The Rise of the Data Smuggler

I always thought the idea of physically smuggling data was absurd. Even physically transporting data seemed silly to me because if you have broadband you can simply upload or download it. For really big data I have a gigabit connection at a data center where I rent space, so sometimes I’ll do a massive download and just show up at the facility with a 1.5 terrabyte drive and hit the local Starbucks while it takes a few minutes to copy over what I’ve downloaded.

I have either given or thrown away countless USB thumb drives I’ve been given as gifts from Google AdWords and other companies. What’s the point?

Two things changed my mind about why physically transporting data is interesting. A conversation with Sebastian Thrun (creator of Google Street View) that I had a few years back where he told me that Fedexing data is, and probably always will be, the highest bandwidth way of moving data around. That’s why Google uses Fedex to send hard drives from their Street View vans back to headquarters.

The second thing that changed my mind was a new law in the UK that makes it illegal to not hand over encryption keys if the police want to decrypt your data. The penalty is two to five years in prison for simply refusing to hand over the keys. The logical outcome is that a lot of energy will now be spent on hiding the existence of encrypted data.

I think two fields will emerge. The first is the art of hiding encrypted data when transferring it across a wire. If time is not a factor then this may be the way to go. Simply altering the sequence or transmission times of TCP packets can encode data, although it will be very low bandwidth.

The second area where I think you’ll see more activity is the physical hiding of data. The reason I think more energy will be spent in this area is because it allows for very high bandwidth. If you can hide a 2 terrabyte drive and take a 6 hour journey to get it fro A to B, your bandwidth is 776 Megabits per second. Try and get that on your cable modem or ADSL link.

Data storage devices that self destruct aren’t interesting when it comes to solving this problem. A self destructing drive lets police know that you have data that you never allowed them to decrypt, so presumably you’ll get your 2 to 5 years. The data needs to be invisible.

Storing data on or inside your body may be one solution. According to Scientific American:

The human brain consists of about one billion neurons. Each neuron forms about 1,000 connections to other neurons, amounting to more than a trillion connections. If each neuron could only help store a single memory, running out of space would be a problem. You might have only a few gigabytes of storage space, similar to the space in an iPod or a USB flash drive. Yet neurons combine so that each one helps with many memories at a time, exponentially increasing the brain’s memory storage capacity to something closer to around 2.5 petabytes (or a million gigabytes). For comparison, if your brain worked like a digital video recorder in a television, 2.5 petabytes would be enough to hold three million hours of TV shows. You would have to leave the TV running continuously for more than 300 years to use up all that storage.

I’m not sure I would want to upload data directly to my brain, lest I overwrite the breathing function. But biological data storage is clearly worth looking at if your intent is to hide data.

So maybe Johnny Mnemonic wasn’t so absurd after all:


35 thoughts on “The Rise of the Data Smuggler

  1. I wonder if it is possible to convert sensitive information into something else that is still human-readable so that no one suspects that it actually is an encrypted message. Is there such a thing already?

  2. Kudos to Bbernie for your though, I also agreee: TrueCrrypt is awesome, and Stegannography is a word everyone should add to the dictiionaries in their brain. (cary it around with you.) Someebody ships you a pokerr chip. ( Hint: Cowbooy Bebop Episode 3 ~ 13 minutes and 30 secconds – 45 seckondss. ) << This is very blunt and obvious steganography!

  3. Given the US Gummint’s penchant for seizing computers at the border, I decided that, on my next foreign trip, I’ll wire any data I have to a on-line site, and either DOD-wipe the hard disk or just throw the computer in the river before returning.

  4. Explore Einstein’s “spooky action at a distance” theory (1916), linked atoms can exist anywhere in the cosmos, whatever is done to one, happens to the other (like a servo), so by bouncing an electron of a bunch of linked atoms, changing the “wobble” in their electron spins can be detected (decoded) at the other location instantly, no matter how far away (light years even). data doesn’t “travel” so it can’t be “captured” or manipulated by a 3rd party, only the two sides see it, no encryption necessary. read up on it …

  5. a few years back I did some work for a uk establishment. let’s just say that even powered off dimms still can hold interesting data if you have the right tools.

  6. Forget a hard drive that blows up. Have one inside a degaussing coil. One wrong code, and the magnetic fields silently turns all that data into soup.
    “Here’s your key, officer.” You said, helpfully. “But that drive is unformatted and doesn’t have any data on it.”

  7. i dont know about the UK but in the US our fifth amendment theoretically protects against forcing people to reveal their encryption key. not only do you have the right to remain silent (miranda rights) you have the right to refuse to testify against yourself. this issue needs to be settled once and for all here though since some seem to think otherwise.

    • On the surface you are correct – but do you remember the attempts by the US government to require firms to hand over copies of their keys – this was in response to the ever increasing level of encryption – so much so that the gov could not decrypt on the fly. This way US firms were safe from prying eyes but other countries – in theory could have their data reviewed quickly.

      • well corporations do not have 5th amendment rights (even if they are considered legal persons)
        and sure it would make police’s life easier if there was no way to protect ones data from them but i dont think its the job of the american people to make the police’s job easier. it would make their job easier if they didnt have to get a warrant, or have probably cause, or any oversight. if they could arrest on nothing more than a hunch that the person might be doing something illegal, we have laws to protect the people and if that is at odds with law enforcement the law should always come down on the side of the people.

  8. Rubberhose encryption. They’ll have trouble proving what appears to be random info is actually encrypted twice. There are tools out there to do that and then you can upload on store on a hard drive.

    Does it matter the kind of crime in the UK? America will be the same soon unfortunately.

  9. No need to worry about over-writing the breathing function as it’s part of the peripheral nervous system and not in the brain…

  10. This is great πŸ™‚ Firstly, don’t the police have to prove they believe information about a crime exists in your data to first get a warrant and then demand the date?

    Secondly, if your data has information you don’t want the police to see then you probably have more issues πŸ™‚

    Just a thought!

  11. You could always encode and spread your data over existing data.

    Say for example a bunch of hi resolution family pictures or a bunch of home movies or MP3’s with some pixels or meta overwritten with your real data based on your own proprietary encoding routine.

    You would be carrying perhaps 100TB to transfer 1 or 2 TB of real data, but any inspection of the data would simply reveal media files.

  12. The UK law is useless. You can easily get around it with a concept called “plausible deniability”. TrueCrypt, an open-source encryption program, has it. It allows you to have two passwords. One to unlock the “harmless” data, and another password to unlock the real data. But nobody can prove that there is real data hidden inside the harmless data.

    Problem solved πŸ™‚ Sorry, police.

    • Indeed, but you can still go to the slammer if the police THINK there is data hidden in the free list or wherever.

      • They can think whatever they want. I’d expect that any judge dismiss the case unless police can _prove_ that you willfully denied giving them the encryption key.

        Then again, GBR is an abnormality – the only EU member state without a constitution. therefore, you don’t have the mechanism you have in other states – appealing the law itself in case it is not conforming to the constitution.

Comments are closed.