[declan at well.com: [Politech] E.U. Parliament votes to force "data

Jeffrey F. Bloss jbloss at tampabay.rr.com
Thu Dec 15 10:00:16 PST 2005

retention" on telecom, Net firms [priv]]
User-Agent: KMail/1.7
Reply-To: or-talk at freehaven.net

Hash: SHA1

On Thursday 15 December 2005 02:49 am, David Benfell wrote:
> On Thu, 15 Dec 2005 01:20:19 -0500, Jeffrey F. Bloss wrote:
> > With this new logging in place XYZ might be able to force law enforcement
> > to perform a simple query of the data to discover exactly who is posting
> > the information. It's a simple (?) matter of searching for connection
> > times to the blog, and comparing them to times that "Joe" makes
> > connections to a Tor node. If Joe builds a new circuit at 2PM and the
> > blog is updated at 2:00:01 PM, and this relationship can be demonstrated
> > for some period of time, it's pretty clear that it won't take 6 months of
> > data to prove beyond any reasonable doubt Joe is the blog owner.
> Suppose the blog is hosted outside Europe, and the blog software
> introduces a random delay before actually posting Joe's entry?

Sure, anything that removes influence or power from an "attacker" is a
generally good thing, but...

Jurisdictional borders aren't the panacea they use to be, if they ever really
were. Treaties and agreements between nations can make collecting information
from foreign sources a matter of an attorney filing the proper form in
triplicate. In some number of places that depends completely on specific laws
governing each jurisdiction, this is even an advantage for some attackers
because getting around local laws and/or security is more difficult than
simply asking a foreign official to collect the information for you.

There's a depressingly increasing number of jurisdictions where some appointed
official can walk through the door and confiscate, log, back door, etc any
system on nothing more than a whim. It's theorized that this is why things
like ECHELON were deployed outside US borders... to circumvent requirements
like showing cause and obtaining warrants.

This isn't to say that there's no jurisdictions that might make you safer,
just that they're few, far between, and not near as safe as they once were.
In fact, I don't believe mandatory logging is anything new even within EU
Member Nations. I believe for some of them this is a step backwards if
they're somehow restricted to the 6/12 month and "connection only" logging
dictated by this new policy. The *real* threat is in the organization and
broad scope of the thing. It will effectively transform all of Europe and
then some, into one big surveillance tool. :(

Anyway, the latency thing probably wouldn't make much difference at all
either. It might fool a casual observer who is assessing the published
content, but with these sweeping logging requirements there's no need to wait
for the page to change when you hit the [refresh] button. ;-) The blog owner
logging in to make the changes is what's being automagically logged, or what
can be "force" logged from outside a jurisdiction. And half the puzzle is
already relatively trivial to solve due to the forced connection logging. You
have to assume that an attacker will absolutely know either the origin, or
the destination of every packet, and have the ability to do what they will
with that data.

It's also important to note that blogging was just an out-of-thin-air example,
and other types of communications can't be subject to any similar sort of

That's my semi-literate layperson's take on things. This EU logging policy is
a problem of great concern as I see it. In theory at least, it could make Tor
and any other similar distributed "anonymous" network completely and utterly
useless for serious users in that jurisdiction, and far less secure for
people who cross those jurisdictional lines in either direction.

- --
Hand crafted on December 15, 2005 at 12:09:56 -0500

Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
                                  -Groucho Marx
Version: GnuPG v1.4.2 (GNU/Linux)


----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the cypherpunks-legacy mailing list