Stories
Slash Boxes
Comments
typodupeerror delete not in
  • Preferences

Comments: 136 +-   IBM Seeks Patent On Digital Witch Hunts on Friday July 24 2009, @07:01PM

Posted by Soulskill on Friday July 24 2009, @07:01PM
from the everyone-sees-a-unique-version-of-this-story dept.
ibm
patents
theodp writes "Should Mark Zuckerberg want to identify a snitching Facebook employee, Elon Musk wish to set a trap for loose-lipped Tesla employees, or Steve Jobs want to 'play Asteroid,' they'll be happy to know that a new IBM 'invention' makes it easier than ever to be paranoid. In a newly-disclosed patent application for Embedding a Unique Serial Number into the Content of an Email for Tracking Information Dispersion (phew!), Big Blue describes how it's automated the creation of Canary Traps with patent-pending software that makes ever-so-slight changes to e-mail wording to allow you to spy on the unsuspecting recipients of your e-mail."
story

Related Stories

Submission: IBM Seeks Patent on Digital Witch Hunts by theodp (442580)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

IBM Seeks Patent On Digital Witch Hunts 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • That's a neat trick! (Score:5, Funny)

    by Tumbleweed (3706) * on Friday July 24 2009, @07:02PM (#28814751) Homepage

    I'm pretty sure witches are analog.

  • What an advance! (Score:5, Insightful)

    by WindowlessView (703773) on Friday July 24 2009, @07:11PM (#28814817)
    Anyone get the feeling that lately technology is increasingly about chasing our technological tails rather than actually doing much of anything?

    • "Anyone get the feeling that lately technology is increasingly about chasing our technological tails rather than actually doing much of anything?"

      I, for one, welcome our new tail-chasing overlords.

    • Re: (Score:3, Interesting)

      by Threni (635302)

      To be honest I assumed this sort of thing was already being done. It's just fingerprinting, using whatever medium is being used.

      • Re:What an advance! (Score:4, Insightful)

        by conlaw (983784) on Friday July 24 2009, @07:55PM (#28815117)

        The next time you send an "infelicitously worded" email, you can just blame it on IBM.

        Speaking of "infelicitously worded," did you notice that the all of the changed examples (i.e., the second through fourth) start to sound like an instruction manual that has been poorly translated into English?

  • Security through obscurity. Again. (Score:4, Insightful)

    by girlintraining (1395911) on Friday July 24 2009, @07:13PM (#28814841)

    Security through obscurity doesn't work. I don't know how many stupid asinine ideas like this I'll have to see before I quit this career, but I suspect the number will be higher than I care to contemplate. This is ridiculously easy to subvert -- just run it through the thesaurus algorithm a few more times. Viola, new unique copies, that don't match what they have on record.

    Next on the docket -- "Why you can read your coworkers e-mail but not the NSA's. Explorations in the bleedingly obvious."

    • Obscurity isn't worthless (Score:5, Insightful)

      by Cajun Hell (725246) on Friday July 24 2009, @08:37PM (#28815351) Homepage Journal

      just run it through the thesaurus algorithm a few more times

      But do leakers do that? Always?

      People get caught when their guard is down. People fuck up. People think, "nobody's out to get me."

      Sometimes they're wrong. Every single day, people die by that principle. They won't get mugged. They can drive home drunk and probably not crash. They can forgo the condom this time. It's true they're not guaranteed to lose. But sometimes they still do.

      You're right that it's not a general solution that you can count on, to find your opponent. But at the same time, you know plenty of damn fools will get caught by it.

      It's not security through obscurity; it's advantage through security.

      • What are those for?

      • Re: (Score:2, Insightful)

        by girlintraining (1395911)

        It's not security through obscurity; it's advantage through security.

        Pardon me for being a purist. But anything this easily thwarted also has no legal value, and my understanding here is that it's a punitive measure against the "leaker". If the document got leaked in the first place, chances are good the "leaker" in question can form an affirmative defense that a third party acquired the copy. Worse, if the algorithm is limited to a finite set of permutations, and anything that sticks to words and phrases is a very finite space (cryptographically speaking), the argument coul

        • Re: (Score:3, Insightful)

          by techno-vampire (666512)
          the argument could be made that the document was leaked through a different source, run through the algorithm, and coincidentally matched the "signature" of the leaker's copy.

