by Finn Brunton
WILL OBFUSCatION WOrK?
95
EPILOGUE
We didn’t invent obfuscation. We started out with a tool for the specific purpose of interfering with search-query logs, then recognized that it did something we could see all around us. We undertook the task of naming it and clarifying its most important parts so it could be generalized, and so it could serve as the beginnings of a method that can play a role in addressing some of the most intractable privacy challenges of information technologies, communications networks, and data collection and analysis. Once we started looking, we were amazed by the range of applications we uncovered. In part I of this book, we offered a compendium of the possibilities.
In part II, we laid out the concept of data obfuscation as a strategy for
privacy protection, the ethical issues obfuscation raises, and some salient questions to ask of any obfuscation project. Throughout, we took care to
emphasize that obfuscation is an addition to the privacy toolkit, not a replacement for one or all of the tools on which we already rely. It has a role to play as part of a rich network of tools, theories, frameworks, skills, and equipment that enable us to respond to present-day threats to privacy. We have only
begun the work by naming, identifying, and defining. This book is a collection of starting points for understanding and making use of obfuscation. There is much more to be learned from practice, from doing.
We have described cases of obfuscation working in concert with other
approaches to privacy protection and how obfuscation may be integrated with law, social media, policy and encryption to augment the effectiveness of these alternatives. Given the range of obfuscation goals, from buying time to foiling profiling to protesting, can we develop different models of success with quan-tifiable metrics? Of course, obfuscation is shaped by its relationship to an adversary, but most of the situations in which it is used involve various kinds and degrees of uncertainty—uncertainty about what can be done with data,
about how these capabilities expand when data sets are combined, and the
other mysteries inherent in the information asymmetries that characterize everyday life. For obfuscation projects specifically seeking to provide deniability or cover, or to interfere with profiling (especially over the longer term), can we develop optimal obfuscation methods under different kinds of uncertainty? Can we take sophisticated present-day methods of data analysis, such as advanced neural networks and deep learning, and use them to develop
more effective obfuscation strategies? We have identified common goals and have uncovered crucial questions, but are there best practices for putting obfuscation into play that apply across different obfuscation projects? These are questions to be answered with further research and application. Others will follow as the utility of obfuscation makes evident its promise, at least until such time as the need for firmer and fairer approaches to regulating appropriate data practices is properly addressed.
There is no simple solution to the problem of privacy, because privacy
itself is a solution to societal challenges that are in constant flux. Some are natural and beyond our control; others are technological and should be within our control but are shaped by a panoply of complex social and material forces with indeterminate effects. Privacy does not mean stopping the flow of data; it means channeling it wisely and justly to serve societal ends and values and the individuals who are its subjects, particularly the vulnerable and the disadvantaged. Privacy should sustain the freedoms and autonomous pursuits that fuel positive engagement with one another and with the collective. Innumera-ble customs, concepts, tools, laws, mechanisms, and protocols have evolved to achieve privacy, so conceived, and it is to that collection that we add obfuscation to sustain privacy as an active conversation, a struggle, and a choice.
Having considered obfuscation through cases, instances, explanations,
and ethical questions, and having considered its effectiveness and its fitness for various purposes, you may want to set the book aside and consider implementing obfuscation, in software or in policy, for a project you run or a project you resist—to create a crowd and vanish into it, for your benefit, the benefit of others, and the benefit of learning by doing.
98
EPILOGUE
NOTES
CH A P T E R 1
1. Meir Finkel, On Flexibility: Recovery from Technological and Doctrinal Surprise on the Battlefield (Stanford University Press, 2011), 125.
2. Fred Cohen, “The Use of Deception Techniques: Honeypots and Decoys,” in Handbook of Information Security, volume 3, ed. Hossein Bidgoli (Wiley, 2006), 646.
3. Kirill Maslinsky, Sergey Koltcov, and Olessia Koltslova, “Changes in the Topical Structure of Russian-Language LiveJournal: The Impact of Elections 2011,” Research Paper WP BPR 14/SOC/2013, National Research University, Moscow, 3. For recent data on the proportion of LiveJournal users by country, see http://www.alexa.com/siteinfo/
livejournal.com.
4. The LiveJournal statistics cited here are from http://www.livejournal.com/stats.
bml. (This site is no longer available.)
5. Simon Shuster, “Why Have Hackers Hit Russia’s Most Popular Blogging
Service?” time.com, April 7, 2011 (http://content.time.com/time/world/article/
0,8599,2063952,00.html). (The number of Russian accounts cited in the article appears to be the total number of accounts rather than the number of active accounts. We believe activity to be a more meaningful measure.)
