IBM Seeks Patent On Digital Witch Hunts

theodp writes "Should Mark Zuckerberg want to identify a snitching Facebook employee, Elon Musk wish to set a trap for loose-lipped Tesla employees, or Steve Jobs want to 'play Asteroid,' they'll be happy to know that a new IBM 'invention' makes it easier than ever to be paranoid. In a newly-disclosed patent application for Embedding a Unique Serial Number into the Content of an Email for Tracking Information Dispersion (phew!), Big Blue describes how it's automated the creation of Canary Traps with patent-pending software that makes ever-so-slight changes to e-mail wording to allow you to spy on the unsuspecting recipients of your e-mail."

That's a neat trick!

[Tumbleweed]

I'm pretty sure witches are analog.

Re:That's a neat trick!

[tetrahedrassface]

I thought they being phased out?

Re:That's a neat trick!

[SilverHatHacker]

Everyone knows witches are made of wood.

Re:That's a neat trick!

[Airborne-ng]

Everyone knows witches are made of wood.

"What also floats in water?" "Bread!" "Apples!" "Very small rocks!" "Cider!" "Great gravy!" "Cherries!" "Mud!" "Churches...churches!" "Lead...lead!"

Re:That's a neat trick!

[darkmeridian]

That's what the digital witches want you to believe.

Re:That's a neat trick!

[PPH]

I thought they being phased out?

Odd. I could have sworn I just heard a toad.

Re:That's a neat trick!

[Fred_A]

A digital witch ! a digital witch ! Flame her !

Re:That's a neat trick!

[Prototerm]

Everyone knows that witches are female barbers named Hazel.
(groan).

Re:That's a neat trick!

Everyone knows witches are made of wood.

Score: 4, Insightful

Only on Slashdot..

Re:That's a neat trick!

[CommanderIsm]

it is shit like this that slash-dotters are reknown for taking the piss of rather than for answering seriously. which kind of tells the tale of why slash-dotters are never taken seriously. perhaps we should ask which government organisation slash-dotters work for before we take notice of them rather than their slashdot given karma rating. ouch is that a bit too close to comfort for you?

Re:That's a neat trick!

[CommanderIsm]

the gangsta CIA participate in the Slashdot forum - just like they employ journalists in every major newspaper in the world. beware genuine slash-dotters - just because you can't see them - does not mean they are not there. they are watching you down every main street. they are watching your car movemments they are watching your financial transactions so why not your your slashdot comments? and if they are too risky - then why not make them small by taking the piss of them? sack the moderators - they probably work for the CIA a.k.a the cocaine import agency. so make note of the people who make light of other peoples contributions - they are likely CIA gangsta here in the UK everything we type on the web is recorded every web site we visit is recorded all phone calls are recorded all e-mails are recorded is it different in yankee pig dog land? i think not, so why should slashdot be exempt the CIA are cock-suckers - record that

Re:That's a neat trick!

[Tumbleweed]

it is shit like this that slash-dotters are reknown for taking the piss of rather than for answering seriously. which kind of tells the tale of why slash-dotters are never taken seriously. perhaps we should ask which government organisation slash-dotters work for before we take notice of them rather than their slashdot given karma rating. ouch is that a bit too close to comfort for you?

Obviously. Government agencies are known for their sense of humor. You got me! Congratulations. As your prize, you get to be the next governor of Alaska!

What an advance!

[WindowlessView]

Anyone get the feeling that lately technology is increasingly about chasing our technological tails rather than actually doing much of anything?

Re:What an advance!

[mtrachtenberg]

This is great. The next time you send an "infelicitously worded" email, you can just blame it on IBM.

In fact, let's not use the word "flame" anymore, when "IBM" will do.

Re:What an advance!

[couchslug]

"Anyone get the feeling that lately technology is increasingly about chasing our technological tails rather than actually doing much of anything?"

I, for one, welcome our new tail-chasing overlords.

Re:What an advance!

Arf! Roof roof! Ruf!

Re:What an advance!

[Threni]

To be honest I assumed this sort of thing was already being done. It's just fingerprinting, using whatever medium is being used.

Re:What an advance!

[conlaw]

The next time you send an "infelicitously worded" email, you can just blame it on IBM.

Speaking of "infelicitously worded," did you notice that the all of the changed examples (i.e., the second through fourth) start to sound like an instruction manual that has been poorly translated into English?

Re:What an advance!

[techno-vampire]

I, for one, welcome our new tail-chasing overlords.

In Soviet Russia, of course, tail chased you!

Re:What an advance!

[Jeremy+Erwin]

That's why I run prospective leaks through a grammar checker before releasing them into the wild.

Re:What an advance!

Yes, especially with IBM, I wish I'd been keeping a log, but it sure seems to me that IBM is doing a LOT of privacy invading work lately.

One of my concerns is their commercials for all this medical records propaganda, I don't really want a machine to know when I read an email or what my medical conditions are.

