This proposal does seem to be exceptionally silly. Any
well-advised Bad Guy™ will be able to avoid it. The problem (for the “authorities”)
is the diversity and rapid evolution of the services available on the Internet.
Standard email is not a great problem. It is handled in a
fairly straightforward way using a handful of published protocols. (SMTP, IMAP,
POP3, etc.). If you use an email program, those acronyms will almost certainly be
involved “under the hood”.
If you use a web-based email service such as Google, Yahoo
or Hotmail it's a bit harder to snoop. Such services tend to use secure
protocols such as HTTPS. However, I'm going to ignore that layer of protection
purely because it's possible that the
authorities can defeat it. The problem is that the protocols used by web-mail
services are diverse, often proprietary, unpublished and worst of all,
frequently changing. This makes monitoring a major technical project.
The situation gets worse when you start to look at the many
other messaging systems around. I'm thinking of services like Facebook that
provide several ways for people to “talk” and the technical bits underneath are
changing all the time. Another example is Ebay where a communication channel is
provided between sellers and buyers.
To be sure, the snoops will probably have no difficulty
proving that target A and target B both visited Ebay last week. But then, so
did millions of other people. So the snoops would need to do some more
technical work. Just for Ebay and then for all the other sites the Bad Guys
might use. And there'd be endless maintenance as sites were “improved”.
There is one useful trade-off the monitors could use. They
could not bother doing the detailed technical work on minority sites. Sure, the
Bad Guys might use them but basic traffic
analysis works better on them. If terrorist C uses obscure.com and so does
terrorist D then it tends to suggest they may be communicating – although it's
unlikely to be solid enough on its own for a jury
No comments:
Post a Comment