6. Yekaterina Parkhomenko and Arch Tait, “Blog Talk,” Index on Censorship 37 (February 2008): 174–178 (doi:10.1080/03064220701882822).
7. Suren Gazaryan, “Russia: Control From the Top Down,” Enemies of the Internet, March 11, 2014 (http://12mars.rsf.org/2014-en/2014/03/11/russia-repression-from
-the-top-down/).
8. Brian Krebs, “Twitter Bots Drown Out Anti-Kremlin Tweets,” Krebs on Security, December 11, 2008 (http://krebsonsecurity.com/2011/12/twitter-bots-drown-out
-anti-kremlin-tweets/).
9. Ann Friedman, “Hashtag Journalism,” Columbia Journalism Review #realtalk blog, May 29, 2014 (http://www.cjr.org/realtalk/hashtag_journalism.php?page=all).
10. “Twitterbots,” Krebs on Security (http://krebsonsecurity.com/wp-content/
uploads/2011/12/twitterbots1.txt).
11. Manuel Reda, “Mexico: Twitterbots Sabotage Anti-PRI Protest,” Fusion, May 21, 2012 (http://thisisfusion.tumblr.com/post/23287767289/twitterbots-attack-anti-pri
-protest-mexico).
12. For a more direct application of Twitter spam in the Mexican election that skirts this rule, see Mike Orcutt, “Twitter Mischief Plagues Mexico’s Election,” MIT Technology Review, June 21, 2014 (http://www.technologyreview.com/news/428286/twitter
-mischief-plagues-mexicos-election/).
13. Joseph Meyerowitz and Romit R. Choudhury, “Hiding Stars with Fireworks: Location Privacy through Camouflage,” in Proceedings of the 15th Annual International Conference on Mobile Computing and Networking (ACM, 2009).
14. Ibid., 1.
15. Daniel Howe and Helen Nissenbaum, “TrackMeNot: Resisting Surveillance in Web Search,” in Lessons From the Identity Trail: Anonymity, Privacy and Identity in a Networked Society, ed. Ian Kerr, Carole Luckock, and Valerie Steeves (Oxford University Press, 2009), 417.
16. For the AOL search logs event, see Michael Barbaro and Tom Zeller Jr., “A Face Is Exposed for AOL Searcher No. 4417749,” New York Times, August 9, 2006. For the Department of Justice’s Google request, see the original subpoena: Gonzales v. Google, Inc. , Case (Subpoena) CV 06-8006MISC JW (N.D. Cal.). http://www.google.com/press/
images/subpoena_20060317.pdf, and the consequent ruling: American Civil Liberties Union v. Gonzalez, Case 98-5591 (E.D. Pa.) (http://www.google.com/press/images/
ruling_20060317.pdf).
17. Note, for instance, that the rollout information for Google’s more personalized search results—building
on Google+ information—includes a toggle that enables you to see your results without the effect of your history of searching the Web. This doesn’t remove the history, but it presents query history as something that should at least be optional, and not as an unalloyed good. See Amit Singhal, “Search, Plus Your World,” Google official blog (http://googleblog.blogspot.com/2012/01/search-plus
-your-world.html), January 10, 2012.
100
NOTES TO CHAPTER 1
18. Vincent Toubiana and Helen Nissenbaum, “An Analysis of Google Logs Retention Policies,” Journal of Privacy and Confidentiality 3, no. 1 (2011): 3–26 (http://repository.
cmu.edu/jpc/vol3/iss1/2/).
19. Andy Greenberg, This Machine Kills Secrets: How WikiLeakers, Cypherpunks, and Hacktivists Aim to Free the World’s Information (Dutton, 2012), 157.
20. Ibid., 293.
21. Phil Hellmuth, Marvin Karlins, and Joe Navarro, Phil Hellmuth Presents Read ’Em and Reap (HarperCollins, 2006). (It is interesting to imagine a poker strategy based on more extensive use of obfuscation—a player generating a constant stream of mannerisms and typical tells, so that anything involuntary is difficult to parse out—but that probably would be so irritating as to get a player ejected.)
22. Wesley Remmer, “Learning the Secret Language of Baseball,” Bremerton Patriot, July 23, 2010 (http://www.bremertonpatriot.com/sports/99124354.html).
23. Spartacus, directed by Stanley Kubrick (Universal Pictures, 1960).
24. Charles Dickens, A Tale of Two Cities (Penguin Classics, 2003); Alan Moore and David Lloyd, V for Vendetta (Vertigo/DC Comics, 1982).
