On Sat, Aug 11, 2012 at 11:51 PM, Greg Norcie <g...@norcie.com> wrote: > Some crazy new correlation attack might be possible... but using it as > evidence in court would be quite difficult.
Wrong mental model. You're assuming a "lawful" attacker. This is just fundamentally incompatible with any definition of attacker that I care about. A real attacker doesn't follow rules that can be bent or broken. In this case you're assuming a particular threat set—prosecution by law enforcement in a place where the rule of law is largely effective and at least somewhat just. While that may apply to people trafficking banned goods in the US, those aren't the only users of tools where these attacks could be applied. If the analytic tools reliably identify their targets, that may be all that's required for someone to go out and kill them. The threat against people promoting disapproved-of political positions or religions, or people disclosing evidence of unlawful and unethical acts by powerful parties, can be expected to be more like the latter than the former. Even so, fancy correlation isn't used as evidence for a conviction. It's used to identify the actual parties, then regular focused evidence gathering and investigation does the rest. In the US, potentially it gets used to generate probable cause for a search, as the bar there is so low as to be almost non-existent and there is no before the fact adversarial process to challenge them. Even absent it, it's trivial to manufacture ample probable cause against anyone, but doing so doesn't scale as an investigative tool unless the targeting has been highly focused first. Perhaps most importantly: a child sex trafficking ring doesn't need to convince a court of law that a new customer is certainly law enforcement before deciding not to do business with them, and I very much want the people doing socially important enforcement work to have good tools and operating procedures so that they can enjoy the full investigative benefits of privacy technology. The fact that evidence guidelines may make non-cheaters working for social good weaker is actually good motivation for developing protection against techniques which are mostly useful to attackers who don't care about following those rules. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk