IBM Seeks Patent On Digital Witch Hunts 136
theodp writes "Should Mark Zuckerberg want to identify a snitching Facebook employee, Elon Musk wish to set a trap for loose-lipped Tesla employees, or Steve Jobs want to 'play Asteroid,' they'll be happy to know that a new IBM 'invention' makes it easier than ever to be paranoid. In a newly-disclosed patent application for Embedding a Unique Serial Number into the Content of an Email for Tracking Information Dispersion (phew!), Big Blue describes how it's automated the creation of Canary Traps with patent-pending software that makes ever-so-slight changes to e-mail wording to allow you to spy on the unsuspecting recipients of your e-mail."
That's a neat trick! (Score:5, Funny)
I'm pretty sure witches are analog.
Re: (Score:2)
Re: (Score:2)
I thought they being phased out?
Odd. I could have sworn I just heard a toad.
Re:That's a neat trick! (Score:4, Insightful)
Re: (Score:2, Funny)
Everyone knows witches are made of wood.
"What also floats in water?" "Bread!" "Apples!" "Very small rocks!" "Cider!" "Great gravy!" "Cherries!" "Mud!" "Churches...churches!" "Lead...lead!"
IBM turned me into a newt . . . (Score:2)
. . . Apologies to IBM, joke follows, no offense intended . . .
" . . . a newt . . . ?"
". . . I got better."
"IBM is like a stream of bat's piss."
"It shines out like a shaft of gold when all around is dark."
"IBM is like a dose of clap."
"Before it arrives is pleasure, but after is a pain in the dong."
"It was one of Wilde's. He's the snitch."
Joke stolen from: http://www.phespirit.info/montypython/oscar_wilde.htm [phespirit.info]
Re: (Score:2)
A digital witch ! a digital witch ! Flame her !
Re: (Score:2)
Everyone knows that witches are female barbers named Hazel.
(groan).
Re:That's a neat trick! (Score:4, Insightful)
That's what the digital witches want you to believe.
Re: (Score:2)
it is shit like this that slash-dotters are reknown for taking the piss of rather than for answering seriously. which kind of tells the tale of why slash-dotters are never taken seriously. perhaps we should ask which government organisation slash-dotters work for before we take notice of them rather than their slashdot given karma rating. ouch is that a bit too close to comfort for you?
Obviously. Government agencies are known for their sense of humor. You got me! Congratulations. As your prize, you get to b
What an advance! (Score:5, Insightful)
Re: (Score:1)
This is great. The next time you send an "infelicitously worded" email, you can just blame it on IBM.
In fact, let's not use the word "flame" anymore, when "IBM" will do.
Re:What an advance! (Score:4, Insightful)
The next time you send an "infelicitously worded" email, you can just blame it on IBM.
Speaking of "infelicitously worded," did you notice that the all of the changed examples (i.e., the second through fourth) start to sound like an instruction manual that has been poorly translated into English?
Re: (Score:2)
That's why I run prospective leaks through a grammar checker before releasing them into the wild.
Re: (Score:2)
Funny thing- When my guild was having problems with a spy in the guild we did something similar to the OP.
We wrote an app which would imbed invisible characters or spelling mistakes into messages so that is a message was leaked we could trace it to the offender.
Re: (Score:2)
It was in a browser based game so it was just an alteration of an earlier tool for sending to a group(the game had no capacity for sending to a list so if you wanted to send a message to 20 people it was annoying so we made a small system to submit messages to users from our guilds site. It was then a natural progression to add a system to alter each message as it was sent to people and log the "markers" in a database.)
I'm not guild leadership so I don't know exactly how well it worked.
At the time an extrem
Re: (Score:2)
Not all that amazing- as long as the user sending messages was logged in it's just a matter of submitting a few POSTs.
Re: (Score:2)
Re: (Score:2)
"Anyone get the feeling that lately technology is increasingly about chasing our technological tails rather than actually doing much of anything?"
I, for one, welcome our new tail-chasing overlords.
Re: (Score:2)
In Soviet Russia, of course, tail chased you!
Re: (Score:2)
Re: (Score:3, Interesting)
To be honest I assumed this sort of thing was already being done. It's just fingerprinting, using whatever medium is being used.
