Hi Stephen,
In the UK, a new law has been brought in which would make
it a crime for a suspect who has encrypted data on his computer to fail
to reveal the password to the police.
The police can only issue a disclosure order if they believe on reasonable
grounds... that a key to the protected information is on the possession of
the person in question. I'm not a lawyer but that suggests a defence on the
basis that you don't have, and have never had, the key in question.
http://www.opsi.gov.uk/acts/acts2000/ukpga_2023_en_8#pt3-pb1-l1g49
And in the USA, users with encrypted content are
curently protected by a constitutional right to privacy which prevents
police from compelling them to disclose their passwords. But right now
even that right is being put into question with an important test case
taking place (see link below)...
The test case relates to users who know a password but refuse to disclose
it; it does not relate to users who don't know a decryption key (which
would be too long for most people to memorise anyway).
It is also important to point
out that at least in the USA the NSA avails itself to the use of advanced
programs that can carry out advanced 'dictionary analysis' to permute
nearly every possible combination of letters and numbers for a 'brute
force' attack to discover the password for an encrypted file - a process
that can take years.
Again, this is not strictly relevant - a password can be cracked using
brute force, but a 256-bit encryption key can't.
Secondly, there
are government installations in the UK (for instance a new MI6 building
on the London enbankment, which has the national internet traffic
channeled through it) which carry out surveillance of communications
including internet communications. This surveillance includes not just
keyword profiling but also several other different kinds of intelligent
and statistical analysis of the traffic itself, even where encrypted
files are involved, and an significant intelligence perspective can be
obtained in this way.
Yes, traffic analysis is a very important issue. Freenet does its best to
frustrate traffic analysis by using a transport protocol with no
unencrypted header fields, delaying and coalescing small packets to
disguise timing patterns, and padding packets to disguise the size of the
payload. Nevertheless I'm sure it's possible to design a rule for a deep
packet inspection engine that will identify Freenet traffic.
A possible direction for future research would be hiding Freenet traffic
inside other application-layer protocols (HTTP, BitTorrent, RTP etc).
Cheers,
Michael
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]
