The Snow Signature FAQ

Das Briefgeheimnis sowie das Post- und Fernmeldegeheimnis sind unverletzlich.
Grundgesetz, Artikel 10, Absatz 1

How do you want to demonstrate that people care about their privacy?

The sender of a Snow Signature is pointing people to this web site where they are told about privacy, so he is pointing them to their privacy.

How do you want to demonstrate that it does not help against terrorism to restrict encryption?

The campaign demonstrates that many ordinary email users are able to use steganographic techniques which make it impossible to decide whether they are sending encrypted messages or not.

If an ordinary user can do that, a terrorist who can put all his energy into it can hide encryption even much better.

This shows that restriction of encryption hits the ordinary email users, not the terrorists.

Doesn't this cause a lot of superfluous traffic?

The snow is sent instead of a normal signature and does not cause additional traffic.

Besides this: We are talking of 288 bytes per email, while every HTML email causes several kilobytes of superfluous traffic.

People are giving up their signatures for this campaign. Isn't this a loss?

It is. This shows again the importance privacy has for many people. Here is one idea how to compensate a little for the loss:

Today, almost everyone has a home page where he can put his contact information and everything else which is usually contained in a signature. Without causing much additional traffic, one can use an X-Header such as X-URL: to refer to it.

Besides all this: Hopefully this campaign will not need to last forever.

Doesn't your software help the terrorists?

The snsg software was trivial and straightforward to write. Every programmer can write something similar in less than one hour; it just took me some time to make it a little convenient. There is not even a creative idea in the software which would be worth hiding.

But even elaborate security tools such as the GNU Privacy Guard can be easily substituted by terrorists: The GNU Privacy Guard took so much work to write because it must be ready for everyday use by a wide range of users, it must interoperate with other software and must be convenient to use. An encryption software which would be useful for a terrorist can be written in less than one hour. It would be terribly inconvenient to use, but convenience is something only legal users of encryption software really need.

Writing encryption software in less than one hour? How does that work?

There is one algorithm which has been mathematically proven to be 100% unbreakable: The one-time-pad with true random numbers. If you have a source of true random numbers, you can do unbreakable encryption even with pen and paper. (A pseudo random number generator is not sufficient; a die is.)

Since this is no public-key encryption we are left with the problem of key exchange. But this is only a serious problem in open communication. Inside a conspirative group, it is merely an annoyance.

What does the quote at the beginning of these pages mean?

That's one paragraph from the German constitution. You can also find it on the web site of the GNU Privacy Guard. Freely translated, it means: "The privacy of correspondence must not be broken."

Peter Gerwinski, 20 Oct 2001