How do we make steganography safer to use? An anonymous comentator wrote about my point (in the essay "Libertaria in Cyberspace"), and then Eric Hughes responded:

...

Alice better not be carrying any software that could retrieve that data.

Q: What do you call a store that sells 'cryptographic paraphernilia?'

A: A mind shop.

If crypto is outlawed, then random numbers will be probable cause for search for illegal cryptographic devices, software or hardware.

Q: What is a random number?

A: Anything I don't understand.

With steganographic (data-hiding) schemes, how is the "unhiding" scheme to be stored? If the user has a diskette labelled "Steganography" sitting prominently near his computer, for example, and this diskette has just a single algorithm on it--perhaps for stripping the LSBs out of GIFs--then it is fairly obvious which algorithm is being used, and that steganography is in fact being used in the first place. (However, what comes out of the de-stegging, to coin a phrase, should still be meaningless without the actual decryption, so I'm not sure what the authorities can or will try to do. During wartime, or in many countries, I'm sure that possessing such steganographic software would be a serious matter, but the U.S. has not (yet) reached this point. And there's enough bits to play with on a DAT to make the data bits look almost exactly like audio/microphone noise, with the same statistics, spectrum, etc.) One good way to further confuse the issue is to make certain steganographic schemes *widely available* by wide distribution on CD-ROMs (to ensure that nearly everyone can feign innocense when the Data Patrol asks them some questions) or by easy access by ftp-type approaches (though this has limits which are discussed later). In other words, there is no obvious "smoking gun" pointing to the use of steganography. Or encryption, for that matter, as PGP-like crypto programs could be similary distributed, someday, and only the secret key/passphrase would be "incriminating" to the user. I'll leave it for another time to discuss ways to hide the secret key/passphrase (perhaps in things like Newton PDAs which implement "digital flash paper" in their flash memories, or are carried with the person at all times, etc.). A Cypherpunks CD-ROM? Perhaps the Cypherpunks could someday even make such a CD-ROM widely available, along with rants, source code, whatever. (*Very* speculatively, someday "Wired" may even distribute a CD-ROM in one of their issues.) Remember, the point about steganography schemes, like hiding message bits in the LSBs of music tapes or images, is *not* to make the bits "undetectable," but only to hide them sufficiently to make a case for "plausible deniability." Thus, if the Data Patrol uses "Algorithm A6" (one of many on the CD-ROM) on a DAT you are carrying, and the sequence "1 0 1 1 1 0 1 0 ...." emerges, you just shrug and claim ignorance. "Sounds like noise to me." However, when the Patrol is not around, you apply, say, "Algorithm Z1" to the DAT and then use your private key to decrypt the bits. (How you secure your private key is another issue, of course, as mentioned above.) Some may quibble that this is a kind of low-level encryption...after all, the CD-ROM may contain only a few dozen algorithms for stripping bits out of DATs and images, so the NSA or FBI can simply apply them all, trivially. This method would indeed be low-level (nonexistent, actually) security if the resulting bits were a plaintext message. But the resulting bits are in fact meaningless noise without the private key. I suspect that such wide distribution of steganographic schemes will be enough to ensure that users can safely retrieve "their" bits (using one of the algorithms) without the authorities being able to prove anything. If this analysis is correct, then getting various steganographic schemes out in the public domain is important. Executable code--to allow users to run the programs right off the CD-ROM and thus not have the code copied (incriminatingly) to their hard disks--would be best. This code could be tucked away in a small part of CD-ROMs. What I envision is a CD-ROM (or whatever other distribution modes are popular) containing this steganogrophic and cryptographic software and lots of other stuff, in other domains. That is, the crypto/stego part could just be a tiny fraction of this "Hackers Disc." Speculatively, we could do this ourselves, or work with "Wired," EFF, the Gnu folks, etc., to get these programs tucked in someplace amongst their files. (There are issues of platform compatitibility, which systems can read which CD-ROMs, etc. Details.) Making the algorithms available by ftp is of course already common practice. The reason I don't emphasize this is that users must download the programs to their systems, thus decreasing plausible deniability. (However, if the programs are just part of a larger collection of files, like a "News Magazine" of a bunch of files, then these algorithms will be just some of the _many_ files downloaded, and the user can once again feign ignorance. This would be a kind of "stego stego," where the stegonographic algorithms are themselves hidden amongst a bunch of unrelated files.) I realize all this may be too complicated, that the stego programs themselves are barely starting to appear (I know of a couple of efforts going on), and that the problem of how to claim ignorance may not be important for a few years yet, if ever. On the other hand, there may be value in getting these stego schemes distributed long in advance of their being needed. Comments? -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: by arrangement Note: I put time and money into writing this posting. I hope you enjoy it.