ARTICLE: Steganography and E-Discovery: What will Courts and litigators do when spam contains hidden messages?
ShawnK
spam contains hidden messages?
Posted on Wednesday, March 21, 2007 at 09:07PM by Registered
CommenterIra P. Rothkent
http://www.moredata.com/home/steganography-and-e-discovery-what-will-courts-and-litigators-do-when-spam-contains-hidden-messages.html
>From time to time issues will arise under the evolving e-discovery
rules that frankly seem pretty darn hard to resolve - the use of
Steganography is one of them. Steganography is the art and science of
hiding or obscuring messages so as to engage in covert communications.
In terms of e-discovery and evidence issues steganography involves
placing a hidden encrypted message in other data, usually a digital
photograph, video file, audio file, or yes even spam. The recipient of
the steganographic data would use a steganography key to unlock and
decrypt the message.
For example using an inexpensive steganographic program ill
intentioned parties, who do not want their communications handed over
in any upcoming case, can use a proxy server to send the appearance of
spam back and forth which contain images that have embedded encrypted
steganographic messages. What a nightmare for litigators on both sides
of the case. The nightmare multiples if the supposed spam e-mails
contain links to third party web sites that manifest steganographic
images.
The current mainstream thought under the revised e-discovery rules is
that requests for e-discovery should be proportional in nature and
reasonably tailored to the facts and issues in the case. In essence,
litigators currently make widespread use of reasonable keyword and
"soundex" searches to distill out responsive electronic documents and
emails - emails that look like spam are generally not produced nor are
they requested (unless the case is over unsolicited e-mail).
But no automated keyword search will be able to distill out relevant
messages made using steganography. No manual visual inspection will be
able to detect messages in steganographic form - the photos look the
same.
To be fair there are a lot of socially important uses for
steganography. For example, in many contexts the right to privacy is
protected and advanced by using steganographic messages and one can
certainly appreciate using steganography to protect important personal
information like passwords, lock combinations, trade secrets, and
financial information. In addition, steganography can be used to
protect intellectual property such as embedding a secret message in
photos, websites, and videos and thus proving that an alleged
defendant copied your works. Steganography can also be used by our
intelligence services as a secure method of communication.
There are numerous inexpensive programs that help you to create
steganographic messages such as Invisible Secrets. There are also some
programs that help you to detect steganographic files such as Stego
Suite from Wetstone. I suspect programs like the Stego Suite will
become a more important part of the modern civil litigators e-
discovery toolkit - especially if there is some access during the case
to hard drives and server drives for automated analysis.
What will Courts and litigators do if steganography becomes more
widespread due to both socially acceptable and unacceptable uses? What
if steganography starts to make up the majority of sensitive corporate
communications? Can corporations communicate the most important
sensitive digital messages in the manner and method they choose or do
they have an obligation once litigation commences to use a tangible-
centralized easily searchable form? How are outside litigators
supposed to ensure the integrity and completeness of the e-discovery
process in a world of steganography?
What if spam contains hidden messages?
The only way to perform e-discovery in such a steganographic world
would be to ask for and get all communications, all server drives, and
all hard drives, and hope that there is no off site storage five
thousand miles away in a jurisdiction hostile to American law. Such a
broad request will not be meet with enthusiasm by the other side or
most Judges. If a miracle occurs and you get the overbroad discovery
and access then you would need to use automated steganography
detection software with robust artificial intelligence like Stego
Suite to possibly detect steganographic carrier files. Break the
encryption if you are lucky and then run your keyword search to see if
the data is relevant to the case. The e-discovery effort, time, and
cost from the possible use of steganograpy can become mind boggling.
It will be an interesting evolution as the e-discovery cases evolve as
to how the steganography legal and technical issues will be handled.