Susan Crawford's post The Auction, the Cops, and Comcast, highlights a request from the US Department of Justice to the FCC that is likely to result in an FCC Notice of Proposed Rule Making (NPRM). As I read her post, I recalled an interesting paper on surveillance. Here's the relevant part of Susan's post (bold italic highlighting is mine):
The NPRM, if it follows the DOJ’s request, will suggest (among other things) that all of these providers should build their routers and network hardware to provide “packet activity reporting” for all packets crossing their networks, and physical location information for all of their customers at all times. It will also suggest that very fine-grained timing information is needed - something that the internet and its applications don’t provide at the moment. “Packet activity reporting” means that the broadband provider will need to know the destination IP address and port number for everything happening on its network.
The idea is that these designs will help law enforcement when they want to carry out a request for call-identifying information.
A few months ago I happen to read a 2002 paper by Xinyuan Wang, Douglas S. Reeves and S. Felix Wu entitled Inter-Packet Delay Based Correlation for Tracing Encrypted Connections Through Stepping Stones.
I should comment that, when I travel in China, I use TOR (The Onion Router)
to bypass the Great China Firewall. TOR works by passing your traffic through a series of intermediate routers, with intermediate connections encrypted, so a third party observer can't tell whose traffic is going where. This is mildly useful to me when I'm in China, but it can be life saving for dissident writers living in totalitarian states.
So it was somewhat distressing when I read the paper by Wang et al.
From their abstract:
... we address the problem of tracing encrypted connections through stepping stones. The incoming and outgoing connections through a stepping stone must be correlated to accomplish this. We propose a novel correlation scheme based on inter-packet timing characteristics of both encrypted and unencrypted connections. We show that (after some filtering) inter-packet delays (IPDs) of both encrypted and unencrypted, interactive connections are preserved across many router hops and stepping stones.
and from their conclusion:
Our correlation metric does not require clock synchronization, and allows correlation of measurements taken at widely scattered points. Our method also requires only small packet sequences (on the order of a few dozen packets) for correlation. We have found that after some filtering, IPDs (Inter-Packet Delay) of both encrypted and unencrypted, interactive connections are largely preserved across many hops stepping-stones. We have demonstrated that both encrypted and unencrypted, interactive connections can be effectively correlated and differentiated based on IPD characteristics.
So it's clear what the Department of Justice has in mind. Of course, if the Department of Justice gets this through, it will just be an added expense on all ISPs (and thus on their customers, i.e. you and me). It won't actually work against the bad guys (or the good guys) as it's fairly simple to imagine an outbound packet scheduler that introduces jitter into each flow at each onion router.