The Rise of the Data Smuggler

I always thought the idea of physically smuggling data was absurd. Even physically transporting data seemed silly to me because if you have broadband you can simply upload or download it. For really big data I have a gigabit connection at a data center where I rent space, so sometimes I’ll do a massive download and just show up at the facility with a 1.5 terrabyte drive and hit the local Starbucks while it takes a few minutes to copy over what I’ve downloaded.

I have either given or thrown away countless USB thumb drives I’ve been given as gifts from Google AdWords and other companies. What’s the point?

Two things changed my mind about why physically transporting data is interesting. A conversation with Sebastian Thrun (creator of Google Street View) that I had a few years back where he told me that Fedexing data is, and probably always will be, the highest bandwidth way of moving data around. That’s why Google uses Fedex to send hard drives from their Street View vans back to headquarters.

The second thing that changed my mind was a new law in the UK that makes it illegal to not hand over encryption keys if the police want to decrypt your data. The penalty is two to five years in prison for simply refusing to hand over the keys. The logical outcome is that a lot of energy will now be spent on hiding the existence of encrypted data.

I think two fields will emerge. The first is the art of hiding encrypted data when transferring it across a wire. If time is not a factor then this may be the way to go. Simply altering the sequence or transmission times of TCP packets can encode data, although it will be very low bandwidth.

The second area where I think you’ll see more activity is the physical hiding of data. The reason I think more energy will be spent in this area is because it allows for very high bandwidth. If you can hide a 2 terrabyte drive and take a 6 hour journey to get it fro A to B, your bandwidth is 776 Megabits per second. Try and get that on your cable modem or ADSL link.

Data storage devices that self destruct aren’t interesting when it comes to solving this problem. A self destructing drive lets police know that you have data that you never allowed them to decrypt, so presumably you’ll get your 2 to 5 years. The data needs to be invisible.

Storing data on or inside your body may be one solution. According to Scientific American:

The human brain consists of about one billion neurons. Each neuron forms about 1,000 connections to other neurons, amounting to more than a trillion connections. If each neuron could only help store a single memory, running out of space would be a problem. You might have only a few gigabytes of storage space, similar to the space in an iPod or a USB flash drive. Yet neurons combine so that each one helps with many memories at a time, exponentially increasing the brain’s memory storage capacity to something closer to around 2.5 petabytes (or a million gigabytes). For comparison, if your brain worked like a digital video recorder in a television, 2.5 petabytes would be enough to hold three million hours of TV shows. You would have to leave the TV running continuously for more than 300 years to use up all that storage.

I’m not sure I would want to upload data directly to my brain, lest I overwrite the breathing function. But biological data storage is clearly worth looking at if your intent is to hide data.

So maybe Johnny Mnemonic wasn’t so absurd after all:


 

35 thoughts on “The Rise of the Data Smuggler

  1. Wonderful goods from you, man. I’ve take note your stuff previous to and you are just
    too wonderful. I really like what you have received here,
    really like what you’re stating and the best way in which you say it.
    You are making it enjoyable and you continue to care for to keep it sensible.
    I can not wait to read much more from you.
    This is actually a great website.

  2. I wonder if it is possible to convert sensitive information into something else that is still human-readable so that no one suspects that it actually is an encrypted message. Is there such a thing already?

  3. Kudos to Bbernie for your though, I also agreee: TrueCrrypt is awesome, and Stegannography is a word everyone should add to the dictiionaries in their brain. (cary it around with you.) Someebody ships you a pokerr chip. ( Hint: Cowbooy Bebop Episode 3 ~ 13 minutes and 30 secconds – 45 seckondss. ) << This is very blunt and obvious steganography!

  4. Given the US Gummint’s penchant for seizing computers at the border, I decided that, on my next foreign trip, I’ll wire any data I have to a on-line site, and either DOD-wipe the hard disk or just throw the computer in the river before returning.

  5. Explore Einstein’s “spooky action at a distance” theory (1916), linked atoms can exist anywhere in the cosmos, whatever is done to one, happens to the other (like a servo), so by bouncing an electron of a bunch of linked atoms, changing the “wobble” in their electron spins can be detected (decoded) at the other location instantly, no matter how far away (light years even). data doesn’t “travel” so it can’t be “captured” or manipulated by a 3rd party, only the two sides see it, no encryption necessary. read up on it …

  6. a few years back I did some work for a uk establishment. let’s just say that even powered off dimms still can hold interesting data if you have the right tools.

  7. Forget a hard drive that blows up. Have one inside a degaussing coil. One wrong code, and the magnetic fields silently turns all that data into soup.
    “Here’s your key, officer.” You said, helpfully. “But that drive is unformatted and doesn’t have any data on it.”

