encryption for chat?

OK, I'll make it easier for you next time by typing slower.

Pep (Don't just mean what you say, say what you mean)

You're not at home, making a secret phone call to another private citizen. Linden Lab has a right to monitor everything that happens on its servers, because they are private property. The same way that you have a right to set up security cameras in your own house or place of business.

it isn't against the TOS to talk in code, is it? I would think it isn't, so there shouldn't be any difference if the codification is done automatic

I do seem to be at home at the moment, and frequently am when communicating in SL. Either that, or when I am using the telephone I am also on private property, pace Bruce Sterling:

No, it isn't; I believe that there are clauses about communication being monitored by LL, but that does not place restrictions on what sort of communication can take place.

However, it might well cause LL to be concerned should it start to become commonplace. The thing is that companies which offer encrypted communication usually do that whilst claiming common carrier status; they are not responsible for what is transferred using their systems. LL have implicitly (and practically explicitly) given that up now.

On the other hand I am sure that they are aware that businesses and many private citizens would really very much prefer that their conversations be uninterceptable, and in some cases it may be a legal requirement for them.

I suspect that it will remain a grey area until somebody actually steps up and writes some sort of encryption module.

Holy crap, now that I talked with Tali about the subject, I'm not sure anymore if this is a good time for me to get into it

There should be no fear of encrypted messages clogging up your view, though, as there are different chat and IM types you can use that are normally "invisible"

Nonetheless. Second Life is not a telephone service; it is common knowledge that, mostly for their own protection, they make a record of chat and instant messages (notice they're not called "private messages", as they are in some other places) and have plainly indicated that there are situations in which those records will be shared with other parties. Given this, insisting upon using SL for secret conversation, with an "encryption" method, and expecting that this will 1) actually work and 2) be allowed by the owners of Second Life is reckless at the very least. Is there any reason one couldn't simply use another communications application? Even while concurrently logged into Second Life? Just keep the "REALLY" secret stuff on MSN or whatever. Or pick up a real telephone.

I dunno about if they will allow the continued use of it, but I believe there are some freelly avaiable encryption systems out there that even with the amount of combined processing power LL has access to, it would take more than a lifetime to decrypt

It is common knowledge, yes, and in my humble opinion it seems to be that the legal and political environment in the United States seems to be moving towards _more_ interception of communication rather than less (much as I would hope that this trend be reversed); thus I suspect that anyone mounting a legal challenge to SL over being banned for exchanging encrypted information - even if the ToS does not specify that things have to be understandable - would probably not succeed.

However, LL are clearly keen to encourage the use of SL by business, and business clearly is not happy about things being intercepted by any party. I am reminded of the attitudes of many companies regarding US customs and immigration services, who have a long-standing (though only recently publicly acknowledged) policy whereby they can confiscate and inspect any electronic device for any reason or none. The reaction to this has been to instruct employees to keep _nothing_ on their laptops, phones etc, and rely on accessing documents via secure internet connections instead.

As well as that there are assorted state bodies that I believe LL would like to encourage to use SL which have similar concerns and may even have statutory requirements on data transfer.

So, it may be that under that sort of pressure, LL will be quite happy to allow client encryption, even if it means they cannot properly carry out governance, such as it is. To be honest what will probably happen is that there will be no official statement but encryption modules will not be prohibited; there will be something of a ToS limbo there, with some "suspicious" people being banned, others connected to "respectable" institutions not.

Incidentally I am quite sure that it is technically possible to do this.

Seems to me that for most purposes, LL could implement its own client-to-client encrypted IM communications, retain copies of session keys in case they're ever served with a court order for the contents of the IMs, and everybody's happy. (In fact, if IMs aren't currently encrypted--and I don't think they are--I'm not sure why not. There's some encryption/decryption overhead, but this is really low bandwidth.)

Now, if one really wanted end-to-end encryption that was completely opaque to LL (and, as far as we know, to the Agency), then yeah, a special client could certainly be built, or one could do it all by hand. But for normal privacy, this would be more effort than most privacy seekers would think is warranted.

So, if LL really needed to be able to get at IM logs in order to comply with a court order, it would be wise to offer such encrypted IMs built in. And the record of apparently encrypted communications *not* using that mechanism would suggest that the participants had something extraordinarily sensitive to hide.

Note that using any home-brew encryption solution right now could have that same effect: an Agency with interest in National Security or law enforcement might well be curious about who's participating in such communications, where, when, how often, for how long, on what IP/MAC addresses, etc., etc.

"This is encrypted but we could decrypt it if we wanted to or if we were served with a court order" is really not going to satisfy many people who are concerned about security. They do not want that, they want bulletproof "sod the Patriot Act" encryption, which they _do_ have in other contexts.

Actually, I *AM* at home, making a secret communication to another private citizen. Where do you get off saying that I am not? Does LL automatically publish my chat logs? No. Do they make efforts at keeping my communications secure? Yes, in fact, the ToS even goes so far as to forbid posting of private chat log transcripts publicly by other residents in any SL venue.

They are QUITE free to monitor my communications.. in CIPHERtext, if I so choose.

Why would they care? Please explain to me what mandate exists which obligates them to care what I am saying, as one private "resident" to another?

I disagree. Surely, trends regarding interception of communication are heading in a direction most would consider "downhill" - but the issue is interception of communications -by the government-. As the private provider of a service, Linden Lab has certain RIGHTS, as a non-government entity, regarding the service it provides. One of those rights is to regulate it's own service. Consider a package delivery service, for instance. One might insist that the company has no right to know what you're mailing - but of course they do; they can refuse packages of an abnormal size or weight, or refuse to ship certain substances - or they may not. It's completely their choice.



It is my understanding that LL wants businesses to use Second Life as a way of advertising and disseminating information about their products and services to the public, and to their employees in a memorable and unique way. I'm quite certain that LL does not at all intend for businesses to transfer the entirety of their IT activities to the grid - least of all sensitive corporate communications.

You are absolute not making a "secret" communication. Linden Lab has never said anything, ever, which should've lent that impression to you.

LL states in their terms of service that they can monitor and use your chat logs however they want. It's the equivalent of a service provider's telephone system explaining that "This call may be monitored for quality assurance purposes". At that point, a reasonable person could not expect further communications on that system to be private.

LL have decided not to disseminate your chat logs to all and sundry; but this was a completely arbitrary decision on their part - one which they didn't HAVE to make.




Of course - because the other residents are only users of the service. Linden Lab, as the private owner, retains those rights of usage. And they do indeed use them, and regularly - for instance, chat logs (including IMs) have been used to damn or exonerate the subjects of ARs.



They don't need an obligation; it's their right as a private entity! If you want to put up security cameras inside your own house, do you have to justify it to anybody? Could somebody - a private citizen who happens to be a guest in your house - who objects to being videotaped INSIST that you turn off the cameras while he is on your premises? Of course not - that's absolutely ludicrous. If he doesn't like being videotaped he can bloody well stay in the car.

Now, if someone, while in your house, was to disguise himself (by wearing a mask for instance) and position himself and move about the house in such a way as to try and avoid being seen by the cameras, what hypothesis would you draw about that situation? Would you say something or ask a question about it? What would you do if he explained to you that, as a guest who has been allowed in, what he does and where he goes in your house was none of your business?

You're not understanding. If I use encryption, I most CERTAINLY AM making a "secret" communication. I never said anything about LL guaranteeing said security. You made an inaccurate claim to know what I am doing or intending, and I simply corrected it.



Actually, nowhere in the ToS do they say this at all. Here's all that is said with respect to communications:



Nowhere in the ToS do they say that they "provide no facility for private messaging of any kind". Quite clearly, they DO provide private messaging facility with a certain expectation of privacy which should easily rise to the level necessary for protection under the ECPA and the Patriot Act as an Internet Service Provider.



Actually, I disagree with this. Even though they don't have to "guarantee" total security of my messages, if they provide ANY kind of "private" (as in expectation of) messaging facilities, they are required by statute to make at least a "best effort" to maintain said expectation. Just being a private entity doesn't relieve them of following the law.



Linden Lab absolutely qualifies as an "Internet Service Provider".



From my experience, they rely on residents to provide chat logs, indicating that "we don't have access to chat logs". Probably not truthful one way or the other, but that's been said by more than one Linden via support tickets.



That analogy sucks so bad it could make optical grade glass fiber from granite.

It's not their house. It is their place of business, and they are in the business of providing COMMUNICATIONS SERVICES as an INTERNET SERVICE PROVIDER. The patrons aren't hiding who they are, they are securing their communications. Two TOTALLY different situations.

More like, it's a coffee shop, where they encourage people to come in and chat and, well, drink coffee. The employees CAN overhear conversations in the course of doing their jobs, but, in the case of electronic communications, it is actually ILLEGAL for the employees to divulge them except under certain, very narrow circumstances.

If someone comes into the coffee shop, buys a cup of coffee and sits down to talk to someone in secret hand signals, yeah, that's weird, but they have no right to force said patrons to divulge their communications or ask them to use plain communication. They CAN ask them to leave, but that still doesn't entitle them to the communication, so that is the extent of their remedy.

So, while it is true that LL doesn't make any guarantee of security for otherwise "private" messages, they also do not forbid users seeking their own methods of securing said messages.

/me eats popcorn and watches the funny thread

Maybe so; I really don't know. I was thinking more of privacy than security ("I just don't want people sniffing my packets to know what X and I are saying to each other," as opposed to "I don't want my RL business secrets to be revealed even if LL is served with a court order".

It still seems kind of implausible to me that folks would use SL as a communication medium for highly sensitive information, but that could just be a failure of my imagination.

But I realize now that I'd said something fairly misleading before about the ability to do this manually, or with a third-party client, without any LL involvement at all. While that's true of the *content* of IMs, one could not get end-to-end encryption of the conversation's "meta-data"--notably, the identity of who are parties to it. If the communication is really that sensitive, that information might be just as important to keep secret as the contents themselves. To secure that, one would really have to use something other than normal IM channels for initiating the sessions.

As to LL's obligations here: I don't think they're legally required to keep anything secret. I don't think they'd have to do so much as issue a privacy notice even if every single message anybody typed or spoke were to be publicly available on the Internet for everybody to see or hear. It would just be a really bad business decision.

But I have no idea what their obligations may be in the other direction: whether they could be subject to FISA court orders, for example. Even if they were, I don't think they'd be obligated to try to prevent externally encrypted communications from using the service--mostly because it would be just as impossible for them as it is for telecoms in general.