Thursday, December 17. 2015
Paranoid Steganography (c) Brendan Howell
Following the Paris terrorist attacks on 13th November, the French, American and British governments have been quick to take the offensive again against enciphered communications.
The intelligence hawks across the Atlantic have promptly used the debate to claim a better government access to encrypted communications. Former CIA Director James Woolsey, has taken advantage of the situation to settle his score with Edward Snowden, stating that the whistle-blower had “blood on his hands”.
Printing cylinder, invented end of 18th century
Indeed, we have witnessed a resurgence in the popularity of enciphering since Edward Snowden’s revelations on the indiscriminate mass surveillance operated by NSA. In order to protect their civil freedom and ridiculed private life, citizens have started using enciphering more in everyday conversations. At the same time, the web giants were accused of sharing their data with the secret services and decided to strengthen the security levels of their products to try to improve their image in the eyes of clients. In September, Apple and Google, whose operating systems are used on 96% of smartphones, reprogrammed their software to include the enciphering of the whole disk, preventing themselves from having access to the conversations which are on the computers, tablets, phones and software they produce. Many popular services have also incorporated enciphering by default, such as the instant messaging service WhatsApp (owned by Facebook) and its rival Telegram, which has been accused of being “terrorists’ favourite application”. Its founder, Pavel Dourov, believes enciphering is “the scapegoat concealing the defeats of mass surveillance”, which however did not stop Telegram from closing dozens of official or presumed Islamic State Group accounts.
Although it seems obvious that terrorists did not start protecting their conversations only following Snowden’s revelations, the preliminary results of the investigation show that the Paris terrorists did not use cryptography but coordinated their movements through text messages, which is one of the most easily monitorable types of digital communication. Apparently it was a non-enciphered and unlocked phone that led French authorities to an apartment in Saint Denis. Besides, as The Intercept have pointed out, most of the attackers were already known to intelligence services. The investigatory magazine believes focusing on targeted surveillance of known suspects is better than applying trawl net surveillance to all citizens ̶ which, for the time being, has not proved efficient and is riddled with legal and ethical issues.
The debate on the enciphering of conversations proves how difficult it is to find the right balance between security and privacy. While the metadata gathering programme ceased on 29th November under the Freedom Act, intelligence services try to make the debate swing in their favour using the Paris attacks as an argument. Such issues were already at the core of the ‘crypto-wars’, which started in 1993 with the internet boom and the wish of the secret services to limit the chances of hiding away online.
But a group of Californian Libertarians, known as ‘cypherpunks’ started developing advanced enciphering techniques meant for all users to help preserve the net from State interferences (Julian Assange, who founded Wikileaks in 2006, became a member in 1995). Also around this time, in 1991, Phil Zimmerman programmed a powerful tool named PGP (Pretty Good Privacy), a secure type of messaging software developed following Zimmerman’s concerns over what he saw as a disproportionate intrusion of law into citizens’ privacy. By freely distributing his software, he had strongly provoked the American government. Its use was not liberalised until Clinton’s mandate and the development of e-commerce (which requires cryptography to ensure the security and confidentiality of data circulating on the net, particularly for financial transactions). Around 2005, the defenders of making cryptography accessible to everyone thought they had the upper hand. However, such vantage was then shaken up by Snowden’s revelations on the range of NSA’s surveillance programmes and by the recent attacks in Paris, which reignite the crypto wars.
For a long time cryptography, the art of hiding the content of information, was only used in the diplomatic and military fields and considered a weapon of war. The first enciphering methods date back to ancient times and have improved over time through the development of several enciphering machines, thereby playing a key role in both World Wars.
The Gold-Bug, Edgar Allan Poe
This discreet science of secret writings has also fascinated writers and artists, such as Edgar Allan Poe. For instance, cryptography is a key topic in Poe’s detective short story The Gold-Bug (1843), in which an old parchement leads to a treasure. Other main examples of fictional cryptography are Jules Verne’s novels Journey to the Centre of the Earth (1864) and Eight Hundred Leagues on the Amazon (1881). Poe wrote novels, poems and articles on cryptography and also challenged his readers to send him coded messages that he would then try to decipher. At that time, cryptography played a key role in society. We have to bear in mind that individuals did not use the Internet or telephones at the time and that letters could be dangerous and compromising if found and read by others.
Agrippa (A book of the Dead), science fiction writer William Gibson, artist Dennis Ashbaugh and editor Kevin Begos Jr (1992)
Following the telecommunications boom, cryptography developed around the middle of the century by incorporating information-coding techniques. However, until the 1970s cryptography was very much a military sector secret and only after this period did it become of public use and a science studied in universities. Consequently, secret codes were gradually replaced by algorithms.
In 1992, at the time when cryptography wars had reached their peak across the Atlantic, William Gibson, the science fiction author who coined the term “cyberspace”, and the artist Dennis Ashbaugh presented Agrippa (A Book of the Dead), an extremely limited-edition work of art consisting of a large printed volume containing a 3.5̎ floppy disk with a 300-line electronic poem on it. The poem was about memory and loss and was designed to be read only once, as it was programmed to encrypt itself after one use. Cryptography analysts managed to crack the Agrippa code twenty years later.
