Yes, you must hide that information—but you must hide it so that no one knows that it is hidden in the first place—then you must cover your tracks by hiding the infrastructure that you used to do the information hiding—and finally you must hide the person who hid that infrastructure, namely yourself!
A Four Dimensional Space
Now that Big Brother is actively engaged in recording every moment of everyone’s life—from first cry to last gasp—we need to develop a sound framework on which to base our privacy solutions if they are to withstand this growing menace. There are four different activities that are important to the success of privacy solutions:
- Hiding the Information (HEye): hiding information in such a way that it cannot be found, while making no attempt to disguise the fact that it has been hidden. Big Brother concludes, “I don’t know what has been hidden, but I do know that this data contains hidden information.”
- Hiding the “Hiding of the Information” (H2Eye): hiding information in such a way that Big Brother cannot determine that it has been hidden, while making no attempt to disguise the infrastructure that has been used to do the hiding. Big Brother concludes, “This data may contain hidden information, or it may not; I just don’t know; but what I do know is that these software tools that I’ve found can be used to hide information.”
- Hiding the “Hiding of the Hiding of the Information” (H3Eye): hiding the information, hiding the fact that the information has been hidden, and hiding the infrastructure that has been used to hide the information, while making no attempt to hide the interests of the person who does the hiding. Big Brother concludes, “This data may contain hidden information, or it may not; I just don’t know; and I have found no software tools that might have been used to hide any information; but what I do know is that this person is one of those dangerous people who believes that at least some aspects of their lives should remain private.”
- Hiding the People who “Hide the Hiding of the Hiding of the Information” (H4Eye): hiding the information, hiding the fact that the information has been hidden, hiding the infrastructure that has been used to hide the information, and hiding the interests of the person who does the hiding. Big Brother concludes, “This data may contain hidden information, or it may not; I just don’t know; I have found no software tools that might have been used to hide any information; in fact, there is nothing to suggest that this person is not a ‘good citizen’, one who does not wish to keep even the smallest aspect of his life hidden from my all-seeing eye.”
These activities are like layers of armour, the more vicious and ruthless the enemy the more layers you need to protect yourself.
A characteristic of most privacy solutions that have been developed to date is that they focus on hiding information in such a way that it “cannot be found”, while making no attempt to conceal the fact that “it has being hidden”. Typically, HEye equates to cryptography. For example, Alice emails her PGP encrypted file to Bob. The headers contained in the file shout out loud and clear “Encrypted Material”.
Now there is nothing wrong with HEye in principle. But its utility as a privacy solution is predicated upon the assumption that we live under a “permissive” regime. There is an implicit assumption that Big Brother will play by the rules of this game. Yes, he will try to find the hidden information, and yes, he may or may not succeed depending on the strength of the algorithms employed and on the quality of the passwords chosen by us, his opponents. But it is Big Brother who makes the rules, and it is Big Brother who can change the rules, as and when he pleases. And, like a petulant child who has lost far more often than he has won, he may soon decide to pick up his ball and walk off the pitch. Rather than try to find the weaknesses in the privacy solutions we use, Big Brother may well decide to ban their use outright.
The assumption that most developers of privacy solutions have been making is that the regime in which the software will be used is, and will remain, a permissive one. Now most privacy solutions have been “born in the USA”, a land where privacy is often assumed to be an inalienable right. And these privacy solutions have been “fit for purpose” as far as the Western world is concerned, though they have been of much less benefit to those people who live under the proscriptive regimes commonly encountered elsewhere.
But, we see daily that the once permissive regimes found in the Western Alliance are becoming increasingly restrictive. If encryption were banned tomorrow, just think how easy it would be for Big Brother to identify the offending software, its by-products, and its users—the encrypted PGP file and the Tor node all too readily announce their presence to the world. Current privacy solutions, both the data produced and the software that produces them, are far too easily identified by the tell-tale header and the file hash.
So, let’s be frank, “HEye is dead, long-live H2Eye.” The characteristic of H2Eye privacy solutions is that they are based on an understanding that it is not sufficient to hide information, but it is, in addition, necessary to hide the fact that the information has been hidden. Typically, H2Eye equates to steganography, where, for example, a message is hidden inside a digital image by altering some of its pixels in a characteristic way so that the message can be retrieved, while the image still looks just like any other image to both the naked eye and to the forensic scientist’s toolbox (now that forensic science is being abused universally, its once principled practitioners are being replaced by those who have “something of the night about them”—Dr. Jekyl may cradle the polygraph in one arm, but in the clenched fist of the other Mr. Hyde wields the electric cable).
