I always thought the idea of physically smuggling data was absurd. Even physically transporting data seemed silly to me because if you have broadband you can simply upload or download it. For really big data I have a gigabit connection at a data center where I rent space, so sometimes I’ll do a massive download and just show up at the facility with a 1.5 terrabyte drive and hit the local Starbucks while it takes a few minutes to copy over what I’ve downloaded.
I have either given or thrown away countless USB thumb drives I’ve been given as gifts from Google AdWords and other companies. What’s the point?
Two things changed my mind about why physically transporting data is interesting. A conversation with Sebastian Thrun (creator of Google Street View) that I had a few years back where he told me that Fedexing data is, and probably always will be, the highest bandwidth way of moving data around. That’s why Google uses Fedex to send hard drives from their Street View vans back to headquarters.
The second thing that changed my mind was a new law in the UK that makes it illegal to not hand over encryption keys if the police want to decrypt your data. The penalty is two to five years in prison for simply refusing to hand over the keys. The logical outcome is that a lot of energy will now be spent on hiding the existence of encrypted data.
I think two fields will emerge. The first is the art of hiding encrypted data when transferring it across a wire. If time is not a factor then this may be the way to go. Simply altering the sequence or transmission times of TCP packets can encode data, although it will be very low bandwidth.
The second area where I think you’ll see more activity is the physical hiding of data. The reason I think more energy will be spent in this area is because it allows for very high bandwidth. If you can hide a 2 terrabyte drive and take a 6 hour journey to get it fro A to B, your bandwidth is 776 Megabits per second. Try and get that on your cable modem or ADSL link.
Data storage devices that self destruct aren’t interesting when it comes to solving this problem. A self destructing drive lets police know that you have data that you never allowed them to decrypt, so presumably you’ll get your 2 to 5 years. The data needs to be invisible.
Storing data on or inside your body may be one solution. According to Scientific American:
The human brain consists of about one billion neurons. Each neuron forms about 1,000 connections to other neurons, amounting to more than a trillion connections. If each neuron could only help store a single memory, running out of space would be a problem. You might have only a few gigabytes of storage space, similar to the space in an iPod or a USB flash drive. Yet neurons combine so that each one helps with many memories at a time, exponentially increasing the brain’s memory storage capacity to something closer to around 2.5 petabytes (or a million gigabytes). For comparison, if your brain worked like a digital video recorder in a television, 2.5 petabytes would be enough to hold three million hours of TV shows. You would have to leave the TV running continuously for more than 300 years to use up all that storage.
I’m not sure I would want to upload data directly to my brain, lest I overwrite the breathing function. But biological data storage is clearly worth looking at if your intent is to hide data.
So maybe Johnny Mnemonic wasn’t so absurd after all:
the transfer speed is 776, not 388 Mb/s (nit-picking…)
Commented on July 12, 2012 at 10:17 am
388 Mbps must be the round-trip bandwidth.
Commented on July 12, 2012 at 11:05 am
The UK law is useless. You can easily get around it with a concept called “plausible deniability”. TrueCrypt, an open-source encryption program, has it. It allows you to have two passwords. One to unlock the “harmless” data, and another password to unlock the real data. But nobody can prove that there is real data hidden inside the harmless data.
Problem solved 🙂 Sorry, police.
Commented on July 12, 2012 at 11:13 am
Indeed, but you can still go to the slammer if the police THINK there is data hidden in the free list or wherever.
Commented on July 12, 2012 at 10:12 pm
They can think whatever they want. I’d expect that any judge dismiss the case unless police can _prove_ that you willfully denied giving them the encryption key.
Then again, GBR is an abnormality – the only EU member state without a constitution. therefore, you don’t have the mechanism you have in other states – appealing the law itself in case it is not conforming to the constitution.
Commented on July 13, 2012 at 4:50 am
You could always encode and spread your data over existing data.
Say for example a bunch of hi resolution family pictures or a bunch of home movies or MP3’s with some pixels or meta overwritten with your real data based on your own proprietary encoding routine.
You would be carrying perhaps 100TB to transfer 1 or 2 TB of real data, but any inspection of the data would simply reveal media files.
