Re: steganography

From: Ken Clements (
Date: Thu Sep 20 2001 - 10:59:02 MDT

The debate on this issue is going to become important very soon as new laws
are considered. Listening to the public officials talk about encryption
limits shows how little this subject is understood by them, or the public.
The most important thing to understand is that the cat is already out of the
bag, and sewing the bag shut, no matter how well stitched, is not going to
do any good, but the foolish attempt can do harm.

In general cryptography, it has been known from the early days that one time
codes based on properly generated random bits are unbreakable. However, one
time codes have been considered too inconvenient to be practical, whereas
algorithmic codes are very practical, and in the case of public key systems,
great for commerce. But no amount of limitation of algorithmic codes
changes the basic fact that bad guys can use one time codes.

Data storage technology, over the last ten years, has changed the
situation. It is now possible for someone to carry around a chip with
enough pre-recorded random bits in it to last longer than anyone can type.
It is now possible for such a chip to be inserted under the skin (see the RF
ID stuff) and be accessed by a palm device. New laws cannot stop any of

Steganography has value on more than one level. Traditionally, it was
valuable (when it worked) to send messages without anyone knowing that you
were sending messages. But it is also valuable when used to maintain
deniability. If I publish a page of random numbers, I may also be sending a
message, but you cannot prove that I am unless you can break it. If you
haul me into court and demand I supply you with a key, I can claim that
they are just numbers, and that there is no key, or I can give you a key
that is the length of the block which converts it into any message I want
you to see.

Harvey has indicated that steganography alone is not useful, and Eugene has
noted the power of any big blob of public bits. I agree. For steganography
to be useful it has to be combined with strong encryption. This combination
can make it undetectable. I can put a digital recording of a poem reading
on my web that sounds perfectly normal, and stands up to any statistical
analysis. However, that tape hiss you hear in the background ...

What it comes down to is that no new law will do any good. Let us work to
be sure that bad laws are not passed. It would be especially bad if we lost
the right to speak that which makes no sense.


This archive was generated by hypermail 2b30 : Fri Oct 12 2001 - 14:40:53 MDT