How long will NSA analysts take to decode the small gift David Huerta sent them as a form of provocation? In May 2014 the hacker artist, who was a co-organiser of the Art Hack Day and the New York Cryptoparty, did not send a floppy disk but a DIY tape to the NSA headquarters.
Mixtape by David Huerta
The parcel, sent through the good old postal service, contained an encrypted mixtape using an Arduino board in a transparent case containing the “soundtrack for the modern surveillance state”. The cassette could not be listened to without the password necessary to unlock the private key, which would allow to decipher the SD card where the music was stored.
“Although the fact that the NSA had several programmes to exploit and intercept all types of systems has been brought to light, enciphering remains the blind spot of NSA’s all-seeing eyes” , argues David Huerta, who through these actions wishes to revive the cypherpunk tradition of the 1990s. “It is also a reminder that the rules of mathematics are more powerful than the laws of even the most powerful states”, Huerta believes.
The Berlin Telekommunisten, specialists of “dis-communication tools”, suggest skirting the digital panopticon by adopting espionage methods such as the good old “numbers station”. These shortwave radio stations, first used during World War I, produced broadcasts reading out lists of numbers and coded messages meant for on-the-field spies. The potential whistle-blower in you was encouraged to join this underground network at the Transmediale Festival in 2014, through a printed card that was supposed to help decode the messages which were randomly broadcast on the RebootFM and π-Node radio stations.
“This project was not really about enciphering but rather a reaction to the tendency in hacker communities to see ‘circumventionism’ as a solution in itself”, toned down Baruch Gottlieb, one of the authors who question this ‘crypto-utopia’, which he believes carries with it new forms of privileges and asymmetries. “We should see that this call for pervasive cryptography and a crypto-curatorial order is a clear sign of the future militarisation of the social sphere.”
According to the artist, these skirting techniques have an extremely limited range when it comes to undermining power structures. “It all depends on social and human networks and, at the end of the day, there is no magic trick to help a group defeat the enemy.”
Brendan Howell, on the other hand, who is also based in Berlin, has shown interest in steganography, which is a strategy complementary to cryptography consisting in deliberately concealing information from everyone, in seemingly harmless letters sent via public and unsecured channels. While an enciphered text can be easily identified but is hard to understand, a text hidden using steganography is difficult to retrieve. A common practice for instance is concealing text in images posted on online forums or in e-mails that look like spam, or even storing the messages in the drafts of a Gmail account without ever sending the e-mails.
The Black Chamber, Brendan Howell
In 2012, one year before Snowden’s revelations, Howell presented The Black Chamber, which was a project inspired by the French Cabinet Noir, the secret office in France where the government inspected letters of suspected persons before sending them on to their final recipients. For this artwork, he used the e-mail exchange and the data produced for the WEISE7 Labor exhibition and mixed these with Edgar Allan Poe’s The Purloined Letter, to produce what we could call a “paranoid archive”.
“Steganography can lead to paranoia, as every text could potentially be harmful”, wrote the artist. According to him, such paranoia is the state of mind of those working for the big intelligence agencies. “The association between spy and paranoia is not really new, but certainly the combination of digitalisation and the sheer amount of data we have have changed the scale of things.”
Although Howell was not incredibly surprised by Snowden’s revelations concerning the surveillance of citizens, he was nevertheless shocked by the range of tracked data: “NSA’s paranoia and their control mania have led them to try and record the traffic of the whole net. It is insane. They will have to build a system larger than the Internet to manage to track and analyse all the data. Even if they have billions of euros to do this, it is far too an ambitious project”, stated the artist, who continues to carry out research in order to deconstruct this simplistic crime detective discourse. In particular, he is interested in the arbitrary character of the automatic techniques used for text analysis. “It would be interesting to look at the limits of the ‘superficial intelligence’ of these tools used to search texts to identify suspects by assembling data.”
Project Cuckoo from Jochen Maria Weber on Vimeo.
With his “Project Cuckoo” designer Jochen Maria Weber, who is also based in Berlin, imagined a contemporary version of steganography, by using social networks and their infrastructure to hide information ̶ without however putting privacy at stake. In this project, the sender and the recipient are equipped with an electronic box and Cuckoo encodes the messages into randomly generated words and into noise, before simultaneously scattering them over several social platforms (such as Facebook, Twitter, Instagram) and reorganising the data so that only the recipient may decipher it. Cuckoo presents a type of hidden social network which is built on existing networks and acts like a parasite for these platforms.
Apart from these artistic projects, others have spoken from the field of cryptography itself. One example of this is Philipp Rogaway, Professor at the University of Davis. Rogaway reminds us of the discipline’s responsibilities in this post-Snowden era. “Which is the exact maximum level of surveillance we can tolerate before it becomes oppressive?”, he asks.
“Cryptography reorganises power, in that it establishes who can do what and in what way. This is what makes cryptography a fundamentally political tool and confers a moral dimension to this sector.” The Professor calls upon his colleagues to deal not only with the mathematical puzzles but also with the social implications of their work, reviving the commitment which was representative of the cypherpunks.
Marie Lechner & RYBN