|Home » Industry Watch (» The Technological » Hall of Monkeys » Heroes Banquet)
Brokep's Light Bulb
There's a way to screw the FRA. For now.
THE INTERNET (Rixstep) -- Former TPB spokesman Peter Sunde aka brokep claims he's found a way to sidestep the hated 'Lex Orwell' which lets Sweden's Försvarets Radioanstalt (FRA) spy on all traffic passing over the country's borders.
'I work much better as a technology activist than as a politician, so my focus has been to design a system in order to prevent FRA from getting any data from us, even though they can listen in to it', writes Sunde on his blog.
The idea is eminently simple yet brilliant.
'In order for a circumvention system to become widely spread it needs to be cheap. It also needs to be quite simple to set up. In order for it to be really successful one would have to avoid installing software on clients.'
'And you know what? I've got somewhat of a solution figured out. Right now, we're building version 0.1 of this system. On paper, it works splendid. I see no reason for it not to work.'
Normal traffic passes from Swedish computers out onto the Internet in the following fashion.
Users connect to their ISPs and the ISPs route the traffic onto the Internet. And in most cases, the traffic passing Sweden's borders will be unencrypted - meaning the FRA can pick it up and make some sense out of it. And from there they can create sociograms to learn more about you. Delicious.
'The sociogram is actually the most important tool for FRA since they will not be able to break any serious encryption, at least not in real time or in any serious volume.'
To make things difficult for the FRA one simply uses a VPN.
Users connect to their ISPs and the ISPs route the traffic to a VPN service such as Ipredator which is hosted in Sweden. The IP's now one belonging to the VPN service and not the real IP. And the traffic is also encrypted, making it difficult to eavesdrop and use for sociograms.
But even if this thwarts most monitoring, the FRA can still cull useful data as they can still see the communication endpoint. Time for the next step.
The solution currently being built for Ipredator looks like this.
Users connect to their ISPs and the ISPs route the traffic to Ipredator and Ipredator now encrypts all traffic destined to pass over Sweden's borders into a single big encrypted traffic stream.
'You can compare it to taking thousands of letters and putting them into a single box. The big box is then sent over the Öresund Bridge to another traffic concentrator in Denmark that decrypts the big stream into the small letters again.'
'What will actually happen with the system is that the FRA will only see one single connection. It will be a highly encrypted one. It will have one static sender and one static receiver. There can be no sociograms. And the capacity for cracking the encryption for gigabits of traffic in realtime would be so high that it can't be done with today's computers', writes Sunde.
'Voilá, we have made the FRA law technically obsolete.'
And the costs for this system?
'The traffic concentrators we're building are based upon the VIA Nano chipset with its Padlock feature. It's capable of encrypting 12.8 Gbps in the CPU. And it costs less than €100.'
There are further costs depending on the required bandwidth - Sunde says they need two 10 Gbit NICs per concentrator - but those are 'plant costs' (one time only). Otherwise it's only the agreement with the bandwidth supplier over the bridge.
'Any ISP can set this up. It requires no installation of software on users' machines. If the Swedish ISPs want to, they could set this up without the need for a third party VPN service. It would make the FRA law totally useless. The cost in total would be very small for the ISPs and my guess is most of their clients would gladly pay some extra kronor to have this set up.'
'Politicians know that politics beats business. Now they'll learn that technology beats politics.'
There are many who laud this proposal as brilliant but there are others who see potholes in the road ahead. But it's hardly relevant: what Sunde's proposal shows is that the cat and mouse game can go on forever. The Bodströms and Sarkozys will continue to try to thwart technology and the tech-savvy will always find ways around whatever they come up with.