25. Marco Deseriis, “Lots of Money Because I Am Many: The Luther Blissett Project and the Multiple-Use Name Strategy,” Thamyris/Intersecting 21 (2011): 65–93.
26. The Thomas Crown Affair, directed by John McTiernan (Metro-Goldwyn-Mayer, 1999).
27. Inside Man, directed by Spike Lee (Universal Pictures, 2006).
28. North by Northwest, directed by Alfred Hitchcock (Metro-Goldwyn-Mayer, 1959).
29. Thomas Habinek, The World of Roman Song: From Ritualized Speech to Social Order (Johns Hopkins University Press, 2005), 10.
30. Arthur Conan Doyle, “The Adventure of the Six Napoleons,” in The Return of Sherlock Holmes (Penguin Classics, 2008).
31. Sarah Netter, “Wash. Man Pulls off Robbery Using Craigslist, Pepper Spray,” ABC
News, October 1, 2008 (http://abcnews.go.com/US/story?id=5930862).
32. Jens Lund, with reply by István Deák, “The Legend of King Christian, an Exchange,”
New York Review of Books 30, no. 5 (1990) (http://www.nybooks.com/articles/
NOTES TO CHAPTER 1
101
archives/1990/mar/29/the-legend-of-king-christian-an-exchange/). (That the specific case of the Yellow Star is fictional doesn’t detract in any way from the Danes’ heroic history of helping Jews hide and escape during the war.)
33. Leo Goldberger, ed., The Rescue of the Danish Jews: Moral Courage Under Stress (New York University Press, 1987).
34. Ben Kafka, The Demon of Writing (MIT Press, 2012), 67.
35. Jeremy Scahill and Glenn Greenwald, “The NSA’s Secret Role in the U.S. Assassination Program,” The Intercept, February 10, 2014 (https://firstlook.org/theinter-cept/2014/02/10/the-nsas-secret-role/).
36. Tor Project, “Frequently Asked Questions” (https://www.torproject.org/docs/faq.
html.en#BetterAnonymity).
37. State of California vs. Niroula, Case INF 064492 (I.B. Cal.) (http://cryptome.
org/2012/06/babble-tape.pdf).
38. Tim Jenkin, “Talking to Vula,” Mayibuye, May–October 1995 (www.anc.org.za/
show.php?id=4693).
CH A P T E R 2
1. Ling Tseng and I.-Min Tso, “A Risky Defence by a Spider Using Conspicuous Decoys Resembling Itself in Appearance,” Animal Behavior 78, no. 2 (2009): 425-431
(doi:10.1016/j.anbehav.2009.05.017).
2. Rip Empson, “Black Car Competitor Accuses Uber of DDoS-Style Attack; Uber Admits Tactics Are “Too Aggressive,” TechCrunch, January 24, 2014 (http://techcrunch.
com/2014/01/24/black-car-competitor-accuses-uber-of-shady-conduct-ddos
-style-attack-uber-expresses-regret/).
3. “Le Gouvernement Veut Rendre les Avertisseurs de Radars Inefficaces,” Le Monde, November 29, 2011 (http://www.lemonde.fr/societe/article/2011/11/29/les-avertis-seurs-de-radars-seront-bientot-inefficaces_1610490_3224.html).
4. “Analysis of the “Flash Crash” Part 4, Quote Stuffing,” Nanex, June 18, 2010 (http://
www.nanex.net/20100506/FlashCrashAnalysis_Part4-1.html).
5. Ibid.
102
NOTES TO CHAPTERS 1 AND 2
6. Joab Jackson, “Cards Games: Should Buyers Beware of How Supermarkets Use
“Loyalty Cards” to Collect Personal Data?” Baltimore City Paper, October 1, 2003
(http://www.joabj.com/CityPaper/031001ShoppingCards.html).
7. Robert Ellis Smith, Privacy Journal, March 1999, p. 5.
8. http://epistolary.org/rob/bonuscard/, accessed October 25, 2010.
9. “The Ultimate Shopper,” Cockeyed.com, last updated December 11, 2002 (http://
www.cockeyed.com/pranks/safeway/ultimate_shopper.html).
10. “Hydra Project” (https://code.google.com/p/hydraproject/).
11. For a somewhat technical but accessible overview of BitTorrent that includes a lucid explanation of trackers, see Mikel Izal, Guillaume Urvoy-Keller, Ernst W.
Biersack, Pascal Felber, Anwar Al Hamra, and Luis Garcés-Erice, “Dissecting BitTorrent: Five Months in a Torrent’s Lifetime,” Passive and Active Network Measurement 3015 (2004): 1–11 (doi: 10.1007/978-3-540-24668-8_1).
