Mok-Kong Shen
2013-08-03 11:05:38 UTC
There have been recently in German media quite some debates on Internet
security for the common people and serious concerns were also expressed
by the German president. A German minister even recommended the
citizens to take care of the security of their communications
"themselves", without however telling them "how" -- similar IMHO to
recommending citizens to take care of not being robbed "themselves".
(It may incidentally be noted that in Germany, in distinction to USA,
a permission is required to buy guns and that permission is not easy
to get). Now are there any good ideas of how the common people could
defend themselves against Prism, Tempora, etc., noting that some mighty
Eastern countries may have comparable, though yet unrevealed, projects
running as well? Each individual idea may not be good enough, but
perhaps through appropriate combinations there could result in
something not too bad?
As a start I venture to sketch a humble idea of my own in the
following:
If it could be managed to have sufficiently large volumes of encrypted
emails constantly on the Internet, the surveillance mechanisms would
very likely at least loose much of their efficiencies, if not be
entirely bogged down due to overloading. To achieve that, it would
thus principally depend on whether there are sufficient number of
common people who would voluntarily take the trouble to do encryptions
(or at least do some additional keystrokes, see (3) below) and so IMHO
this is the biggest problem to be faced by the present idea.
We assume that each email has a plaintext part and an attached file
with encrypted stuff. It may be noted that for such senders (let's call
them activists):
(1) They certainly may not have all the time materials that necessarily
need to be kept secrect, in which case for convenience the attachment
can be a dummy file, in particular an arbitrarily chosen one from a
number of dummies stored on stock. Whether the file contains genuine
stuff could e.g. be indicated by a chosen keyword in the plaintext part
of the email.
(2) Not all their friends would like to do any encryption work to
communicate with them, in which case these friends need only tolerate
the activists' sending them emails with dummies.
(3) Those activists who live on the maxim of having absolutely nothing
to hide could always send dummies as attachment.
Note also that the idea of having only one part of the whole message
that is encrypted could also be applied e.g. to the webpages, which may
contain a dynamically varying encrypted part for the partners to
receive.
Key management could be a big stumbling block for the idea in practice.
Since I have anyway a bias favouring symmetric encryptions (I mistrust
PKI whose software/hardware security I am unable to verify for poverty
of knowledge and other practical reasons), I envisage that each pair of
partners would somehow aggree and keep a master key for their
communications, from which session keys could be generated via
encrypting certain data that partly involve time, message number etc.
At least for a certain part of the activists who live in democratic
countries secure transfer and keeping of these master keys among them
shouldn't be a too big problem IMHO.
Note that we capitalize on encryption, i.e. the difficulties (efforts
and resources required) of the agencies to find the (potentially, but
not certainly, vital for them) secret informations and do not (and
cannot) hinder their collection of the meta data. Hence the portion of
emails from the activists need not be significant in relation to the
total volume of emails on the Internet.
A tiny remark is that in countries where the law enforcement could
demand surrendering of the encryption keys, the dummies couldn't be
entirely arbitrarily random, since otherwise it would be impossible to
satisfy the demands of the authority.
A somewhat different, seemingly also viable, idea is the following:
The activists could send genuine (i.e. for communication) or dummy
(i.e. to enhance the load of cryptanalysis) messages to Usenet groups
like alt.anonymous.messages. I am ignorant whether that group has
currently more than a few congeners, if at all. Anyway, if there is
a "run" for such services, evidently many more of its genre would be
needed, which IMHO shouldn't nevertheless be an unsolvable problem.
BTW, some activists could run something analogous to certain Internet
forums with browser as interface for posting, excepting that there will
be encrypted stuffs posted, with membership available to the general
public or limited in some specific way. (Note that on some computers
access to Usenet groups may not have been installed, but access to
a forum needs only a browser which is always available.)
My personal view of the current surveillance is fairly analogous to
one of, say, an intimidating disease of pandemic nature. In such cases
one knows that one doesn't have "really" effective means to solve the
problem, but one must/should nonetheless join efforts/thoughts to
reduce, as far as possible. the "impact" of the evils. As I indicated,
there appears unlikely to be a way to stop collection of meta data.
What seems to be viable is IMHO a reduction of the practical efficiency
of the huge computing resources of the agencies. And that I think is
quite possible in practice by presenting to their machines an
additional very huge load of cryptanalysis. In fact, imagine that there
were 100 Internet forums each with daily an average of 100 encrypted
posts, such that with a probability of 1/10000 a post may contain
a message of the importance and urgency comparable to, say, "Snowden is
escaping with a jet of a certain Latin-American president", I am pretty
sure that the cooling system of their computers would very soon need
some unscheduled maintenance work :)
M. K. Shen
security for the common people and serious concerns were also expressed
by the German president. A German minister even recommended the
citizens to take care of the security of their communications
"themselves", without however telling them "how" -- similar IMHO to
recommending citizens to take care of not being robbed "themselves".
