IBM Seeks Patent On Digital Witch Hunts 136
theodp writes "Should Mark Zuckerberg want to identify a snitching Facebook employee, Elon Musk wish to set a trap for loose-lipped Tesla employees, or Steve Jobs want to 'play Asteroid,' they'll be happy to know that a new IBM 'invention' makes it easier than ever to be paranoid. In a newly-disclosed patent application for Embedding a Unique Serial Number into the Content of an Email for Tracking Information Dispersion (phew!), Big Blue describes how it's automated the creation of Canary Traps with patent-pending software that makes ever-so-slight changes to e-mail wording to allow you to spy on the unsuspecting recipients of your e-mail."
What an advance! (Score:5, Insightful)
Security through obscurity. Again. (Score:4, Insightful)
Security through obscurity doesn't work. I don't know how many stupid asinine ideas like this I'll have to see before I quit this career, but I suspect the number will be higher than I care to contemplate. This is ridiculously easy to subvert -- just run it through the thesaurus algorithm a few more times. Viola, new unique copies, that don't match what they have on record.
Next on the docket -- "Why you can read your coworkers e-mail but not the NSA's. Explorations in the bleedingly obvious."
No expectation of workplace privacy (Score:3, Insightful)
finally (Score:2, Insightful)
I thought that this sort of thing was a fairly standard thing to do if you really cared about the document. (this sort of thing was describe in The Hunt for Red October, the concept isn't new, automating it _may_ be)
I hope this sort of thing becomes common.
it will let people track down who distributes things _without_ any need for DRM and that sort of nonsense. if you really can show that a document (mp3, video, etc) came from user X you should have a fairly straightforward case against them, and if you know that this sort of thing can be done you are not going to send out copies of things to everyone.
Double plus good (Score:1, Insightful)
I guess the subtleties of word choice are becoming an old-fashioned concern.
Re:That's a neat trick! (Score:4, Insightful)
Two obvious comments (Score:4, Insightful)
1. How can this be patent worthy? Individual changes to documents to make them traceable have been performed for years - even in anonymous questionnaires...
2. Patented. Good. Perhaps that will prevent others from using this method. If we are really lucky, IBM won't use it either.
Re:Not new (Score:4, Insightful)
Each persons copy of whatever paperwork has different sets of typos, so if there are any leaks, they know exactly who it came from.
For those that don't know, for each new 'typo', they add a few more zeros in the contract dollar amount. That is also why a government contract for armored vehicles would be Top Secret.
Re:What an advance! (Score:4, Insightful)
The next time you send an "infelicitously worded" email, you can just blame it on IBM.
Speaking of "infelicitously worded," did you notice that the all of the changed examples (i.e., the second through fourth) start to sound like an instruction manual that has been poorly translated into English?
How long . . . (Score:3, Insightful)
Re:Digital Witch Hunt (Score:3, Insightful)
A stock bubble will, sooner or later, go up in a giant pile of fake-money smoke(taking a whole lot of people's real money with it); but, until it does so, it offers the best returns in town. If you drop out too early, your returns will be secure; but pitiful. If you drop out too late, you'll get soaked.
In your case, if you drop out early, you'll be the penniless guy living in a shack and trying to make guns out of discarded tin cans. If you drop out too late, you'll have a bunch of shiny CNC gear that you don't know how to use show up about the same time Big Brother's jackbooted minions do.
The trick, of course, is finding the right time...
Obscurity isn't worthless (Score:5, Insightful)
But do leakers do that? Always?
People get caught when their guard is down. People fuck up. People think, "nobody's out to get me."
Sometimes they're wrong. Every single day, people die by that principle. They won't get mugged. They can drive home drunk and probably not crash. They can forgo the condom this time. It's true they're not guaranteed to lose. But sometimes they still do.
You're right that it's not a general solution that you can count on, to find your opponent. But at the same time, you know plenty of damn fools will get caught by it.
It's not security through obscurity; it's advantage through security.
Re:Security through obscurity. Again. (Score:5, Insightful)
In your rush to bash people for not having an infallible solution, you're making two awfully big assumptions:
1. That they're intending this to have any effect whatsoever on people actively trying to disguise the source of the leak; and,
2. That a solution isn't worthwhile if it doesn't survive whatever geek-haxxor workarounds you can come up with.
This is exceptionally poor security for classified information. That's not its intent. It's poor security against people actively disguising themselves by "run[ning] it through the thesaurus algorithm a few more times." So be it.
It's still going to catch that guy who wants to show how in the know he is and forwards it to his buddies who post it on a website, and I'm sure there are far higher incidences of that than industrial espionage or whatever it is you're maligning them for not tackling.
I wouldn't personally implement a system like this, but the fact that it doesn't cover all potential circumstances doesn't mean it's worthless. I don't know why Slashdotters always have such a hard time grasping that.
Re:Obscurity isn't worthless (Score:2, Insightful)
It's not security through obscurity; it's advantage through security.
Pardon me for being a purist. But anything this easily thwarted also has no legal value, and my understanding here is that it's a punitive measure against the "leaker". If the document got leaked in the first place, chances are good the "leaker" in question can form an affirmative defense that a third party acquired the copy. Worse, if the algorithm is limited to a finite set of permutations, and anything that sticks to words and phrases is a very finite space (cryptographically speaking), the argument could be made that the document was leaked through a different source, run through the algorithm, and coincidentally matched the "signature" of the leaker's copy.
It's completely bogus. If they want to keep data private, then use real cryptography, and validated software/hardware combinations that make the cost of extracting the data in a usable format more expensive than the data it's protecting. The military does it, as to certain businesses, and intelligence agencies around the world. The technology is there, it works, and it's real security.
Why is this new ? (Score:3, Insightful)
This has been used for years - for example, back in Maggie Thatcher's day they caught a mole this way. What, exactly, is new about this ? That it's in software ?
Re:Obscurity isn't worthless (Score:3, Insightful)
It's not enough to show that there's another possible explanation, you have to show that your story is just as reasonable as the DA's. Your lawyer has to raise reasonable doubt in the minds of the jury to get them to vote not guilty. And, do you really think the jury's going to find your claim reasonable? I sure don't!
Re:That's a neat trick! (Score:4, Insightful)
That's what the digital witches want you to believe.
Re:Why is this new ? (Score:1, Insightful)
What's new is that it's done automatically, which presumably means it can be done on a regular basis instead of only when an investigation is already in process
Re:Not new (Score:3, Insightful)
Then ,whoever has the "typo free" version gets blamed.
What a dumb way to do things.
Re:Why is this new ? (Score:2, Insightful)
Well, they'll stop blindly using it the first time it creates a slight, but disastrous modification of the meaning.