Recent news about
a certain much-anticipated work of fiction being posted to the internet, in
advance of its scheduled release, was not terribly surprising. The method
used was, perhaps, a bit crude, and certainly time consuming, but it got
the job done. Unbeknownst to the anonymous poster, their camera helpfully
provided some extra
information that might be used to track them down. Our devices are
collecting all kinds of data about our habits and they are increasingly
divulging that data in unexpected ways.
In the case of the Harry Potter book, the camera serial number was recorded
in the Exchangeable image file format
(Exif) data of the JPEG files of each page. Based on that information,
Canon, the camera's manufacturer, may be able to match the camera to its
original purchaser. If the camera has been serviced in the three years
since it was released, that would also create an entry matching the serial
number to the owner at that time. Neither of those conclusively links a
person to the "crime", if it even is a crime, but they could give any
investigators a good place to start.
It could have been a lot worse - some camera models have GPS capability
built-in with Exif fields available to store that information on each shot.
Perhaps the photo shoot happened deep enough inside some building that the
GPS would not work, but over the hours it took to do that project, it seems
quite possible that at least one shot would get tagged. It would be pretty
easy to track down where the photos were taken if some were tagged
with latitude and longitude coordinates. If it did not bring the police
around, it certainly might have brought legions of Potter fans, eager to
acquire the book early.
GPS data encoded into each photograph that you take, is a useful
feature, keeping track of where the photos were taken some years down the
road after (human) memory has failed. The other Exif data, much of which
is detailed information about camera settings, is probably quite useful to
photographers and is much simpler than trying to keep a record of
exposure settings as you take pictures. Gathering and storing the data
is quite helpful, it is the unexpected disclosure that causes problems.
It would be easy to ignore this problem, writing it off to an ignorant
user, who should have scrubbed the Exif data before posting,
but the problem comes in other guises as well.
The US Secret Service evidently wants to be
able to track your printer output, presumably as part of their
anti-counterfeiting responsibilities, so they have convinced laser printer
manufacturers to secretly add the now-famous yellow dots
to each color page that is printed. Some of these codes have been cracked
by the Electronic Frontier Foundation (EFF) and others, and have been found
to contain model and serial numbers along with a timestamp of the print time.
It is much harder to blame ignorant users when the device manufacturer
actively tries to hide the fact that identifying information is being
leaked. Worse yet, it appears that inquiring about this practice
and asking how to turn it off
can lead to a visit from the Secret Service. There is nothing quite like a
visit from a federal agent to stifle dissent. The folks at Seeing Yellow have lots more
information, including a plan to overwhelm the agency through sheer numbers
of people asking how to turn this "feature" off.
Imagine a world where the government required each person to carry a
device that: knew its location via GPS, had the ability to take pictures and
wireless connectivity. It is a scenario that would be ripe for abuse. In many
ways, lots of people already, voluntarily, live in that world as cell phones
have all those characteristics. It is not inconceivable that the cell phone
manufacturers have already had a visit, from the Department of Homeland
Security (DHS) or some other three-letter agency of the government, asking
for help in the "War on Terror." The devices are certainly capable of
reporting location (possibly with a helpful photo of people in the vicinity)
back to the carrier and through them to the DHS. Probably, hopefully, that
is not (yet?) happening, but there is no real technical barrier.
If we ratchet the paranoia level down a notch, cell phones, in
particular smart phones, still pose an enormous target for the criminal
world. Subverting phones that have cameras and GPS, to run them under the
control of an attacker, makes an incredible surveillance tool. By using
the same kinds of techniques that are used to spread viruses and spyware
today, it should not be difficult to get targets to willingly perform
actions that will lead to the subversion of their phone. From
there, the attacker can get all of the call records, photos, calendar items
and contacts while directing the phone to transmit its location every
minute to the attacker.
Not only could this kind of information be used by stalkers, muggers and other
criminals, this same capability could be used by lovers or employers to
track people, keeping tabs on their movements and contacts. Rather than
hire a private investigator, a jealous husband or wife might just borrow
the other's phone, surf to a spyware site, and install a tracking program
themselves. The opportunities are endless and exceedingly frightening for
anyone concerned about privacy in today's world.
There are no easy answers on how to protect oneself against these
unintentional data leaks. The organizations and individuals interested in
collecting the data are doubly interested in concealing the fact that they
are doing it, but, worse still, it is difficult for users to detect. If a
cell phone is sending a short burst of encrypted information every minute,
how would the average user, or even a sophisticated lab, detect and decode
that data? If someone had not stumbled upon the yellow dots, we might be
printing traceable documents, in blissful ignorance, to this day. What
other, similar kinds of tracking are going on that we do not yet know about?
Free software can certainly help with this problem, but it is no
panacea. Being able to replace the software in a device, with code that
can be scrutinized and built before installing, is a good way to know what
the device will do. Getting code that is vouched for by a trusted group,
also serves to alleviate privacy leakage concerns. That is not the end of
the story, unfortunately, as the hardware itself may be the culprit. Laser
printer hardware is likely responsible for the identifying
information in the output, making it rather difficult to replace. It is
extremely difficult to know what the hardware in other devices might be
doing behind our backs.
The truly paranoid will not be willing to trust any hardware they did not
build themselves, perhaps from individual transistors, while trying to
figure out how to trust
the compiler. For the rest of us, open platforms, like OpenMoko, with free software and
hardware, may provide reasons to believe that our data is protected;
unless, of course, the device gets stolen or lost - encryption anyone?
to post comments)