TECHNOLOGY

How to Send Messages That Even the NSA, CIA, and FBI Cannot Read

A simple technique protects privacy far better than encryption alone.

Share on
BY Joseph Steinberg - 13 Jul 2017

PHOTO CREDIT: Getty Images

Over the past few years, there have been multiple efforts by governments to spy on users of digital communications and to force technology companies to provide access to the electronic communications of suspected criminals. While some messaging systems now offer end-to-end encryption that prevents the providers of such services from decrypting messages, metadata--including who communicated with whom and when and where--is still available to governments.

So, is there a way to truly hide communications?

One way is to literally hide information in plain sight using what is known as steganography.

Steganography refers to the practice of hiding secret information within other data in such a way that only the sender and intended recipient know that the concealed material even exists. To read data protected with steganography, a government employee (or hacker) would have to first find it--which can be exceedingly difficult. Furthermore, unlike encrypted data that may arouse the curiosity of hackers and government agencies, data hidden using steganography looks innocent even when both hidden and encrypted.

Online, steganography can be easily achieved using pictures; photos are commonly shared online by billions of people and, therefore, do not appear suspicious when shared.

In their raw form, in addition to metadata (which should be removed before using steganography) most pictures use up to 24 bits of data--that is, a series of 24 1s and 0s--to represent the color of each pixel. By storing a single bit of data in the least significant bits ("the ones column of the color's number") of certain pre-agreed upon pixels, modifying bits from 1 to 0 or vice versa if necessary, a sender and recipient can share data while leaving the image visually unmodified, since single-step color changes are far too small to be perceivable by the human eye. In fact, by encrypting data before embedding it, by selecting photos where some or all of the relevant bits are already set to the values needed, by modifying extra non-information-containing bits, by utilizing images of which no other copy exists online, by including decoy images, and by employing various other techniques, steganography software can make it extremely hard for outside parties to find, never mind understand, any embedded secrets.

As an example, consider that in 2013 I hid an Amazon gift card in the photo accompanying a Forbes article that I wrote about steganography. I told people that the card number was hidden, and gave folks a week (extended to a month) to find it. Despite providing clues as to what was hidden and in what image it was hidden, and despite nearly 50,000 people reading the article since, nobody reported finding the code.

Steganography is not perfect. But, if implemented properly--something relatively easy to do when using any one of many steganography apps--it can deliver far better protection of sensitive information in transit than does encryption alone.