Re:What an advance!

[dna_(c)(tm)(r)]

cat /dev/random | head | tail

Re:What an advance!

[Hognoxious]

No, but then I am for some year now being working with the Indians.

Re:What an advance!

[Mozk]

How do you grammar check a DVD screener rip?

Re:What an advance!

[HungryHobo]

Funny thing- When my guild was having problems with a spy in the guild we did something similar to the OP.
We wrote an app which would imbed invisible characters or spelling mistakes into messages so that is a message was leaked we could trace it to the offender.

Re:What an advance!

[Vastad]

Did it work? Was it something in Lua which you then asked all members of the guild to install as an "exclusive guild messaging system"? Did you achieve the desired outcome? What was the spy's reaction if you did get him?

Sorry for all the questions. Curious minds wish to know.

Re:What an advance!

[HungryHobo]

It was in a browser based game so it was just an alteration of an earlier tool for sending to a group(the game had no capacity for sending to a list so if you wanted to send a message to 20 people it was annoying so we made a small system to submit messages to users from our guilds site. It was then a natural progression to add a system to alter each message as it was sent to people and log the "markers" in a database.)
I'm not guild leadership so I don't know exactly how well it worked.
At the time an extremely smug opposing guild leader liked to post up quotes from our boards and confidential guild info(hence this system), I do know the quotes stopped shortly afterwards.

Re:What an advance!

[Vastad]

That's pretty slick. You not only stopped your spy, but gave the game a group messaging capacity it never originally supported.

Re:What an advance!

[HungryHobo]

Not all that amazing- as long as the user sending messages was logged in it's just a matter of submitting a few POSTs.

Security through obscurity. Again.

[girlintraining]

Security through obscurity doesn't work. I don't know how many stupid asinine ideas like this I'll have to see before I quit this career, but I suspect the number will be higher than I care to contemplate. This is ridiculously easy to subvert -- just run it through the thesaurus algorithm a few more times. Viola, new unique copies, that don't match what they have on record.

Next on the docket -- "Why you can read your coworkers e-mail but not the NSA's. Explorations in the bleedingly obvious."

Re:Security through obscurity. Again.

[Dhalka226]

In your rush to bash people for not having an infallible solution, you're making two awfully big assumptions:

1. That they're intending this to have any effect whatsoever on people actively trying to disguise the source of the leak; and,
2. That a solution isn't worthwhile if it doesn't survive whatever geek-haxxor workarounds you can come up with.

This is exceptionally poor security for classified information. That's not its intent. It's poor security against people actively disguising themselves by "run[ning] it through the thesaurus algorithm a few more times." So be it.

It's still going to catch that guy who wants to show how in the know he is and forwards it to his buddies who post it on a website, and I'm sure there are far higher incidences of that than industrial espionage or whatever it is you're maligning them for not tackling.

I wouldn't personally implement a system like this, but the fact that it doesn't cover all potential circumstances doesn't mean it's worthless. I don't know why Slashdotters always have such a hard time grasping that.

Re:Security through obscurity. Again.

[mouseblue]

I think people like myself are surprised how this is patent-worthy.
Not necessarily trying to bash it.
If the software handles it really well, and adds redundant error-correction to survive multiple splicing and editing jobs, then I would be amazed.
But if it's easily duplicated by "home-made" (single-person, low budget) methods, why shouldn't we scratch our heads in wonder when they try to patent something simple?

Re:Security through obscurity. Again.

[girlintraining]

I wouldn't personally implement a system like this, but the fact that it doesn't cover all potential circumstances doesn't mean it's worthless. I don't know why Slashdotters always have such a hard time grasping that.

Because we're a bunch of purists who spend our time trying to find novel new solutions to esoteric problems the average person doesn't know or care about. We do have an easy time grasping it, but because of our own personal and professional standards, extensive experience, and training in information technology, we want the best. "Sorta works" just isn't in the geek vocabulary. And, I'd argue, that's how it should be.

Re:Security through obscurity. Again.

[nacturation]

Viola, new unique copies, that don't match what they have on record.

When I leak your post to the world, I'll be sure to change that to "Cello, new unique copies..."

Re:Security through obscurity. Again.

[Repossessed]

This is a time honored counter intelligence technique. It does work in my experience, not every time maybe (I've only been involved, or aware of it, once with this), but often enough to be useful. Its even more effective if you have a small list of possible moles.

Re:Security through obscurity. Again.

[wordsnyc]

C'mon, mod this up. Well done.

Re:Security through obscurity. Again.

[dna_(c)(tm)(r)]

Security through darkness doesn't work. I don't know how many stupid donkeyish ideas like this I'll have to see before I terminate this career, but I suspect the number will be higher than I care to meditate. This is ridiculously easy to pervert -- just run it through the thesaurus algorithm a few more times. Viola, new unique copies, that don't game what they have on music album.