          It's not enough to show that there's another possible explanation, you have to show that your story is just as reasonable as the DA's. Your lawyer has to raise reasonable doubt in the minds of the jury to get them to vote not guilty. And, do you really think the jury's going to find your claim reasonable? I sure don't!

      • Re: (Score:3, Funny)

        by pyro_peter_911 (447333)

        People think, "nobody's out to get me."

        You must be new here.

        Peter

    • Re:Security through obscurity. Again. (Score:5, Insightful)

      by Dhalka226 (559740) on Friday July 24 2009, @08:45PM (#28815409)

      In your rush to bash people for not having an infallible solution, you're making two awfully big assumptions:

      1. That they're intending this to have any effect whatsoever on people actively trying to disguise the source of the leak; and,
      2. That a solution isn't worthwhile if it doesn't survive whatever geek-haxxor workarounds you can come up with.

      This is exceptionally poor security for classified information. That's not its intent. It's poor security against people actively disguising themselves by "run[ning] it through the thesaurus algorithm a few more times." So be it.

      It's still going to catch that guy who wants to show how in the know he is and forwards it to his buddies who post it on a website, and I'm sure there are far higher incidences of that than industrial espionage or whatever it is you're maligning them for not tackling.

      I wouldn't personally implement a system like this, but the fact that it doesn't cover all potential circumstances doesn't mean it's worthless. I don't know why Slashdotters always have such a hard time grasping that.

      • I wouldn't personally implement a system like this, but the fact that it doesn't cover all potential circumstances doesn't mean it's worthless. I don't know why Slashdotters always have such a hard time grasping that.

        Because we're a bunch of purists who spend our time trying to find novel new solutions to esoteric problems the average person doesn't know or care about. We do have an easy time grasping it, but because of our own personal and professional standards, extensive experience, and training in information technology, we want the best. "Sorta works" just isn't in the geek vocabulary. And, I'd argue, that's how it should be.

    • Viola, new unique copies, that don't match what they have on record.

      When I leak your post to the world, I'll be sure to change that to "Cello, new unique copies..."

  • Not new (Score:5, Interesting)

    by Anonymous Coward on Friday July 24 2009, @07:15PM (#28814863)
    My girlfriend works in the bid and proposal department at Oshkosh Corps. They regularly deal with top secret government contracts for armored vehicles. Each persons copy of whatever paperwork has different sets of typos, so if there are any leaks, they know exactly who it came from.

    And yes, they have caught corporate spies with this before.

    • Re:Not new (Score:4, Insightful)

      by kpainter (901021) on Friday July 24 2009, @07:39PM (#28815009)

      Each persons copy of whatever paperwork has different sets of typos, so if there are any leaks, they know exactly who it came from.

      For those that don't know, for each new 'typo', they add a few more zeros in the contract dollar amount. That is also why a government contract for armored vehicles would be Top Secret.

    • So if you're a spy, scan it and then spellcheck?

    • Re: (Score:3, Informative)

      by digitalchinky (650880)

      What if the 'corporate spy' is the mail server admin? Plucking crap out of the bcc_always queue or so on and so forth.

      Having had a TS security clearance for a whole bunch of years myself, I frequently handled pass by hand (codeword) eyes only stuff. This entire 'unique copy to each person' thing only happens when someone is 'already' suspected of working for the other side, or in the movies.

      Once you have a TS clearance you are trusted until there are signs present that indicate a review thereof might be nec

    • Re: (Score:3, Insightful)

      by Ralph Spoilsport (673134)
      So? You just copy and paste it into Word and fix all the typos.

      Then ,whoever has the "typo free" version gets blamed.

      What a dumb way to do things.

  • I was going to say that I am going to patent paraphrasing as a technique for circumventing this technology, but then I remembered that would a violation of the DMCA...

  • No expectation of workplace privacy (Score:3, Insightful)

    by cryfreedomlove (929828) on Friday July 24 2009, @07:18PM (#28814879)
    You should assume, while in the office, that there is a camera on you and that any content you produce on an employer provided computer will be available for inspection. That's just a simple reality these days. I keep personal information I don't want to share on my own personal computer at home.