12. Hendrik Schulze and Klaus Mochalski, “Internet Study 2008/2009,” Ipoque (http://
www.christopher-parsons.com/Main/wp-content/uploads/2009/04/ipoque-inter-
net-study-08-09.pdf).
13. Jacquelyn Burkell and Alexandre Fortier, “Privacy Policy Disclosures of Behavioural Tracking on Consumer Health Websites, Proceedings of the American Society for Information Science and Technology 50, no. 1 (May 2014): 1–9 (doi: 10.1002/meet.
14505001087_.
14. Viola Ganter and Michael Strube, “Finding Hedges by Chasing Weasels: Hedge Detection Using Wikipedia Tags and Shallow Linguistic Features,” in Proceedings of the ACL-IJCNLP Conference Short Papers, 2009 (http://dl.acm.org/citation.cfm?
id=1667636).
15. David I. Holmes and Richard S. Forsyth, “The Federalist Revisited: New Directions in Authorship Attribution,” Literary and Linguistic Computing 10, no. 2 (1995): 111–127
(doi: 10.1093/llc/10.2.111).
16. Josyula R. Rao and Pankaj Rohatgi, “Can Pseudonymity Really Guarantee Privacy?”
in Proceedings of the 9th USENIX Security Symposium, 2000 (https://www.usenix.org/
legacy/events/sec2000/full_papers/rao/rao_html/index.html).
NOTES TO CHAPTER 2
103
17. Daniel Domscheit-Berg, Inside WikiLeaks: My Time With Julian Assange at the World’s Most Dangerous Website (Crown, 2011).
18. Rao and Rohatgi, “Can Pseudonymity Really Guarantee Privacy?”
19. Moshe Koppel and Jonathan Schler, “Authorship Verification as a One-Class Classification Problem,” in Proceedings of the 21st International Conference on Machine Learning, 2004 (doi: 10.1145/1015330.1015448).
20. On Anonymouth, see https://www.cs.drexel.edu/~pv42/thebiz/ and https://
github.com/psal/anonymouth.
21. Drive, directed by Nicolas Winding Refn (Film District, 2011).
22. Mariano Ceccato, Massimiliano Di Penta, Jasvir Nagra, Paolo Falcarin, Filippo Ricca, Marco Torchiano, and Paolo Tonella, “The Effectiveness of Source Code Obfuscation: An Experimental Assessment,” in Proceedings of 17th International Conference on Program Comprehension, 2009 (doi: 10.1109/ICPC.2009.5090041).
23. See Michael Mateas and Nick Monfor
t, “A Box, Darkly: Obfuscation, Weird Languages, and Code Aesthetics,” in Proceedings of the 6th Annual Digital Arts and Culture Conference, 2005 (http://elmcip.net/node/3634).
24. Sanjam Garg, Craig Gentry, Shai Halevi, Mariana Raykova, Amit Sahai and Brent Waters, “Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits,” in Proceedings of IEEE 54th Annual Symposium on Foundations of Computer Science, 2013 (doi: 10.1109/FOCS.2013.13).
25. Jeyavijayan Rajendran, Ozgur Sinanoglu, Michael Sam, and Ramesh Karri, “Security Analysis of Integrated Circuit Camouflaging,” presented at ACM Conference on Computer and Communications Security, 2013 (doi: 10.1145/2508859.2516656).
26. From an interview with Ahearn: Joan Goodchild, “How to Disappear Completely,”
CSO, May 3, 2011 (http://www.csoonline.com/article/2128377/identity-theft-prevention/how-to-disappear-completely.html).
27. Stephen Carter, “United States Patent: 20070094738 A1—Techniques to Pollute Electronic Profiling,” April 26, 2007 (http://www.google.com/patents/US20070094738).
28. Rachel Law, “Vortex” (http://www.milkred.net/vortex/). Much of the detail in this section is based on conversation with Law and on her presentation in the Tool Workshop Sessions at the Symposium on Obfuscation held at New York University in 2014.
104
NOTES TO CHAPTER 2
29. Kevin Ludlow, “Bayesian Flooding and Facebook Manipulation,” KevinLudlow.
com, May 23, 2012 (http://www.kevinludlow.com/blog/1610/Bayesian_Flooding_and _Facebook_Manipulation_FB/).
30. Max Cho, “Unsell Yourself—A Protest Model Against Facebook,” Yale Law & Technology, May 10, 2011 (http://www.yalelawtech.org/control-privacy-technology/