Re: Identification of users of payphones
At 08:03 PM 3/14/03 -0800, Tim May wrote: ... They could be round, for easy handling. And milled for evidence of having been shaved. They could even be made of precious metals for high-value coins, and of base and inexpensive metals for low-value coins. Have you filed for the patent, yet? --Tim May That government is best which governs not at all. --Henry David Thoreau --John Kelsey, [EMAIL PROTECTED]
Re: Identification of users of payphones
On Friday, March 14, 2003, at 09:24 AM, Adam Shostack wrote: Its possible, but expensive; this was done in the Tim MViegh trial; they linked all his calls, and then traced it to him. With computers, this gets easier and cheaper. Social network analysis is an obvious outgrowth of the traffic analysis NSA has been doing for 60 years. What the world needs is some kind of untraceable, unlinkable system. Attempts to deploy Digicash, Micromint, Peppercoin, blah blah have failed for various reasons. Perhaps we need to rethink this. Perhaps the goals could be accomplished with some form of hard-to-forge physical token? Since this would be a simpler version of the digital coins so often considered by researchers, I suggest the name just be shortened to coins. They could be round, for easy handling. And milled for evidence of having been shaved. They could even be made of precious metals for high-value coins, and of base and inexpensive metals for low-value coins. This would solve the telephone privacy issue. --Tim May That government is best which governs not at all. --Henry David Thoreau
Re: Identification of users of payphones
At 08:03 PM 03/14/2003 -0800, Tim May wrote: They could be round, for easy handling. And milled for evidence of having been shaved. They could even be made of precious metals for high-value coins, and of base and inexpensive metals for low-value coins. This would solve the telephone privacy issue. However, they did have other problems. We once had a cypherpunks meeting at Soda Hall in Berkeley, and unlike the usual problems finding parking, I was pleased to find that a bunch of spaces on the street that used to have parking meters had the working parts removed and replaced with flowerpots. While the flowerpots were a nice Berkeleyish touch, the basic cause wasn't a desire to have unrestricted parking, it was a discovery by teenagers that there were pots of money sitting around waiting for people with metal pipes to collect them. Pay phones also have this problem :-) They also have the problem that it costs money to send people around to collect the coins, as opposed to collecting data over wires you've already got, and then there's the problem that there are people driving around in trucks full of money... and of course the problem of deciding whether round pieces of metal have the right politicians' pictures on them without cryptographic help. On the other hand, by switching the money part to coinage, it would free up the data connections for the surveillance cameras.
Re: Identification of users of payphones
On Fri, Mar 14, 2003 at 05:36:28PM +0100, Thomas Shaddack wrote: | Couple months ago, our local Telecom decided to switch over from | easy-to-emulate EPROM-based dumb smartcards (described at | http://www.phrack.com/show.php?p=48a=10 ) to Eurochip ones. Today seemed | a good day to learn more about them, so I sniffed around a bit (eg, | http://gsho.thur.de/phonecard/advanced_e.htm ) and stumbled over some data | that could have unpleasant implications. | | | In Europe, chip cards for paying in payphones are common. However, the | cards have serial numbers, usually assigned sequentially during the | manufacture. | | It is possible to keep track of the serial numbers vs shipments. The | phones may record (or even online-report (eg, for fraud prevention)) the | serial numbers of the cards used. Then it could be possible to list all | calls done from the same card, possibly indirectly identify the person who | made that call from a public payphone by matching their calling patterns. | It could be also possible to identify where and approximately when the | card was bought, putting more constraints to its owner's possible identity. | | I can't assess the real proportions of this threat, but it is another | thing to be aware of. Its possible, but expensive; this was done in the Tim MViegh trial; they linked all his calls, and then traced it to him. With computers, this gets easier and cheaper. Social network analysis is an obvious outgrowth of the traffic analysis NSA has been doing for 60 years. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume