Planet Telex

Ed Felten’s computer science policy shop at Princeton, the CITP, is a temple of policy perversity. He and his team of merry pragmatists have for years specialized in spotting unexamined assumptions in the conventional policy wisdom about technologies of obvious real-world importance, then finding technical twists that utterly shatter those assumptions. Consider:

  • We assumed that blank pieces of paper are identical and untraceable. But no: blank paper can be fingerprinted using ordinary scanners.
  • We assumed that when a computer is turned off, everything in its memory goes away, including the key needed to access an encrypted drive. But no: cool off the memory chips and you can recover the encryption key from a (literally) cold boot.
  • We assumed that multiple-choice bubble forms are anonymous. But no: different people consistently fill in their bubbles in different ways.
  • We assumed that the public challenge to break the SDMI watermarking schemes was designed to find and deal with the the problems of the proposed schemes, not to hide them. But no: the RIAA not only tried to suppress the research, but ended up looking like buffoons for doing so.

And so on and so on. What these analyses have in common, beyond the technical skill behind them and the clear and dispassionate prose with which they are described, is a Neo-level willingness to bend the rules of technical convention. There is no spoon for these guys, and there never was. I suspect that the qualifying exam for Felten’s graduate students consists entirely of playing through the old Hitchhiker’s Guide to the Galaxy text adventure; anyone who successfully completes the puzzle that requires (literally) removing one’s common sense passes.

The most recent and most remarkable example of this specialty comes not from CITP itself, but from a team of authors including CITP alum J. Alex Halderman, now at the University of Michigan. Meet Telex, a new system for circumventing censorship on the Internet, which turns everything you thought you knew about the problem and turns it inside out.

The problem is familiar. A computer user in a country with an authoritarian government — call her Alice, of course — wants to visit Bob’s (foreign-based) website to post and read a discussion board criticizing the government. Unfortunately for Alice and Bob, the Ministry of Truth has Bob’s website on a list of blocked sites, and logs any attempts to visit it. The standard technique is for Alice to use a proxy server (provided by, oh, let’s say Pete). Alice sends a web request to Pete’s server instead; Pete relays the request to Bob, then relays Bob’s response back to Alice, and so on. The trouble with this approach is that the Ministry can add Pete’s proxy to the blocklist and log attempts to visit it, and so on. This has led to a cat-and-mouse game, both technical and social, between censors and anti-censors, one that neither side can ever definitively win.

Telex does something that at first blush sounds absurd. Alice connects instead to Irene’s innocent website, using an encrypted connection. The protocol that defines the process for setting up the encryption specifies that, at one particular point, Alice must supply a random number. Alice doesn’t do that. Instead, she provides a code that looks random but isn’t. At this point, a router along the route from Alice to Irene suddenly snaps to attention. That random number going by wasn’t random. No, it’s the Bat-Signal! The router watches silently until the encryption between Alice and Irene kicks in, then starts relaying Alice’s messages to Bob instead. Alice now has an encrypted channel to Bob, but so far as the Ministry can tell, Alice’s channel goes to Irene.

Telex was designed to be hard to detect. The full paper shows that while the scheme isn’t perfect, it will be quite difficult for the Ministry to distinguish a wholly innocent connection to Irene from a Telex-based connection that only appears to be going to Irene but is really being redirected to Bob instead. The Ministry could start blocking Irene, too, but because the scheme doesn’t require Irene’s cooperation (indeed, she need not even know this is going on), Alice could have chosen some other site instead. As long as enough different routers are watching out for Telex Bat-Signals, Alice has a free hand in picking any decoy site to connect to. The Ministry really would need to cut off access to most or all of the Internet to limit Alice’s access to Bob. And as we saw in Egypt, when the cute cats get cut off, people know the government has gotten desperate.

Telex is sick. It does at least three things that are flagrantly wrong according to the usual technical definitions of correct behavior in a protocol:

  • Not only does Telex tolerate the fact that the router is watching for the Bat-Signal, it positively requires that it do so. The router must engage in deep packet inspection (DPI), examining the contents of each message as it goes by, rather than just delivering it. This behavior breaks the layered model of the Internet; a router is “supposed” to pass IP datagrams along to the next hop in the chain, without paying attention to the semantics of the contents when interpreted as messages according to higher-layer protocols.
  • Once the router starts relaying Alice’s messages to Bob, it needs to do something about the connection Irene has just participated in setting up. So the router immediately tells Irene to drop the connection, using a “forged RST packet” that appears to come from Alice. This behavior breaks the end-to-end model of the Internet; a router is “supposed” not to alter the contents of the messages exchanged between two endpoints. It especially shouldn’t lie to one of the two endpoints to say the other endpoint doesn’t love it anymore and is ending the relationship.
  • Telex requires that the router be able to decrypt Alice’s messages, but the encryption handshake used by Alice and Irene is designed so that computers in the middle won’t be able to break the encryption. So Alice cheats: in essence, she lets the router look over her shoulder by choosing a secret number that the router already knows. This breaks the theory of using good encryption; one is “supposed” to pick random numbers to foil eavesdroppers.

