Shades of OTR -- off-the-record -- a protocol that claims to provide plausible deniability.
A START-UP communications outfit is flogging a web-based email system that destroys the message after it has been read.
VaporStream system from Void Communications, which apparently is not a euphemism for VapourWare, works from an encrypted webpage. A punter visits the site, lists the person they want to talk too and chats away.
The names of the parties, or their messages are not stored anywhere and details can't be cut and pasted. Instead it is held on a temporary memory segment in a VaporStream server. When it is delivered, the server forgets that it ever existed.
The big problem is that these approaches completely fail to understand the real threat models for real people, and arguably make matters worse by creating a false sense of security, and encouraging people to deny the truths that can be proved in other ways.
The non-sexy #1 threat to email is breach of the node, and that threat breaches both of those approaches. Here's a reminder:
Last fall, agents on the FBI's public corruption squad faced a problem: They couldn't read encrypted e-mail seized from State Sen. Vincent J. Fumo's offices.
On Oct. 18, they got a break. Donald Wilson, a state Senate computer technician who had been granted immunity, suddenly remembered something, according to a newly unsealed FBI affidavit. He still had two portable data cards - with all the passwords to open the e-mail.
Wilson's lawyer called authorities and turned over the passwords. The feds were in.
With that breakthrough, the affidavit said, agents were able to read more Fumo office e-mails talking about destroying records and fretting about the FBI - a trail that helped lead to obstruction-of-justice charges against two other Fumo computer technicians, Leonard Luchko and Mark Eister.
An actual eavesdropping attack on "aircraft email" spotted by Steve Bellovin:
... ACARS is like an automated email system used by aircraft and ground control. An ACARS-enabled plane will transmit all kinds of information about what the plane is doing: where it is and where it's going, how much fuel it has, what the weather is like, and so on. These automated "emails" between aircraft and their ground controllers are encoded into radio signals clustered around the 131 megahertz and 136 megahertz frequencies.
A good scanner can receive these radio signals. To the ear, the transmissions sound like noise, but when filtered through a computer equipped with a software-based decoder the information contained in the airplanes' messages becomes comprehensible. Like notebooks filled with tail numbers and landing times, ACARS monitoring produces an endless stream of ridiculously detailed information, which ACARS enthusiasts from around the world dutifully post online.
The "open source" attack (c.f. John Robb) on the CIA's illegal renditions -- known as the torture taxi -- makes for fascinating reading. How relevant is such a threat model to general FC? In the past I would have said not relevant due to the context, but the recent open source work on the AOL privacy breach makes me think it is a valid threat, and the article is therefore valid case material.
It is curious to see how they would solve the ACARS problem. The only way that I can see is to use open source techniques of opportunistic cryptography, something that obviously has been fought against by the CIA and others. So the eavesdropping attack on plane traffic can be considered to be yet another example of how the USG's policy of low Internet security bites back. Chalk up another "Own Goal" like the Israeli "Defence" Force (IDF) results of last month (1, 2).Posted by iang at October 18, 2006 03:31 PM | TrackBack