Next on the small boat enclosure -- "Why you can read your coworkers e-mail but not the NSA's. Explorations in the hemorrhagingly obvious."

I think you're mistaken. Can you see any difference with your original post? I knew it.

Re:Security through obscurity. Again.

[Chuck+Chunder]

I don't know how many stupid asinine ideas like this I'll have to see before I quit this career, but I suspect the number will be higher than I care to contemplate.

I bet it will be fewer than the number of times I hear people decrying "security through obscurity" for no real reason.

Re:Security through obscurity. Again.

[hairyfeet]

Not to mention did you read the things? Who isn't gonna notice when their boss, who sounds completely normal IRL starts shooting out emails in chingrish? I can just imagine any employee with half a brain getting these-"Hmmm...last week the bosses emails were normal, and now he sounds like stereo instructions, but only in his emails. Hmmm...." /Googles "bosses emails chingrish" and finds the IBM stuff being laughed about/ "Oh! Well isn't that cute. How very PHB of him. Hey, I wonder if I can make him paranoid and make him think that another department is trying to catch him doing something if I start replying in chingrish?" / Soon boss is totally paranoid that everyone is looking at him./

Digital watermarks are one thing, but this is so Dilbert it isn't even funny. Only someone in a huge corporation would think that the employees wouldn't notice that your emails all suddenly become chingrish.

Just get a Blackberry

[HangingChad]

n a newly-disclosed patent application for Embedding a Unique Serial Number into the Content of an Email for Tracking Information Dispersion (phew!)

Get a Blackberry or a wireless broadband card for your netbook. And you can defeat the Great Blue email content tracker, which should keep you and your pathetic band safe from the Death Star, at least temporarily.

Not new

My girlfriend works in the bid and proposal department at Oshkosh Corps. They regularly deal with top secret government contracts for armored vehicles. Each persons copy of whatever paperwork has different sets of typos, so if there are any leaks, they know exactly who it came from.

And yes, they have caught corporate spies with this before.

Re:Not new

[kpainter]

Each persons copy of whatever paperwork has different sets of typos, so if there are any leaks, they know exactly who it came from.

For those that don't know, for each new 'typo', they add a few more zeros in the contract dollar amount. That is also why a government contract for armored vehicles would be Top Secret.

Re:Not new

[Jafafa+Hots]

So if you're a spy, scan it and then spellcheck?

Re:Not new

[digitalchinky]

What if the 'corporate spy' is the mail server admin? Plucking crap out of the bcc_always queue or so on and so forth.

Having had a TS security clearance for a whole bunch of years myself, I frequently handled pass by hand (codeword) eyes only stuff. This entire 'unique copy to each person' thing only happens when someone is 'already' suspected of working for the other side, or in the movies.

Once you have a TS clearance you are trusted until there are signs present that indicate a review thereof might be necessary - at least this is how it worked in my part of the world anyway. The security branches responsible for investigating leaks were never quick to react - after all, it is a big old chess game, those leaks might also be put to good use before they hit the jail cell.

Re:Not new

Once you have a TS clearance you are trusted until there are signs present that indicate a review thereof might be necessary - at least this is how it worked in my part of the world anyway.

Or at least, that's what they wanted you to think.

But anyway, is it accurate to call it a witch hunt when the "witches" are real? I thought the whole point was that there were no actual witches.

Re:Not new

Oshkosh corps? Lot's of leaked plans for biballs, b'gosh!

Re:Not new

[Ralph+Spoilsport]

So? You just copy and paste it into Word and fix all the typos.

Then ,whoever has the "typo free" version gets blamed.

What a dumb way to do things.

Re:Not new

Holy fuck. Where can I get a pair of flat black, nano-clean, Kevlar-doped Oshkosh overalls? These will go great with my carbon fiber banjo!

Re:Not new

And you know this... how?

Re:Not new

[Yvanhoe]

So in order to get an untraceable leak, you just have to "steal" the document of your colleagues ? That they will not protect a lot from you, as you have the same informations. That sounds to me as a too error-prone process to be useful. You have a better than random chance to get a leak, but also a very good chance to catch the wrong person. I would not use that other than as a deterent.

Digital Witch Hunt

[meketrefi]

I got this feeling, since I first read the Zombie Survival Guide, that I should have learned how to produce homemade shotguns instead of learning how to type. When the Big Brother start keeping track of my daily trips to the bathroom, any skill below that won't cut it.

Re:Digital Witch Hunt

[ResidntGeek]

It's not too late, you're just lazy. If you really want to know how to make shotguns, go get a book on metalworking and start pricing out machining equipment.

Oh, what's that? You'd rather post on slashdot and pretend you're motivated enough to do something like that?

Re:Digital Witch Hunt

[fuzzyfuzzyfungus]

Planning for a descent into totalitarian dystopia is like making money on a stock bubble.

