I'm not a terrorist. However I assume I do have certain things in common with terrorists. Mainly I'm not an idiot, and while terrorists behave in ways that can only be described as "murderously psychopathic", I don't think it's useful to assume that terrorists are in fact stupid if we are to have any hope of stopping them.
Now, not being stupid, if I or the evil-doers of the world wanted to communicate with others in secret ways, sending messages via email, or speaking openly on an AT&T phone line would not be the first choice. In fact that would be the last thing any even functionally intelligent person would do
Yet, today I see I definitely have one other thing in common with terrorists: the U.S. Government is recording and analyzing information about my emails and phone calls. Okay, I'm one of you, and I would probably also yawn and point out "eh, I got nothing to hide, so who cares?" except for the fact that this sort of large-scale surveillance is completely useless.
I bet you thought I was going to turn this into a discussion of cryptography now, but actually I want to discuss something much simpler and much more effective than that: steganography. "The what now?" you say. Steganography is the technique of hiding messages in plain sight, with the point being that most people don't realize they are in fact even seeing a message.
A simple example would be from a few hundred years ago. Now, who would have suspected, strolling along near the North Church on the night of April 18, 1775, that the light hanging there would affect the outcome of a war and the forming of a nation? Nothing high-tech required, just an agreed apon protocol {1=>"by land", 2=>"by sea"} and a couple of old lamps (and yes, from the British point of view Paul Revere was a terrorist).
Today we have lamps with much, much longer reach--that's right, I'm talking about that miracle one civil servant called "the internets". So could a doer of good, or evil send a message by an act as seemingly insignificant as changing the background color of a web page by a couple of hex values? As long as at least one person viewing the page knows what that means, then obviously: yes.
But suppose your message was slightly more complicated than "by land"? Turns out you can take this method quite a lot further than that. Again, as long as the intended message recipient understood the significance, you could use things like the arrangement of white-space in the HTML source of a blog post to communicate various messages: two spaces and a tab, or one tab, a newline and a space; the permutations are almost endless. Yet anyone reading the post would be oblivious.
So, is this idea of encoding messages into white-space really possible? Turns out, yes, and easily available on CPAN right now. Damian Conway (who I believe is also not a terrorist) released Acme::Bleach, a module which does exactly this, except it happens to work on Perl source code. And, as Damian points out, this idea has already been used for commercial (though not necessarily evil) purposes by companies like ClariNet.
But before any bright boy down at the NSA decides to start trolling the web for white-space en-masse let me point out that that was just one example. There are an infinite number of other ways this could be done. One particularly tricky way is to hide messages in images. The image looks like an ordinary image, and could be of anything, a lovely kitten perhaps, could even be from the front page of the New York Times web site.
This works by actually using two images. You and the intended recipient both start with the same image. Then one of you alters each pixel of their copy by an imperceptibly tiny amount. Perhaps you adjust the blueness of every third pixel by a few percentage points. If you do this in a systematic way, then when you publish your altered image, the recipient can download it and, by diffing the two images, extract the message. Unless Mr. NSA had the same original image it would be impossible to do the diff, and therefore impossible to extract the message, but more importantly it would be nearly impossible to even know there was a message there at all.
Can it be done? Turns out another non-terrorist, named Nicholas Clark, has already released a Perl module to do this called Acme::Steganography::Image::Png.
Before Mr. NSA sends the Boys over to confiscate the CPAN servers and ship them to an undisclosed off-shore military base, let's consider if these modules might have legitimate uses too.
First is Bleach. What point could there possibly be in encoding text as white-space? Suppose you have some files on your webserver that contain text uploaded by visitors to your site (think of a form submission here). Sure, you could filter that text, carefully removing anything that could possibly be executable code--you don't want random people uploading code into a file on your server do you?--but wouldn't it be more fun to just turn it all into white-space? So, if instead of an email address, our young hacker friend submits a unix command to erase your home directory and steal all your passwords, no matter, when it gets written to file it looks like this: " ". Try and run that you L33t hackerz!
What about hiding messages in images? Can that be useful to us non-terrorists? Turns out copyright advocates should like this technology as much as terrorists. Think watermarks. Couldn't the hidden message be copyright information? Then it would be simple for distributers of copyrighted images to track the source of a pirate's ware. Even the police (whom I sincerely hope are not terrorists) might find it useful to add hidden information to digital images when tracking the distribution of child pornography, for example.
So, the next time you see some white-space in a blog post, or find an image on a photo-sharing site, ask yourself: am I looking at the secret messages of terrorists?! No, forget that. Do this instead: the next time you hear about your government spending billions of dollars invading the privacy of normal citizens by reading their email, or tracking their phone calls ask yourself: is this really an effective way to thwart terrorists?