Even Congress has an 'unreasonable' expectation of privacy

Talking about the brewing Jane Harman/AIPAC wiretapping scandal, Matthew Yglesias writes:

However, the substance of what was recorded really does look damning. Which reminds me of something I was thinking about during the Blago Era, namely how many politicians’ reputations could really stand up to serious surveillance? It seems very likely to me that if you picked a member of congress at random, decided you had probably cause to suspect him of corruption, and thus starting wiretapping all his calls with donors and key political supporters that you would find a ton of dubious quid-pro-quos and backscratching arrangements.

Looking at this scandal, you could come to the perspective that (as Yglesias does) pretty much any politician has dirt that would come out if you wiretapped them.

Or, if you don a tinfoil hat, you can look at it this way: Even members of Congress who serve on key intelligence committees and have direct and detailed knowledge of the NSA's wiretapping capabilities still don't have a realistic idea of how little privacy they have when using telephones and email.

Look -- either Jane Harman expected that the NSA would never tap her own calls, or she simply didn't understand how easy surveillance is. Given that this same Congresswoman with a Harvard Law degree took several years to realize that the NSA's "Terrorist Surveillance Program" was blatantly illegal, perhaps it is safer to assume ignorance rather than over-confidence.

Nevertheless, how can we expect average Americans to make rational decisions about their own privacy (and their risk of being overheard discussing something problematic on the phone) when their elected officials who are supposed to be providing oversight over these sorts of programs clearly can't engage in a basic analysis of the risks of their own use of technology.

Perhaps Harman should have watched a few episodes of the Wire before getting on the phone with that suspected Israeli agent. I'm sure Stringer Bell could have taught her a few lessons about operational security.

Un-SAFE Behavior

Update:

Source code pulled until I chat with a couple legal minds. It's only 15 lines of perl, so it's not too tricky to create.

----


DISCLAIMER: I do not support child porn. I think it's sick, twisted, and should not be tolerated in our society.

However, I think that government surveilance and censorship are even more evil. I do not want to make life easier for child pornographers - but the threat of feature creep in anti-child porn systems is far too dangerous. One day it targets child porn, the next week it targets images of Mohammad (P.B.U.H.), and the week after, copies of the Anarchist Cookbook. No thank you.

----

Declan reports that Senators McCain and Schumer have proposed the SAFE act, which would create a national database of child porn images - or I'm guessing, simply require that the FBI make their own database public. ISPs would be given access to this database, and would be required to screen traffic and alert the authorities of any user who transmits/hosts an image that matches a fingerprint in this database.

For obvious reasons, they aren't going to give ISPs access to an actual database containing child porn. Thus, they're most likely going to give them a list of hashes of known child porn. The ISP's will then have to compare all sent/received attachments in emails and hosted files to this database of hashes. If they get a positive match, the ISP will be required to tell the G-Men.

I'm against this kind of thing for so many reasons. I don't want my ISP monitoring the traffic that passes through their network. I don't transmit any child porn, but this sets a very bad precident. Once the infrastructure is in place for them to compare hashes of child porn, it won't be too difficult for them to start comparing hashes of music, copies of dissident literature, photographs of dead soldiers in Iraq, anti-Scientology documentation, or anything else that someone with their hand in a Senator's pocket doesn't like.

Moreover, this law would also covers obscene images of minors including ones in a "drawing, cartoon, sculpture, or painting." (The language warns that it is not necessary "that the minor depicted actually exist.") This is not a good thing.

Lets get technical now...

MD5/SHA1 hashes are a very very bad way to compare images. If one single pixel in the image changes, the fingerprint completely changes.

There are significantly better methods to compare images to see if they are the same - which can withstand resizing, any number of slight modifications in Photoshop, or the modification of a few pixels - the problem with these, is that they are slow. If an ISP is going to run a comparison against every image that crosses its network, it needs to be super fast - which is why they'll probably end up using MD5/SHA1.

To combat against this evil intrusion into our private Internet behavior, I now introduce 'broken glass'. Apologies for the shoddiness of my code. This has been whipped up in a few minutes.

It is a perl script that when given an image file, will change 1 pixel's red component by +/- 1. It's not enough for the human eye to see, but it will make the MD5/SHA1 hash fingerprint of the image be completely different.

The perl script can be downloaded: *Removed*

It was developed on a Linux Ubuntu system. You may need to install imlib's perl bindings. On ubuntu, this can be done by issuing the following command:

apt-get install libimage-imlib2-perl


Just in case my server falls over, I'm including the relatively short source code here too:

#!/usr/bin/perl

# Chris Soghoian
# Feb 7, 2007.
# Licenced under the GPL. Find it via Google.

# Broken glass
# v. 0.1
# Modify a one pixel of an image by +/- 1 of its R (of RGB values).
# This will break any MD5/SHA1 comparison of images.


*EDITED*