Re: proposal for built-in spam burden & email privacy protection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Dean Anderson wrote:
> 
> On Thu, 12 Feb 2004, Ed Gerck wrote:
> 
> > > You can't make it more expensive without shooting yourself in the foot.
> > > In information theory-speak, you can't prevent a covert channel** unless
> > > you have no channel at all.
> >
> > By the addition of a correction channel (Shannon's 10th theorem),
> > a covert channel can be detected with a probability as close to 100%
> > as I wish.
> 
> Err, I think that allows you to correct _errors_ in transmission. 

Shannon distinguished messages --or intended information-- from noise. 
The distinction beween noise and information is that information is
what the sender wants to send or, alternatively, what the receiver
wants to receive. If the channel is a covert channel, it is fair to
assume that either the sender or the receiver (or both) do not intend
it to exist (otherwise, it would not be a covert channel). Thus, a 
covert channel transmits information that can be considered for modeling purposes as a source of noise. Since the 10th theorem applies to any 
source of noise, it also applies here. 

The devil are in the details, though. The 10th theorem does not
tell you how to do it -- just that it is possible and that the
noise (covert channel information) can be detected with a probability
as close to 100% as desired.

> > Easy. By applying Shannon's 10th theorem. Sample enough mail at
> > distribution centers (going back to the source, which is possible
> > even without a legal mandate to open the  envelopes) and bar the
> > culprits from sending govt. mail until the probability that any
> > mail is incorrectly using govt. envelopes is a close to zero as desired.
> 
> Unfortunately, you described a detection mechanism:  Whack-a-mole.

Actually, I described a detection AND a correction mechanism. The 
correction mechanism uses a correction channel as given by the 10th
theorem. BTW, just sampling 1% of mail might be enough to prevent 
misuse to almost 100% confidence.

> But we are looking for (and you promised) a mechanism which makes it
> impossible for them send it in the first place:  No more whack-a-mole.

The "impossible" promised by Shannon's 10th theorem is "probability
as close to zero as you wish". That's what I also promised and 
delivered. It should be good enough for you ;-)
 
> Clearly, in the sampling example, they can use invisible ink to fool the
> censors, or write their messages in an ordinary looking code that looks
> like official business (steganography).  

Either can be detected, and corrected. If you are following the whole
DRM and music copyright issue, you have many examples why steganography
is at most a deterrent, not a secure technique.

> This example isn't nearly as hypothetical as it sounds. The
> US [and other governments] really used to open international mail to look
> for secret messages. We used to also test letters for the presence of a
> number of invisible inks. The Germans invented an invisible ink that was
> inpervious to testing for a long time.  The US censors would even re-write
> personal letters using slightly different words to preclude the use of
> special code words.  Then came micro-dots and so forth.  Each channel
> detected led to the creation of new channels (either different people,
> same method, or new methods) within the postal mail system.  But it did
> not lead to any situation in which sneaky channels were impossible.

Your examples actually show how a correction channel can work. Your 
argument that a sneaky channel is still possible is also included in
Shannon's 10th theorem -- the correction channel needs to have a larger
capacity than the noise channel. If you have an unaccounted-for 
noise channel (e.g., a covert channel), your system is still not good
enough.

> Fault tolerance doesn't seem to be helpful.  To design a system that can't
> send spam, 

This is not our goal -- the problem is at the receiving end, since the 
sending end can use anything (even non-conformant systems). The issue 
in the proposal is to design a system where *receiving* spamm can
be made as hard as the recipient wants.

> you have to first identify the properties of spam in such a way
> that a person dedicated to breaking the rules would be prevented from
> sending spam.  Information theory tells us that such a goal is impossible
> to obtain when it tells us that a covert channel can't be proven not to
> exist.

When the recipient detects a spam message, the existence of at least one
covert channel is exposed. As I envision the proposal, the recipient should
be in control of how to react -- since different users will have different
goals. For example, according the number of spam messages received, the 
recipient can be more or less demanding on the sender of ANY message for 
senders without a previous relationship. Thus, the sender can be reduce the 
covert channel's capacity as much as the recipient wants.
 
> > When you outlaw spam, only the outlaws spam. So what? The
> > problem still remains, even if you call them outlaws.
> 
> Actually, genuine spam is not outlawed. 

It depends how you define spam. Genuine "spammers" would quibble
with you calling them spammers. I'd call them email senders.

> Only the spam sent by people who
> are not genuine businesses is outlawed. 

Not true. If a genuine business continues to send me messages
after I unsub, it is spam. The classification of spam is not
based on who sends the message. 

> I expect that this abuse is sent
> by a very small group of people.  Prosecuting this small group should be
> relatively easy.

It has not been and it will only get worse.


> > Also, users should not have to sue spammers, or have any other burden,
> > in order to protect the users' resources. Imagine if I would have to
> > manage 300 lawsuits a day (the average spam rate that my system cannot
> > automatically detect as spam)?
> 
> This is an exaggeration. There aren't 300 unique spammers per internet
> user per day.

Agreed  -- it's an understatement. I believe there are perhaps
1000x 300 unique spammers per day. Some I don't hear from (they're
local -- for example -- for Korean readers), some are in burst mode
and I only hear them once in a while, some morph under different
names and hosts, some I blacklist, some I detect and some I drop.


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]