Eugen Leitl writes: > There might be use cases for using end-to-end encrypting > VoIP phones on Mifi over 3G/4G (assuming you can penetrate > the double NAT), as here both security compartments are > separate.
That seems to have some clear potential privacy and security benefits, but if you use a MiFi with a 3G account registered in your own name, the carrier will still be able to track the location of the MiFi device itself and associate it with your identity. We could imagine 3G interfaces with frequently randomized IMEIs and the use of blinded signatures to pay for service, so that the carrier will know that someone has paid but not who the device owner is. (Refilling a prepaid account with that kind of mechanism needn't be much more complicated than prepaid refills today, especially when the user tops up their account at a kiosk with an electronic terminal as opposed to with an online credit card payment or by buying a scratch-off card.) I think this gets us back to the political problem that some governments have already made the use of these mechanisms _illegal_*. A pretty common challenge for situations like this is that if a telco wanted to actively cooperate in order to deliberately know less about its customers, we might be able to figure out a way to make it work technically. But telcos generally don't want to do that and governments don't want the telcos to do it either. And this applies to other kinds of service providers too; there's great research from the academic cryptography world about privacy-protective ways of providing many services but today's service providers are mostly reluctant to make use of this research or other crypto tools to reduce what they know about users (with a couple of shining exceptions). Arvind Narayanan has just pushed a two-part paper in _IEEE Security & Privacy_ about exactly this point: http://randomwalker.info/publications/crypto-dream-part1.pdf http://randomwalker.info/publications/crypto-dream-part2.pdf Narayanan argues that "a mis-alignment of incentives frequently occurs" to discourage the use of cryptography to protect privacy (particularly in the strongest end-to-end sense) and that there is minimal demand for protecting data against intermediaries and service providers. (I find this paper extremely depressing, but it does describe actual events. If I were writing this paper, I would continue to ask how we can increase demand for cryptographic privacy mechanisms rather than declaring defeat.) * To pick up on Narayanan's argument, even if this kind of service is legal and even if carriers thought it was a reasonable service for them to offer, we might expect problems with demand for it. One problem for the level of demand for blinded e-cash payments for telecommunications services is that if users lose their mobile devices and don't have suitable backups, they lose all of their prepaid account value (because it existed only in the form of e-cash on the devices). This is different from the status quo where prepaid balances can be associated with an account that persists and can be claimed by a user if even they lose a particular device. Methods of paying for services that have cash-like privacy properties like cash could be unpopular because they expose to customers to cash-like risks. And many people now prefer to pay for point-of-sale transactions with credit cards despite the major privacy losses compared to cash; probably people who regularly accept that trade-off would be skeptical that totally anonymous prepaid service accounts are a benefit. I've recently done some research and writing about anonymous payments for transportation services and seen that transportation agencies expect very few users to prefer unregistered cash-equivalent payment methods that are purchased in cash. That might be partly a self-fulfilling prophecy (if the agencies don't promote the idea that it's good to pay for transportation in a way that leaves fewer records, and don't do more to make this convenient, clearly fewer people will do it), but it's also surely based in part on their observations from customers' behavior. -- Seth Schoen <[email protected]> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