(It may incidentally be noted that in Germany, in distinction to USA,
a permission is required to buy guns and that permission is not easy
to get). Now are there any good ideas of how the common people could
defend themselves against Prism, Tempora, etc., noting that some mighty
Eastern countries may have comparable, though yet unrevealed, projects
running as well? Each individual idea may not be good enough, but
perhaps through appropriate combinations there could result in
something not too bad?
As a start I venture to sketch a humble idea of my own in the
following:
If it could be managed to have sufficiently large volumes of encrypted
emails constantly on the Internet, the surveillance mechanisms would
very likely at least loose much of their efficiencies, if not be
entirely bogged down due to overloading. To achieve that, it would
thus principally depend on whether there are sufficient number of
common people who would voluntarily take the trouble to do encryptions
(or at least do some additional keystrokes, see (3) below) and so IMHO
this is the biggest problem to be faced by the present idea.
We assume that each email has a plaintext part and an attached file
with encrypted stuff. It may be noted that for such senders (let's call
them activists):
(1) They certainly may not have all the time materials that necessarily
need to be kept secrect, in which case for convenience the attachment
can be a dummy file, in particular an arbitrarily chosen one from a
number of dummies stored on stock. Whether the file contains genuine
stuff could e.g. be indicated by a chosen keyword in the plaintext part
of the email.
(2) Not all their friends would like to do any encryption work to
communicate with them, in which case these friends need only tolerate
the activists' sending them emails with dummies.
(3) Those activists who live on the maxim of having absolutely nothing
to hide could always send dummies as attachment.
Note also that the idea of having only one part of the whole message
that is encrypted could also be applied e.g. to the webpages, which may
contain a dynamically varying encrypted part for the partners to
receive.
Key management could be a big stumbling block for the idea in practice.
Since I have anyway a bias favouring symmetric encryptions (I mistrust
PKI whose software/hardware security I am unable to verify for poverty
of knowledge and other practical reasons), I envisage that each pair of
partners would somehow aggree and keep a master key for their
communications, from which session keys could be generated via
encrypting certain data that partly involve time, message number etc.
At least for a certain part of the activists who live in democratic
countries secure transfer and keeping of these master keys among them
shouldn't be a too big problem IMHO.
Note that we capitalize on encryption, i.e. the difficulties (efforts
and resources required) of the agencies to find the (potentially, but
not certainly, vital for them) secret informations and do not (and
cannot) hinder their collection of the meta data. Hence the portion of
emails from the activists need not be significant in relation to the
total volume of emails on the Internet.
A tiny remark is that in countries where the law enforcement could
demand surrendering of the encryption keys, the dummies couldn't be
entirely arbitrarily random, since otherwise it would be impossible to
satisfy the demands of the authority.
A somewhat different, seemingly also viable, idea is the following:
The activists could send genuine (i.e. for communication) or dummy
(i.e. to enhance the load of cryptanalysis) messages to Usenet groups
like alt.anonymous.messages. I am ignorant whether that group has
currently more than a few congeners, if at all. Anyway, if there is
a "run" for such services, evidently many more of its genre would be
needed, which IMHO shouldn't nevertheless be an unsolvable problem.
BTW, some activists could run something analogous to certain Internet
forums with browser as interface for posting, excepting that there will
be encrypted stuffs posted, with membership available to the general
public or limited in some specific way. (Note that on some computers
access to Usenet groups may not have been installed, but access to
a forum needs only a browser which is always available.)
My personal view of the current surveillance is fairly analogous to
one of, say, an intimidating disease of pandemic nature. In such cases
one knows that one doesn't have "really" effective means to solve the
problem, but one must/should nonetheless join efforts/thoughts to
reduce, as far as possible. the "impact" of the evils. As I indicated,
there appears unlikely to be a way to stop collection of meta data.
What seems to be viable is IMHO a reduction of the practical efficiency
of the huge computing resources of the agencies. And that I think is
quite possible in practice by presenting to their machines an
additional very huge load of cryptanalysis. In fact, imagine that there
were 100 Internet forums each with daily an average of 100 encrypted
posts, such that with a probability of 1/10000 a post may contain
a message of the importance and urgency comparable to, say, "Snowden is
escaping with a jet of a certain Latin-American president", I am pretty
sure that the cooling system of their computers would very soon need
some unscheduled maintenance work :)
M. K. Shen