Forgot your password?
typodupeerror
IBM Patents

IBM Seeks Patent On Digital Witch Hunts 136

Posted by Soulskill
from the everyone-sees-a-unique-version-of-this-story dept.
theodp writes "Should Mark Zuckerberg want to identify a snitching Facebook employee, Elon Musk wish to set a trap for loose-lipped Tesla employees, or Steve Jobs want to 'play Asteroid,' they'll be happy to know that a new IBM 'invention' makes it easier than ever to be paranoid. In a newly-disclosed patent application for Embedding a Unique Serial Number into the Content of an Email for Tracking Information Dispersion (phew!), Big Blue describes how it's automated the creation of Canary Traps with patent-pending software that makes ever-so-slight changes to e-mail wording to allow you to spy on the unsuspecting recipients of your e-mail."
This discussion has been archived. No new comments can be posted.

IBM Seeks Patent On Digital Witch Hunts

Comments Filter:
  • by Tumbleweed (3706) * on Friday July 24, 2009 @08:02PM (#28814751)

    I'm pretty sure witches are analog.

  • What an advance! (Score:5, Insightful)

    by WindowlessView (703773) on Friday July 24, 2009 @08:11PM (#28814817)
    Anyone get the feeling that lately technology is increasingly about chasing our technological tails rather than actually doing much of anything?
    • This is great. The next time you send an "infelicitously worded" email, you can just blame it on IBM.

      In fact, let's not use the word "flame" anymore, when "IBM" will do.

      • by conlaw (983784) on Friday July 24, 2009 @08:55PM (#28815117)

        The next time you send an "infelicitously worded" email, you can just blame it on IBM.

        Speaking of "infelicitously worded," did you notice that the all of the changed examples (i.e., the second through fourth) start to sound like an instruction manual that has been poorly translated into English?

        • That's why I run prospective leaks through a grammar checker before releasing them into the wild.

        • No, but then I am for some year now being working with the Indians.
    • by couchslug (175151)

      "Anyone get the feeling that lately technology is increasingly about chasing our technological tails rather than actually doing much of anything?"

      I, for one, welcome our new tail-chasing overlords.

    • Re: (Score:3, Interesting)

      by Threni (635302)

      To be honest I assumed this sort of thing was already being done. It's just fingerprinting, using whatever medium is being used.

  • by girlintraining (1395911) on Friday July 24, 2009 @08:13PM (#28814841)

    Security through obscurity doesn't work. I don't know how many stupid asinine ideas like this I'll have to see before I quit this career, but I suspect the number will be higher than I care to contemplate. This is ridiculously easy to subvert -- just run it through the thesaurus algorithm a few more times. Viola, new unique copies, that don't match what they have on record.

    Next on the docket -- "Why you can read your coworkers e-mail but not the NSA's. Explorations in the bleedingly obvious."

    • by Cajun Hell (725246) on Friday July 24, 2009 @09:37PM (#28815351) Homepage Journal

      just run it through the thesaurus algorithm a few more times

      But do leakers do that? Always?

      People get caught when their guard is down. People fuck up. People think, "nobody's out to get me."

      Sometimes they're wrong. Every single day, people die by that principle. They won't get mugged. They can drive home drunk and probably not crash. They can forgo the condom this time. It's true they're not guaranteed to lose. But sometimes they still do.

      You're right that it's not a general solution that you can count on, to find your opponent. But at the same time, you know plenty of damn fools will get caught by it.

      It's not security through obscurity; it's advantage through security.

      • What are those for?

        • Re: (Score:1, Funny)

          by Anonymous Coward
          If it weren't for accidents, many of us wouldn't be here.
      • Re: (Score:2, Insightful)

        It's not security through obscurity; it's advantage through security.

        Pardon me for being a purist. But anything this easily thwarted also has no legal value, and my understanding here is that it's a punitive measure against the "leaker". If the document got leaked in the first place, chances are good the "leaker" in question can form an affirmative defense that a third party acquired the copy. Worse, if the algorithm is limited to a finite set of permutations, and anything that sticks to words and phrases is a very finite space (cryptographically speaking), the argument coul

        • Re: (Score:3, Insightful)

          the argument could be made that the document was leaked through a different source, run through the algorithm, and coincidentally matched the "signature" of the leaker's copy.

