The Untrusted Middle

Discussion continues on the warrantless wiretapping program. I’ve made my opinions clear already.

It’s surprising to me that so little attention has been paid by the press to this question: why is there a problem, given the existing national security wiretap process that allows warrants to be obtained a few days after the fact in emergencies?

Here’s my theory:

If large volumes of telephone/email traffic are being subjected to automatic content analysis, it would impossible to obtain warrants because literally everything is being inspected and/or retained. I have no evidence whatsoever that this is true, but note that it’s consistent with every official public explanation I’ve heard about the program, whereas most other scenarios are at odds with at least some of the observable facts. Even if it isn’t true, it’s certainly possible.

This is only possible because the contents of the communication are visible to the carrier. If the communicating parties begin to use encryption because they know they can’t trust the middleman in their message traffic, this analysis won’t be possible. There’s still traffic analysis–sometimes just knowing who’s having a conversation is useful, even if you don’t know what they’re saying. But it seems likely that the content of communication is likely to become more opaque over time as the use of encryption (by both good and evil actors) becomes more commonplace.

And this trend may be accelerated in a surprising way: by the need to shield traffic from the prying eyes of our own Internet service providers.

Many are familiar by now with the antics of Comcast with respect to peer-to-peer file sharing traffic. Comcast noticed that P2P traffic accounted for a great deal of its upstream capacity, and they don’t have that much capacity. So they deployed some hardware that listens in on the traffic going by, and then actively interferes with that traffic when it looks too much like peer-to-peer file sharing. In security parlance, this is called a man in the middle attack. And this sort of attack is a whole lot more successful when the attacker has access to the content of the communication.

Without spending a lot of time on the propriety of Comcast’s approach of network-management-by-forgery, I’ll note that it’s going to drive a whole bunch of software developers to implement cryptography at the endpoints so that it’s impossible to tinker with the information content in flight. That’s what you do when you can’t trust the path between sender and receiver, and I think that the average user (or at least the average software developer) may become aware of this approach sooner rather than later.

Leave a Reply

Your email address will not be published. Required fields are marked *