A stock bubble will, sooner or later, go up in a giant pile of fake-money smoke(taking a whole lot of people's real money with it); but, until it does so, it offers the best returns in town. If you drop out too early, your returns will be secure; but pitiful. If you drop out too late, you'll get soaked.

In your case, if you drop out early, you'll be the penniless guy living in a shack and trying to make guns out of discarded tin cans. If you drop out too late, you'll have a bunch of shiny CNC gear that you don't know how to use show up about the same time Big Brother's jackbooted minions do.

The trick, of course, is finding the right time...

paraphrase

[erbbysam]

I was going to say that I am going to patent paraphrasing as a technique for circumventing this technology, but then I remembered that would a violation of the DMCA...

Re:paraphrase

[Lemmeoutada+Collecti]

Actually, you might be on to something... under US Copyright law (I know, I know, bad bad bad) a creative work is immediately copyrighted to the author, whether they register or not. So the first time someone sends a love poem (a creative work) to their girlfriend (another non-sequiter, I turned in my card a long time ago) and this system modifies and send it, wouldn't that be creating and distributing an unauthorized derivative work?

No expectation of workplace privacy

[cryfreedomlove]

You should assume, while in the office, that there is a camera on you and that any content you produce on an employer provided computer will be available for inspection. That's just a simple reality these days. I keep personal information I don't want to share on my own personal computer at home.

Re:No expectation of workplace privacy

Once upon a time I had a boss who enlisted my help to install the camera system with which she could spy on me (although that wasn't its main purpose, supposedly).

Easily defeated, here's how:

[mouseblue]

Step 1) Hire someone to read the message into recorder.
http://www.examiner.com/x-6665-Liberal-Examiner~y2009m7d24-Miss-Teen-South-Carolinas-title-of-dumbest-person-alive-threatened-by-California-woman

Step 2) Convert voice messages to text using "SpinVox".
http://yro.slashdot.org/article.pl?sid=09/07/23/228208

WTF?

Digital watches are so 1970s.

Re:WTF?

[mouseblue]

All the cool kids wear sundials on their arms.

Re:WTF?

[Hognoxious]

My sundial has a luminous face, so it even works at night.

finally

I thought that this sort of thing was a fairly standard thing to do if you really cared about the document. (this sort of thing was describe in The Hunt for Red October, the concept isn't new, automating it _may_ be)

I hope this sort of thing becomes common.

it will let people track down who distributes things _without_ any need for DRM and that sort of nonsense. if you really can show that a document (mp3, video, etc) came from user X you should have a fairly straightforward case against them, and if you know that this sort of thing can be done you are not going to send out copies of things to everyone.

Re:finally

[fuzzyfuzzyfungus]

Luckily, anonymous publication and distribution has never been turned to noble purposes, and hunting down distributors is always about going after wicked pirates.

I don't consider junior's desire to get shit-tastic mall punk from Kazaa to be a human rights issue; but I am hard pressed to think of any (even slightly efficacious) anti-piracy technology that wouldn't have applications in the burgeoning field of tyranny.

Wrong

The whole point of the technology is to encode the serial number by making slight changes to the wording of the message. Reading those words into another medium will still preserve the damning number.

Re:Wrong

With 2 layers of error-prone translation, there's bound to be many random substitutions.

Re:Wrong

[mouseblue]

Let me clarify: The ideal workaround is to get a very close translation (small error rate) and reverse the process so that the errors build up.

I took your quote on Babel Fish and ran it back to English to get this:

"All point of technology is to encode consecutive numbering by doing the little modification to wording of message. Reading those words to another medium still maintains the hand harsh number."

It's a terrible translation example but if you used a professional translator, you'd still have transformations from syntax and sentence structure from each language.

Re:Wrong

[Ungrounded+Lightning]

With 2 layers of error-prone translation, there's bound to be many random substitutions.

But they don't necessarily hit the particular words which encode the information. Even if they do corrupt some of 'em the info is inserted redundantly and error correcting codes are straightforward and applicable.

Double plus good

I guess the subtleties of word choice are becoming an old-fashioned concern.

Two obvious comments

[Gnavpot]

1. How can this be patent worthy? Individual changes to documents to make them traceable have been performed for years - even in anonymous questionnaires...

2. Patented. Good. Perhaps that will prevent others from using this method. If we are really lucky, IBM won't use it either.

Re:Two obvious comments

[ptbarnett]

How can this be patent worthy? Individual changes to documents to make them traceable have been performed for years - even in anonymous questionnaires...

I wondered exactly the same thing. It's even a part of the plot-line in an early Tom Clancy book to determine who was leaking classified documents.

Re:Two obvious comments

[mouseblue]

I agree, it doesn't seem very patent worthy.
It's Digital Watermarking with a software thesaurus/dictionary.

The movie industry used digital watermarks for VHS trailer tapes. http://www.afterdawn.com/news/archive/4616.cfm

Trent Reznor used an alternate strategy for one of his short films (from 1992?):

"...a few people who received the movie as a special gift. Each version given away was missing a different section of video, thus enabling Reznor to keep track of those who betrayed him."

http://www.toplessrobot.com/2008/08/the_10_most_amazing_unreleased_things_ever_made.php

Re:Two obvious comments

[Leto-II]

If I understand it correctly, making changes to documents for tracking purposes isn't the patented part. The method of automating the whole process is what is patented.

Re:Two obvious comments

[fuzzyfuzzyfungus]

I assume that the patent is for a means(well, probably an "apparatus and method") of making the individual changes programmatically and without making complete hash of the text.

Still seems dangerously close to "obvious" territory, to anyone skilled in the art of babelfish and back again; but doesn't have nearly as much prior art that way.

Re:Two obvious comments

[dr2chase]

Wow! Automation. Word processing. I had never imagined the computers were capable of such a thing.

Next you'll be telling me that they can automatically spot spelling errors, and wrap text at an 80-character margin.

Re:Two obvious comments

[maxwell+demon]

So if two of them worked together, they'd get the complete movie, and there would be no way to know who released it (assuming they are careful at cutting, so it's not possible to identify the edited section).

Or they even remove a third scene and some unrelated person gets the blame.

Re:Two obvious comments

[atomicgirl]

It's not a patent, it's a patent application, which may or may not ever become allowed and issue as a patent. Provided that you submit all the right documents and pay the application fee, anyone can apply for a patent on anything. It's not a patent until an examiner allows the claims, and what is allowed is often only a small part of what was claimed in the original application.

Design flaw.

Interpret it in your own words. Security broken.

IBM Seeks Patent On Digital Witch Hunts

"If Mark Zuckerberg should want to identify a snitching Facebook employee, Elon Musk wish to set a trap for loose-lipped Tesla employees, or Steve Jobs want to 'play Galaga,' they will be happy to know that a new IBM invention makes it easier than ever to be paranoid. In a newly-disclosed patent application for "Embedding a Unique Serial Number into the Content of an Email for Tracking Information Dispersion" (sheesh!), IBM describes how it has automated the creation of Canary Traps with patent-pending software that makes small changes to e-mail wording to allow you to spy on the unsuspecting recipients of your e-mail."

easily defeated: leak to slashdot

[LinuxRulz]

Every slashdot reader knows news posted on slashdot are distorted prior to posting.

email?

[forgoil]

Do people still use that? Either way, why not try to improve your hiring processes instead of treating all your employees like criminals. If you do treat me like a criminal and give me the punishment, I do feel obliged to get to do the crime as well...

Note to all!

[yo303]

Don't do non-work from work, if you work at IBM.

Crap! I wrote this from work!

Their Hovercraft is full of Crap

[IonOtter]

This won't go anywhere.

Or if they do and try to implement this in their system, it will last until the first email is translated into a language OTHER than US English.

"Over the last 20 years, we have remained dedicated to a single mission..."

"Over the last 20 years, we have remained confined to a single mental institution..."

"Over the last 20 years, we have remained obligated to one church..."

"Over the last 20 years, we have remained engaged in espionage..."

Re:Their Hovercraft is full of Crap

"Over the last 20 years, we have remained dedicated to a single mission..."

Federation.

"Over the last 20 years, we have remained confined to a single mental institution..."

Borg

"Over the last 20 years, we have remained obligated to one church..."

Bajoran

"Over the last 20 years, we have remained engaged in espionage..."

Romulan

Lots of prior art.

[jcr]

Spy agencies have been doing this kind of thing for decades. Slightly altering the wording in documents so that the individual recipient is traceable. They used to have a major problem with classified material being leaked to the press by congressional staffers.

-jcr

Re:Lots of prior art.

[Ungrounded+Lightning]

Spy agencies have been doing this kind of thing for decades. ... They used to have a major problem with classified material being leaked to the press by congressional staffers.

Now you know why "Deep Throat" was so cagey, vague, and just pointed Woodward and Bernstein to the right lines of investigation and insisted they hunt down other sources and confirmation, rather than letting them use him as an unnamed direct source.

Re:Lots of prior art.

Like color printers printing hidden yellow dots (for at least the last seven years
firmware in printers with serial numbers
Doctored scan or print engines that refuse to print 'money' properly
Special sets of drivers for b&W laser printing in .gov offices that alters fonts and proportional spacing
or recruiting newspaper legal editors as informants against even their own employer.
Crappy encryption of phones and pda's and the like
Special copy paper loaded with microdots or chemical signatures, or something to set off an alarm
Seizing Computers for forensics (which is a good reason not to use em.
Word/Grammar analysis engines that associate writing styles to people , matching the leak , against works from possible suspects. And planting disinformation/false documents.

Recently cracks appeared, when 1) Wikileaks , 2) Digital Cameras good enough to snap a screen
3) Micro sd's tool small to detect leaving the premises. 4) Smart people with a beef, can actually memorize a lot.

