DATA SECURITY

13. Hidden in Plain Sight

by Scott Berinato

There's a secret message hidden in this story. To decode it, start at the beginning and don't stop until you reach the end. Find the answer at the end of this section. LET'S FACE IT. It's a clunky name for an elegant concept: steganography.

Though it sounds like a creature from the Mesozoic Era, steganography describes the art of hiding messages in plain sight. The practice goes back at least as far as ancient Greece. Lately, though, it is gaining popularity in the digital world. Experts say some computer-born conundrums, such as file sharing, provide the perfect problem for steganography to solve.

Of course, for the practice to really take off, first it must be understood. Really, it's simple - so simple that I'm using it in this story.

Parsing the word steganography yields its literal meaning: covered writing. How literal that translation is might surprise you. Ancient Greeks practised steganography by shaving a messenger's head, tattooing it with a secret message and then sending the messenger to his destination after his hair had grown back. Notable, too, was how Demeratus scraped the wax from a writing tablet and wrote on the tablet that Xerxes planned to invade Sparta. After he wrote the secret message, he covered it with wax again. Next he wrote an innocent message on the tablet. Never suspecting what was hidden beneath, sentries let the tablet pass inspection. Imagine Xerxes' surprise when Sparta was waiting for him. Effective steganography requires little more than a good imagination. Simple items like the book Moby Dick can be used. All you do is build a code to tell someone what words or letters to extract from the book to create a message. You could even use a grocery list. Suppose I knew that your list carried a secret message that was determined by the order in which it listed vegetables and fruits. Determining the security of any of those techniques comes down to how clever the steganographer is. Rely on well-known tricks - such as using the first letter of every sentence in a piece of writing - and the code can easily be cracked. Insist on convoluted and complex techniques, like providing a list of street intersections where certain words appear prominently, and the message is probably safe. Nothing to it.

Keen observers will see that steganography is perfect for computers. You have, after all, plenty of places to hide stuff on PCs. Omnipresent digital media files are a good example. Usually, files like MP3s, .jpegs and .mpegs contain "noise" - layers of useless bits of information. Right inside the noise layer, it's relatively easy to insert a message. One other benefit is that the file isn't damaged or disabled in any way by inserting the message.

Virtually any media file can carry a message and appear so innocuous that no one will know - which is why the entertainment industry has taken notice. After failing at every turn to stop illegal file sharing, music and movie companies believe they can use steganography to embed copyright information. Little digital watermarks could be placed in the noise of such files.

"These hidden messages will announce to the world the copyright restrictions without damaging the work at all," says Peter Wayner, author of the definitive text Disappearing Cryptography (Morgan Kaufman, May 2002). "In fact, the hidden message will be readable only by a program designed to extract it", and the copyright holders will be able to prevent use of the file if the program determines the file was illegally downloaded, he says.

Naturally, the technology will need to be further developed and, Wayner says, politics will have to be hashed out before such steganography is legally accepted. Even so, steganography is sure to make its little secret mark in 2003.

Hidden Message: Little Orphan Annie says, drink your Ovaltine.