I have argued for some time that lawyers and law professors should be extremely cautious in attempting to derive the “ought” of legal conclusions from the “is” of how technical systems are specified. Just as with the words of a contract, one needs to know something what the parties meant by their use of a protocol, and the answer to that question need not lie in the protocol’s official specification. (Think, for example, about robots.txt.) Textualism, in other words, cannot be a complete theory of interpretation for computer code. (Neither can pure purposivism, but that is a topic for another day.)

Telex now has me convinced more than ever that we should be reluctant to reify technical standards into legal ones. Imagine the consequences if any of these three rules above were actually binding rules of law. If it were illegal to forge RST packets, Telex could not work. True, the user signals her intent to have one forged on her behalf, but what about poor deluded Irene? Might some court perhaps say that her system was accessed without authorization, since Alice chewed up some of Irene’s computational resources for a transaction of utterly no benefit to Irene?

If we want our Internet policy to be driven by actual social goals, by principles like “censorship by authoritarian regimes is bad,” then we will need to be somewhat flexible about the technological means by which we achieve those goals. A layer-respecting, end-to-end, cryptographically robust Internet is not an end unto itself; it is a means to other ends. It may well be the case that such an infrastructure is in fact highly generative and strongly freedom-enhancing, so that we will almost always prefer an Internet that has these characteristics almost all of the time. But there is no point in being dogmatic about striking those “almosts” for the sake of technological or philosophical purity. If some clever people trained in the Felten tradition of perverse benevolence find a way to do good in the world by doing something very wrong to a protocol, we should hear them out … and then reassess where things stand in our new and altered universe.

I predict that Telex is going to upend the network neutrality debates. Now, Telex itself is probably not a violation of the network neutrality rules that the FCC has twice attempted to enact. For one thing, Telex is designed to assist users with the active cooperation of ISPs, so that everyone with a stake in the question will want it to be legal. For another, the rules themselves have both times had too many qualifiers and missing definitions for there not to be safe space big enough to shelter Telex.

But what Telex does do is throw the assumed battle lines out the window. So far, forged RST packets and DPI have primarily been tools of ISP-level control over users. If the forged RST packet is the knife, DPI lets the ISP know when and where to cut. Together, they let governments censor their citizens, and let Comcast block BitTorrent. Little wonder, then, that they are cast as network neutrality villains by user groups, or that scholars have sometimes cast about for legal principles that would put these technological practices beyond the pale. For their part, the ISPs have claimed they need such techniques to make their networks work, to prevent misuse, to recapture their investments, and so on.

With Telex, though, everything is topsy-turvy. Users (primarily abroad, but also perhaps at home) are the beneficiaries of Telex; they are the ones who will benefit from its unorthodox new twists on old protocols. And ISPs are the ones who will bear the burden: they will have to modify their routers to watch for the Telex Bat-Signal and swing into action when they see it. There’s no obvious business case for doing so, which means we can expect the ISPs to need to be either pressured or bribed to support Telex. In other words, here is a blatantly non-neutral network modification, but one that is good for users and bad for ISPs.

Telex is a fascinating new idea. I hope that it works, and I look forward very much to seeing people’s heads explode as they realize what it does.

we can expect the ISPs to need to be either pressured or bribed to support Telex

And if the ISPs do not come out to play?

Then nothing will happen.

If routers can look for secret numbers, so can governments.

Earl, good point. Telex uses public-key cryptography to deal with that problem. The Telex-enabled routers have a private key that they can use to attempt to decrypt the “random” number sent by Alice. Using that private key, the routers can distinguish Bat-Signals from actually random numbers. To anyone who doesn’t know the private key, Bat-Signals are indistinguishable from random numbers. This is actually one of the most subtle pieces of the paper, and the particular cryptosystem that Telex uses will need vetting from people considerably more expert in elliptic-curve cryptography than I am. The system also obviously depends on the security of the private keys; I suspect that key distribution will be a subtle problem in practice, as the ISPs deploying Telex may not be completely trusted parties.

as the ISPs deploying Telex may not be completely trusted parties

Please don’t be offended, but in my eyes, this is so understated it borders on sarcasm. Considering that they are trying to defend this secret from national-level adversaries, I find the cost of maintaining this defense to be the major sticking point of the scheme, which I admit is quite ingenious (but I haven’t had the chance yet to read the paper in depth).

Another possible sticking point is that even encrypted communication can be amenable to traffic analysis, so Irene’s website should be chosen carefully, in that its ordinary traffic statistics are not very distinctive.

James, I wonder if this does in fact upend the presumption against DPI and forged packets. There’s a strong legal and moral presumption against wiretapping, for instance, with recognized exceptions for specific good causes. I don’t think that the clever use of tools that can be abused necessarily upends the presumption against their use.

Ron: Me be sarcastic? Never. My estimate is that the necessary institutional arrangements could be made secure against a Myanmar but not against a China. The paper discusses some traffic analysis issues, but you’re right that this is also a concern.

Sherwin: Personally, I’m not a fan of presumptions. I prefer to evaluate each case on its own merits. In that respect, I wholly agree with you: Telex does nothing to the cases against ISP blocking via forged packets and DPI for ad insertion and copyright enforcement. Those are simply different issues and the fact that Telex is good does not tell us whether they’re good or bad. That said, there’s a strain in the literature, both academic and activist, that wants to make bright-line rules out of various protocols and standards. It’s more dramatic than a presumption — it becomes conclusive or nearly so.