Wednesday, February 07, 2007

Un-SAFE Behavior

Update:

Source code pulled until I chat with a couple legal minds. It's only 15 lines of perl, so it's not too tricky to create.

----


DISCLAIMER: I do not support child porn. I think it's sick, twisted, and should not be tolerated in our society.

However, I think that government surveilance and censorship are even more evil. I do not want to make life easier for child pornographers - but the threat of feature creep in anti-child porn systems is far too dangerous. One day it targets child porn, the next week it targets images of Mohammad (P.B.U.H.), and the week after, copies of the Anarchist Cookbook. No thank you.

----

Declan reports that Senators McCain and Schumer have proposed the SAFE act, which would create a national database of child porn images - or I'm guessing, simply require that the FBI make their own database public. ISPs would be given access to this database, and would be required to screen traffic and alert the authorities of any user who transmits/hosts an image that matches a fingerprint in this database.

For obvious reasons, they aren't going to give ISPs access to an actual database containing child porn. Thus, they're most likely going to give them a list of hashes of known child porn. The ISP's will then have to compare all sent/received attachments in emails and hosted files to this database of hashes. If they get a positive match, the ISP will be required to tell the G-Men.

I'm against this kind of thing for so many reasons. I don't want my ISP monitoring the traffic that passes through their network. I don't transmit any child porn, but this sets a very bad precident. Once the infrastructure is in place for them to compare hashes of child porn, it won't be too difficult for them to start comparing hashes of music, copies of dissident literature, photographs of dead soldiers in Iraq, anti-Scientology documentation, or anything else that someone with their hand in a Senator's pocket doesn't like.

Moreover, this law would also covers obscene images of minors including ones in a "drawing, cartoon, sculpture, or painting." (The language warns that it is not necessary "that the minor depicted actually exist.") This is not a good thing.

Lets get technical now...

MD5/SHA1 hashes are a very very bad way to compare images. If one single pixel in the image changes, the fingerprint completely changes.

There are significantly better methods to compare images to see if they are the same - which can withstand resizing, any number of slight modifications in Photoshop, or the modification of a few pixels - the problem with these, is that they are slow. If an ISP is going to run a comparison against every image that crosses its network, it needs to be super fast - which is why they'll probably end up using MD5/SHA1.

To combat against this evil intrusion into our private Internet behavior, I now introduce 'broken glass'. Apologies for the shoddiness of my code. This has been whipped up in a few minutes.

It is a perl script that when given an image file, will change 1 pixel's red component by +/- 1. It's not enough for the human eye to see, but it will make the MD5/SHA1 hash fingerprint of the image be completely different.

The perl script can be downloaded: *Removed*

It was developed on a Linux Ubuntu system. You may need to install imlib's perl bindings. On ubuntu, this can be done by issuing the following command:

apt-get install libimage-imlib2-perl


Just in case my server falls over, I'm including the relatively short source code here too:

#!/usr/bin/perl

# Chris Soghoian
# Feb 7, 2007.
# Licenced under the GPL. Find it via Google.

# Broken glass
# v. 0.1
# Modify a one pixel of an image by +/- 1 of its R (of RGB values).
# This will break any MD5/SHA1 comparison of images.


*EDITED*

3 comments:

Ryan Russell said...

You pulled a script that just edits graphics files?

Wow, that's a pretty bad case of prior restraint you've got there.

Anonymous said...

Note that this will result in a reduction in the quality of JPEG images (and others that use lossy compression), since your script (if I'm interpreting it correctly) will decode the image, change it, and then re-encode the image. For JPEGs you'd probably want a different sort of program that can just make a minor tweak to the compressed JPEG.

Anonymous said...

well, he did get into hot water over a simple script that edited a boarding pass image so he's got a healthy case of paranoia.

Welcome to the new world order guys.