« September 2003 | Main | January 2004 »

6 posts from December 2003

December 14, 2003

Obfuscation Technique for Privacy Data

"Cash on the Table" Example

There is a $100 bill on the table. You know putting off it without the owner's agreement is a crime. But not everyone think so. Then the $100 bill is in vulnerable condition. Because the bill is valuable. Then you would like to take some step to protect it by:

- putting it in wallet
- putting it in ordinally looking bags
- putting it in picture frame
- putting it underneath of doormat
- putting it in steel safe
- putting it in your bank account

These are techniques of making the $100 bill "not looking valuable" and setting "access difficulties".


Then now imagine the $100 bill is your privacy data. How can you protect it?

- putting data some different label
- mapping to multiple label
- encryption of data
- multiple encryption wrapping
- mixing with unrelated data
- chopping up data
- distributing chopped data to separate storage
- random sort of data I/O query
- randomized data I/O timing
- obfuscating sender/destination address
- moving the data through encrypted path
- moving the data peer to peer
- making data redundant
- sending redundant data through multiple paths

Any more thoughts?

December 13, 2003

Scale of Anonymity, Pseudonymity and Identity

Ian Goldberg, a well known crypto researcher and CTO of Zero Knowledge Systems in Canada at the time, introduced the idea of "Nymity Slider" at RSA Conference several years ago. Basically, he saw different state of characteristics between true Identity and true Anonymity. It has four levels in the scale:

- Anonymity
- Non Reversible Pseudonymity (not tied to true identity)
- Reversible Pseudonymity (tied to true identity)
- Identity

I guess that those two kind of Pseudonymity is still new for many audience outside of crypto, security and privacy community.

Non Reversible Pseudonymity or Disposable Pseudonymity is like nick names sometimes called as Nym. They are not strongly linked to person's true identity. If the person happen to want to discontinue the Nym it can be done by disposing.
Actually the use of Non Reversible Pseudonymity is already popular for many ordinally Internet users. We see large number of people are using nick names or handle names for accessing online forums, and taking free email addresses for casual communication.

Reversible Pseudonymity is maybe as nick names backed by true identity. It has to link to true identity. However, making it without disclosing true identity needs some effort. Digital signature technology is thought as basis for realizing this by linking pseudonymity and true identity with mathematical computation. But it can be traceable pseudonyms back to true identity when needed.
(then question arise for Who and What occasion is allowed for trace back and How.)

December 09, 2003

debates on anonymity and pseudonymity

I admit that I wrote a post in haste and I was also insecurely thinking the issues without checking the original context when I wrote this. Actually I'm pushing Japan's government to take pseudonymity systems in gov computer networks and data bases with similar basis of idea that Larry explaining. Yes he said 'nothing about "limiting anonymity."' and 'It only talks about extending pseudonymity.' However, maybe I wished for my self if he said 'something about anonymity' little more proactive look such as pointing out importance of anonymity issues on electronic voting.

December 07, 2003

Broadband in Tokyo

Pablos, my friend in Seattle who runs MetaSecura and Schmoo Group and has close relation to Blue Origin, asked me about Broadband in Tokyo. He heard that homes in Tokyo are getting faster connection than homes in the US. Here's explanation of what is going on in Japan:

-------------------
ah, that buzz seems correct. actually it is mostly DSL. here, now standard offering from almost every DSL suppliers is 24M down/1M up. (of course, actual speed varies with phone wiring issues.) on Nov 26, Softbank and ACCA Networks (a group corp of NTT) announced they are going to start 40M ADSL service from the end of Jan 2004.

following DSL, broadband service providers trying to push Optical Fiber. but big issue here is those providers have to draw fiber cables to houses. often it requires drilling the walls and even to push fibers into old building's conduits. this is major road block of fiberdeployment. an odd thing of most of fiber provider is they use shared model. they often claim it is 100M symmetric but that 100M is shared. if 10 subscribers share one fiber at a same time, the rate obviously becomes 10M per connection. their model take up to 24 subscribers on one fiber.

about cable modem, unlike the US, Japan didn't get cable TV network deployed. it only happened in rural area, but didn't get penetration in cities. because Japan is a small set of islands, terrestrial broadcasting could cover most, then satellite broadcasting started before cable companies raise their business. with these reason, cable modem based internet services locate mostly in rural areas. (also DSL isn't a good choice there cuz phone company's switches are too far from houses to operate good DSL connection)

my ADSL service is 12M down/1M up (actual rate at router is 9934k down/992k up). but there are some odd things I noticed. on my service, once a connection launched I could see the speed but getting to DNS seems slow, often 1 second or couple. also, often download stream looks intermittently bursty. with these issues, I often feel my friend company's T-1 seems faster. : P

Lawlence Lessig's week in Tokyo

Prof. Lawlence Lessig visited Tokyo for a week. His days had been booked so much, everyday during the visit he spent whole day for symposiums and interviews day time then parties and meetings afterward. But I heard he had to deal with emails in the nights. I hope that now he is getting some rest in the airplain.

But while he was in Tokyo, UK's Economist magazine had an article that including Prof. Lessig's comment on anonymity and pseudonymity. It looks like a thread of debate ingnited. I wonder Larry's reply on Politech was afftected by this tight schedule of his visit. It's just a concern of my personal feelings but I think that fatigue affects how people think.
http://politechbot.com/pipermail/politech/2003-December/000275.html

To me, Larry's reply "In my view, we will make no progress following path one, but that we would strongly advance privacy if we could advance path two." is problematic, or just confusing and not explaining enough. (that makes me go back to my concern above.)
Ah, that line was on the following of "What I said was that the trend in our laws was to destroy any privacy at all -- that the idiocy of Patriot Acts, etc., was effectively eliminating any form of privacy. There are two kinds of responses to this -- one to try to defend and build a system protecting absolute anonymity; the second is to build effective protections for pseudonymous life, which is shorthand for traceable transactions, but where the permission to trace is protected by something like a warrant requirement. I'm not saying the government should build these systems, but that they should be permitted and indeed encouraged."

I think that there's at least one thing we need to retain anonymity in networked society: electronic voting. In my view, voting cannot take traceable pseudonymity. It is unthinkable that every ballots traceable back to each voter if we retain democracy. And while network world is "all addressed space", which is equal to no-anonymity by default, anonymity (and pseudonymity) need to be artificially created. However, Larry didn't touch on this. Maybe we would see some more debate at upcoming Stanford conferece in March "Securing Privacy in the Internet Age".
http://cyberlaw.stanford.edu/privacysymposium/

December 03, 2003

Interview with Larry, Glenn and Neeru of Creative Commons

I joined an interview session today with Larry Lessig, Glenn Otis Brown, and Neeru Paharia by Rozina Tea Party for Internet Magazine's article on Creative Commons. (yeah, it is a Japanese magazine)

lessig20031203-sm.JPG

Rozina Tea Party is an ad hoc group who obsessed to copyright law (and other laws maybe), running an email list and occasional face to face meetings. Prof. Shirata of Housei Univ, wellknown for many issues of copyright law, is mentoring the group.

The interview started out from questions regarding to iCommons then moved to many aspect of Creative Commons and its project happening in various countries.

I actually did an interview with Larry in Dec last year for same magazine. It was a week before the official launch of Creative Commons and was probably the first introduction of CC to Japan. I am glad seeing it is making a progress.