No subject

Eugen Leitl eugen at
Fri Nov 22 01:30:32 PST 2002

Fucking nuts.

Agency Weighed, but Discarded, Plan Reconfiguring the Internet

The Pentagon research agency that is exploring how to create a vast 
database of electronic transactions and analyze them for potential 
terrorist activity considered but rejected another surveillance idea: 
tagging Internet data with unique personal markers to make anonymous use 
of some parts of the Internet impossible.

The idea, which was explored at a two-day workshop in California in 
August, touched off an angry private dispute among computer scientists and 
policy experts who had been brought together to assess the implications of 
the technology.

The plan, known as eDNA, called for developing a new version of the 
Internet that would include enclaves where it would be impossible to be 
anonymous while using the network. The technology would have divided the 
Internet into secure "public network highways," where a computer user 
would have needed to be identified, and "private network alleyways," which 
would not have required identification.

Several people familiar with the eDNA discussions said such secure areas 
might have first involved government employees or law enforcement 
agencies, then been extended to security-conscious organizations like 
financial institutions, and after that been broadened even further.

A description of the eDNA proposal that was sent to the 18 workshop 
participants read in part: "We envisage that all network and client 
resources will maintain traces of user eDNA so that the user can be 
uniquely identified as having visited a Web site, having started a process 
or having sent a packet. This way, the resources and those who use them 
form a virtual `crime scene' that contains evidence about the identity of 
the users, much the same way as a real crime scene contains DNA traces of 

The proposal would have been one of a series of technology initiatives 
that have been pursued by the Bush administration for what it describes as 
part of the effort to counter the potential for further terrorist attacks 
in the Unites States. Those initiatives include a variety of plans to 
trace and monitor the electronic activities of United States citizens.

In recent weeks another undertaking of the the Defense Advanced Research 
Projects Agency, or Darpa, the Pentagon research organization, has drawn 
sharp criticism for its potential to undermine civil liberties. That 
project is being headed by John M. Poindexter, the retired vice admiral 
who served as national security adviser to President Ronald Reagan.

Dr. Poindexter returned to the Pentagon in January to direct the research 
agency's Information Awareness Office, created in the wake of the Sept. 11 
attacks. That office has been pursuing a surveillance system called Total 
Information Awareness that would permit intelligence analysts and law 
enforcement officials to mount a vast dragnet through electronic 
transaction data ranging from credit card information to veterinary 
records, in the United States and internationally, to hunt for terrorists.

In contrast, with eDNA the user would have needed to enter a digital 
version of unique personal identifiers, like a fingerprint or voice, in 
order to use the secure enclaves of the network. That would have been 
turned into an electronic signature that could have been appended to every 
Internet message or activity and thus tracked back to its source.

The eDNA idea was originally envisioned in a private brainstorming session 
that included the director of Darpa, Dr. Tony Tether, and a number of 
computer researchers, according to a person with intimate knowledge of the 
proposal. At the meeting, this person said, Dr. Tether asked why Internet 
attacks could not be traced back to their point of origin, and was told 
that given the current structure of the Internet, doing so was frequently 
not possible.

The review of the proposal was financed by a second Darpa unit, the 
Information Processing Technology Office. This week a Darpa spokeswoman, 
Jan Walker, said the agency planned no further financing for the idea. In 
explaining the reason for the decision to finance the review in the first 
place, Ms. Walker said the agency had been "intrigued by the difficult 
computing science research involved in creating network capabilities that 
would provide the same levels of responsibility and accountability in 
cyberspace as now exist in the physical world."

Darpa awarded a $60,000 contract to SRI International, a research concern 
based in Menlo Park, Calif., to investigate the concept. SRI then convened 
the workshop in August to evaluate its feasibility.

The workshop brought together a group of respected computer security 
researchers, including Whitfield Diffie of Sun Microsystems and Matt Blaze 
of AT&T Labs; well-known computer scientists like Roger Needham of 
Microsoft Research in Cambridge, England; Michael Vatis, who headed the 
National Infrastructure Protection Center during the Clinton 
administration; and Marc Rotenberg, a privacy expert from the Electronic 
Privacy Information Center.

The workshop was led by Mr. Blaze and Dr. Victoria Stavridou, an SRI 
computer scientist, one of those who had originally discussed the eDNA 
concept with Darpa officials.

At the workshop, the idea was criticized by almost all the participants, a 
number of them said, on both technical and privacy grounds. Several 
computer experts said they believed that it would not solve the problems 
it would be addressing.

"Before people demand more surveillance information, they should be able 
to process the information they already have," Mark Seiden, an independent 
computer security expert who attended the workshop, said in an interview. 
"Almost all of our failures to date have come from our inability to use 
existing intelligence information."

Several of the researchers told of a heated e-mail exchange in September 
over how to represent the consensus of the workshop in a report that was 
to be submitted to Darpa. At one point, Mr. Blaze reported to the group 
that he had been "fired" by Dr. Stavridou, of SRI, from his appointed role 
of writing the report presenting that consensus.

In e-mail messages, several participants said they believed that Dr. 
Stavridou was hijacking the report and that the group's consensus would 
not be reported to Darpa.

"I've never seen such personal attacks," one participant said in a 
subsequent telephone interview.

In defending herself by e-mail, Dr. Stavridou told the other panelists, 
"Darpa asked SRI to organize the meeting because they have a deep interest 
in technology for identifying network miscreants and revoking their 
network privileges."

In October, Dr. Stavridou traveled to Darpa headquarters in Virginia and . 
after a teleconference from there that was to have included Mr. Blaze, Mr. 
Rotenberg and Mr. Vatis was canceled . later told the panelists by e-mail 
that she had briefed several Darpa officials on her own about the group's 

In that e-mail message, sent to the group on Oct. 15, she reported that 
the Darpa officials had been impressed with the panel's work and had told 
her that three Darpa offices, including the Information Awareness Office, 
were interested in pursuing the technology.

This week, however, in response to a reporter's question, Darpa said it 
had no plans to pursue the technology. And an SRI spokeswoman, Alice 
Resnick, said yesterday, "SRI informed Darpa that the costs and risks 
would outweigh any benefit."

Dr. Stavridou did not return phone calls asking for comment.

-- Eugen* Leitl <a href="">leitl</a>
ICBMTO: N48 04'14.8'' E11 36'41.2''
83E5CA02: EDE4 7193 0833 A96B 07A7  1A88 AA58 0E89 83E5 CA02

More information about the cypherpunks-legacy mailing list