  • finally (Score:2, Insightful)

    by Anonymous Coward

    I thought that this sort of thing was a fairly standard thing to do if you really cared about the document. (this sort of thing was describe in The Hunt for Red October, the concept isn't new, automating it _may_ be)

    I hope this sort of thing becomes common.

    it will let people track down who distributes things _without_ any need for DRM and that sort of nonsense. if you really can show that a document (mp3, video, etc) came from user X you should have a fairly straightforward case against them, and if you kno

    • Luckily, anonymous publication and distribution has never been turned to noble purposes [wikipedia.org], and hunting down distributors is always about going after wicked pirates.

      I don't consider junior's desire to get shit-tastic mall punk from Kazaa to be a human rights issue; but I am hard pressed to think of any (even slightly efficacious) anti-piracy technology that wouldn't have applications in the burgeoning field of tyranny.

  • Two obvious comments (Score:4, Insightful)

    by Gnavpot (708731) on Friday July 24 2009, @07:35PM (#28814977)

    1. How can this be patent worthy? Individual changes to documents to make them traceable have been performed for years - even in anonymous questionnaires...

    2. Patented. Good. Perhaps that will prevent others from using this method. If we are really lucky, IBM won't use it either.

    • How can this be patent worthy? Individual changes to documents to make them traceable have been performed for years - even in anonymous questionnaires...

      I wondered exactly the same thing. It's even a part of the plot-line in an early Tom Clancy book to determine who was leaking classified documents.

    • Re: (Score:2, Interesting)

      by mouseblue (1602125)
      I agree, it doesn't seem very patent worthy.
      It's Digital Watermarking [wikipedia.org] with a software thesaurus/dictionary.

      The movie industry used digital watermarks for VHS trailer tapes. http://www.afterdawn.com/news/archive/4616.cfm [afterdawn.com]

      Trent Reznor used an alternate strategy for one of his short films (from 1992?):

      "...a few people who received the movie as a special gift. Each version given away was missing a different section of video, thus enabling Reznor to keep track of those who betrayed him."

      http://www.toplessrobot.com/2008/08/the_10_most_amazing_unreleased_things_ever_made.php [toplessrobot.com]

    • Re: (Score:2)

      by Leto-II (1509)

      If I understand it correctly, making changes to documents for tracking purposes isn't the patented part. The method of automating the whole process is what is patented.

      • Re: (Score:3, Funny)

        by dr2chase (653338)
        Wow! Automation. Word processing. I had never imagined the computers were capable of such a thing.

        Next you'll be telling me that they can automatically spot spelling errors, and wrap text at an 80-character margin.
    • I assume that the patent is for a means(well, probably an "apparatus and method") of making the individual changes programmatically and without making complete hash of the text.

      Still seems dangerously close to "obvious" territory, to anyone skilled in the art of babelfish and back again; but doesn't have nearly as much prior art that way.

  • Do people still use that? Either way, why not try to improve your hiring processes instead of treating all your employees like criminals. If you do treat me like a criminal and give me the punishment, I do feel obliged to get to do the crime as well...

  • Don't do non-work from work, if you work at IBM.

    Crap! I wrote this from work!

  • Their Hovercraft is full of Crap (Score:3, Funny)

    by IonOtter (629215) on Friday July 24 2009, @07:52PM (#28815093) Homepage

    This won't go anywhere.

    Or if they do and try to implement this in their system, it will last until the first email is translated into a language OTHER than US English.

    "Over the last 20 years, we have remained dedicated to a single mission..."

    "Over the last 20 years, we have remained confined to a single mental institution..."

    "Over the last 20 years, we have remained obligated to one church..."

    "Over the last 20 years, we have remained engaged in espionage..."

  • Lots of prior art. (Score:3, Interesting)

    by jcr (53032) <jcr@NOspaM.mac.com> on Friday July 24 2009, @07:52PM (#28815095) Journal

    Spy agencies have been doing this kind of thing for decades. Slightly altering the wording in documents so that the individual recipient is traceable. They used to have a major problem with classified material being leaked to the press by congressional staffers.

