Traffic analysis is a powerful surveillance technique used by secret services and large IT companies. In an interview, Dutch IT expert Bart Wessel explains how traffic analysis works and why so little is publicly known about it.
Why Metadata Matters is the title of an article written by Kurt Opsahl for the Electronic Frontier Foundation. The following presentation slide summarizes this article quite well:
The message of this slide is obvious: If you listen to communication, you can gain a lot of information without knowing what is said. Just by looking at the metadata (who’s talking to whom, when, how often and how long?) you learn about interesting things. This process is referred to as “traffic analysis”. It is clear that encryption doesn’t help much against traffic analysis.
The term “traffic analysis” has been known to me for a long time. It is mentioned in some of my books. However, I never thought much about it. This changed, when I recently met Bart Wessel from Venray, NL. Bart is an experienced IT expert and radio amateur with a background in physical engineering. He sensitized me for traffic analysis and caused me to write a blog post about this topic (in German).
Last week, I met Bart again in the Netherlands. This time he gave me an interview about traffic analysis. Here it is:
Question: In World War 2 British cryptanalysts in Bletchley Park were very successful in breaking German Enigma messages (based on previous work of the Polish). However, some of the Bletchley Park material is still classified. What kind of information is still unpublished?
Wessel: Very little has been declassified about traffic analysis. We know from several sources, e.g. books about Enigma codebreaking, that traffic analysis played an important role in Bletchley Park. Even on days the British could not break the German Enigma keys they could still derive information from traffic analysis.
Question: What exactly is traffic analysis?
Wessel: Traffic analysis refers to analyzing communication without knowing its content. Only metadata, like sender name, receiver name, size of the message or sending time, are known. Traffic analysis is more effective than many people think. Suppose, somebody knows that your smartphone and mine are currently at the same location and that they also were, when we stayed in Friedrichshafen recently. Suppose, it is also known that we have exchanged a few emails this week. Given this information, it becomes very likely that we have met in person. The metadata we produced gives away a lot of information, even if the content of our communication remains completely secret.
Question: Why do you think that information about WW2 traffic analysis in Bletchley Park is still classified?
Wessel: The traffic analysis methods developed in WW2 are still valid today. The NSA and other secret services are currently very active in this area. They ask telecom providers to provide metadata. Analyzing metadata is easier than breaking encrypted messages, and it can be automated more easily. This is the reason why they don’t want to promote knowledge about traffic analysis in the public.
Question: Do you think that since Snowden’s revelations traffic analysis has received more publicity?
Wessel: Yes, and I don’t think the NSA is pleased with this development.
Question: Can you name some countermeasures against traffic analysis?
Wessel: To avoid changes in traffic intensity, it helps to send dummy messages. In addition, using wireless communication is always a risk, as it can be located and analyzed easily – a satellite is much more secure. Non-standard communication technologies are more difficult to analyze than common ones. And finally, quantum cryptography might be an interesting protection means.
Question: The current situation of traffic analysis is similar to the one of cryptography in the late 1960’s. Back then, it was known that cryptography existed but not much cryptologic expertise was publicly available. This has changed dramatically. Meanwhile, crypto products can be used by virtually everyone. Cryptography is a very active field of academic research and a huge business. Do you think we will see a similar development in traffic analysis countermeasures?
Wessel: I’m not sure. Traffic analysis countermeasures already is a topic of academic study. If successful countermeasures to hide data would become available for the general public to the extend we now routinely apply cryptography, this would be a major setback for law enforcement but a disaster for the the Googles and the Facebooks of our beloved Internet.
Question: Although IT security is a popular topic in the media, we rarely hear of companies reading each other’s’ mails or to listening to each other’s’ phone calls. What about traffic analysis?
Wessel: As I said, it’s easier than analyzing the content of communication. It is just a matter of getting the (meta)data. Between companies, that is not easy to do legally. For national agencies, industrial espionage is almost certain to include traffic analysis.
Thank you very much to Bart for this interview!
Follow @KlausSchmeh
Further reading: A fascinating report of Enigma’s contemporary witness, Max Rüegger
Kommentare (1)