INTERVIEW: A Picture Is Worth a Thousand (Encrypted) Words
As we said in last month’s review of Swiss-based ProtonMail, sometimes the only way to preserve your privacy is to take action to protect yourself. Thankfully, there are people out there right now who have decided to use their skills and ability to give you the tools to do just that.
Colorado-based RMO Services’ founder and lead developer, James Cary, is such a person. Alarmed and offended by the degree of government intrusion going on in our personal communications, James put his mind to developing a means of shielding his communications. While the “Message in a Picture” (or “MIAP”) app isn’t a seamless solution – a few steps more than typing and hitting “Send” are needed to secure your messaging – it is a thorough solution and is virtually unbreakable.
James was kind enough to answer a few questions about the app - and to hint about RMO’s potential future refinements.
DOLP: James, thank you for taking the time to talk with us.
JC: My pleasure.
DOLP: What inspired you to develop your “Message in a Picture” app?
JC: Privacy has never been more under attack than it is today. We have major corporations such as Google and Facebook mining your communications for information, all of which is used to build a marketing profile of you, so they can target you with more ads. We also have the government admitting they've been spying on US citizens and that they have the ability to index - and search - every piece of electronic communication. I decided I'd had enough and wanted my privacy back.
DOLP: Understandable. So your response was to encrypt text messages?
JC: That was our first response, yes. We’re… examining other options as well.
DOLP: That sounds awfully coy.
JC: Well, if the government can be evasive about their intrusions, we can be evasive about our solutions.
DOLP: Touché. And you went with steganography. For folks that never thought they’d need to encrypt their daily communications, that means…?
JC: In plain English, that just means hiding a message inside something else. In our case, a graphic image – a picture. In cryptography, you see a scrambled message. You know it’s a scrambled message because it looks weird. But in steganography, you don’t know it’s there because what you’re looking at is perfectly normal and expected. Basically, it’s camouflage.
DOLP: But why develop your own solution? Aren’t there already other apps that provide some sort of encryption through steganography? What makes “MIAP” different?
JC: There are other steganography apps out there. Some use "JPEG" steganography where they alter the picture in compressed form, while others use similar "bitmap" steganography algorithms, which is what we use in MIAP. After we've altered a picture, the steganography is undetectable in the compressed format because we altered the uncompressed bitmap rather than the compressed format.
The real differentiating technology here, however, is that we use both steganography and cryptography. We've combined a one-time pad algorithm into the mix. What this does, is requires two pictures to read the message. One holds the message, the other the key, which is completely random and can’t be recreated even if the author wanted to. Without both images, it's impossible to read our messages.
DOLP: How does it work, both from a user interface standpoint and behind the scenes?
JC: From a UI perspective, all the user has to do is type a message on their smart phone and take two pictures. We require new images because if a user were to use the same image twice, or an existing image, an unauthorized viewer could generate MD5 hashes-
DOLP: I’m sorry. “MD5 hashes?”
JC: Um.... Think of it as a fingerprint for a digital file. In simplest terms, all the data in a file is added up to get a number. Any change to any part of the data in that file will result in a different number. You won't necessarily know what changed, but you'll know something did change.
DOLP: Ah, got it. Please – continue.
JC: Okay. So if a MIAP user used the same image twice, or used an existing image, an unauthorized viewer could generate MD5 hashes on both the original and modified images to detect alterations, which would compromise security. By taking fresh pictures, the images only exist in altered form so it's much more difficult to detect the alterations.
We touch every pixel in the image in similar ways to make it harder to detect where the message begins and ends. It's entirely possible for an unauthorized viewer to attempt to read the encoded text, but miss it entirely because they just didn't start at the right pixel.
DOLP: How secure is MIAP and what keeps someone from being able to decipher its messages? For that matter, is it possible to even detect that an image has a message encoded into it?
JC: MIAP uses a security methodology known as "security through obscurity," in that we hide text in plain sight. We use a very common image format, PNG, which is about eighty percent of the images on the internet. Our images are of normal resolutions, making it difficult to determine if an image was touched using MIAP by just looking at image properties.
Because of the sheer number of similar images online in PNG format, finding the altered images is quite like looking for a needle in a haystack, without a metal detector. And even if they find an image, they won't have enough information to read the message. They need to find another image – the matching “other image” - as well, making reading the message nearly impossible.
DOLP: Okay, my favorite boogeyman question. What about the usual arguments against encryption or improving privacy - that it could be used by terrorists, child pornographers, and the like? Any concerns about enabling criminal or dangerous behavior?
JC: We're always conscious of such activities, and don't condone people using our apps or technology for illicit actions. However, drug dealers or pornographers typically have methods already in place to elude detection, such as TOR networks and the "dark internet". And terrorist organizations are another animal all their own. Many have entire IT departments which set up their own secure communications networks, so something like this would not likely be of interest to them. For that matter, terrorists such as ISIS and Boko Haram have been openly displaying their plans using social media. They're not even trying to hide anymore.
But aside from all that, the vast majority of people who want privacy are simply law abiding citizens who believe in exercising their constitutionally protected rights. They shouldn’t have to sacrifice their privacy simply because a small percentage of technology users might do something bad.
