Skip to main content

Changing the economics of mass surveillance, epilogue...

2 min read

So, over on my blog, I just posted a piece on how we might counter government mass surveillance by changing the economics of the equation.

Something I didn't want to put in the article, partly because it didn't really fit, but mostly because I didn't want to necessarily condone an illegal act (even if it were pressed into service to counter the massively criminal act of the mass surveillance of innocent human beings), is this...

What if, and I'm only suggesting this as a thought experiment here, what if we got the spammers involved?

Spammers use massive botnets of compromised Windows PCs around the world to sell vast quantities of crap via email. It has been speculated in the past that most of the world's spam originates from botnets controlled by only a handful of ringmasters.

They are typically run as a business; I have a spam email I want to send, I go to one of these controllers and pay them to send it. What would happen if I paid them to send it as a PGP encrypted payload instead?

If the zombie machine generated a fake public key for the address they were sending the message to, an observer listening on the wire would have a hard time working out whether it was genuine or not.

Funding this long term could be an issue, since spamming pays for itself and this won't, but I can see this as being something that Anonymous could conceivably do. They have already demonstrated capabilities in the past to conduct massive DDOS attacks (which implies significant and coordinated resources in terms of zombie assets, funds and a political motivation).

Anyway, discuss.