2011-11-08 DARPA, decoys and diplomatics

“Under this plan, the decoy docs would undermine hackers’ trust in the integrity of data, make them question whether releasing it in the public domain would be worth it, and force WikiLeakers to do more work verifying their authenticity.” - Dawn Lim, ‘Darpa’s Plan to Trap the Next WikiLeaker: Decoy Documents’ Wired, November 4, 2011.

The recent revelations of work by DARPA to plant fake documents in official systems to put off or trick potential whistleblowers and the publishers who work with them is the latest in the US Government’s series of reactions to the work of WikiLeaks, including the recent issue of an Executive Order tightening procedures around the classification of government information, enabling administrators to quickly remove suspected whistleblowers from duty and establishing an Information Security Oversight Office within the National Archives and Records Administration with powers to monitor and enforce the Executive Order’s directives.

There are a number of tactics at work with the DARPA proposal: the identification and monitoring of anyone who accesses the decoy documents, the planting of seeds of uncertainty in the minds of potential whistleblowers as to the authenticity of the documents, and making it more difficult for a publisher to feel confident about the release of the leaked documents while increasing the efforts they need to go to to verify the documents’ authenticity.

The question of authenticity is, of course, a critical one for any organisation receiving material from whistleblowers that it proposes publishing. In the past, it would appear that for WikiLeaks the reactions by people and organisations after material is leaked has often been enough to confirm that it is authentic (quite often the five stages of grief: denial, anger, bargaining, depression, and acceptance; interspersed with threats of violent retribution). However such responses may not always be forthcoming, particularly now that there is a higher degree of vigilance amongst government and corporate circles about the possibility of whistleblowing activity.

So it is perhaps interesting to consider what techniques are available to publishers who wish to test the authenticity of documents they receive. In fact, the problem of distinguishing genuine documents from fakes was around from the earliest eras of human communication. During classical times custodianship of documentation was enough to verify authenticity - if it was kept in the civic archive in Rome or Athens it was automatically deemed authentic. It was not until forgeries started creeping into such repositories that the science of analysing the intrinsic nature of documents was developed, and encoded in Justinian's civil code in the 6th century and later in a number of Papal Decretals. Over time, where documents were used to assert political, religious and commerical claims, this science became increasingly important. This was the science of document diplomatics; “the science of diplomas, or of ancient writings, literary and public documents, letters, decrees, charters, codicils, etc., which has for its object to decipher old writings, to ascertain their authenticity, their date, signatures, etc." (Webster's Dictionary, 1828, quoted in Oxford English Dictionary (2nd ed.))

Perhaps the most notorious use of diplomatics in recent times was the Hitler Diaries hoax of 1983, with the fakes exposed by the West German Bundesarchiv (now the German National Archives) after an analysis of handwriting, historical inaccuracies and the use of modern ink. But these methods would of course be largely ineffective for testing the authenticity of digital information that is purported to represent an authentic record of a corporation or government. That is why contemporary proponents of diplomatics such as Professor Luciana Duranti of the University of British Columbia have repurposed the science of diplomatics for the testing of authenticity in the digital world. A handy summary of the criteria on which digital records are evaluated for their authenticity is available from the InterPARES project on records and authenticity. More recently, Duranti’s Digital Records Forensics project has set out to investigate the determination of record authenticity when digital materials are kept outside of the technological environment in which they were produced and/or maintained. Digital records forensics adopts a mix of techniques for testing authenticity including witness testimony, examination of records structure and metadata and system integrity testing.

Could any of these techniques help WikiLeaks if they are presented with material requiring authentication? Possibly, but you would have to suspect the outraged reactions of the actors who have been shamed by the revelation of their secrets - ranging from serious transgressions of justice to embarrassment at the triviality of their communications - might end up being the best possible test.

Decoy documents. You have to

Decoy documents.
You have to ask yourself why anyone would bother. Aside from the comparatively minor issue of embarrassment that the world's only superpower was not able to maintain the level of data security that any bank manages to maintain over any potential hostile employees, what exact harm was done to America's interests by Cablegate?

Arguably have bucket loads of supposedly "secret" documents floating around the Internet may give the views, opinion and world-view they contain a greater authority and credibility than the material deserves.

Anyway why just stop at creating decoy documents in your systems - which might end up creating problems if Government officials can't tell if they are genuine or not. Why not just leak them yourself? Or better yet, find some young, idealistic, sexually vulnerable person, tell them that it is vitally important for democracy that these documents get out and subtly assist them to obtain them. And then post-leak, drop him in it.

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer