Hi Hugh and James,
I just finished reading The Religion War by Scott Adams. It’s a short, very good book about Christianity vs. Islam in the future as both sides prepare for war. In it, he wrote something that made me curious if it would work. In order to defeat the use of computers scanning emails to find key words or phrases, his characters do something I’ve never thought of. “Cruz’s intelligence forces electronically searched every message that crossed the Internet, but their sniffing programs were looking for text, keywords, key phrases, and encrypted files. (His people) thwarted the filters by simply handwriting their messages on photographs of landscapes, scanning in the entire pictures, and sending them as email attachments. A human could easily read the handwritten message on the photo, but a computer wouldn’t find enough regularity or structure to identify where a tree ended and a letter began.” What do you think? Would this work?
HJL Comments: The technology of facial recognition and handwriting analysis is fairly mature, and the technology can easily be used to recognize “other” things in pictures. It wouldn’t get 100% recognition, but the system would be good enough to flag the data for further investigation by a human on those that it couldn’t read outright. To implement this on a broad scale would require significant resources, and while the alphabet agencies’ giant data vacuum certainly records the raw data, the data is only archived if you are targeted in some fashion.
It’s all a matter of resources. If you are low on the list, not many resources will be expended on you. If your communications get a higher priority, more resources will be allocated. When the full force of the resources of the government get pointed at you, there is very little that will remain secret. Even with encryption, they can bring a serious brute force attack against it, and the only way you can remain secret is to have some sort of self-destruction of the data when too many failures happen. (And of course, we all know how the FBI vs. Apple turned out. A 10 million dollar bounty is a serious motivation.)
Staying off the radar is the best method. Constantly changing methods runs a distant second. The only method that has never been broken is a true one-time pad encryption. While it’s simple to implement, even the smallest slip up in OTP methodology will compromise it, considering the amount of resources that can be focused on it.
Initially the method you describe might give some obscurity (but not security); however, the moment “they” know it is happening the obscurity is lost. Additionally, SurvivalBlog ran a link to an article a while back that showed how the contents of messages were not necessary to grasp the importance of an individual: Using Metadata to find Paul Revere. While seemingly complicated, this is really a simple analysis. Yet it identifies Paul Revere as critical to the American Revolution. What if the British had done this sort of analysis? As we have seen in the Burns, Oregon fiasco, TPTB are not above identifying the critical personnel and removing them from the overall picture. Using nothing but metadata obtained in the typical three or four degrees of separation that the alphabet agencies use on communications, it shouldn’t be too hard to identify Kevin Bacon, considering the resources they can bring to the table.