Rumor-squashing service announcement
Published by marco on
There are a lot of rumors floating around. Attorney General John Ashcroft and the FBI tell us that they use high-encryption programs, so the government needs access to all of those. Others claim that they are using steganography (information embedded in images) and are communicating through web porn. Phil Zimmermann, the inventor of PGP (an encryption package) was quoted by the Washington Post as expressing “regret” for inventing PGP.
All not true. Most of it deliberately misinterpreted to make a more sensational, easier-to-digest article.
As this article at the Register points out, the steganography and high-encryption rumors started by the Times were a deliberate misquoting of international cryptography expert Ross Anderson. In his own words (here and here) (emphasis added):
<q>Your reporter called me and told me he had had a briefing from the security services that al-Qaida were using steganography, that is, hiding messages inside other objects such as MP3 files or images. He asked me whether I thought this was plausible. I replied that although it was technically possible, it was unlikely; and that, according to the FBI, the hijackers had sent ordinary emails in English or Arabic. I explained that the main problem facing police communications intelligence is traffic selection − knowing which of the billions of emails to look at − rather than the possibility that the emails might be encrypted or otherwise camouflaged. A competent opponent is unlikely to draw attention to himself by being one of the few users of encryption or anonymity services. … Unfortunately, the story that bin Laden hides his secret messages in pornographic images on the net appears to be too good for the tabloids to pass up…</q>
<q>The article states that as the inventor of PGP, I was “overwhelmed with feelings of guilt”. I never implied that in the interview, and specifically went out of my way to emphasize to her that that was not the case, and made her repeat back to me this point so that she would not get it wrong in the article. This misrepresentation is serious, because it implies that under the duress of terrorism I have changed my principles on the importance of cryptography for protecting privacy and civil liberties in the information age.</q>
So, they communicated in plain text email (hidden only the same way all of our mail is hidden, by the sheer mass of it), did not use pornography to pass messages (regardless of how much many parties would love to link pornography just so that it can be more heavily regulated or banned under the umbrella of ‘preventing terrorism’) and a huge proponent of encryption (Zimmermann) is not recanting all of his principles in light of the attack. Finally, some larger news organization are not only not checking facts, but deliberately misreporting in order to publish the stories we ‘want’ to hear.