From our Add more hay to the internet haystack series.
Multi-channel communication is simply a fancy term for something we all have done many times without thinking twice about it.
An example would be a letter from your friendly local government and you picking up the telephone to call the clerk because you have a question regarding the content. In this example, we have two physical channels, the paper letter and the telephone line. If you follow up on the phone call by email, you made it "multi" by adding a third channel.
We also know this behavior can cause problems.
Have you ever received a follow-up letter, for instance a payment reminder and reacted furiously with "but I called, and it was all cleared up"? Maybe you had to pay a fine because of confusion resulting from the use more than one communication channel, maybe everything was indeed resolved after the call.
Modern companies and government agencies spend a lot of time and money to collect communication from different channels in a single repository to make purchases traceable, to provide good customer service, to fulfill legal compliance requirements, or to analyze our lives.
So, if you want communication to be less easily traceable, how about using more than one channel?
Let's give a real life, fun example with potentially serious security implications.
Imagine a team of three burly military police arrives at your office one morning, and the guy in the middle - it is always the one in the middle, you know that from the movies - has a briefcase with a document for you.
You read it, and then you come across an acronym that can have more than one meaning. Unfortunately, the difference is critical, and you don't have a secure phone line to the author hundreds of miles away.
You can call the author and tell him or her you have "a document" and would like to clarify "an acronym" on "page 123, line 4, the second acronym". To put the person at ease, tell him or her you don't want to discuss details, you just want to verify that it means what you think it means. A simple yes or no answer.
If somebody is listening in, they won't get much.
An example from the saga of whistleblower Edward Snowden was the use of Twitter by journalists to transmit a fingerprint value. In this example, Twitter can be considered one channel, the other being email.
Computer technology has removed many of the existing physical
boundaries that made traditional surveillance difficult and costly. Even
so, new, if narrower, channels were created, and they are still useful despite
increasing monitoring by private entities and governments alike.
This is basically what the image of the internet as a haystack describes.
Sifting through a haystack for a needle implies discarding stuff that looks like dry grass, which is what the monitoring agents do and what activists and privacy activists try to exploit. Disguising meaningful information as pixels in images or bytes in sound files, and sending protected data by turning them into http text (web page) traffic are some examples of this.
For sneaky nerds, custom HTTP headers can be a handy method of communication without triggering suspicious algorithms watching on a server along the internet. This works because servers that forward traffic ignore custom headers not meant for them and simply pass them on.
Bob and Alice
For example, Bob has a website he wants to use to chat with Alice. So, he writes a small online game and puts it up. Anybody who has internet access can play, including the school kid in India or the retiree in Georgia. The game also includes code that reads and writes a custom http header called, for example, 'x-gameinfo'.
He writes a corresponding version for Alice and gives it to her on a USB stick the next time they meet at their favorite coffee shop, NAS.
From here on out, Alice can play the game and send Bob short encrypted messages as values in the x-gameinfo custom header. Or she can just play.
To make sure that there is always an x-gameinfo header, Bob has written the online game in such a manner that the code sends some "non-message" version of x-gameinfo if any person other than him or Alice are playing.
A suspicious algorithm trying to make sure the internet runs fine will not understand that Bob and Alice are planning their next date at NAS or are working out details of the surprise birthday party for Charlie, who turns 30 in May.
No comments:
Post a Comment