  8. “The Rise of the Data Keeper” might be applicable here as well. It it’s your data, you don’t want anybody stealing your idea. But the police could be annoying. The views – “Storing data on or inside your body may be one solution” and “Have you ever figured how information-rich your stool is?” will come to pass in the nearest future. There will be photo recorders that can record everything that takes place in a person’s dream. Mark my words.

  9. i dont know about the UK but in the US our fifth amendment theoretically protects against forcing people to reveal their encryption key. not only do you have the right to remain silent (miranda rights) you have the right to refuse to testify against yourself. this issue needs to be settled once and for all here though since some seem to think otherwise.

    • On the surface you are correct – but do you remember the attempts by the US government to require firms to hand over copies of their keys – this was in response to the ever increasing level of encryption – so much so that the gov could not decrypt on the fly. This way US firms were safe from prying eyes but other countries – in theory could have their data reviewed quickly.

      http://www.law.nyu.edu/ecm_dlv/groups/public/@nyu_law_website__journals__journal_of_legislation_and_public_policy/documents/documents/ecm_pro_060624.pdf

      • well corporations do not have 5th amendment rights (even if they are considered legal persons)
        and sure it would make police’s life easier if there was no way to protect ones data from them but i dont think its the job of the american people to make the police’s job easier. it would make their job easier if they didnt have to get a warrant, or have probably cause, or any oversight. if they could arrest on nothing more than a hunch that the person might be doing something illegal, we have laws to protect the people and if that is at odds with law enforcement the law should always come down on the side of the people.

  10. Rubberhose encryption. They’ll have trouble proving what appears to be random info is actually encrypted twice. There are tools out there to do that and then you can upload on store on a hard drive.

    Does it matter the kind of crime in the UK? America will be the same soon unfortunately.

  11. No need to worry about over-writing the breathing function as it’s part of the peripheral nervous system and not in the brain…

  12. This is great :) Firstly, don’t the police have to prove they believe information about a crime exists in your data to first get a warrant and then demand the date?

    Secondly, if your data has information you don’t want the police to see then you probably have more issues :)

    Just a thought!

    • The burden of proof for a warrant or arrest in this country is not high. And remember that what little protection we do have was a reaction against the practices of the UK in the mid 1700s.

  13. You could always encode and spread your data over existing data.

    Say for example a bunch of hi resolution family pictures or a bunch of home movies or MP3’s with some pixels or meta overwritten with your real data based on your own proprietary encoding routine.

    You would be carrying perhaps 100TB to transfer 1 or 2 TB of real data, but any inspection of the data would simply reveal media files.

    • Steganography has been around a lot longer than computers and will probably still be around when people start asking ‘Why did they call them computers? Did they add text and pictures to get sound?’

  14. Related to the idea of biological data storage, is this quote from Larry Smarr in a recent Atlantic article (http://www.theatlantic.com/magazine/archive/2012/07/the-measured-man/9018/) “:

    “Have you ever figured how information-rich your stool is?,” Larry asks me with a wide smile, his gray-green eyes intent behind rimless glasses. “There are about 100 billion bacteria per gram. Each bacterium has DNA whose length is typically one to 10 megabases—call it 1 million bytes of information. This means human stool has a data capacity of 100,000 terabytes of information stored per gram.

    So… maybe that’s a better option than overwriting our brains. Genetically engineer some bacterium with data stored in the non-coding parts of their DNA and then transport them in your GI tract.

    • Then we would also have to consider, not just the copyright infringement, but the sanitary implications of file-sharing…

    • there was an episode of star trek: the next generation (drumhead) where a spy onboard the enterprise smuggled data to an enemy by encoding it into proteins and injecting them into his body.

    • So then if someone transports data with an embedded “computer virus” that contains the DNA equivalent of a buffer overflow your computer virus could now a real virus. A potential scary thought.

      • im afraid the DNA doesnt quite have a concept of a buffer overflow, the closest thing i can think of is a frame shift mutation. because DNA is always read in sets of 3 a frame shift moves all the reading frames over one and can be a devastating, or great, mutation
        but the point of a buffer overflow is to get into operating memory and get code ran, you dont need any kinda mutation for that, just reverse transcriptase that will put your RNA into the DNA and will be interpreted from there on out, thats how real viruses do it.

  15. The UK law is useless. You can easily get around it with a concept called “plausible deniability”. TrueCrypt, an open-source encryption program, has it. It allows you to have two passwords. One to unlock the “harmless” data, and another password to unlock the real data. But nobody can prove that there is real data hidden inside the harmless data.

    Problem solved :) Sorry, police.

      • They can think whatever they want. I’d expect that any judge dismiss the case unless police can _prove_ that you willfully denied giving them the encryption key.

        Then again, GBR is an abnormality – the only EU member state without a constitution. therefore, you don’t have the mechanism you have in other states – appealing the law itself in case it is not conforming to the constitution.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.