Register on Anderson: "Times misquoted me - crypto expert"

Ken Brown k.brown at ccs.bbk.ac.uk
Tue Oct 9 07:20:57 PDT 2001 

Xeni Jardin wrote:
> 
> You gotta love those scribes at the Register--take this comment on UK
> tabloid frenzy over alleged stego-hijinks of OBL and crew:
> 
> "Since the Times' stablemates the Sun and the News of the World have
> allegedly been hiding news in pornographic content for several years,
> (although we've never found any news in either paper to substantiate
> that meme), the allegation doesn't surprise us. "

:-) 

The (London) Times is in a sad decline historical eminence as the paper
of record since it was taken over by Murdoch. It is basically run as a
loss-leader to preserve Murdoch's claim to respectability.  The Sun is
the archetypal contentless tabloid, where the methods of snide laddish
journalism developed in Scotland and Australia in the 1950s and early
60s were honed into a money-making behemoth in the 1970s before being
exported to the USA and other countries. Us Brits may not have invented
rock & roll but we perfected the populist tabloid headline. To be fair
the Sun has improved slightly in the past 4 or 5 years, but then it
could hardly have got worse. If it had become any more pornographic the
distributors would have moved it off the news shelves, if it had got any
more cynical and thuggish it would have lost many of its readers. 

Ross Anderson's letter to the times appeared on the UKcrypto list. Which
is archived, & therefore I guess crosspostable. Apologies in advance to
Ross if he didn't want to see it here. The stuff after the "=====" is
crossposted from UKcrypto.

The implication has to be that the Times is no longer a newspaper in
this context, but an instrument of government propaganda.

Ken Brown

==================================================

The Editor,
The Times,
Dear Sir:

In Friday's article, `Secrets concealed by software' [1], you quoted
me as saying that rather than using steganography, it was `likely that
they [al-Qaida] sent thousands of innocent messages along with their
live orders, so that the secret information was missed.'

Your claim is untrue. I did not say that.

Your reporter called me and told me he had had a briefing from the
security services that al-Qaida were using steganography, that is,
hiding messages inside other objects such as MP3 files or images.  He
asked me whether I thought this was plausible. I replied that although
it was technically possible, it was unlikely; and that, according to
the FBI, the hijackers had sent ordinary emails in English or Arabic.
I explained that the main problem facing police communications
intelligence is traffic selection - knowing which of the billions of
emails to look at - rather than the possibility that the emails might
be encrypted or otherwise camouflaged. A competent opponent is
unlikely to draw attention to himself by being one of the few users of
encryption or anonymity services.

For just the same reason, he is unlikely to draw attention to himself
be sending unreasonably large numbers of messages as cover traffic.
Instead, he will hide his messages among the huge numbers of quite
innocuous messages that are sent anyway. Throwaway email accounts with
service providers such as hotmail are the natural way to do this.

Unfortunately, the story that bin Laden hides his secret messages in
pornographic images on the net appears to be too good for the tabloids
to pass up. It appears to have arisen from work done by Niels Provos
at the University of Michigan. In November last year, he wrote in a
technical report that he could find no evidence that messages were
being hidden in online images. By February this year, this had been
been conflated by USA Today, an American popular paper, with an
earlier FBI briefing on cryptography into a tale that terrorists could
be using steganography to hide messages [2]. Similar material has
surfaced in a number of the racier areas of the net [3], despite being
criticised a number of times by more technically informed writers [4].

It is unclear what national interest is served by security agencies
propagating this lurid urban myth. Perhaps the goal is to manufacture
an excuse for the failure to anticipate the events of November 11th.
Perhaps it is preparaing the ground for an attempt at bureaucratic
empire-building via Internet regulation, as a diversionary activity
from the much harder and less pleasant task of going after al-Qaida.
Perhaps the vision of bin Laden as cryptic pornographer is being spun
to create a subconscious link, in the public mind, with the scare
stories about child pornography that were used before September 11th
to justify government plans for greater Internet regulation.

Whatever the security services' motive, it is quite unclear to me why
a `quality newspaper' should have run this story, even after its
technical and operational implausibility were explained to you in
detail (see also `Al-Qaeda hid coded messages on porn websites' [5]).

Could you kindly publish this letter as a correction.

Yours Faithfully

Ross Anderson
Reader in Security Engineering
University of Cambridge

[1] http://www.thetimes.co.uk/article/0,,2001340010-2001345085,00.html
[2] http://www.usatoday.com/life/cyber/tech/2001-02-05-binladen.htm
[3] http://www.feedmag.com/templates/printer.php3?a_id=1624
[4] http://www.wired.com/news/politics/0,1283,41658,00.html
[5] http://www.thetimes.co.uk/article/0,,2001340010-2001345211,00.html

==================================================

More information about the cypherpunks-legacy mailing list