Security through obscurity. Again. (Score:4, Insightful)
Security through obscurity doesn't work. I don't know how many stupid asinine ideas like this I'll have to see before I quit this career, but I suspect the number will be higher than I care to contemplate. This is ridiculously easy to subvert -- just run it through the thesaurus algorithm a few more times. Viola, new unique copies, that don't match what they have on record.
Next on the docket -- "Why you can read your coworkers e-mail but not the NSA's. Explorations in the bleedingly obvious."
Obscurity isn't worthless (Score:5, Insightful)
But do leakers do that? Always?
People get caught when their guard is down. People fuck up. People think, "nobody's out to get me."
Sometimes they're wrong. Every single day, people die by that principle. They won't get mugged. They can drive home drunk and probably not crash. They can forgo the condom this time. It's true they're not guaranteed to lose. But sometimes they still do.
You're right that it's not a general solution that you can count on, to find your opponent. But at the same time, you know plenty of damn fools will get caught by it.
It's not security through obscurity; it's advantage through security.
Condom? (Score:3, Funny)
What are those for?
Re: (Score:1, Funny)
Re: (Score:2, Insightful)
It's not security through obscurity; it's advantage through security.
Pardon me for being a purist. But anything this easily thwarted also has no legal value, and my understanding here is that it's a punitive measure against the "leaker". If the document got leaked in the first place, chances are good the "leaker" in question can form an affirmative defense that a third party acquired the copy. Worse, if the algorithm is limited to a finite set of permutations, and anything that sticks to words and phrases is a very finite space (cryptographically speaking), the argument coul
Re: (Score:3, Insightful)
It's not enough to show that there's another possible explanation, you have to show that your story is just as reasonable as the DA's. Your lawyer has to raise reasonable doubt in the minds of the jury to get them to vote not guilty. And, do you really think the jury's going to find your claim reasonable? I sure don't!
Re: (Score:2)
the argument could be made that the document was leaked through a different source, run through the algorithm, and coincidentally matched the "signature" of the leaker's copy.
Remember they just have to show "probable cause" to a court to get a search warrant. Once they have that search warrent they can start searching for more direct evidence that you leaked it.
It's completely bogus. If they want to keep data private, then use real cryptography, and validated software/hardware combinations that make the cos
Re: (Score:2)
Sometimes there's no defense, because we're not always talking about court. So what if you don't have solid proof that person X leaked? You still know (pretty darn sure) that they did it.
If you're Steve Jobs, you fire 'em. So you don't have proof? Fine, their unemployment claim goes through. Or they're demoted to beta tester and if they don't like knowing the cool secrets, they can quit. You're no longer giving secrets to leaky
Re: (Score:2)
BTW, how can you call yourself a purist? That is not "real security." That's a practical (in)convenience, just the kind of advantage (as opposed
Re: (Score:3, Funny)
You must be new here.
Peter
Re:Security through obscurity. Again. (Score:5, Insightful)
In your rush to bash people for not having an infallible solution, you're making two awfully big assumptions:
1. That they're intending this to have any effect whatsoever on people actively trying to disguise the source of the leak; and,
2. That a solution isn't worthwhile if it doesn't survive whatever geek-haxxor workarounds you can come up with.
This is exceptionally poor security for classified information. That's not its intent. It's poor security against people actively disguising themselves by "run[ning] it through the thesaurus algorithm a few more times." So be it.
It's still going to catch that guy who wants to show how in the know he is and forwards it to his buddies who post it on a website, and I'm sure there are far higher incidences of that than industrial espionage or whatever it is you're maligning them for not tackling.
I wouldn't personally implement a system like this, but the fact that it doesn't cover all potential circumstances doesn't mean it's worthless. I don't know why Slashdotters always have such a hard time grasping that.
Re: (Score:1)
Not necessarily trying to bash it.
If the software handles it really well, and adds redundant error-correction to survive multiple splicing and editing jobs, then I would be amazed.
But if it's easily duplicated by "home-made" (single-person, low budget) methods, why shouldn't we scratch our heads in wonder when they try to patent something simple?
Re: (Score:2)
Re: (Score:2)
I wouldn't personally implement a system like this, but the fact that it doesn't cover all potential circumstances doesn't mean it's worthless. I don't know why Slashdotters always have such a hard time grasping that.
Because we're a bunch of purists who spend our time trying to find novel new solutions to esoteric problems the average person doesn't know or care about. We do have an easy time grasping it, but because of our own personal and professional standards, extensive experience, and training in information technology, we want the best. "Sorta works" just isn't in the geek vocabulary. And, I'd argue, that's how it should be.
Re:Security through obscurity. Again. (Score:4, Funny)
Viola, new unique copies, that don't match what they have on record.
When I leak your post to the world, I'll be sure to change that to "Cello, new unique copies..."
Re: (Score:2)
C'mon, mod this up. Well done.
Re: (Score:2)
This is a time honored counter intelligence technique. It does work in my experience, not every time maybe (I've only been involved, or aware of it, once with this), but often enough to be useful. Its even more effective if you have a small list of possible moles.
Re: (Score:2)
Security through darkness doesn't work. I don't know how many stupid donkeyish ideas like this I'll have to see before I terminate this career, but I suspect the number will be higher than I care to meditate. This is ridiculously easy to pervert -- just run it through the thesaurus algorithm a few more times. Viola, new unique copies, that don't game what they have on music album.
Next on the small boat enclosure -- "Why you can read your coworkers e-mail but not the NSA's. Explorations in the hemorrhagingly obvious."
I think you're mistaken. Can you see any difference with your original post? I knew it.
Re: (Score:2)
I bet it will be fewer than the number of times I hear people decrying "security through obscurity" for no real reason.
Think it through for a second will you (Score:2)
It is about TRUST. As a reader I got to trust that a leaked document has not been falsified in anyway. Throwing it through a filter will definitly remove that trust. If you changed the meaning of words... well how do I know exactly what you have changed? var x "I helped my uncle Jack of a horse."; document.write(x.toLowerCase());
Just get a Blackberry (Score:1, Offtopic)
n a newly-disclosed patent application for Embedding a Unique Serial Number into the Content of an Email for Tracking Information Dispersion (phew!)
Get a Blackberry or a wireless broadband card for your netbook. And you can defeat the Great Blue email content tracker, which should keep you and your pathetic band safe from the Death Star, at least temporarily.
Not new (Score:5, Interesting)
And yes, they have caught corporate spies with this before.
Re:Not new (Score:4, Insightful)
Each persons copy of whatever paperwork has different sets of typos, so if there are any leaks, they know exactly who it came from.
For those that don't know, for each new 'typo', they add a few more zeros in the contract dollar amount. That is also why a government contract for armored vehicles would be Top Secret.
Re: (Score:2)
Re: (Score:3, Informative)
Re: (Score:1, Interesting)
Once you have a TS clearance you are trusted until there are signs present that indicate a review thereof might be necessary - at least this is how it worked in my part of the world anyway.
Or at least, that's what they wanted you to think.
But anyway, is it accurate to call it a witch hunt when the "witches" are real? I thought the whole point was that there were no actual witches.
Re: (Score:3, Insightful)
Then ,whoever has the "typo free" version gets blamed.
What a dumb way to do things.
Re: (Score:2)
Digital Witch Hunt (Score:1)
Re: (Score:3, Insightful)
A stock bubble will, sooner or later, go up in a giant pile of fake-money smoke(taking a whole lot of people's real money with it); but, until it does so, it offers the best returns in town. If you drop out too early, your returns will be secure; but pitiful. If you drop out too late, you'll get soaked.
In your case, if you drop out early, you'll be the penniless guy living in a shack and trying to make guns out of
paraphrase (Score:2)
I was going to say that I am going to patent paraphrasing as a technique for circumventing this technology, but then I remembered that would a violation of the DMCA...
Re: (Score:2)
No expectation of workplace privacy (Score:3, Insightful)
Re: (Score:1, Interesting)
Once upon a time I had a boss who enlisted my help to install the camera system with which she could spy on me (although that wasn't its main purpose, supposedly).
Easily defeated, here's how: (Score:1)
http://www.examiner.com/x-6665-Liberal-Examiner~y2009m7d24-Miss-Teen-South-Carolinas-title-of-dumbest-person-alive-threatened-by-California-woman [examiner.com]
Step 2) Convert voice messages to text using "SpinVox".
http://yro.slashdot.org/article.pl?sid=09/07/23/228208 [slashdot.org]
Re: (Score:2, Interesting)
I took your quote on Babel Fish and ran it back to English to get this:
"All point of technology is to encode consecutive numbering by doing the little modification to wording of message. Reading those words to another medium still maintains the hand harsh number."
