Comment by rayiner
12 years ago
> I also think a company could have a reasonable defense if the fact that a customer is under surveillance were revealed by a side channel e.g. an observable increase in latency, despite the clear information theoretic argument that that such a side channel "communicates" the surveillance to a customer.
If the intent was to communicate, I don't see how the fact that it's a side channel is relevant.
Yeah but now you need to work to prove intent. A company can make a good defense that the side channel was unintentional, especially if they never bothered to tell their customers what to look for (someone would eventually figure it out on their own, if the latency difference was noticeable). It could happen without the company's management or legal team even knowing; a developer could just hide a subtle scalability bug in the wiretapping system, so that a large number of wiretap requests triggers the side channel (take a look at the Underhanded C Contest if you doubt that such a bug can be easily hidden in even a small codebase).