Computers, Privacy & the Constitution

Hiding in Plain Sight: Alternative Approaches to Cybersecurity (Draft 2)

-- By MenahemGrossman - 14 May 2015

Introduction

Much of conventional cybersecurity efforts focus on keeping intruders out, by using firewalls and similar techniques; and encrypting data, making it difficult for thieves to use even when it is intercepted. However, experience has taught cybersecurity experts never to assume that their networks are impenetrable to determined hackers. Conventional cybersecurity methods are in some respects analogous to building strong walls and using heavy padlocks: eventually, a determined intruder will find a chink he can exploit to breach the defenses. A particular disadvantage of such beefy security measures is that their very use can signal to interested parties that there is something worth targeting. For example, encrypting your email, when relatively few people are doing it, may be a red flag that brings you to the attention of a government security agency.

This paper will discuss some of the available and theoretical kinds of methods to protect sensitive information without attracting attention. While these methods may not be as secure in the conventional sense as encryption, they represent additional weapons with distinct advantages in the fight for privacy and anonymity.

Steganography

One family of techniques is known collectively as “steganography,” which refers to techniques for conveying secret messages whereby the very presence of a message is concealed. In some cases, the secret message is concealed within an innocuous message. In the digital realm, for example, it is possible to embed a message in an image or sound file, by altering bits of the carrier file in a specific way, so that the application of a filter targeting those changes will reveal the secret message. Then there is Spammimic.com, a site which will convert a string of text into a perfectly readable message offering a dubious sales pitch to the reader.

While it is theoretically possible to detect such techniques through statistical analysis, the computing resources required to analyze every innocuous transmission may prove prohibitive, given the sheer volume of data moving across networks, a volume that is only increasing. Even were the government to attempt to analyze all the data it can reach, it still may be possible to stay a step ahead, by spreading the secret message over a sufficient number of carrier transmissions, thus keeping a sufficiently low profile to evade detection. Of course, these techniques currently require a very deliberate effort and coordination between sender and recipient which tend to make such techniques more trouble than they are worth for most people.

Making Lots of Noise

A related idea that could potentially be developed would be to camouflage information by generating a large amount of fake information that would be indistinguishable by an outside observer from the real thing. This idea is relatively simple to apply in the context of protecting information that is not intended for a specific recipient. For example, to nullify monitoring of our web searches or browsing habits, tools such as the “trackmenot” browser extension could be used to enter searches and surf the web endlessly in our names, thus making it impossible for an outsider to separate the signal from the noise.

Similarly, companies concerned about having their confidential information stolen can generate a massive amount of variant information, so that thieves who break into the data repository will not be able to distinguish the valuable data from the worthless, which will lower the value of the data mine, and decrease the incentive to break in in the first place. Of course, companies will likely need to be able to distinguish the real records from the fake ones themselves, and will therefore need to develop an internal “distinguishing key” for that task, which will itself become a potential target for thieves. But because the fact of the camouflage is not readily apparent, the potential thief will need to be more familiar with the system he is trying to break into than he would otherwise; he will need to go in with a much clearer idea of what exactly he is looking for. For example, the company might use a variation of “trackmenot” to make it appear as though all the documents—real and fake—were being regularly accessed, using a false set of distinguishing keys. It would then take a very careful observation and analysis of the system to see through the subterfuge.

Waving Lots of Red Flags

A similar approach may be possible for email as well, although it would represent a significantly steeper challenge. The idea would be to generate a massive stream of communication, both innocuous-seeming (of the sort that spammimic produces) as well as messages containing content designed to attract the interest of potential snoops. Assume the NSA scans all emails, and flags the phrase “assassinate Obama.” If everyone is constantly sending emails containing such red flags, the NSA can do nothing about it, and will have no way of recognizing true persons of interest. Again, there would need to be a system of “distinguishing keys” for recipients, which the government would try to detect. But possibly, a decentralized, dynamic system could be developed that would give government snoops a real headache.

Admittedly, participating in such a system could backfire by attracting attention, but it may be easier to generate a critical mass of users sufficient to dilute suspicion than it would be to get everyone on board with encryption, since all it would require is a one-time signup. There would however likely be some resistance to a system designed to blind national security agencies.

It may also be illegal to send pretend threats in order to drown out the government’s ability to “hear” real threats. Even if it is not presently illegal, there would presumably be attempts to legislate in response. Still, if done less aggressively, it could be calibrated in a way so that it would be hard to prove that the fake messages are intended to interfere with government specifically, and there would then be a strong First Amendment defense.


You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.

Navigation

Webs Webs

r3 - 14 May 2015 - 15:18:02 - MenahemGrossman
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM