a thought experiment

I followed the story of Christopher Soghoian with interest over the last few months. As you'll recall, he is the security researcher who put a fake Northwest Airlines boarding pass generator on the web, and was subsequently visited by the FBI. There are two amazing parts to this story, for me: first, that the FBI visited him twice before confiscating all his computers, and second, that he has actually got his computer equipment back.

After the first FBI visit, he didn't sleep at home that night, and returned to find his home ransacked by the FBI on their second visit. This got me to thinking: what steps could one take to prevent the FBI accessing ones property (i.e. data on hard drives, not necessarily the physical items themselves)? I've thought of several ideas. If you're going to safeguard the physical hard drive, it should be an external one so that you have plausible deniability when you allow the FBI to take your PC and its normal boot drive.

1) Hide it onsite. Not really an idea that is likely to work, unless you have a really good hiding place.

2) Upload it to the web somewhere and let everyone mirror it. The Linus approach. Well it would certainly safeguard the data, and Soghoian could probably have done it without much consequence if he'd thought ahead. This option only works if you don't mind everyone (including the FBI) getting your data.

3) Hide it offsite. A storage facility? A bank safe-deposit box might be an interesting way to go. But odds are you're being followed by the FBI, and this would just slow them down rather than prevent them accessing the data. In the case of a safe-deposit box, it might slow them quite a lot though.

4) Mail it to a trusted party. Again, you have the problem that the FBI can probably intercept the mail before it leaves the mailbox or post office. But if you can get around that, this method would probably work. There is the problem that the FBI could be investigating your friends, too. So you might want to mail it to someone at the ACLU/EFF/press.

5) Encrypted file system. This is coming to everyone soon with the next version of Windows, I hear. But this isn't ultimately a good solution. They could probably throw you in jail for refusing to supply the key(s).

6) Steganographic file system. This is a bit more promising. But I'm not sure of the state of the art regarding things like StegFS and whether this would really fool the FBI. You face the problem of possible interrogation for the key(s).

7) The most interesting option, I think, in this thought experiment, is the possibility that the FBI won't find the data on your PC because it was never there. Imagine using the Internet as your storage device. I don't mean in the normal way that one uploads files via ftp or whatever. I mean things like using remote email queues as storage. One can imagine a program that works as follows:

Given the existence of a sensitive piece of information, rather than store it on the HDD, send it in an email addressed to me@<local ip address>. Send it first to any old external email server. That server will try to forward it back to you. But here's the clever bit. Your local mail program (controlled by the secret-storage software) doesn't accept it; instead you issue some non-fatal error in the 400 range. The remote mail server puts the mail in its queue for retransmission. It will retry periodically, eventually giving up in probably around a week if it can't deliver. Your secret-storage program can simply refresh the transmission each week, effectively using the Internet email system as a storage device. When you want to get to your data, you simply accept the email. There may be a time lapse between when you want to get at the data and the next retry cycle of the remote mail server, a bit like when you want to take money out of a savings account – that's the small price you pay for this security. Although even this might be overcome by appropriate manipulation at the TCP level (your mail server only half accepting the connection, then completing the acceptance when you want the data).

When the FBI comes to take your stuff, you (or they) turn off the power – which kills the mail reception program and destroys all traces of your data (it doesn't exist on the hard drive). And even if they were to turn it back on back in FBI HQ, the IP address will have changed. The FBI has no knowledge of which email server has your data, and in a few days, your data will expire.

4 comments

  1. Unless you're suspected of doing something so horribly bad that you are immediately locked up, so don't have a chance to hide/destroy the server before they take the house to bits looking for anything incriminating.

    Another strategy: A trusted friend gives you, along with some other friends, the password to a 'ssh-user' account on their machine, and agrees to keep no logs. Encrypt the important files you store on this machine, so only you can read them. If this machine gets seized, all the FBI will find is a bunch of encrypted files owned by 'ssh-user', and everyone has plausible deniability about the keys (nah, don't recognise that file, must be one of Bob's or Charlie's that they've forgotten about)

    (http://livejournal.com/users/the_local_echo)

  2. …don't have a chance to hide/destroy the server before they take the house to bits

    Exactly – I was surprised in the case of Chris Soghoian that the FBI didn't simply seize everything on their first visit.

    The ssh-user is an interesting idea but unless you have a lot of friends, I think it ultimately suffers from the same weakness as point 5. They could simply throw everyone in jail for conspiracy to obstruct justice, or something.

    (http://livejournal.com/users/elbeno)

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.