          It's not enough to show that there's another possible explanation, you have to show that your story is just as reasonable as the DA's. Your lawyer has to raise reasonable doubt in the minds of the jury to get them to vote not guilty. And, do you really think the jury's going to find your claim reasonable? I sure don't!

        • the argument could be made that the document was leaked through a different source, run through the algorithm, and coincidentally matched the "signature" of the leaker's copy.
          Remember they just have to show "probable cause" to a court to get a search warrant. Once they have that search warrent they can start searching for more direct evidence that you leaked it.

          It's completely bogus. If they want to keep data private, then use real cryptography, and validated software/hardware combinations that make the cos

        • chances are good the "leaker" in question can form an affirmative defense

          Sometimes there's no defense, because we're not always talking about court. So what if you don't have solid proof that person X leaked? You still know (pretty darn sure) that they did it.

          If you're Steve Jobs, you fire 'em. So you don't have proof? Fine, their unemployment claim goes through. Or they're demoted to beta tester and if they don't like knowing the cool secrets, they can quit. You're no longer giving secrets to leaky

        • If they want to keep data private, then use real cryptography, and validated software/hardware combinations that make the cost of extracting the data in a usable format more expensive than the data it's protecting. The military does it, as to certain businesses, and intelligence agencies around the world. The technology is there, it works, and it's real security.

          BTW, how can you call yourself a purist? That is not "real security." That's a practical (in)convenience, just the kind of advantage (as opposed

      • Re: (Score:3, Funny)

        People think, "nobody's out to get me."

        You must be new here.

        Peter

    • by Dhalka226 (559740) on Friday July 24, 2009 @09:45PM (#28815409)

      In your rush to bash people for not having an infallible solution, you're making two awfully big assumptions:

      1. That they're intending this to have any effect whatsoever on people actively trying to disguise the source of the leak; and,
      2. That a solution isn't worthwhile if it doesn't survive whatever geek-haxxor workarounds you can come up with.

      This is exceptionally poor security for classified information. That's not its intent. It's poor security against people actively disguising themselves by "run[ning] it through the thesaurus algorithm a few more times." So be it.

      It's still going to catch that guy who wants to show how in the know he is and forwards it to his buddies who post it on a website, and I'm sure there are far higher incidences of that than industrial espionage or whatever it is you're maligning them for not tackling.

      I wouldn't personally implement a system like this, but the fact that it doesn't cover all potential circumstances doesn't mean it's worthless. I don't know why Slashdotters always have such a hard time grasping that.

      • I think people like myself are surprised how this is patent-worthy.
        Not necessarily trying to bash it.
        If the software handles it really well, and adds redundant error-correction to survive multiple splicing and editing jobs, then I would be amazed.
        But if it's easily duplicated by "home-made" (single-person, low budget) methods, why shouldn't we scratch our heads in wonder when they try to patent something simple?
        • by hairyfeet (841228)

          Not to mention did you read the things? Who isn't gonna notice when their boss, who sounds completely normal IRL starts shooting out emails in chingrish? I can just imagine any employee with half a brain getting these-"Hmmm...last week the bosses emails were normal, and now he sounds like stereo instructions, but only in his emails. Hmmm...." /Googles "bosses emails chingrish" and finds the IBM stuff being laughed about/ "Oh! Well isn't that cute. How very PHB of him. Hey, I wonder if I can make him paranoi

      • I wouldn't personally implement a system like this, but the fact that it doesn't cover all potential circumstances doesn't mean it's worthless. I don't know why Slashdotters always have such a hard time grasping that.

        Because we're a bunch of purists who spend our time trying to find novel new solutions to esoteric problems the average person doesn't know or care about. We do have an easy time grasping it, but because of our own personal and professional standards, extensive experience, and training in information technology, we want the best. "Sorta works" just isn't in the geek vocabulary. And, I'd argue, that's how it should be.