    -jcr

    • Re: (Score:3, Interesting)

      by Ungrounded Lightning (62228)

      Spy agencies have been doing this kind of thing for decades. ... They used to have a major problem with classified material being leaked to the press by congressional staffers.

      Now you know why "Deep Throat" was so cagey, vague, and just pointed Woodward and Bernstein to the right lines of investigation and insisted they hunt down other sources and confirmation, rather than letting them use him as an unnamed direct source.

  • How long . . . (Score:3, Insightful)

    by DrMrLordX (559371) on Friday July 24 2009, @08:06PM (#28815205)
    How long will it be until Apple patents goading a supplier into assassinating employees responsible for losing sensitive product prototypes?
  • Since there's now a patent, these other companies would have to pay for a license in order to use this method to spy on their employees.
  • telnet somedomain.com 25

    Type:
    HELO yourdomainname.com
    MAIL FROM: <you@hostname.com>
    RCPT TO: <to@hostname.com>
    DATA
    lol

    lololol
    .

  • How many changes can it make before it either changes the meaning of the e-mail, or makes you look like a moron for sending such an malformed message?

    Do we now have to go back to straight text e-mails just to ensure that nobody is hiding tracking bugs in it?

  • Why is this new ? (Score:3, Insightful)

    by mbone (558574) on Friday July 24 2009, @09:00PM (#28815469)

    This has been used for years - for example, back in Maggie Thatcher's day they caught a mole this way. What, exactly, is new about this ? That it's in software ?

  • 1: Find trusted friend working on same document.
    2: WinDiff Document A against Document B.
    3: Create Document C containing none of the mismatches in Document A+B.
    4: PROFIT!

    Overall this reminds me of the SDMI system several years ago that claimed that it could hide unique identifying data in an audio recording that couldn't be detected or removed and the developers of it issued a challenge to break the system. When it was quickly broken by Edward W. Felten the music industry responded not with a reward,

  • Ok, is this to complete with Amazon's double rot-13 encryption patent?

    Let me get this straight, they invented a system that identifies people by slightly altering wording of messages.... automatically.... sooooooo, what exactly is stopping people from using the same exact system to automatically modify the message to make it un-traceable again????? Thunderbird plug-in in 3 ... 2...1...

    -Em

  • Tom Clancy == prior art (Score:3, Interesting)

    by Slartibartfast (3395) <ken@@@jots...org> on Saturday July 25 2009, @02:14AM (#28816687) Homepage Journal

    Tom Clancy beat this drum -- almost tiresomely -- in several of his books back in the 90's. Our Fearless Protagonist, Jack Ryan, even came up with the algorithm, the name of which currently escapes me. Granted, the algorithm is never actually explained, but its output is identical to what this patent proposes, so methinks this probably isn't worthy of a patent.

    Just my two cents, of course.

    -Slarty

      • Re: (Score:2, Interesting)

        by mouseblue (1602125)
        Let me clarify: The ideal workaround is to get a very close translation (small error rate) and reverse the process so that the errors build up.

        I took your quote on Babel Fish and ran it back to English to get this:

        "All point of technology is to encode consecutive numbering by doing the little modification to wording of message. Reading those words to another medium still maintains the hand harsh number."

        It's a terrible translation example but if you used a professional translator, you'd still

        • With 2 layers of error-prone translation, there's bound to be many random substitutions.

          But they don't necessarily hit the particular words which encode the information. Even if they do corrupt some of 'em the info is inserted redundantly and error correcting codes are straightforward and applicable.

    • Re: (Score:3, Insightful)

      by fuzzyfuzzyfungus (1223518)
      Planning for a descent into totalitarian dystopia is like making money on a stock bubble.

      A stock bubble will, sooner or later, go up in a giant pile of fake-money smoke(taking a whole lot of people's real money with it); but, until it does so, it offers the best returns in town. If you drop out too early, your returns will be secure; but pitiful. If you drop out too late, you'll get soaked.

      In your case, if you drop out early, you'll be the penniless guy living in a shack and trying to make guns out of
Search
Necessity is a mother.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.