How long . . .

[DrMrLordX]

How long will it be until Apple patents goading a supplier into assassinating employees responsible for losing sensitive product prototypes?

How does this make it easier?

[One+Louder]

Since there's now a patent, these other companies would have to pay for a license in order to use this method to spy on their employees.

Re:How does this make it easier?

Yeah, practically speaking, the patent would give IBM a monopoly on software sold on the open market that implements this method.

For Dr. Evil bonus points, IBM could lobby congress to force the US gov't and its defense supply chain vendors to use this. Then IBM could charge one MILLLLION dollars.

Obscurity isn't worthless

[Cajun+Hell]

just run it through the thesaurus algorithm a few more times

But do leakers do that? Always?

People get caught when their guard is down. People fuck up. People think, "nobody's out to get me."

Sometimes they're wrong. Every single day, people die by that principle. They won't get mugged. They can drive home drunk and probably not crash. They can forgo the condom this time. It's true they're not guaranteed to lose. But sometimes they still do.

You're right that it's not a general solution that you can count on, to find your opponent. But at the same time, you know plenty of damn fools will get caught by it.

It's not security through obscurity; it's advantage through security.

Re:Obscurity isn't worthless

[girlintraining]

It's not security through obscurity; it's advantage through security.

Pardon me for being a purist. But anything this easily thwarted also has no legal value, and my understanding here is that it's a punitive measure against the "leaker". If the document got leaked in the first place, chances are good the "leaker" in question can form an affirmative defense that a third party acquired the copy. Worse, if the algorithm is limited to a finite set of permutations, and anything that sticks to words and phrases is a very finite space (cryptographically speaking), the argument could be made that the document was leaked through a different source, run through the algorithm, and coincidentally matched the "signature" of the leaker's copy.

It's completely bogus. If they want to keep data private, then use real cryptography, and validated software/hardware combinations that make the cost of extracting the data in a usable format more expensive than the data it's protecting. The military does it, as to certain businesses, and intelligence agencies around the world. The technology is there, it works, and it's real security.

Re:Obscurity isn't worthless

Pardon me for being a purist. But anything this easily thwarted also has no legal value, and my understanding here is that it's a punitive measure against the "leaker".

So what if there's no legal value? Someone leaked something you didn't want leaked? Move his ass downstairs to Storage B and take his red stapler away.

Re:Obscurity isn't worthless

[techno-vampire]

the argument could be made that the document was leaked through a different source, run through the algorithm, and coincidentally matched the "signature" of the leaker's copy.

It's not enough to show that there's another possible explanation, you have to show that your story is just as reasonable as the DA's. Your lawyer has to raise reasonable doubt in the minds of the jury to get them to vote not guilty. And, do you really think the jury's going to find your claim reasonable? I sure don't!

Re:Obscurity isn't worthless

[pyro_peter_911]

People think, "nobody's out to get me."

You must be new here.

Peter

Re:Obscurity isn't worthless

[petermgreen]

the argument could be made that the document was leaked through a different source, run through the algorithm, and coincidentally matched the "signature" of the leaker's copy.
Remember they just have to show "probable cause" to a court to get a search warrant. Once they have that search warrent they can start searching for more direct evidence that you leaked it.

It's completely bogus. If they want to keep data private, then use real cryptography, and validated software/hardware combinations that make the cost of extracting the data in a usable format more expensive than the data it's protecting. The military does it, as to certain businesses, and intelligence agencies around the world. The technology is there, it works, and it's real security.
and it's frightfully expensive, because you have to give everyone who needs access to the data your special locked down terminal. Worse you need to set up a secured environment for that terminal otherwise they could just put thier laptop down next to it and retype the information manually.

Re:Obscurity isn't worthless

[Cajun+Hell]

chances are good the "leaker" in question can form an affirmative defense

Sometimes there's no defense, because we're not always talking about court. So what if you don't have solid proof that person X leaked? You still know (pretty darn sure) that they did it.

If you're Steve Jobs, you fire 'em. So you don't have proof? Fine, their unemployment claim goes through. Or they're demoted to beta tester and if they don't like knowing the cool secrets, they can quit. You're no longer giving secrets to leaky people.

If you're a Bond Villain, you just kill the leaker; they don't have a trial. You're pretty sure you killed the right guy. And if it's actually James Bond's plot to get you to kill all your henchmen, that's fine, because you're playing the part that the movie-goers came to see.

Re:Obscurity isn't worthless

[Cajun+Hell]

If they want to keep data private, then use real cryptography, and validated software/hardware combinations that make the cost of extracting the data in a usable format more expensive than the data it's protecting. The military does it, as to certain businesses, and intelligence agencies around the world. The technology is there, it works, and it's real security.

