Slashdot Mirror

← Back to Stories (view on slashdot.org)

IBM Seeks Patent On Digital Witch Hunts

Posted by Soulskill on from the everyone-sees-a-unique-version-of-this-story dept.

theodp writes "Should Mark Zuckerberg want to identify a snitching Facebook employee, Elon Musk wish to set a trap for loose-lipped Tesla employees, or Steve Jobs want to 'play Asteroid,' they'll be happy to know that a new IBM 'invention' makes it easier than ever to be paranoid. In a newly-disclosed patent application for Embedding a Unique Serial Number into the Content of an Email for Tracking Information Dispersion (phew!), Big Blue describes how it's automated the creation of Canary Traps with patent-pending software that makes ever-so-slight changes to e-mail wording to allow you to spy on the unsuspecting recipients of your e-mail."

2 of 136 comments (clear)

  1. Not new by Anonymous Coward · · Score: 5, Interesting

    My girlfriend works in the bid and proposal department at Oshkosh Corps. They regularly deal with top secret government contracts for armored vehicles. Each persons copy of whatever paperwork has different sets of typos, so if there are any leaks, they know exactly who it came from.

    And yes, they have caught corporate spies with this before.

  2. Re:Security through obscurity. Again. by Dhalka226 · · Score: 5, Insightful

    In your rush to bash people for not having an infallible solution, you're making two awfully big assumptions:

    1. That they're intending this to have any effect whatsoever on people actively trying to disguise the source of the leak; and,
    2. That a solution isn't worthwhile if it doesn't survive whatever geek-haxxor workarounds you can come up with.

    This is exceptionally poor security for classified information. That's not its intent. It's poor security against people actively disguising themselves by "run[ning] it through the thesaurus algorithm a few more times." So be it.

    It's still going to catch that guy who wants to show how in the know he is and forwards it to his buddies who post it on a website, and I'm sure there are far higher incidences of that than industrial espionage or whatever it is you're maligning them for not tackling.

    I wouldn't personally implement a system like this, but the fact that it doesn't cover all potential circumstances doesn't mean it's worthless. I don't know why Slashdotters always have such a hard time grasping that.