The NewScientist article Laptops could betray users in the developing world said
IN JANUARY, a court in Mazar-e-Sharif, Afghanistan, sentenced a young journalism student to death. Sayed Pervez Kambaksh’s crime was to download and distribute a document about Islam and women’s rights to his fellow students at Balkh University in Mazar, an action that the court considered blasphemous. Despite widespread international condemnation, the Afghan Senate later passed a motion confirming the death sentence.
Kambaksh was caught because some of his fellow students reported him to the authorities. But oppressive governments could soon have a simple way to track the internet activity of their citizens directly, potentially paving the way for many more such cases.
For security reasons, sensitive data sent over the internet, such as that used for online banking transactions, is digitally signed at source with a signature that can be traced to the user’s computer. This helps validate their identity and guard against fraud. The system is known as non-repudiation, because the person creating the digital signature can reasonably be assumed to be the source of the sensitive data and, in a fraud case, for example, cannot repudiate this.
If this system were to become the default setting for all traffic on a network, there would be nothing to stop authorities from tracing the source of any online activity, says Len Sassaman, a computer security researcher at the Catholic University of Leuven (KUL) in Belgium. Users would be stripped of their anonymity and authorities could identify anyone that criticized them. “If countries like Afghanistan were to switch to a system where the user cannot refute any action they took on the internet, I suspect we’ll see more cases like Kambaksh’s,” says Sassaman.
Now Sassaman and his colleague Meredith Patterson at the University of Iowa in Iowa City claim a prominent philanthropic organization is inadvertently in the process of introducing just such a system across the developing world.
Len Sassaman is an advocate for privacy, current maintainer of the
Mixmaster anonymous remailer code, and remop of the randseed
He was employed as the security architect and senior systems engineer for Anonymizer. Currently he is a PhD candidate at the Katholieke Universiteit Leuven in Belgium, as a researcher with the COSIC research group, led by Bart Preneel. David Chaum and Bart Preneel are his advisors.
Len’s research is centered around the topic of privacy enhancing technologies. In particular, he is focused on both attacking and defending anonymous communication systems, exploring the applicability of information-theoretic secure systems for privacy solutions, and designing protocols which satisfy the specific needs of the use case for which they are applied.
He has a very strong interest in the real-world applicability of his work; while some of what he does is pure theory, Len has always held the belief that if a system cannot be implemented easily or be easily understood by the implementors, its utility is limited. Similarly, he believes that usability is a security concern; systems that do not pay close attention to the human interaction factors involved risk failing to provide security by failing to attract users. Thus, he follows closely the fields of HCI and Applied Programming as well as Information Theory, Cryptography, and Anonymity.
Len is a cypherpunk and privacy advocate. He worked for Network Associates on the PGP encryption software, is a member of the Shmoo Group, a contributor to the OpenPGP IETF working group, the GNU Privacy Guard project, and frequently appears at technology conferences like DEF CON. He is the cofounder of CodeCon along with Bram Cohen, coauthor of the Zimmermann-Sassaman key-signing protocol, and was an organizer of the protests following the arrest of Dmitry Sklyarov.
On February 11, 2006, at the fifth CodeCon, Len proposed to returning speaker and noted computer scientist Meredith L. Patterson during the Q&A after her presentation, and they are now married. The couple has worked together on several research collaborations, including a critique of privacy flaws in the OLPC Bitfrost security platform.
Len coauthored How to Bypass Two Anonymity Revocation Schemes, Subliminal Channels in the Private Information Retrieval Protocols, The Pynchon Gate: A Secure Method of Pseudonymous Mail Retrieval, Comparison between Two Practical Mix Designs, Heartbeat Traffic to Counter (n-1) Attacks: Red-Green-Black Mixes, and The Byzantine Postman Problem, and authored The Faithless Endpoint: How Tor puts certain users at greater risk. Read the full list of his publications!
Watch Len Sassaman & Meredith Patterson are CodeCon Valentines and DC15 Badge Hack: Audio Line-Level Meter and Rap Song.