Making the World Safe for Steganography

[tcmay@netcom.com (Timothy C. May)]

How do we make steganography safer to use?

An anonymous comentator wrote about my point (in the essay "Libertaria in
Cyberspace"), and then Eric Hughes responded:

>>Alice better not be carrying any software that could retrieve that
>>data. 
>
>Q: What do you call a store that sells 'cryptographic paraphernilia?'
>
>A: A mind shop.
>
>If crypto is outlawed, then random numbers will be probable cause for
>search for illegal cryptographic devices, software or hardware.
>
>Q: What is a random number?
>
>A: Anything I don't understand.


With steganographic (data-hiding) schemes, how is the "unhiding" scheme to
be stored? If the user has a diskette labelled "Steganography" sitting
prominently near his computer, for example, and this diskette has just a
single algorithm on it--perhaps for stripping the LSBs out of GIFs--then it
is fairly obvious which algorithm is being used, and that steganography is
in fact being used in the first place. (However, what comes out of the
de-stegging, to coin a phrase, should still be meaningless without the
actual decryption, so I'm not sure what the authorities can or will try to
do. During wartime, or in many countries, I'm sure that possessing such
steganographic software would be a serious matter, but the U.S. has not
(yet) reached this point. And there's enough bits to play with on a DAT to
make the data bits look almost exactly like audio/microphone noise, with
the same statistics, spectrum, etc.)

One good way to further confuse the issue is to make certain steganographic
schemes *widely available* by wide distribution on CD-ROMs (to ensure that
nearly everyone can feign innocense when the Data Patrol asks them some
questions) or by easy access by ftp-type approaches (though this has limits
which are discussed later). 

In other words, there is no obvious "smoking gun" pointing to the use of
steganography. Or encryption, for that matter, as PGP-like crypto programs
could be similary distributed, someday, and only the secret key/passphrase
would be "incriminating" to the user. I'll leave it for another time to
discuss ways to hide the secret key/passphrase (perhaps in things like
Newton PDAs which implement "digital flash paper" in their flash memories,
or are carried with the person at all times, etc.).

A Cypherpunks CD-ROM?

Perhaps the Cypherpunks could someday even make such a CD-ROM widely
available, along with rants, source code, whatever. (*Very* speculatively,
someday "Wired" may even distribute a CD-ROM in one of their issues.)

Remember, the point about steganography schemes, like hiding message bits
in the LSBs of music tapes or images, is *not* to make the bits
"undetectable," but only to hide them sufficiently to make a case for
"plausible deniability." Thus, if the Data Patrol uses "Algorithm A6" (one
of many on the CD-ROM) on a DAT you are carrying, and the sequence "1 0 1 1
1 0 1 0 ...." emerges, you just shrug and claim ignorance. "Sounds like
noise to me." However, when the Patrol is not around, you apply, say,
"Algorithm Z1" to the DAT and then use your private key to decrypt the
bits. (How you secure your private key is another issue, of course, as
mentioned above.)

Some may quibble that this is a kind of low-level encryption...after all,
the CD-ROM may contain only a few dozen algorithms for stripping bits out
of DATs and images, so the NSA or FBI can simply apply them all, trivially.
This method would indeed be low-level (nonexistent, actually) security if
the resulting bits were a plaintext message. But the resulting bits are in
fact meaningless noise without the private key.

I suspect that such wide distribution of steganographic schemes will be
enough to ensure that users can safely retrieve "their" bits (using one of
the algorithms) without the authorities being able to prove anything.

If this analysis is correct, then getting various steganographic schemes
out in the public domain is important. Executable code--to allow users to
run the programs right off the CD-ROM and thus not have the code copied
(incriminatingly) to their hard disks--would be best. This code could be
tucked away in a small part of CD-ROMs.

What I envision is a CD-ROM (or whatever other distribution modes are
popular) containing this steganogrophic and cryptographic software  and
lots of other stuff, in other domains. That is, the crypto/stego part could
just be a tiny fraction of this "Hackers Disc." Speculatively, we could do
this ourselves, or work with "Wired," EFF, the Gnu folks, etc., to get
these programs tucked in someplace amongst their files. (There are issues
of platform compatitibility, which systems can read which CD-ROMs, etc.
Details.)

Making the algorithms available by ftp is of course already common
practice. The reason I don't emphasize this is that users must download the
programs to their systems, thus decreasing plausible deniability.

(However, if the programs are just part of a larger collection of files,
like a "News Magazine" of a bunch of files, then these algorithms will be
just some of the _many_ files downloaded, and the user can once again feign
ignorance. This would be a kind of "stego stego," where the stegonographic
algorithms are themselves hidden amongst a bunch of unrelated files.)

I realize all this may be too complicated, that the stego programs
themselves  are barely starting to appear (I know of a couple of efforts
going on), and that the problem of how to claim ignorance may not be
important for a few years yet, if ever.

On the other hand, there may be value in getting these stego schemes
distributed long in advance of their being needed.

Comments?

-Tim May
--
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^756839 | Public Key: by arrangement
Note: I put time and money into writing this posting. I hope you enjoy it.