    • Viola, new unique copies, that don't match what they have on record.

      When I leak your post to the world, I'll be sure to change that to "Cello, new unique copies..."

    • This is a time honored counter intelligence technique. It does work in my experience, not every time maybe (I've only been involved, or aware of it, once with this), but often enough to be useful. Its even more effective if you have a small list of possible moles.

    • Security through darkness doesn't work. I don't know how many stupid donkeyish ideas like this I'll have to see before I terminate this career, but I suspect the number will be higher than I care to meditate. This is ridiculously easy to pervert -- just run it through the thesaurus algorithm a few more times. Viola, new unique copies, that don't game what they have on music album.

      Next on the small boat enclosure -- "Why you can read your coworkers e-mail but not the NSA's. Explorations in the hemorrhagingly obvious."

      I think you're mistaken. Can you see any difference with your original post? I knew it.

    • I don't know how many stupid asinine ideas like this I'll have to see before I quit this career, but I suspect the number will be higher than I care to contemplate.

      I bet it will be fewer than the number of times I hear people decrying "security through obscurity" for no real reason.

    • It is about TRUST. As a reader I got to trust that a leaked document has not been falsified in anyway. Throwing it through a filter will definitly remove that trust. If you changed the meaning of words... well how do I know exactly what you have changed? var x "I helped my uncle Jack of a horse."; document.write(x.toLowerCase());

  • n a newly-disclosed patent application for Embedding a Unique Serial Number into the Content of an Email for Tracking Information Dispersion (phew!)

    Get a Blackberry or a wireless broadband card for your netbook. And you can defeat the Great Blue email content tracker, which should keep you and your pathetic band safe from the Death Star, at least temporarily.

  • Not new (Score:5, Interesting)

    by Anonymous Coward on Friday July 24, 2009 @08:15PM (#28814863)
    My girlfriend works in the bid and proposal department at Oshkosh Corps. They regularly deal with top secret government contracts for armored vehicles. Each persons copy of whatever paperwork has different sets of typos, so if there are any leaks, they know exactly who it came from.

    And yes, they have caught corporate spies with this before.
    • Re:Not new (Score:4, Insightful)

      by kpainter (901021) on Friday July 24, 2009 @08:39PM (#28815009)

      Each persons copy of whatever paperwork has different sets of typos, so if there are any leaks, they know exactly who it came from.

      For those that don't know, for each new 'typo', they add a few more zeros in the contract dollar amount. That is also why a government contract for armored vehicles would be Top Secret.

    • So if you're a spy, scan it and then spellcheck?

    • Re: (Score:3, Informative)

      by digitalchinky (650880)

      What if the 'corporate spy' is the mail server admin? Plucking crap out of the bcc_always queue or so on and so forth.

      Having had a TS security clearance for a whole bunch of years myself, I frequently handled pass by hand (codeword) eyes only stuff. This entire 'unique copy to each person' thing only happens when someone is 'already' suspected of working for the other side, or in the movies.

      Once you have a TS clearance you are trusted until there are signs present that indicate a review thereof might be nec

      • Re: (Score:1, Interesting)

        by Anonymous Coward

        Once you have a TS clearance you are trusted until there are signs present that indicate a review thereof might be necessary - at least this is how it worked in my part of the world anyway.

        Or at least, that's what they wanted you to think.

        But anyway, is it accurate to call it a witch hunt when the "witches" are real? I thought the whole point was that there were no actual witches.

    • Re: (Score:3, Insightful)

      So? You just copy and paste it into Word and fix all the typos.

      Then ,whoever has the "typo free" version gets blamed.

      What a dumb way to do things.

