by Finn Brunton
… to buy some time
Did radar chaff “work”? After all, it fluttered to the ground in minutes, leaving the sky again open for the sweep of the beam—but of course by then the plane was already out of range.
The ephemeral obfuscation systems meant to buy time are, in a sense, elegantly simple, but they require a deep appreciation of intricate physical, scientific, technical, social, and cultural surroundings. Success doesn’t require that one buy a particular amount of time, or the longest time possible; it requires only that one buy just enough time. Using identical confederates, or even just slowing the process of going through documents, dealing with
bureaucracy, or sorting true from false information, can work toward this end.
Most obfuscation strategies work best in concert with other techniques of
privacy protection or protest, but this is particularly true of time-buying approaches, which rely on other means of evasion and resistance already
being in place—and a very clear sense of the adversary. (See the questions in section 5.3.)
… to provide cover
This subsection and the next are related but distinct, with a substantial overlap.
They approach the same problem from different sides: keeping an adversary
from definitively connecting particular activities, outcomes, or objects to an actor. Obfuscation for cover involves concealing the action in the space of other actions. Some approaches can be implemented to withstand scrutiny;
others rely on the cover provided by context to escape observation. Think of babble tapes, which bury a message in dozens of channels of voices: we know that the speaker is speaking, but we don’t know what is being said. Or think of the approach that Operation Vula ultimately settled on: not simply encrypted 88
Chapter 5
email, but encrypted email that would perfectly fit the profile of banal international business. The communications of ANC operatives could take on cover as an additional layer of protection (along with crypto and superb operational security) by using the traffic of other messages similar to theirs to avoid observation. One method assumes scrutiny, and the other strives to be ignored;
each is suited to its situation.
… for deniability
If providing cover hides the action in the space of other actions, providing deniability hides the decision, making it more difficult to connect an action and an actor with certainty. One of the benefits of running a Tor relay is the additional layer of confusion it creates: is this traffic starting with you, or are you just passing it along for someone else? (TrackMeNot has a similar mechanism; we will discuss it in greater detail in the subsection on interference with profiling.) Likewise, consider the use of simulated uploads to leak sites, which make it harder to determine definitively that a certain file was uploaded during a session by some particular IP address. Finally, think of something as simple as shuffling SIM cards around: it doesn’t conceal the activity of carrying phones and placing calls, but makes it more difficult to be certain that it’s this person with this phone at any time. Though providing deniability blurs a bit with providing cover and with preventing individual observation, it is particularly useful when you know that your adversary wants to be sure that it has the
right person.
… to prevent individual exposure
This somewhat unusual goal may at first sound generic (don’t all obfuscation approaches want to prevent individual observation?), but we mean something very specific by it. Certain obfuscation approaches are well suited to achieving the positive social outcome of enabling individuals, companies, institutions, and governments to use aggregate data while keeping the data from being
used to observe any particular person. Privacy-preserving participatory sensing can collect valuable aggregate data about traffic flows without revealing anything reliable about one particular vehicle. CacheCloak retains the significant social utility of location-based mobile services while preventing the providers of those services from tracking the users (and leaving open other WILL OBFUSCatION WOrK?
89
avenues to making money). Pools for the swapping of loyalty cards give grocery and retail chains most of the benefits they were hoping for (the cards are driving business their way and providing useful demographic data, postal codes, or data on purchases) but prevent them from compiling dossiers on
specific shoppers.
… to interfere with profiling
Another rung up the ladder of comprehensiveness, anti-profiling obfuscation may interfere with observation of individuals or with analysis of a group, may provide cover or deniability, or may raise the cost (in time and money) of the business of data. It may leave aggregate useful data intact or may pack it with ambiguity, reasonable lies, and nonsense.
Vortex was a cookie-swapping system that enabled users to hop between
identities and profiles. Had it been widely implemented beyond the prototype stage, it would have rendered online profiling for advertising purposes useless.
The various “cloning” and disinformation services we have described offer
similar tools for making profiling less reliable. TrackMeNot provides search-query deniability (e.g., was that query about “Tea Party join” or “fluffy sex toys”
from you, or not?) under the larger goal of rendering search profiles in general less reliable. Which queries can you trust? Which queries define the cluster into which the searcher fits? Against which queries should you serve ads,
and what user activity and identities should you provide in response to a
subpoena?
… to express protest
Of course, TrackMeNot is a gesture of protest, as are many of our other
examples—for example, card-swapping activists and crowds in Guy Fawkes
masks. Many obfuscation strategies can meet or contribute to goals already mentioned while also serving to register discontent or refusal. A pertinent question to ask of your obfuscation approach is whether it is intended to keep you unnoticed, to make you seem innocuous, or to make your dissent known.
