Christopher Soghoian posted the following simple idea in response to one of a myriad of proposals floating in Government this year to turn the Internet into an architecture of control.
Declan reports that Senators McCain and Schumer have proposed the SAFE act, which would create a national database of child porn images - or I'm guessing, simply require that the FBI make their own database public. ISPs would be given access to this database, and would be required to screen traffic and alert the authorities of any user who transmits/hosts an image that matches a fingerprint in this database.
Once the infrastructure is in place for them to compare hashes of child porn, it won't be too difficult for them to start comparing hashes of music, copies of dissident literature, photographs of dead soldiers in Iraq, anti-Scientology documentation, or anything else that someone with their hand in a Senator's pocket doesn't like.
To combat against this evil intrusion into our private Internet behavior, I now introduce 'broken glass'. It is a perl script that when given an image file, will change 1 pixel's red component by /- 1. It's not enough for the human eye to see, but it will make the MD5/SHA1 hash fingerprint of the image be completely different.
Then he pulled the code, fearing that he'll be accused of aiding and abetting child pornographers.
Source code pulled until I chat with a couple legal minds.
Its worth noting that the law doesn't require ISPs to screen traffic. It merely authorizes the sharing of child porn images for this purpose. Presumably there are ISPs lined up who want to do this but presently its illegal. Soghoian's perl script is a simple example of a myriad different things that can be done to data to make it invisible to this sort of screen. But Soghoian, having already had the FBI break into his house in the middle of the night for pointing out naked emperors, thought better of publishing the code.
Consider this in light of the recent Mooninite fiasco. What is deterred by the fact that the people who were hired to hang the signs are facing years in prison? Certainly not terrorism of any sort, or any kind of behavior that might reasonably be considered malicious, but a great deal is deterred. Are those things valuable? Of course. Are they worth the cost of not throwing the book at anything you mistake for an attack after it becomes clear that its not an attack? Of course. Do I expect authority to get that? No, I don't.
Neither Terrorism nor Child Porn need create these fissures in our society. It is our failure to avoid embracing fear and sensationalism that will be our undoing. We're still our own greatest threat.