Envelopes speak - tracking information flow
© Copyright 1994-2002, Rishab Aiyer Ghosh. All rights reserved.
Electric Dreams #41

Digital communication is extremely vulnerable to interception, sorting and archival. Current electronic mail systems offer less privacy than open messages on postcards - at least it's impractical to keep copies of enormous quantities of paper mail. Encryption, which is slowly gaining popularity as a means of ensuring a degree of privacy of e-mail and eventually voice communication, is analogous to letters in sealed envelopes. This protects against one invasion of privacy - of communication content, or what you write and read. However there is at present little protection against a possibly more serious invasion of privacy, that of communication context, or to whom you send and from whom you receive messages. As such messages can include anything from New Year greetings to a friend to contract negotiations to CD purchases, there is a lot that can be known about you from addressing details on the most secure, encrypted mail - the tale the envelopes tell.

Currently, whether you make a phone call or send an e- mail, your communication is routed through a host of different sites - telephone exchanges or computers around the world. It may not be technically possible for these sites to extract the content of your message because of encryption. It is not feasible, and usually illegal, for them to archive traffic. But it is very easy to archive routing information, and such logs are routinely kept by computers on the e-mail network as well as telephone exchanges.

The legal process of getting access to addressing information is much simpler than for intercepting communication content itself, because it is often assumed that such information is, on its own, useless. Actually it is probably more useful than interception. Such traffic analysis helped track Iranian assassins in France earlier this year, using records of 20,000 phone calls from public booths. It could also be used for intrusive monitoring of your income or hospital visits, or for that matter to crack down on Tibetan human rights activists.

Cypherpunks - the assorted citizens of cyberspace who try to protect privacy through the use of technology - may have a solution. Elated by the success of anonymous remailers - special e-mail addresses that repost messages after removing any traces of the original sender, especially favoured in discussion forums for victims of sexual abuse - they are now working on methods to reduce, if not eliminate altogether, the menace of traffic analysis. Without these, it would be possible to associate anonymous messages with their original senders by carefully matching arrival times in various system logs. Remailers and their users resort to several countermeasures. They collect incoming mail and repost anonymized versions in batches of random sizes, to avoid a correlation between mail arrival times. They route mail through random groups of remailers, often in different countries, to make tracing posts back to the source harder. And of course, they encrypt as much traffic as possible.

Although remailers prevent reverse traffic analysis - tracking mail from the recipient to the sender - they don't protect against traffic analysis from source - tracking the output of a specific site or individual. Dining Cryptographer networks, or DC-Nets were developed almost a decade ago as a networking protocol allowing a group of people to broadcast messages, while making it impossible to identify the specific source from within the group. Unfortunately DC-Nets have not yet gone beyond the early experiments; but there is hope that they will soon silence the electronic envelopes of traffic analysis.

Privacy and freedom of expression are basic human rights. Where laws and international treaties have failed to protect them, it looks increasingly likely that in a borderless world of digital signals, technology will.

  • Electric Dreams Index
  • dxm.org Homepage