Tuesday, May 25, 2010

March 13th, 2010 at 21:28 UTC by Richard Clayton

What’s worrying the spooks?


As I mentioned a few days ago, the security services have some concerns about the Digital Economy Bill:

If evading blocking systems becomes a mainstream activity (and there’s said to be 6-7 million illegal file sharers in the UK) then it will be used, almost automatically, by subversive groups — preventing the spooks from examining the traffic patterns and comprehending the threat.

There seems to be some confusion about quite what is worrying the security services. Last October, The Times reported that “both the security services and police are concerned about the plans, believing that threatening to cut off pirates will increase the likelihood that they will escape detection by turning to encryption”, and this meme that the concern is encryption has been repeated ever since.

However, I think that Patrick Foster, the Times media correspondent, got hold of the wrong end of the stick. The issue isn’t encryption but traffic analysis.

Peer-to-peer file sharing is already widely encrypted (Limewire has used encrypted transfers “out of the box” since version 4.13.11 in November 2007). This is done because it helps to prevent ISPs from detecting and blocking or “traffic shaping” (slowing down) data transfers.

The encryption prevents any snooping at the ISP, but does not hide who is communicating with who, and anyone who joins in the file sharing can identify all of the peers who are interested in a particular file, be it the current #1 single, or a video of a radical calling for violent action.

However, imagine that in the near future those who illegally share copyright material are being disconnected, and websites such as The Pirate Bay are being blocked. Since this legal framework doesn’t do anything to provide alternatives to file sharing, millions of people will start to use protocols that hide the identity of peers (Tor would be suitable, but something slightly more special purpose will doubtless be rapidly adopted); along with software that evades blocking mechanisms (once again Tor fits the bill, but there are other alternatives).

Once this new generation of software is deployed (and it would be ubiquitous within weeks), not only are the rights-holders unable to determine who is nibbling away at their twentieth-century business model, but the spooks can no longer use traffic analysis to determine the members of conspiracies. That’s precisely why they were concerned last October about the disconnection aspects of the Bill, and that’s precisely why they are even more concerned now with the opposition amendment that has unexpectedly put “web blocking” onto the table.

The recently leaked BPI memo, setting out the rights holders lobbying position shows how seriously this risk is being taken at the highest levels:

There has been a meeting between Number 10 officials and BIS special advisers today to discuss the way forward on Clause 18. I am told that “discussions continue” but that “the security services concerns are not being met”.

The BPI (who wrote the opposition amendment in the first place) further reported in their memo the expectation that the Government would bow to the security services’s concerns and just remove Clause 18 from the Bill in “wash-up“, leaving the opposition whips (MPs hardly get a look in) with the choice of accepting a cut-down Bill or nothing.

Since evasion of web blocking needs more general purpose mechanisms than hiding the identity of file-sharing peers, it’s obvious why the security services concerns have resurfaced so strongly now. However, one wonders why their concerns about disconnection have been stifled. Perhaps they’ve decided that the specialist peer-to-peer obfuscation systems will be too special purpose to be used as the de facto means of communication by those they seek to surveil ? or perhaps they’ve just been told that helping old-media is more important than tracking terrorists ?

Diffie and Landau, in their book on wiretapping, said that “traffic analysis, not cryptanalysis, is the backbone of communications intelligence” … I suspect there’s a number of Parliamentarians who are currently having the ramifications of this very carefully explained to them.