Dean Anderson wrote: > > On Thu, 12 Feb 2004, Ed Gerck wrote: > > > > You can't make it more expensive without shooting yourself in the foot. > > > In information theory-speak, you can't prevent a covert channel** unless > > > you have no channel at all. > > > > By the addition of a correction channel (Shannon's 10th theorem), > > a covert channel can be detected with a probability as close to 100% > > as I wish. > > Err, I think that allows you to correct _errors_ in transmission. Shannon distinguished messages --or intended information-- from noise. The distinction beween noise and information is that information is what the sender wants to send or, alternatively, what the receiver wants to receive. If the channel is a covert channel, it is fair to assume that either the sender or the receiver (or both) do not intend it to exist (otherwise, it would not be a covert channel). Thus, a covert channel transmits information that can be considered for modeling purposes as a source of noise. Since the 10th theorem applies to any source of noise, it also applies here. The devil are in the details, though. The 10th theorem does not tell you how to do it -- just that it is possible and that the noise (covert channel information) can be detected with a probability as close to 100% as desired. > > Easy. By applying Shannon's 10th theorem. Sample enough mail at > > distribution centers (going back to the source, which is possible > > even without a legal mandate to open the envelopes) and bar the > > culprits from sending govt. mail until the probability that any > > mail is incorrectly using govt. envelopes is a close to zero as desired. > > Unfortunately, you described a detection mechanism: Whack-a-mole. Actually, I described a detection AND a correction mechanism. The correction mechanism uses a correction channel as given by the 10th theorem. BTW, just sampling 1% of mail might be enough to prevent misuse to almost 100% confidence. > But we are looking for (and you promised) a mechanism which makes it > impossible for them send it in the first place: No more whack-a-mole. The "impossible" promised by Shannon's 10th theorem is "probability as close to zero as you wish". That's what I also promised and delivered. It should be good enough for you ;-) > Clearly, in the sampling example, they can use invisible ink to fool the > censors, or write their messages in an ordinary looking code that looks > like official business (steganography). Either can be detected, and corrected. If you are following the whole DRM and music copyright issue, you have many examples why steganography is at most a deterrent, not a secure technique. > This example isn't nearly as hypothetical as it sounds. The > US [and other governments] really used to open international mail to look > for secret messages. We used to also test letters for the presence of a > number of invisible inks. The Germans invented an invisible ink that was > inpervious to testing for a long time. The US censors would even re-write > personal letters using slightly different words to preclude the use of > special code words. Then came micro-dots and so forth. Each channel > detected led to the creation of new channels (either different people, > same method, or new methods) within the postal mail system. But it did > not lead to any situation in which sneaky channels were impossible. Your examples actually show how a correction channel can work. Your argument that a sneaky channel is still possible is also included in Shannon's 10th theorem -- the correction channel needs to have a larger capacity than the noise channel. If you have an unaccounted-for noise channel (e.g., a covert channel), your system is still not good enough. > Fault tolerance doesn't seem to be helpful. To design a system that can't > send spam, This is not our goal -- the problem is at the receiving end, since the sending end can use anything (even non-conformant systems). The issue in the proposal is to design a system where *receiving* spamm can be made as hard as the recipient wants. > you have to first identify the properties of spam in such a way > that a person dedicated to breaking the rules would be prevented from > sending spam. Information theory tells us that such a goal is impossible > to obtain when it tells us that a covert channel can't be proven not to > exist. When the recipient detects a spam message, the existence of at least one covert channel is exposed. As I envision the proposal, the recipient should be in control of how to react -- since different users will have different goals. For example, according the number of spam messages received, the recipient can be more or less demanding on the sender of ANY message for senders without a previous relationship. Thus, the sender can be reduce the covert channel's capacity as much as the recipient wants. > > When you outlaw spam, only the outlaws spam. So what? The > > problem still remains, even if you call them outlaws. > > Actually, genuine spam is not outlawed. It depends how you define spam. Genuine "spammers" would quibble with you calling them spammers. I'd call them email senders. > Only the spam sent by people who > are not genuine businesses is outlawed. Not true. If a genuine business continues to send me messages after I unsub, it is spam. The classification of spam is not based on who sends the message. > I expect that this abuse is sent > by a very small group of people. Prosecuting this small group should be > relatively easy. It has not been and it will only get worse. > > Also, users should not have to sue spammers, or have any other burden, > > in order to protect the users' resources. Imagine if I would have to > > manage 300 lawsuits a day (the average spam rate that my system cannot > > automatically detect as spam)? > > This is an exaggeration. There aren't 300 unique spammers per internet > user per day. Agreed -- it's an understatement. I believe there are perhaps 1000x 300 unique spammers per day. Some I don't hear from (they're local -- for example -- for Korean readers), some are in burst mode and I only hear them once in a while, some morph under different names and hosts, some I blacklist, some I detect and some I drop.