While some steganography software is available on the Internet, the technique is very rarely used today, and very little is known about it even amongst scientists specializing in computer forensics. And this is not just our impression, for whilst Googling one day we came across an FBI endorsed report on steganography which came to just that conclusion, and if our “incorruptible Agent Starling” says so, then it must be true, mustn’t it!
So while it makes good sense to continue encrypting our personal information as in the past, we would be wise—now that political global warming is raising the “totalitarianure” of once democratic regimes—to start hiding the encrypted material using some steganographic technique.
One program we particularly like is TrueCrypt. This program makes it possible to hide large quantities of information in an efficient manner by disguising the encrypted material as random data—think of it as symmetric PGP encryption without any headers. A disk partition or a USB stick with a TrueCrypt volume looks just like unformatted space. In addition, as a second line of defence, TrueCrypt allows the user to create a hidden volume—you store the information you want to disclose in an “outer volume” that you make available for inspection, while you store the information that you do not want to disclose in a concealed “inner volume”, the existence of which you can plausibly deny should you be interrogated by Big Brother’s “goon” brigade (you can find TrueCrypt here).
Now while H2Eye is better than HEye it’s far from perfect. Why? Well, Big Brother has arrived, and he’s examined your computer. He hasn’t found your TrueCrypt volume, but he has found a program called “TrueCrypt.exe”. Now if you possess the software to hide information, Big Brother will immediately conclude that you’ve used it. In some countries that conclusion might herald torture or a summary execution, as many Big Brothers work on the “better safe than sorry” principle. Elsewhere in the world, even if Big Brother hasn’t the evidence to convict, he has the intelligence needed to justify watching your activities very, very closely. So you also need to hide the software that you use to do the information hiding.
Now where did you get that TrueCrypt software? You downloaded it from some web site. And the web sites that offer privacy software for download are delicious honey pots for Big Brothers worldwide. You can be pretty sure that the lines leading in and out of such sites are groaning under the weight of wire taps. So you also need to hide the sources from which you get the software that you use to do the information hiding.
The software and the sources from which it is obtained are part of the infrastructure of information hiding, and this infrastructure needs to be hidden with the same diligence as the data files that it produces.
Now with HEye, H2Eye, and H3Eye in place Big Brother has no evidence that you have hidden, or even have the capacity to hide, information. So what more needs to be done? Well, have you ever gone parachuting? Just imagine you are about to do so. You’ve packed up your kit and are just about to board the aircraft when your instructor says, “Hey, you’ve forgotten your reserve!” Now do you say, “Oh, it doesn’t matter, I’m sure my main shoot will work just fine.” No you don’t. The consequences of the main shoot failing to open are far too “grave” for you not to carry a spare. Certainly for the Herr W.S. Blooers and Ms. D.S. Dents of this world the consequences of their information hiding activities being discovered are far too “grave” for them not to carry a spare also. But even if you’re a Mr. N. Boodie you have cause for concern now that the NSA is engaged in harvesting everyone’s personal details from across the entire web, particularly from social networking web sites such as MySpace.
But what exactly in the current context would constitute a spare? Let’s say that under H3Eye Alice is able to hide information successfully. But Big Brother still knows that Alice exists. To a greater or lesser extent he knows what web sites she visits, what she writes in her emails, and what she says on the phone. And from all this monitoring Big Brother may well come to the conclusion that Alice has an unhealthy interest in privacy, an ailment that may well incline Big Brother to seek out and apply a suitable corrective. The existence of a world in which Big Brother has vast databases of information about people—and about the people they communicate with—is a world in which there is no room for error—make one slip in your information hiding procedures and it’s “iron curtains” for you. And since we all make errors from time to time, we need a world that has a degree of “fault tolerance” built in to it.
The challenge of H4Eye is to erase Alice and her communications from Big Brother’s mind and his databases. We need to create a world where governments know nothing whatsoever about individual citizens. To function properly a government only needs to know aggregate statistics: how many people do this, have this, need that. At the very lowest level of government some personal information is, off course, required, but it’s at that level that it should remain—for example, while you may not mind your doctor keeping a record of your medical condition and prescriptions, you are very likely to mind when the same information is stored on a national database, one accessed by hundreds of thousands of public servants, amongst whom will be those “self-serving servants” who are ready to sell that information to any interested party for a few hundred dollars.