Re: What about Traffic Analysis?

[Bennett Todd <bet () mordor net>]

1998-08-06-15:28:33 Adam Shostack:
>       Ok, so the assembled wizards have declared trying to
> understand the content of messages to be a loss, which is toughly
> correct.
>
>       What about performing traffic analysis on the mail flow?
> Catching information by spikes in the places people send mail?
> Sending files to the competition?  Is this worthwhile?  (Assume
> trapping messages that hit some threshold.)

If the environment (views of right and wrong, opinions about the law safely
guided by those views:-) support reading other peoples' mail looking for
misbehavior, then traffic analysis will be very fruitful.

A friend of mine has developed a product for such analysis; he sells it
through <URL:http://www.netmailsecurity.com/>.

In my own experience, if you are ready to read other peoples' email and act on
what you find, traffic analysis will turn up plenty of questionable stuff ---
e.g. people sending their resumes to headhunters, memoranda that look enough
like business confidential material that you end up having to ask the lawyer
whether it's a problem, etc. You'll find a few people sending in and out
pictures, and you won't know whether they've got encrypted content stashed in
the low-order bits. You may turn up real problems --- probably will if they're
there. Yes, it's easy to adjust your traffic to evade the criteria of traffic
analysis, if you know (or can guess) what those criteria are. People don't
think about it, though.

-Bennett