5.3 Is my obfuscation project …
Now that you have a sense of your goals, we can turn to four remaining questions that build on the goals and shape the components of an obfuscation
90
Chapter 5
project. As was true of the six goals, there is some overlap between these questions. They will determine how an obfuscation system works, but they are not perfectly distinct, and they have some effect on each other. We have separated them according to the roles they play in implementing obfuscation.
… individual, or collective?
Can your obfuscation project be carried out effectively by one person, or does it require collective action? One person wearing a mask is more easily identified and tracked than someone not wearing a mask, but a hundred people
wearing the same mask become a crowd of collective identity, and that makes individual attribution of actions difficult. Some obfuscation projects can be used by an individual or by a small group but will become more effective as more people join in. The reverse could also be true (see “known or unknown,”
below): a technique that relies on blending in and not being noticed—that
functions by avoiding scrutiny—will become far more vulnerable if widely
adopted.
Two consequences will follow from your answer to the question this sub-
section asks.
First, an obfuscation technique that builds on collective action can spur
adoption through the “network effect.” If the technique becomes more reliable or more robust for all existing users as more users join, you can think about the design from the perspective of crossing that threshold where significant gains for joining become apparent and you can spark widespread use. Does
your technique require some number of users before it will be really effective?
If it does, how will you get it to th
at point? This is an opportunity to think about whether the technique can “scale”—whether it can continue to provide utility once it is being rapidly taken up in large numbers. This also bears on usability: a technique that requires a number of users to succeed should have a lot of thought put into how immediately useable, understandable, and friendly it is.
If your obfuscation requires a number of users, then the plan must include how to get them. The Tor project, for example, has recognized the need for greater accessibility to non-expert users.
Second, a technique that relies on relative obscurity—on not being widely
adopted, or on not being something that an adversary is looking for—benefits from exclusivity.
WILL OBFUSCatION WOrK?
91
… known, or unknown?
Some obfuscation methods use their ability to blend into the innocuous data they generate to avoid scrutiny; others use it to escape scrutiny. For the goals you want to accomplish, can your method work if your adversary knows it is being employed, or if your adversary is familiar in detail with how it works?
For many techniques that merely buy time, the answer doesn’t matter.
For example, whether or not the adversary’s radar operator thinks a large
number of dots represent real airplanes makes no difference to the adver-
sary’s ability to coordinate a counterattack. As long as the radar operator is slowed down for ten minutes, the obfuscation provided by chaff is a success.
More complex obfuscation methods can accomplish different goals depending
on whether or not the adversary knows they are being used. For example, if AdNauseam activity isn’t known to the adversary, it works to foil profiling, filling the record of advertising clicks with indiscriminate, meaningless activity. If it is known, it both frustrates the work of profiling the individual and develops a protest role—a known gesture of mocking refusal. (Build a surveillance machine to get me to click a few ads? I’ll click all of them!)
However, in some cases the distinction matters and must be accounted
for. If your goal is to render a database less effective or less valuable in the long term, so that your adversary continues to use it and thus is acting on misleading or false information, you want sources of plausible obfuscation to remain unknown so they can’t be selected and expunged or countered. Forms
of obfuscation that function primarily as acts of public protest need their obfuscating nature to be made explicit so they can stand as refusal rather than compliance.
… selective, or general?
This is the most complex of the questions, with four different implications that must be considered.
Each of the goals discussed above, to one degree or another, relies on an
understanding of the adversary against which obfuscation is directed. Often this understanding—whether it is formalized as a threat model or whether it is informed guesswork—is fragmentary, missing important components, or
otherwise compromised. What first interested us in obfuscation was its use by people who often lacked precise mastery of the challenge they faced to their 92
Chapter 5
privacy: it was proprietary, or classified, or it relied on technologies and techniques they could not comprehend, or the “adversaries” included other people freely giving up their data, or the problem existed both in the present and in possible future vulnerabilities. In addition to having a clear understanding of the limits of obfuscation—that, knowing one’s adversary—we must bear in
mind what we don’t know, and beware of relying on any one technique alone
to protect sensitive information. This raises the question of how directed a particular obfuscation strategy is. Is it a general attempt at covering one’s tracks, or is the obfuscating noise that you produce tailored to a particular threat about which you have some knowledge? A few further questions follow from your answer to this.
First, is your obfuscation approach directed at a specific adversary, or is it directed at anyone who might be gathering and making use of data about you? Is there a specific point of analysis you are delaying or preventing, or are you just trying to kick up as much dust as you can? The strategy outlined in the
“cloning” patent that Apple acquired is an example of the latter: producing many variants of the user, all generating plausible data, for anyone who might be collecting. If you know your adversary and know your adversary’s techniques and goals, you can be much more precise in your obfuscation.