It's a terrible translation example but if you used a professional translator, you'd still
Re: (Score:2)
With 2 layers of error-prone translation, there's bound to be many random substitutions.
But they don't necessarily hit the particular words which encode the information. Even if they do corrupt some of 'em the info is inserted redundantly and error correcting codes are straightforward and applicable.
finally (Score:2, Insightful)
I thought that this sort of thing was a fairly standard thing to do if you really cared about the document. (this sort of thing was describe in The Hunt for Red October, the concept isn't new, automating it _may_ be)
I hope this sort of thing becomes common.
it will let people track down who distributes things _without_ any need for DRM and that sort of nonsense. if you really can show that a document (mp3, video, etc) came from user X you should have a fairly straightforward case against them, and if you kno
Re: (Score:2)
I don't consider junior's desire to get shit-tastic mall punk from Kazaa to be a human rights issue; but I am hard pressed to think of any (even slightly efficacious) anti-piracy technology that wouldn't have applications in the burgeoning field of tyranny.
Double plus good (Score:1, Insightful)
I guess the subtleties of word choice are becoming an old-fashioned concern.
Two obvious comments (Score:4, Insightful)
1. How can this be patent worthy? Individual changes to documents to make them traceable have been performed for years - even in anonymous questionnaires...
2. Patented. Good. Perhaps that will prevent others from using this method. If we are really lucky, IBM won't use it either.
Re: (Score:2)
How can this be patent worthy? Individual changes to documents to make them traceable have been performed for years - even in anonymous questionnaires...
I wondered exactly the same thing. It's even a part of the plot-line in an early Tom Clancy book to determine who was leaking classified documents.
Re: (Score:2, Interesting)
It's Digital Watermarking [wikipedia.org] with a software thesaurus/dictionary.
The movie industry used digital watermarks for VHS trailer tapes. http://www.afterdawn.com/news/archive/4616.cfm [afterdawn.com]
Trent Reznor used an alternate strategy for one of his short films (from 1992?):
"...a few people who received the movie as a special gift. Each version given away was missing a different section of video, thus enabling Reznor to keep track of those who betrayed him."
http://www.toplessrobot.com/2008/08/the_10_most_amazing_unreleased_things_ever_made.php [toplessrobot.com]
Re: (Score:1)
So if two of them worked together, they'd get the complete movie, and there would be no way to know who released it (assuming they are careful at cutting, so it's not possible to identify the edited section).
Or they even remove a third scene and some unrelated person gets the blame.
Re: (Score:2)
If I understand it correctly, making changes to documents for tracking purposes isn't the patented part. The method of automating the whole process is what is patented.
Re: (Score:3, Funny)
Next you'll be telling me that they can automatically spot spelling errors, and wrap text at an 80-character margin.
Re: (Score:2)
Still seems dangerously close to "obvious" territory, to anyone skilled in the art of babelfish and back again; but doesn't have nearly as much prior art that way.
easily defeated: leak to slashdot (Score:1)
email? (Score:2)
Do people still use that? Either way, why not try to improve your hiring processes instead of treating all your employees like criminals. If you do treat me like a criminal and give me the punishment, I do feel obliged to get to do the crime as well...
Note to all! (Score:2)
Don't do non-work from work, if you work at IBM.
Crap! I wrote this from work!
Their Hovercraft is full of Crap (Score:3, Funny)
This won't go anywhere.
Or if they do and try to implement this in their system, it will last until the first email is translated into a language OTHER than US English.
"Over the last 20 years, we have remained dedicated to a single mission..."
"Over the last 20 years, we have remained confined to a single mental institution..."
"Over the last 20 years, we have remained obligated to one church..."
"Over the last 20 years, we have remained engaged in espionage..."
Re: (Score:1, Funny)
"Over the last 20 years, we have remained dedicated to a single mission..."
Federation.
"Over the last 20 years, we have remained confined to a single mental institution..."
Borg
"Over the last 20 years, we have remained obligated to one church..."
Bajoran
"Over the last 20 years, we have remained engaged in espionage..."
Romulan
Comment removed (Score:3, Interesting)
Re: (Score:3, Interesting)
Spy agencies have been doing this kind of thing for decades. ... They used to have a major problem with classified material being leaked to the press by congressional staffers.
Now you know why "Deep Throat" was so cagey, vague, and just pointed Woodward and Bernstein to the right lines of investigation and insisted they hunt down other sources and confirmation, rather than letting them use him as an unnamed direct source.