BTW, how can you call yourself a purist? That is not "real security." That's a practical (in)convenience, just the kind of advantage (as opposed to "real security") that I was talking about and the last thing I'd expect from a "purist." If people can see it, they can write it down. They can paraphrase. The person has the information (that's why you sent it to them). You've just removed easy copy-and-paste.

Patent is invalid.

I claim prior art. I have been doing this for decades. Stupid patent office. Greedy IBM.

Condom?

[0100010001010011]

What are those for?

Re:Condom?

If it weren't for accidents, many of us wouldn't be here.

Re:Condom?

I use it to to make sure you don't get a new little brother

Re:Condom?

"Latex Condom...boy, I'd sure like to live in one of those!"

Anyone else...

[user-hostile]

read the subject as 'Digital Watch' hunts?

Re:Anyone else...

The first time, yes. And I was ~so~ hoping it would reduce the spam coming in.

Re:Anyone else...

[NotQuiteReal]

digital watches are so 1980's

My watch is analog... it is so much easier to visualize the passage of time that way.

Trust me. 120 years from now you won't care if you have an analog or digital watch. Time will pass.

Re:Anyone else...

[maxwell+demon]

Of course, in 120 years you'll get implants which make you always simply know what time it is, without having to look at some device. Looking at some devices on your hands would only distract you when operating your flying cars. :-)

Re:Anyone else...

[NotQuiteReal]

What I meant was that in 120 years I assume I will be well dead. I also assume that, most likely, you will have shuffled off as well. Either way, we will probably not be caring what time it is...

Of course if the dead DO care about what time it is, there are far bigger issues to worry about. I submit to you, that a self-winding analog watch will last longer and serve you better in the afterlife as well. Unless, of course, you can still get batteries for your digital watch there, wherever there is.

Re:Anyone else...

[maxwell+demon]

A self-winding watch will help you nothing if you don't move any more, as is quite common for dead people. And of course, in afterlife you'll only have watches which also died, so clocks that last longer are decidedly a disadvantage in that case. Batteries should be no problem in afterlife, because batteries die, too.

SCNR

It's still SMTP rigght?

[jbezorg]

telnet somedomain.com 25

Type:
HELO yourdomainname.com
MAIL FROM: <you@hostname.com>
RCPT TO: <to@hostname.com>
DATA
lol

lololol
.

prior art (?)

Something like this was mentioned in Patriot Games by Tom Clancy. It was referred to as "the smoking typewriter".

Don't to Done

[Nom+du+Keyboard]

How many changes can it make before it either changes the meaning of the e-mail, or makes you look like a moron for sending such an malformed message?

Do we now have to go back to straight text e-mails just to ensure that nobody is hiding tracking bugs in it?

Re:Don't to Done

[MikeS2k]

It's bizzare - what if you word you've chosen is important to convey a message (or a subtle pun?)

Why don't they just put double-spaces inbetween words - you can still track people by seeing where the double-spaces appear, and the message itself isn't as distorted.
How did this idea get out of somebody's lunchtime daydream?

Why is this new ?

[mbone]

This has been used for years - for example, back in Maggie Thatcher's day they caught a mole this way. What, exactly, is new about this ? That it's in software ?

Re:Why is this new ?

What's new is that it's done automatically, which presumably means it can be done on a regular basis instead of only when an investigation is already in process

Re:Why is this new ?

[maxwell+demon]

Well, they'll stop blindly using it the first time it creates a slight, but disastrous modification of the meaning.

WinDiff

[Nom+du+Keyboard]

1: Find trusted friend working on same document.
2: WinDiff Document A against Document B.
3: Create Document C containing none of the mismatches in Document A+B.
4: PROFIT!

Overall this reminds me of the SDMI system several years ago that claimed that it could hide unique identifying data in an audio recording that couldn't be detected or removed and the developers of it issued a challenge to break the system. When it was quickly broken by Edward W. Felten the music industry responded not with a reward, but with lawsuit attempting to prohibit him from speaking about his methods. Talk about sore losers!

Self defeating....literaly

[Em+Ellel]

Ok, is this to complete with Amazon's double rot-13 encryption patent?

Let me get this straight, they invented a system that identifies people by slightly altering wording of messages.... automatically.... sooooooo, what exactly is stopping people from using the same exact system to automatically modify the message to make it un-traceable again????? Thunderbird plug-in in 3 ... 2...1...

-Em

enthusiastic =/= commited

[Culture20]

The system uses stupid thesaurus switches. Not all synonyms mean exactly the same thing. Some of theses emails are going to sound so dumb that the employees will know something is up.

First... they came for the Napsters.....

[TechnoChatter69420]

and I said nothing... because I used Usenet :P :P

who is

joe doe?

All my email comes in ASCII

[NotQuiteReal]

It is easy to cut-n-paste, snip, spell check... not the same email at all.

And I mean that in a very real, and legally binding sense.

Simple defeat to this.

There is a simple way to defeat this.