If you know your adversary, a second question arises: Is that adversary
targeting you (or a select group), or are you subject to a more general aggregation and analysis of data? If the former, you must find ways to selectively misrepresent your data. The latter possibility offers a different task for the obfuscator: the production of misleading data can take a significantly wider-ranging form, resembling data on what may be many individuals.
This, in turn, raises a third question: Is your technique supposed to provide selective benefit, or general benefit? In view of how much of the work of data surveillance is not about scrutinizing individuals but rather is about using inferences derived from larger groups, your method might work to obfuscate only your own tracks, or it might work to render overall profiles and models less reliable. Each of those possibilities presents its own distinct difficulties.
For example, if TrackMeNot functions effectively, it has the capacity to cast doubt not only on the obfuscator’s profile but also on the profiles of others in the dataset.
Thinking about beneficiaries raises a fourth question: Is your goal to
produce data of general illegibility, so no one knows or needs to know what is WILL OBFUSCatION WOrK?
93
real and what is obfuscation? Or is it to produce obfuscated data that an adversary can’t get any value from (or can get only diminished value from), but that tell the truth to those who need to know what is real? Think of FaceCloak, a system that keeps Facebook from gaining access to personal data by providing it with meaningless noise while keeping the actual, salient personal and social data available to one’s friends. Or consider a system designed to preserve socially valuable classes of data – derived from the census, for example, in order to allocate resources effectively or to govern efficiently, while preventing the identification of individual data subjects within them. Creating a selectively readable system is far more challenging than simply making
generally plausible lies, but a selectively readable system offers wider benefits along with privacy protection, and the difficulties involved in creating it are a challenge that should be accounted for at the outset of a project.
… short-term, or long-term?
Finally, over how long a time span should your project be effective? The goal of buying time is a starting place for answering this question. If you want to confuse the situation for only ten minutes, that’s one thing; if you want to render some database permanently unreliable, untrustworthy, and valueless for inference or prediction, that’s much harder. A major component of the
information asymmetry that obfuscation helps to address is temporal—the
“time-traveling robots from the future” problem we discussed in chapter 3.
Certain data may be innocuous now, but a change in context, a change in ownership, or tools or laws can make the same data dangerous. Does your tech-
nique have to work only for now, and only for one outrage, one company, and one technique of collection and analysis, or does it have to ruin the data so that they can’t be trusted in the future or for other purposes? The former isn’t easy but is relatively straightforward. The latter involves a much broader set of challenges. It is worthwhile to consider this question now, at the development stage, so as not to be caught out after a technique has been widely adopted and you realize that it was provisional, or that it was particular to a company bound by certain national laws that no longer apply.
With
these six goals and four questions in mind, we can assess the
fundamentals—and some of the pitfalls—of putting together an obfuscation
strategy. Of course, the questions won’t end with these. As viable practice, as 94
Chapter 5
a powerful and credible response to oppressive data regimes, obfuscation will be well served by conditions that will enable it to develop and thrive. These include the following:
• Progress in relevant sciences and engineering Develop methods in statistics, cryptography, systems engineering, machine learning, system security, networking, and threat modeling that address questions like: how much noise, what kind of noise, how to tailor for the target of noise, how to protect against attack, and for what specific problems is obfuscation the right solution?
• Progress in relevant social sciences, theory, and ethics Address questions about what individuals want and need in their uses of obfuscating systems, and to engage in sound normative assessments of proposed systems.
• Progress in technology policy and regulation Safeguard open and public standards and protocols that allow developers of obfuscating systems access to and engagement with critical infrastructure; encourage large, public facing systems to offer open APIs to developers of obfuscating systems; and refuse enforcement of Terms of Service that prohibit reasonable obfuscating systems.
Obfuscation, in its humble, provisional, better-than-nothing, socially contingent way, is deeply entangled with the context of use. Are you creating a personal act of refusal, designed to stand on its own as a gesture of protest, whether or not it actually makes data collection less useful? Are you using obfuscation as one element in a larger suite of privacy-protection tools tailored to a group and an adversary—obfuscation that has to work verifiably in relation to a specific data-analysis strategy? Perhaps you are applying obfuscation at the level of policy, or to data collection that requires more effort to misuse, so as to increase the cost of indiscriminate surveillance. Or perhaps you are developing or contributing to software that can provide a service with a layer of obfuscation that makes it difficult to do anything but provide the service. You may have access to considerable technical, social, political, and financial resources, or you may be filling out forms, dealing with institutions, or interacting online without much choice in the matter. With all of those different possibilities, however, the issues raised by our goals and questions are general to obfuscation projects across different domains, and working through them provides a starting point for getting your obfuscation work out into the world, where it can begin doing good by making noise.