How long . . . (Score:3, Insightful)
How does this make it easier? (Score:2)
Anyone else... (Score:1)
Re: (Score:2)
My watch is analog... it is so much easier to visualize the passage of time that way.
Trust me. 120 years from now you won't care if you have an analog or digital watch. Time will pass.
Re: (Score:1)
Of course, in 120 years you'll get implants which make you always simply know what time it is, without having to look at some device. Looking at some devices on your hands would only distract you when operating your flying cars. :-)
Re: (Score:2)
Of course if the dead DO care about what time it is, there are far bigger issues to worry about. I submit to you, that a self-winding analog watch will last longer and serve you better in the afterlife as well. Unless, of course, you can still get batteries for your digital watch there, wherever there is.
It's still SMTP rigght? (Score:2)
Type:
HELO yourdomainname.com
MAIL FROM: <you@hostname.com>
RCPT TO: <to@hostname.com>
DATA
lol
lololol
Don't to Done (Score:2)
Do we now have to go back to straight text e-mails just to ensure that nobody is hiding tracking bugs in it?
Why is this new ? (Score:3, Insightful)
This has been used for years - for example, back in Maggie Thatcher's day they caught a mole this way. What, exactly, is new about this ? That it's in software ?
Re: (Score:1, Insightful)
What's new is that it's done automatically, which presumably means it can be done on a regular basis instead of only when an investigation is already in process
Re: (Score:2, Insightful)
Well, they'll stop blindly using it the first time it creates a slight, but disastrous modification of the meaning.
WinDiff (Score:2)
2: WinDiff Document A against Document B.
3: Create Document C containing none of the mismatches in Document A+B.
4: PROFIT!
Overall this reminds me of the SDMI system several years ago that claimed that it could hide unique identifying data in an audio recording that couldn't be detected or removed and the developers of it issued a challenge to break the system. When it was quickly broken by Edward W. Felten the music industry responded not with a reward,
Self defeating....literaly (Score:2)
Ok, is this to complete with Amazon's double rot-13 encryption patent?
Let me get this straight, they invented a system that identifies people by slightly altering wording of messages.... automatically.... sooooooo, what exactly is stopping people from using the same exact system to automatically modify the message to make it un-traceable again????? Thunderbird plug-in in 3 ... 2...1...
-Em
enthusiastic =/= commited (Score:2)
First... they came for the Napsters..... (Score:1)
All my email comes in ASCII (Score:2)
And I mean that in a very real, and legally binding sense.
Tom Clancy == prior art (Score:3, Interesting)
Tom Clancy beat this drum -- almost tiresomely -- in several of his books back in the 90's. Our Fearless Protagonist, Jack Ryan, even came up with the algorithm, the name of which currently escapes me. Granted, the algorithm is never actually explained, but its output is identical to what this patent proposes, so methinks this probably isn't worthy of a patent.
Just my two cents, of course.
-Slarty
Re: (Score:2)
Re: (Score:1)
You patent the implementation, not the idea. You can't patent flying cars, you can patent the flying car you manufacture and the neat tricks inside it.
You don't necessarily patent specific implementations. If no one had ever talked about the idea of the flying car before, you could very well go for claims like
1. Automobile, characterized in that said automobile is equipped with means of creating an aerodynamical lifting force greater or equal to the weight of said automobile.
You just have to provide at least one implementation that the averagely skilled person in the technical field of the invention can get to work, but you are not limited to this.
On
Re: (Score:2)
You implement the idea -- and *how* it's implemented, but not the implementation, itself. For example, patent applications do not generally contain more than superficial pseudo-code; they certainly don't contain a full implementation of the code -- that's where copyright comes in. Tom Clancy's description was lengthy enough that I think it certainly meets the criteria by which (say) waterbeds were unable to be patented because of Heinlein's description [wikipedia.org].
My New Patent (Score:1)
I'd like to patent, "beating the living piss out of anyone found to be spying on me for any purpose".
I mean damn, if I'm fired for some dissemination of some random email who cares? I got nothing to lose.
Head for that CEOs etched glass door and commence pounding the immoral bastard to blood pudding.
Kinda takes the glamour outa their false sense of total power and control with multiple fractures lascerations and deep bruising.
Hell, I can do 30 days in jail. Can he do
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
That of course assumes that you know who the other recipients are. man bcc.