Commented on July 13, 2012 at 12:24 am
This is great 🙂 Firstly, don’t the police have to prove they believe information about a crime exists in your data to first get a warrant and then demand the date?
Secondly, if your data has information you don’t want the police to see then you probably have more issues 🙂
Just a thought!
Commented on July 13, 2012 at 4:16 am
No need to worry about over-writing the breathing function as it’s part of the peripheral nervous system and not in the brain…
Commented on July 13, 2012 at 5:27 am
Rubberhose encryption. They’ll have trouble proving what appears to be random info is actually encrypted twice. There are tools out there to do that and then you can upload on store on a hard drive.
Does it matter the kind of crime in the UK? America will be the same soon unfortunately.
Commented on July 13, 2012 at 5:56 am
i dont know about the UK but in the US our fifth amendment theoretically protects against forcing people to reveal their encryption key. not only do you have the right to remain silent (miranda rights) you have the right to refuse to testify against yourself. this issue needs to be settled once and for all here though since some seem to think otherwise.
Commented on July 13, 2012 at 6:13 am
On the surface you are correct – but do you remember the attempts by the US government to require firms to hand over copies of their keys – this was in response to the ever increasing level of encryption – so much so that the gov could not decrypt on the fly. This way US firms were safe from prying eyes but other countries – in theory could have their data reviewed quickly.
http://www.law.nyu.edu/ecm_dlv/groups/public/@nyu_law_website__journals__journal_of_legislation_and_public_policy/documents/documents/ecm_pro_060624.pdf
Commented on July 13, 2012 at 2:24 pm
well corporations do not have 5th amendment rights (even if they are considered legal persons)
and sure it would make police’s life easier if there was no way to protect ones data from them but i dont think its the job of the american people to make the police’s job easier. it would make their job easier if they didnt have to get a warrant, or have probably cause, or any oversight. if they could arrest on nothing more than a hunch that the person might be doing something illegal, we have laws to protect the people and if that is at odds with law enforcement the law should always come down on the side of the people.
Commented on July 17, 2012 at 1:54 pm
Forget a hard drive that blows up. Have one inside a degaussing coil. One wrong code, and the magnetic fields silently turns all that data into soup.
“Here’s your key, officer.” You said, helpfully. “But that drive is unformatted and doesn’t have any data on it.”
Commented on July 13, 2012 at 6:43 am
Totally loved the “Lest i overwrite the breathe function” remark.
Commented on July 13, 2012 at 10:21 am
a few years back I did some work for a uk establishment. let’s just say that even powered off dimms still can hold interesting data if you have the right tools.
Commented on July 13, 2012 at 11:32 am
Explore Einstein’s “spooky action at a distance” theory (1916), linked atoms can exist anywhere in the cosmos, whatever is done to one, happens to the other (like a servo), so by bouncing an electron of a bunch of linked atoms, changing the “wobble” in their electron spins can be detected (decoded) at the other location instantly, no matter how far away (light years even). data doesn’t “travel” so it can’t be “captured” or manipulated by a 3rd party, only the two sides see it, no encryption necessary. read up on it …
Commented on July 13, 2012 at 11:53 am
Given the US Gummint’s penchant for seizing computers at the border, I decided that, on my next foreign trip, I’ll wire any data I have to a on-line site, and either DOD-wipe the hard disk or just throw the computer in the river before returning.
Commented on July 13, 2012 at 4:11 pm
Kudos to Bbernie for your though, I also agreee: TrueCrrypt is awesome, and Stegannography is a word everyone should add to the dictiionaries in their brain. (cary it around with you.) Someebody ships you a pokerr chip. ( Hint: Cowbooy Bebop Episode 3 ~ 13 minutes and 30 secconds – 45 seckondss. ) << This is very blunt and obvious steganography!
Commented on July 13, 2012 at 5:46 pm
I wonder if it is possible to convert sensitive information into something else that is still human-readable so that no one suspects that it actually is an encrypted message. Is there such a thing already?
Commented on July 15, 2012 at 6:47 pm
http://en.wikipedia.org/wiki/Deniable_encryption#Software
Commented on July 15, 2012 at 7:07 pm