Reply all.

Thanks for the email. (Making sure you quote the email)

The more this comes into play the more forwarding to all will be occurring.

Re:Simple defeat to this.

[maxwell+demon]

That of course assumes that you know who the other recipients are. man bcc.

Tom Clancy == prior art

[Slartibartfast]

Tom Clancy beat this drum -- almost tiresomely -- in several of his books back in the 90's. Our Fearless Protagonist, Jack Ryan, even came up with the algorithm, the name of which currently escapes me. Granted, the algorithm is never actually explained, but its output is identical to what this patent proposes, so methinks this probably isn't worthy of a patent.

Just my two cents, of course.

-Slarty

Re:Tom Clancy == prior art

[cowboy76Spain]

You patent the implementation, not the idea. You can't patent flying cars, you can patent the flying car you manufacture and the neat tricks inside it.

Re:Tom Clancy == prior art

[Mindcontrolled]

You patent the implementation, not the idea. You can't patent flying cars, you can patent the flying car you manufacture and the neat tricks inside it.

You don't necessarily patent specific implementations. If no one had ever talked about the idea of the flying car before, you could very well go for claims like

1. Automobile, characterized in that said automobile is equipped with means of creating an aerodynamical lifting force greater or equal to the weight of said automobile.

You just have to provide at least one implementation that the averagely skilled person in the technical field of the invention can get to work, but you are not limited to this.

On the other hand, the patent application in question seems to focus on automating a known process. Under european case law, automation by itself does not constitute an inventive step. No idea about the situation in the US, though.

Re:Tom Clancy == prior art

[Slartibartfast]

You implement the idea -- and *how* it's implemented, but not the implementation, itself. For example, patent applications do not generally contain more than superficial pseudo-code; they certainly don't contain a full implementation of the code -- that's where copyright comes in. Tom Clancy's description was lengthy enough that I think it certainly meets the criteria by which (say) waterbeds were unable to be patented because of Heinlein's description.

Re:Tom Clancy == prior art

[Siridar]

Tom Clancy's version was called Canary Trap. The idea has been around for much longer, though.

Re:Tom Clancy == prior art

[Theaetetus]

Tom Clancy beat this drum -- almost tiresomely -- in several of his books back in the 90's. Our Fearless Protagonist, Jack Ryan, even came up with the algorithm, the name of which currently escapes me. Granted, the algorithm is never actually explained, but its output is identical to what this patent proposes, so methinks this probably isn't worthy of a patent.

The fact that it's been mentioned before without explaining how it works doesn't mean it's prior art. For example: "Flying Cars". Under your interpretation, no one could ever patent a flying car now. While I'm at it: "Time travel; warp drives; quantum computers".

But no, patent law doesn't work that way - every item in the claims has to be disclosed in prior art. Not just the title.

IBM turned me into a newt . . .

[PolygamousRanchKid+]

. . . Apologies to IBM, joke follows, no offense intended . . .

" . . . a newt . . . ?"

". . . I got better."

"IBM is like a stream of bat's piss."

"It shines out like a shaft of gold when all around is dark."

"IBM is like a dose of clap."

"Before it arrives is pleasure, but after is a pain in the dong."

"It was one of Wilde's. He's the snitch."

Joke stolen from: http://www.phespirit.info/montypython/oscar_wilde.htm

Counter algorithm

You could write a similar algorithm to run over the email before you forwarded it on to obfuscate the changes and simply normalise the wording...

You could have it built into your email client...

Think it through for a second will you

[SmallFurryCreature]

It is about TRUST. As a reader I got to trust that a leaked document has not been falsified in anyway. Throwing it through a filter will definitly remove that trust. If you changed the meaning of words... well how do I know exactly what you have changed? var x "I helped my uncle Jack of a horse."; document.write(x.toLowerCase());

My New Patent

[flyneye]

I'd like to patent, "beating the living piss out of anyone found to be spying on me for any purpose".
          I mean damn, if I'm fired for some dissemination of some random email who cares? I got nothing to lose.
Head for that CEOs etched glass door and commence pounding the immoral bastard to blood pudding.
Kinda takes the glamour outa their false sense of total power and control with multiple fractures lascerations and deep bruising.
Hell, I can do 30 days in jail. Can he do 6 months in the hospital? How bout his ITsec or Admin?
        Y'all be careful out there with your security measures, there's people like me out there who aren't amused and don't care about consequences.
This includes all perceived authority figures.

          -armed and heavily sedated typing from my laptop...

Prior art

[DadLeopard]

Since there are many example of this technique, both in fiction and the real world! I don't think they can get a patent on the "Canary Trap" itself, but the US Patent Office being what it is, they may be able to get one on the Automated Implementation of the idea, since unlike Arthur C. Clarke's Geostationary satellites, there is the hardware to implement the idea!

What kind of security is that?

All you have to do is paraphrase the entire document and they can't trace it...