UK Proposing Real-Time Monitoring of All Communications
An anonymous reader writes "In response to a plans to introduce real time monitoring of all UK Internet communications, a petition has been set up in opposition."
Previously covered here, El Reg chimes in with a bit of conspiracy theorizing and further analysis: "It would appear that the story is being managed: the government is looking to make sure that CCDP is an old news story well ahead of the Queen's Speech to Parliament on 9 May. Sundays — especially Sunday April the 1st — are good days to have potentially unpopular news reach the population at large."
The point is to initially study who people are talking to, right? That can be used to determine (un)reasonable suspicion. Random thought:
What if, say, hundreds of thousands of people were to sign up to a single service. Each day they posted their messages to that service, plus some garbage, to make a nice constant number of daily "posts". Each day everyone downloaded ALL messages posted to that service. The messages are, of course, each encrypted for the intended recipient, and people never download individual public keys - only everyone's or no-one's.
When a computer has downloaded the message batch, it tries to decrypt all of them, but will only be successful with messages actually intended for the recipient.
1) Is this already used?
2) If not, is this technically feasible?
3) I am assuming that a man in authority would be able to listen to all network communications or retrieve all server content and logs. Will it be possible for them to establish who was communicating to whom?
I understand that there are other options which rely on obfuscating routing between particular destinations. This method relies on not having any routing at all - more like listening to a daily broadcast in the style of the old "numbers stations".
So the system must enforce a service user's lack of choice on what to download and whether to upload (even if you just upload garbage). Anyone reading IPs in a similar "broadcast" service's access logs (e.g. Twitter) will have a good idea who is receiving what - which I think is what this law is taking advantage of(*) - but what if the service's logs were open for all to see, law enforcement or otherwise, because the logs revealed nothing useful?
The practical questions would be concerning whether the idea scales, i.e.
1) how many messages can everyone download at regular intervals (multicast?) before there'd be a need to split the batches?
2) is it feasible to attempt (part) decryption of all these messages to identify which are for you?
(*) The proposed law isn't afaict demanding warrantless "wiretapping" (i.e. of content), but denying privacy of association. This seems to be the route the EU has tried to go down, and mirrors recent legislation in Canada.
Thoughts?