    • by Yvanhoe (564877)
      So in order to get an untraceable leak, you just have to "steal" the document of your colleagues ? That they will not protect a lot from you, as you have the same informations. That sounds to me as a too error-prone process to be useful. You have a better than random chance to get a leak, but also a very good chance to catch the wrong person. I would not use that other than as a deterent.
  • I got this feeling, since I first read the Zombie Survival Guide, that I should have learned how to produce homemade shotguns instead of learning how to type. When the Big Brother start keeping track of my daily trips to the bathroom, any skill below that won't cut it.
    • Re: (Score:3, Insightful)

      Planning for a descent into totalitarian dystopia is like making money on a stock bubble.

      A stock bubble will, sooner or later, go up in a giant pile of fake-money smoke(taking a whole lot of people's real money with it); but, until it does so, it offers the best returns in town. If you drop out too early, your returns will be secure; but pitiful. If you drop out too late, you'll get soaked.

      In your case, if you drop out early, you'll be the penniless guy living in a shack and trying to make guns out of
  • I was going to say that I am going to patent paraphrasing as a technique for circumventing this technology, but then I remembered that would a violation of the DMCA...

    • Actually, you might be on to something... under US Copyright law (I know, I know, bad bad bad) a creative work is immediately copyrighted to the author, whether they register or not. So the first time someone sends a love poem (a creative work) to their girlfriend (another non-sequiter, I turned in my card a long time ago) and this system modifies and send it, wouldn't that be creating and distributing an unauthorized derivative work?
  • by cryfreedomlove (929828) on Friday July 24, 2009 @08:18PM (#28814879)
    You should assume, while in the office, that there is a camera on you and that any content you produce on an employer provided computer will be available for inspection. That's just a simple reality these days. I keep personal information I don't want to share on my own personal computer at home.
    • Re: (Score:1, Interesting)

      by Anonymous Coward

      Once upon a time I had a boss who enlisted my help to install the camera system with which she could spy on me (although that wasn't its main purpose, supposedly).

  • finally (Score:2, Insightful)

    by Anonymous Coward

    I thought that this sort of thing was a fairly standard thing to do if you really cared about the document. (this sort of thing was describe in The Hunt for Red October, the concept isn't new, automating it _may_ be)

    I hope this sort of thing becomes common.

    it will let people track down who distributes things _without_ any need for DRM and that sort of nonsense. if you really can show that a document (mp3, video, etc) came from user X you should have a fairly straightforward case against them, and if you kno

    • Luckily, anonymous publication and distribution has never been turned to noble purposes [wikipedia.org], and hunting down distributors is always about going after wicked pirates.

      I don't consider junior's desire to get shit-tastic mall punk from Kazaa to be a human rights issue; but I am hard pressed to think of any (even slightly efficacious) anti-piracy technology that wouldn't have applications in the burgeoning field of tyranny.
  • Double plus good (Score:1, Insightful)

    by Anonymous Coward

    I guess the subtleties of word choice are becoming an old-fashioned concern.

  • by Gnavpot (708731) on Friday July 24, 2009 @08:35PM (#28814977)

    1. How can this be patent worthy? Individual changes to documents to make them traceable have been performed for years - even in anonymous questionnaires...

    2. Patented. Good. Perhaps that will prevent others from using this method. If we are really lucky, IBM won't use it either.

    • by ptbarnett (159784)

      How can this be patent worthy? Individual changes to documents to make them traceable have been performed for years - even in anonymous questionnaires...

      I wondered exactly the same thing. It's even a part of the plot-line in an early Tom Clancy book to determine who was leaking classified documents.

    • Re: (Score:2, Interesting)

      by mouseblue (1602125)
      I agree, it doesn't seem very patent worthy.
      It's Digital Watermarking [wikipedia.org] with a software thesaurus/dictionary.

      The movie industry used digital watermarks for VHS trailer tapes. http://www.afterdawn.com/news/archive/4616.cfm [afterdawn.com]

      Trent Reznor used an alternate strategy for one of his short films (from 1992?):

      "...a few people who received the movie as a special gift. Each version given away was missing a different section of video, thus enabling Reznor to keep track of those who betrayed him."

      http://www.toplessrobot.com/2008/08/the_10_most_amazing_unreleased_things_ever_made.php [toplessrobot.com]

      • So if two of them worked together, they'd get the complete movie, and there would be no way to know who released it (assuming they are careful at cutting, so it's not possible to identify the edited section).

