[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [email@example.com: [Politech] E.U. Parliament votes to force "data retention" on telecom, Net firms [priv]]
-----BEGIN PGP SIGNED MESSAGE-----
On Wednesday 14 December 2005 08:00 pm, nile wrote:
> Correct me if I'm mistaken, but I believe the laws do not require
> holding onto the content of the call/data, just the routing information
> or phone numbers. If so, it's interesting to note that that's exactly
> what Tor is for - defeating _traffic_ analysis.
It seems to me that traffic analysis is the one major thing Tor is susceptible
to. Being a real time, the Tor network can be compromised by someone who has
the ability to colate ingress and egress traffic, and this legislation gives
the "EU" the ability to sit back and examine an entire regional network at
its leisure. I also heard a rumor that jurisdictions like Cuba and Hong Kong
might be affected, because they use British Net Service Providers.
An over simplified and purely theoretical scenario...
Some French whistleblower guy name "Joe" publishes information about the
nefarious activity of XYZ Inc on a blog in the Netherlands. Lets say he posts
to it with a bit of regularity for a couple months.
With this new logging in place XYZ might be able to force law enforcement to
perform a simple query of the data to discover exactly who is posting the
information. It's a simple (?) matter of searching for connection times to
the blog, and comparing them to times that "Joe" makes connections to a Tor
node. If Joe builds a new circuit at 2PM and the blog is updated at 2:00:01
PM, and this relationship can be demonstrated for some period of time, it's
pretty clear that it won't take 6 months of data to prove beyond any
reasonable doubt Joe is the blog owner.
Prior to this "broad" loggin being in place it would have been necessary for
Johnny Law to have some prior knowledge. They'd have to suspect Joe, and then
invest the time and resources in logging both Joe and the blog site. Now,
they can simply sift through the already collected data looking for people
who use Tor connections at the same time the blog is accessed.
Apply this logic to the "Music Industry" and its dog with a favorite bone
tenacity for outing 9 year old kids who download MP3's they already have on
CD and... :*(
Hand crafted on December 15, 2005 at 00:52:29 -0500
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
-----END PGP SIGNATURE-----