuture, however, these services use ordinary email delivery systems that are prone to online eavesdropping and may leave trace copies behind in the computers used to carry them. AbsoluteFuture believes it has found a solution to this problem by harnessing technology known as peer-to-peer networking, which connects personal computers directly, without the need for a central server to route file transfers. 
>

It seems odd to see Disappearing Inc's product described in this way 
since we don't have one. 

>To use SafeMessage, a person signs on to the program with an ID and password, similarly to an email client. When typing the recipient, the person sends the contact to AbsoluteFuture's server, which locates the recipient online and allows the sender to send the message directly to the recipient. 
>

And also provides a central monitoring point that allows SafeMessage 
to maintain logs of who mailed who and when, and to do a complete 
traffic analysis of all messages sent with this system. Isn't that 
special?


>The message is encrypted before it leaves the sender's computer, and the decoder key is destroyed. If the recipient is not online, the sender must send the message to AbsoluteFuture's server, which will hold the message until the recipient logs on or the message times out. 

And we know, of course, that when the message times out or is delivered, 
it's erased from the AbsoluteFuture server.  We know it because ... well, 
actually, we don't.  Unless we extend greater fundamental trust to the 
AbsoluteFuture server than to the servers we bypass by using it.  There 
is no protocol for making sure that something is erased. Now, they are 
probably erasing.  But we can't verify it, any more than we can verify 
erasing in any cypherpunk remailer. And they have their heads up far 
enough to attract attention, and they have investors to answer to so 
they can't just shut down if compromised the way cypherpunk remailers do. 
So there could be a carnivore already in place on their system for all 
we know, and they wouldn't be allowed to talk about it. 


>"In one sense this is slightly less secure because we're looking after it," Graham said. "But we don't have the key to get at it. Even if there was a court order for the message, it is highly encrypted. We'd say, 'OK, go ahead try to open it.'" 
>

Right.  While this system provides a route outside the normally monitored 
routes for traffic, it is not a route that can't be monitored.  While it 
provides a server other than those normally subpeona'd, it is not a server
that can't be subpeona'd.  The only hard security this system can offer,
therefore, is the encryption.  

So, if the product can be exported or downloaded from a website, I 
would have to suspect since it's made in the US that somewhere in the 
headers or trailers, the message bears a block that contains most of 
the key (all but the last 40 bits) encrypted in a form the NSA (and 
whomever else has their key) can read. -- This is the same thing that 
happened to Netscape after v4.07 for example, and Internet Explorer 
after v4.  If it can't be exported, that would be a good sign.  

Aside from that, I don't know the particulars of the encryption they 
use - they claim to use a product cipher, but so far I haven't seen 
what the components of the product cipher are, what the key lengths 
are, how they do key management, etc etc etc. 


				Ray Dillinger
				Disappearing Inc

More information about the cypherpunks-legacy mailing list