At 08:00 PM 8/11/00 -0400, Steven Furlong wrote:
>"Kerry L. Bonin" wrote:
>> Assuming the body of child porn in circulation is of some reasonable size,
>> and grows far less rapidly than adult porn, it should be feasible to
>> construct a "fingerprint" style database by scanning the collections the
>> FBI (and some postmasters) are known to have in their posession.
>>
>> An automated tool could then conceivably be created in conjunction with a
>> statefull inspection firewall or statefull passive line tap to recognize
>> when significant quantities of registered porn are being transmitted.
>>
>> The obvious counter for this would be encryption or steganography, which
>> was also mentioned.
>
>I know little about the JPEG format, but wouldn't it be simple enough
>to switch colors 1 and 2 in the palette, then swap all references to
>those colors in the image? Or doesn't it work that way? Assuming it
>does work, there could be a dozen versions of the same image, visually
>identical but not bit-wise identical.
This could qualify as a trivial form of steganography. JPEG is
considerably more complex than that (GIF,BMP,ect. do meet that
description), but the abstract principle holds. Simple mods (add color
offsets to random pixels across image before retransmission, like a
'watermark') could be defeated by more comprehensive "fingerprinting"
methods, but usual disclaimers about 'bullets' vs. 'armor', and you end up
at crypto.
>Encryption would be the obvious counter to this. Even in societies
>where it's legal, though, the combination of tool inconvenience and
>big-brotherish suspicion of encryption where not provable necessary
>is preventing the widespread use.
Agreed, although many people (including myself) are working hard to make
crypto easier to use.
>I'm more interested in the extension of these tools to other
>information Big Brother would like to ban. The technical challenges of
>banning or protecting ASCII text files are different than those for
>binaries, so I don't know if the same tools would be used.
Same here. I'm pretty much convinced that the only end-user means for
privacy are VPN's and web-of-trust PKIs. I think the FBI is heading
towards eventual "dragnet" style monitoring of the whole damn net, pretty
much like the NSA and friends already have.
>Oh, and for the benefit of Big Brother, my ex-wife's attorneys, and
>future employers, I'm not especially interested in kiddie porn. I'm
>interested in the technical and social challenges here.
heh... I was wondering if/how I should qualify my own comments as well. I
have kids, and my personal opinion on kiddie porn is minimum penalty of
forced castration for creators of the images, if not death penalty. That
said, I don't think its constitutional for the FBI to conduct "dragnet"
sweeps for _any_ crime, which seems to the direction they are heading -
'two wrongs' and the like. The technical issues on both sides are
interesting, and as I work in security and open source crypto, I'm
painfully aware of my role on both sides of the fence.