DOLP: Walk us through how you actually use the app. How do you send a secure message?
JC: Using the app couldn't be easier. First, you select your security level. Level 1 is steganography only, Level 2 is steganography and one-time pad. You then move to the next screen, where you type your text message. Depending on your security level selection in the first step, you will need to then use your device’s camera to capture one or two images. Simply tap the button to take picture or pictures and the app does the rest for you. For any of your readers thinking about using this, keep in mind that you could slightly compromise your privacy if you take pictures of things that can identify where you are, or of people’s faces. It's best to take pictures of things that will make it hard to identify where you are, such as a close up of the bunny hopping across the yard or your lunch.
Now send your photos to your intended recipient. There are multiple ways you can accomplish this. You can post them to an online blog that does not re-encode images – which, unfortunately, means that FaceBook doesn't work here - or send them in email. The more methods of delivery, the harder it will be to track things down so use your imagination. Email them from two different accounts to two different accounts, or put one on a thumb drive the other in email. You could even rename the files from ‘.png’ to some other extension like ‘.so’ or ‘dll’ or ‘tmp’ and have your recipient rename it back to ‘.png’ prior to using the image. You could even include them in zip files with a few other photos that don’t have any messages encrypted, so long as the recipient knew which pair to decipher.
DOLP: So this is not really a solution for day-to-day texts – ‘Do you need me to pick up milk while I’m at the store?’
JC: No, MIAP isn't a text messaging platform, primarily because most text messaging clients - using SMS and MMS - won't support PNG files. Don't think of it as a secure replacement to send text messages, there's a lot of those out there already. Think of this as a secure way to send larger messages using a method that prevents unauthorized readers from even being able to see that a message exists.
The real benefit to using MIAP versus text messaging is the decentralized distribution of information. With text messaging, all one has to do is compromise a text messaging server and those messages can be exposed. By allowing users the freedom to distribute pictures in multiple methods, MIAP gives you another layer of security. Messages can be placed on the web, making finding them much harder.
DOLP: What happens if you use your ‘Level 2’ one-time pad option and mismatch encoded images? Is there any way to get a partial message retrieved?
JC: If you mismatch images, the message will be unreadable until you use the right images to decode the message. If you only have one image of a level 2 message, there is no way to read the message.
DOLP: This sounds very promising but my technical career revolved around QA so I always look for what’s wrong. What are some of the app’s technological limitations?
JC: There are some. If you resize or re-encode an image, it will render the message permanently unreadable. Uploading to websites where the image is either re-encoded or resized - such as Facebook - will not work. You cannot change from PNG to JPG – say, through a common editor’s Save As option – because JPG compression is "lossy" and will drop critical information from your message, rendering it unreadable. Currently, MIAP only supports text messages, so you cannot embed images or audio into an image. And as of right now, MIAP is Android only, but we are investigating other platforms such as a desktop client and iOS.
DOLP: When Phil Zimmerman came out with PGP encryption, he ended up the subject of a criminal investigation by the US government. Did you run into any issues with the US government while trying to get this out to market?
JC: Fortunately for us, many of the encryption laws were loosened in the late 1990s. However, there are still some restrictions in place, particularly for applications that do not use a documented cryptographic algorithm such as AES. As such, MIAP had to be registered with the Department of Commerce, Bureau of Industry and Security (BIS). We have received our Encryption Registration Number (ERN) and are compliant with current encryption laws.
DOLP: But with the use of OTP encryption…?
JC: It doesn’t matter. They can look at the algorithm all they want – it won’t help them guess the random key in a random picture that has to unlock another random picture that looks like eighty percent of the pictures on the Web.
DOLP: Are there prohibitions for non-US citizens downloading the app?
JC: Our BIS ERN does allow for export to certain countries, but the app will be available for download in the US only.
DOLP: What about concerns about legality for end users? If someone has this installed and leaves the United States, is that considered an “export,” a violation of EAR or ITAR?
JC: I would recommend uninstalling the app before leaving the country just to avoid any confusion by part of any overly ambitious customs agents, although that shouldn't be a problem. Frankly, I'd also remove TrueCrypt/CypherShed from my laptop for the same reasons.
DOLP: This seems really, really promising. Now the most important questions. When will it will be available, where can our readers download the app, and what are your future plans?
JC: We're putting the finishing touches on it now and it should be available in the next few weeks. We'll be issuing a press release when we go live, to let folks known when and where to get it. As for future plans, we're looking at more file formats to embed messages into, such as audio and video formats. And maybe some other stuff.
DOLP: There goes that coy thing again.
JC: Yeah, well, security through obscurity, remember?
DOLP: Ha. Okay, last thing. You mentioned something about the background artwork...?
JC: I debated telling you about that - thought it might make a fun 'easter egg' kind of thing.
DOLP: It's not just random ones and zeroes, is it?
JC: No. It's the Fourth Amendment - 'The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.' It's just in binary so computers can understand it even if lawmakers can't.
DOLP: James, thank you so much for your time both in talking with us and in developing this technology. Best of luck to you.
[Ed. note - We will post a link to download "MIAP" when it goes live, and will also announce it on our Facebook page. Stay tuned!]