[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Solicitation of Tax Evasion--An Example

Ed Carp writes:


> The problem is, unless you're very careful about distributions and such,
> you can easily clog the net with zillions of public-key-encryptions to
> alt.security.pgp.messages <grin>.  But then again, I suppose it's not
> any more traffic than alt.sex.pictures.erotica.* generates. :)
> It would be trivial to write a script to be put in your .login to
> automatically skim that newsgroup for anything encrypted with your public
> key.  Hmmm...

Yes, Ed is right. Easy to spot messages intended for you. And the
volumes involved in this "crypto classfieds" are not unreasonable.

Several comments:

1. As Ed points out, not such a large volume compared to the GIFs and
JPEGs (and now even MPEGs) being posted. A "classifed ad" is small for
what it carries (in terms of commercial information). That is, all the
ads we could write as individuals in a year would be less than a
single large JPEG image. And of course the ads could be packed in the
bits of such images, but I digress. And as Hal Finney notes,
steganography is not the main issue.

Ironically, though, these "crypto classifieds" represent a kind of
steganography, in that the authorities may _suspect_ the meaningless
bits are related to tax evasion, or solicitation of murders
(untraceable!), or sales of Stealth bomber plans, but they can't prove
this. The cyphertext could just as easily be love letters, encrypted
notes to lawyers (attorney-client privilege), psychiatric records (the
law now requires due diligence in keeping them secure, so encryption
is increasing here), or the "digital confessionals" of networked
churches! (These "legal covers" for crypto will be _very_ hard to
stop, even if the Administration wants to ban strong crypto. Telling a
priest or a lawyer that his communications with his client must be
wire-tappable will not go over well, and may be ipso facto thrown out.)

2. By analogy with publishing real classified ads in real newspapers,
imagine a "pool" site, reachable by ftp, that could contain gigabytes
of such encrypted "junk." (Incrimination of those who use such a site
can be eliminated by having it used for all kinds of things, and
encouraging everyone who retrieves something that's actually of
interest to them to randomly take a bunch of other stuff. This could
be cumbersome, I'll grant you.)

(Probably easier to just use UseNet, unless and until the volumes get
really large. When we last discussed this in a major way, probably
around last November or so, Miron Cuperman proposed "pools" that
people would subscribe to, automatically getting _all_ messages sent
to the pool. Incrimination is avoided, as above. However, using idle
UseNet groups ("alt.fan.chaum"?) will work just about as well, modulo
some concerns that who reads what newsgroups is theoretically

3. Satellite distribution, as with all kinds of feeds. (These various
alternative distribution systems--satellite, pool, newsgroup, ftp
site--are all just variations on the idea that nobody knows who's
reading what ads in a newspaper-type system, a batched transmission

4. How does the target of a message know where to look? Must he scan
through all messages?

Obviously not, as many indexing schemes can be used which do not
compromise the security. For example, he may know that messages he can
read will start with "BARTER FOR SOFTWARE." The sender's security is
still maintained (remailers) and so is the recipient's (he takes many
messages, or downloads a large chunk of them to his local machine,
where he can extract the message meant for him).

(And the messages may also be apparently meaningless junk, readable
only to the intended recipient. So that he won't have to decrypt each
and every message to see which ones he can open--and he may have
multiple transactions in the pipeline, all with their own unique keys
to use!--there can be simple headers which are very quickly decrypted
Or the two communicants, once a channel is established, can agree to
put keywords in their messages, outside the cypertext. Again, this is
exactly what those communicating with newspaper ads do: they use

Enough for now.

-Tim May

Timothy C. May         | Crypto Anarchy: encryption, digital money,  
[email protected]       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^756839 | Public Key: PGP and MailSafe available.
Note: I put time and money into writing this posting. I hope you enjoy it.