        Or they even remove a third scene and some unrelated person gets the blame.

    • by Leto-II (1509)

      If I understand it correctly, making changes to documents for tracking purposes isn't the patented part. The method of automating the whole process is what is patented.

      • Re: (Score:3, Funny)

        by dr2chase (653338)
        Wow! Automation. Word processing. I had never imagined the computers were capable of such a thing.

        Next you'll be telling me that they can automatically spot spelling errors, and wrap text at an 80-character margin.
    • I assume that the patent is for a means(well, probably an "apparatus and method") of making the individual changes programmatically and without making complete hash of the text.

      Still seems dangerously close to "obvious" territory, to anyone skilled in the art of babelfish and back again; but doesn't have nearly as much prior art that way.
  • Every slashdot reader knows news posted on slashdot are distorted prior to posting.
  • Do people still use that? Either way, why not try to improve your hiring processes instead of treating all your employees like criminals. If you do treat me like a criminal and give me the punishment, I do feel obliged to get to do the crime as well...

  • Don't do non-work from work, if you work at IBM.

    Crap! I wrote this from work!

  • by IonOtter (629215) on Friday July 24, 2009 @08:52PM (#28815093) Homepage

    This won't go anywhere.

    Or if they do and try to implement this in their system, it will last until the first email is translated into a language OTHER than US English.

    "Over the last 20 years, we have remained dedicated to a single mission..."

    "Over the last 20 years, we have remained confined to a single mental institution..."

    "Over the last 20 years, we have remained obligated to one church..."

    "Over the last 20 years, we have remained engaged in espionage..."

    • Re: (Score:1, Funny)

      by Anonymous Coward

      "Over the last 20 years, we have remained dedicated to a single mission..."

      Federation.

      "Over the last 20 years, we have remained confined to a single mental institution..."

      Borg

      "Over the last 20 years, we have remained obligated to one church..."

      Bajoran

      "Over the last 20 years, we have remained engaged in espionage..."

      Romulan

  • Lots of prior art. (Score:3, Interesting)

    by jcr (53032) <.jcr. .at. .mac.com.> on Friday July 24, 2009 @08:52PM (#28815095) Journal

    Spy agencies have been doing this kind of thing for decades. Slightly altering the wording in documents so that the individual recipient is traceable. They used to have a major problem with classified material being leaked to the press by congressional staffers.

    -jcr

    • Re: (Score:3, Interesting)

      Spy agencies have been doing this kind of thing for decades. ... They used to have a major problem with classified material being leaked to the press by congressional staffers.

      Now you know why "Deep Throat" was so cagey, vague, and just pointed Woodward and Bernstein to the right lines of investigation and insisted they hunt down other sources and confirmation, rather than letting them use him as an unnamed direct source.

  • How long . . . (Score:3, Insightful)

    by DrMrLordX (559371) on Friday July 24, 2009 @09:06PM (#28815205)
    How long will it be until Apple patents goading a supplier into assassinating employees responsible for losing sensitive product prototypes?
  • Since there's now a patent, these other companies would have to pay for a license in order to use this method to spy on their employees.
  • read the subject as 'Digital Watch' hunts?
    • digital watches are so 1980's

      My watch is analog... it is so much easier to visualize the passage of time that way.

      Trust me. 120 years from now you won't care if you have an analog or digital watch. Time will pass.
      • Of course, in 120 years you'll get implants which make you always simply know what time it is, without having to look at some device. Looking at some devices on your hands would only distract you when operating your flying cars. :-)

        • What I meant was that in 120 years I assume I will be well dead. I also assume that, most likely, you will have shuffled off as well. Either way, we will probably not be caring what time it is...

          Of course if the dead DO care about what time it is, there are far bigger issues to worry about. I submit to you, that a self-winding analog watch will last longer and serve you better in the afterlife as well. Unless, of course, you can still get batteries for your digital watch there, wherever there is.
  • telnet somedomain.com 25

    Type:
    HELO yourdomainname.com
    MAIL FROM: <you@hostname.com>
    RCPT TO: <to@hostname.com>
    DATA
    lol

    lololol
    .

  • How many changes can it make before it either changes the meaning of the e-mail, or makes you look like a moron for sending such an malformed message?

    Do we now have to go back to straight text e-mails just to ensure that nobody is hiding tracking bugs in it?
  • Why is this new ? (Score:3, Insightful)

    by mbone (558574) on Friday July 24, 2009 @10:00PM (#28815469)

    This has been used for years - for example, back in Maggie Thatcher's day they caught a mole this way. What, exactly, is new about this ? That it's in software ?

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      What's new is that it's done automatically, which presumably means it can be done on a regular basis instead of only when an investigation is already in process

      • Re: (Score:2, Insightful)

        by maxwell demon (590494)

        Well, they'll stop blindly using it the first time it creates a slight, but disastrous modification of the meaning.

  • 1: Find trusted friend working on same document.
    2: WinDiff Document A against Document B.
    3: Create Document C containing none of the mismatches in Document A+B.
    4: PROFIT!

    Overall this reminds me of the SDMI system several years ago that claimed that it could hide unique identifying data in an audio recording that couldn't be detected or removed and the developers of it issued a challenge to break the system. When it was quickly broken by Edward W. Felten the music industry responded not with a reward,
  • Ok, is this to complete with Amazon's double rot-13 encryption patent?

    Let me get this straight, they invented a system that identifies people by slightly altering wording of messages.... automatically.... sooooooo, what exactly is stopping people from using the same exact system to automatically modify the message to make it un-traceable again????? Thunderbird plug-in in 3 ... 2...1...

    -Em

  • The system uses stupid thesaurus switches. Not all synonyms mean exactly the same thing. Some of theses emails are going to sound so dumb that the employees will know something is up.
  • and I said nothing... because I used Usenet :P :P
  • It is easy to cut-n-paste, snip, spell check... not the same email at all.

    And I mean that in a very real, and legally binding sense.
  • by Slartibartfast (3395) <<ken> <at> <jots.org>> on Saturday July 25, 2009 @03:14AM (#28816687) Homepage Journal

    Tom Clancy beat this drum -- almost tiresomely -- in several of his books back in the 90's. Our Fearless Protagonist, Jack Ryan, even came up with the algorithm, the name of which currently escapes me. Granted, the algorithm is never actually explained, but its output is identical to what this patent proposes, so methinks this probably isn't worthy of a patent.

    Just my two cents, of course.

    -Slarty

    • You patent the implementation, not the idea. You can't patent flying cars, you can patent the flying car you manufacture and the neat tricks inside it.
      • You patent the implementation, not the idea. You can't patent flying cars, you can patent the flying car you manufacture and the neat tricks inside it.

        You don't necessarily patent specific implementations. If no one had ever talked about the idea of the flying car before, you could very well go for claims like

        1. Automobile, characterized in that said automobile is equipped with means of creating an aerodynamical lifting force greater or equal to the weight of said automobile.

        You just have to provide at least one implementation that the averagely skilled person in the technical field of the invention can get to work, but you are not limited to this.

        On

      • You implement the idea -- and *how* it's implemented, but not the implementation, itself. For example, patent applications do not generally contain more than superficial pseudo-code; they certainly don't contain a full implementation of the code -- that's where copyright comes in. Tom Clancy's description was lengthy enough that I think it certainly meets the criteria by which (say) waterbeds were unable to be patented because of Heinlein's description [wikipedia.org].

  • I'd like to patent, "beating the living piss out of anyone found to be spying on me for any purpose".
    I mean damn, if I'm fired for some dissemination of some random email who cares? I got nothing to lose.
    Head for that CEOs etched glass door and commence pounding the immoral bastard to blood pudding.
    Kinda takes the glamour outa their false sense of total power and control with multiple fractures lascerations and deep bruising.
    Hell, I can do 30 days in jail. Can he do

God made machine language; all the rest is the work of man.

Working...