Tools for Digital Privacy: ‘They Cannot Seize What They Cannot See’

U.S. Customs personnel may seize electronic devices “without a warrant and without suspicion,” download their entire contents, and declare the right to confiscate digital currency holdings.
U.S. Customs personnel may seize electronic devices “without a warrant and without suspicion,” download their entire contents, and declare the right to confiscate digital currency holdings.

[Editor's note: Updated at the end to add details about steganography tools that already exist, and ideas for creating new ones specific to Bitcoin.]

U.S. Customs personnel may seize electronic devices “without a warrant and without suspicion,” download their entire contents, and declare the right to confiscate digital currency holdings—that is, if they can find electronic evidence of them. Nathan Wosnack, CCO of iNation, said in an interview with Cointelegraph, that the solution to these “blatant violations of privacy” when crossing state borders lies in further innovation:

“All the more reason to build steganography tools for encrypted mobile and desktop wallets. They cannot seize what they cannot see in the first place.”

Where there is a need, innovators will soon step in to fill it. Besides the simplest solution—not carrying one’s important electronic devices or evidence of one’s digital property acrossU.S.borders—the next step, according to Wosnack, may involve making Bitcoin data invisible to anyone who may want to seize it. A wallet.dat file or an app icon can be hidden within other more innocuous files, like audio or image files, and once hidden, it cannot easily be detected.

The purpose, he says, is to avoid giving “virtual bread crumbs [to] those looking for gems within a smartphone; i.e. law enforcement, or DHS [Department of Homeland Security] employees who may have confiscated a phone on travel.” The technology only needs to be sophisticated enough to elude those “on the front lines” of law enforcement or border security. “Less than 1% of people” use steganography tools, Wosnack estimates, so it’s unlikely that airport security will even think to look for files hidden within other files.

Hidden files are harder to detect than they are to create. They appear to be part of the overlaying file, and they are designed to be undetectable by the average person. Even if the DHS were to seize your device, Wosnack says, they “do not have the tools nor the time to run steganography discovery tools.”

Wikipedia defines steganography as “the art or practice of concealing a file, message, image, or video within another file, message, image, or video.” The size of the overlaying file must be proportional to, or larger than, the hidden one. The method also works best when combined with other forms of data protection, such as encryption. Wosnack says,

“Steganography is the best option in addition to encryption since it helps one avoid conflict with a coercive state. While there are ways to ‘scan’ for hidden messages or apps in conventional auditing tools, advanced steganography tools act to encapsulate an application, using sophisticated tech to hide it altogether."

The art of hiding information within other seemingly innocent information has been around since humans wrote on wax tablets, and it has been used for evil purpose as well as good. Any technological tool, ancient or modern, can be used for good or evil.

While the organization behind the September 11 attacks may have used steganography in order to mask their communications, the creation of the Department of Homeland Security following the event has not made us safer. Now airports are overrun with so-called security personnel, every traveler is treated as potentially guilty when they cross a state border, and our personal and private data is more at risk than ever—often from the very same people who claim to protect us. Wosnack:

“There’s certainly cause for concern by legitimate, law-abiding citizens looking to avoid conflict and the civil or legal forfeiture of digital assets.”

How do those who want to use technologies for reasons involving integrity and a desire to make the world a better place differentiate themselves from those who want to use technologies in order to hurt others, to steal data, identities or digital wealth? Says Wosnack:

“I think it will always be a cat and mouse game between detection tools and those who wish to obfuscate and remain undetected via advanced techniques. If Obama can compel you via unconstitutional executive orders and judges to allow cops to break laws (see the recent ruling on "if they have a misunderstanding of it") to force you to hand over your password and/or private key, steganography can eliminate the conversation entirely. While also offering additional ‘security through obscurity’ advantages for [Bitcoin] wallet holders.”

Libertarians and anarchists who see the violence of the state usually fall in one of two categories. One side engages in acts of civil disobedience in order to confront injustice and make it more visible. The other does whatever is necessary (paying taxes, following rules, obeying laws—at least in public) in order to avoid confrontation.

Wosnack says he falls in the second camp. “Some people have an attitude of ‘fight the system head on.’ I argue it’s better to avoid conflict altogether and try to live a happy, peaceful life, with privacy and dignity.” This is why steganography tools for Bitcoin appeal to him. It is a way to hide a possible source of confrontation, “which only results in wasted time, money, energy.”

He says the idea came to him after seeing stories on Facebook about “people's phones being confiscated by police and immigration enforcement. In fact, it was the story about a young woman whose private, risqué photos were copied by a police officer and shared around.”

Wosnack first used Steganography in the late 1990s and early 2000s to hide text inside images and audio. He has had an interest in the tools, which he calls both an art and a science, “for years.” When asked whether he knows of anyone in the space who is creating these types of tools, he said, “None whatsoever. But I hope with the new [unjust] laws and the new need for such technology, someone does it. ... If someone doesn't do it, I think it'd be worth exploring. ... People need to keep fighting.” 

Update

Wosnack contacted Cointelegraph after publication to tell us he did more research and found steganography apps that already exist in the Google Play store and elsewhere for mobile. He says they may be outdated, but new ones “should be developed for Bitcoin anyway.”

“I think that one specifically written as a feature for Bitcoin wallets as a plugin would be very useful. Or something that specifically acts to hide Bitcoin-centric files.”

He also found some that use encryption, but a “plugin for wallets or an entire app” could be developed. It’s important that updated tools be created, he says, because apps such as StegSecret can detect more than 40 of the already existing steganographic tools, making the current ones perhaps less secure.

For more technical readers, he said:

“Cryptographers need to to build a solid app from the ground up based on attacks that exist (according to StegSecret) against tools like ‘camouflage, inthepicture, PGE, etc. EOF technique attacks, the BDAS — Steganography Tools Fingerprint Database, RS attack,’ etc.”

Finally, Wosnack says David Duccini, executive director of the Strength in Numbers Foundation, points out that "steganography for QR-codes would likely work. Especially if you split it across multiple image files that needed to be XOR'd. QR codes only need 1 bit to represent each square. You could easily spec some random number that gaps between the bit flips."


Did you enjoy this article? You may also be interested in reading these one: