Re: [declan@well.com: [Politech] E.U. Parliament votes to force "data retention" on telecom, Net firms [priv]]

[Roger Dingledine <arma@xxxxxxx>]

On Thu, Dec 15, 2005 at 01:20:19AM -0500, Jeffrey F. Bloss wrote:
> On Wednesday 14 December 2005 08:00 pm, nile wrote:
> > Correct me if I'm mistaken, but I believe the laws do not require
> > holding onto the content of the call/data, just the routing information
> > or phone numbers. If so, it's interesting to note that that's exactly
> > what Tor is for - defeating _traffic_ analysis.
> 
> It seems to me that traffic analysis is the one major thing Tor is susceptible 
> to. Being a real time, the Tor network can be compromised by someone who has 
> the ability to colate ingress and egress traffic, and this legislation gives 
> the "EU" the ability to sit back and examine an entire regional network at 
> its leisure.
[snip]
> Prior to this "broad" loggin being in place it would have been necessary for 
> Johnny Law to have some prior knowledge. They'd have to suspect Joe, and then 
> invest the time and resources in logging both Joe and the blog site. Now, 
> they can simply sift through the already collected data looking for people 
> who use Tor connections at the same time the blog is accessed.

Alas, I think Jeffrey has it right. Tor aims to provide protection in
a scenario where the adversary cannot observe the whole network (or
a substantial piece of it). The EU data retention directives directly
threaten the security that the current Tor design can provide.

There are some anonymity designs that aim to provide protection against
this strong level of adversary -- see e.g. http://mixminion.net/ --
but they carry unacceptably high latency for Tor-style connections.

As I understand it we're still a ways off from understanding exactly
what laws will be passed in each country, and only a while after that
will we start to understand what each law will mean. It may turn out
to be impractical (or illegal) to put out a blanket query to every ISP
in Europe saying "please tell me all users who connected to any of the
following 1000 IP addresses in this 10 second period".

But even so, once we have a sense of what sorts of attacks are likely,
we can also start looking at some specialized padding techniques for
Tor users to blend together better without paying too high a price in
overhead. The goal is not to beat arbitrary statistical attacks, but
to increase false positives (and maybe false negatives) with respect to
specific attacks.

We may also be able to take advantage of the fact that these adversaries
are only partial attackers: even in the best attacks they can only
observe perhaps half the network. We may be able to arrange things to
increase the doubt in their findings -- though as Jeffrey points out,
a patient attacker will use statistics to become increasingly convinced
that he has found his target.

It really is a shame that Europe has chosen to cripple the security of
its citizens and companies in this way. The bad people will continue to
break laws and not get caught by this (breaking into computers around the
world and using them as stepping stones, using open wireless networks,
using botnets, you name it), and honest people and organizations in Europe
will always be wondering who has broken into their ISP and grabbed their
traffic data -- for espionage, for advertising purposes, for stalking,
for who knows.

This is reminiscent of the U.S.'s earlier crypto export fiasco, when they
chose to undermine their position as the world leader in cryptography,
as well as ensure that the good guys were vulnerable while the bad guys
were safe. I wonder how this one will turn out.

--Roger