What does Osama bin Laden's Web porn infiltration have to do with Napster's fight for life? Julian Dibbell connects the microdots.
First published in FEED online magazine, February 20, 2001. Reprinted in Best American Science Writing 2002, edited by Matthew Ridley (HarperCollins, 2002).
TWO WEEKS AGO USA Today broke the shocking news that Osama bin Laden's terrorist organization has infiltrated the world's supply of Web porn, hiding messages for its global operatives deep within the digits of pictures posted on Godless Western triple-X sites. For historically minded readers, the article afforded a moment of wonder at the depths of the national-security establishment's Cold War nostalgia and the media's willingness to indulge it. There, once again, was the old familiar intimacy of the alleged subversion, the thrilling suggestion that the enemy might lurk among us everywhere, sneaking into our bedrooms and our cubicles under cover of cultural trash. "You very well could have a photograph and image with the time and information of an attack sitting on your computer, and you would never know it," one cyberwar expert told USA Today's reporter.
I confess, though, that I got a bit nostalgic myself when I read the story. Not for the Cold War -- I was born too late to enjoy it in the fullness of its Eisenhowerian heyday -- but for its Bush-era aftermath. Specifically, I found myself looking back with melancholy fondness upon the summer of 1992, a moment perhaps not equal to the summer of '67 in its hold on the memories of a generation but one which for me, at least, holds much the same sense of freedom and promise in the bubble of its recollection. It was a moment, after all, when radical political thought was just beginning to adjust to the reality of '89, just rising to the challenge of imagining the possibilities that that reality implied. It was a moment, as well, when the Internet, long a distant, reverie-inspiring rumor known firsthand only to military contractors and computer-science majors, was just starting to enter the lives of the rest of us. But most importantly, perhaps, and certainly not at all coincidentally, it was the moment when I first learned it was possible to do with digital communications what Osama bin Laden is now reported to have done.
THE TECHNICAL NAME for it is steganography, from the Greek for "covered writing." It is the art of keeping communications undetected, and it is not to be confused with the related discipline of cryptography. Cryptography assumes that messages will be intercepted and uses codes and ciphers to make sure they can't be understood if they are. But steganography aims for a deeper sort of cover: it assumes that if the message is so much as found to exist, the game is over.
Steganographic techniques are as old, at least, as Herodotus, who documented their use among the Greeks of the fifth century B.C. In Book Seven of The Histories, he writes that when Demaratus, a Spartan living in Persia, got wind of the emperor Xerxes' plan to invade Greece, he contrived to tip his compatriots off by sending them a stegotext: he took a pair of folding wooden message tablets, scraped the wax writing surface off them, wrote his message on the wood, then covered his message back over with wax. Persian counterintelligence never suspected a thing. Nor did the Persians have a clue when Histiaeus of Miletus sent a similarly subversive letter home tattooed onto the scalp of a trusted slave. The messenger arrived safely at his destination and said no more than what he'd been instructed to say: "Shave my head and look thereon."
In contrast with cryptography, a field long given over to high math and puzzle-making abstraction, steganography was always more or less a materials science, its history florid with the range of substances and gadgetry used at one time or another to conceal communications. Simon Singh's The Code Book relates that in the first century A.D., Pliny the Elder explained how the milk of the thithymallus plant dried to transparency when applied to paper but darkened to brown when subsequently heated, thus recording one of the earliest recipes for invisible ink. The ancient Chinese wrote notes on small pieces of silk that they then wadded into little balls and coated in wax, to be swallowed by a messenger and retrieved, I guess, at the messenger's gastrointestinal convenience. The sixteenth-century Italian scientist Giovanni Porta proposed a steganographic scheme involving hard-boiled eggs: Write on the shell with a vinegar-and-alum solution and your message passes through to the surface of the egg white, where it can't be read until the shell is peeled away.
In the 1860s, the technology of microfilm was perfected, ushering in a golden age of stealth that reached its manic peak in World War II, when German spies began making heavy use of the microdot. A page of text shrunk down to a one-millimeter speck of film, the microdot could be pasted almost indetectably into any humdrum business letter, hiding out in the shallow well of a typewritten period or comma. With swarms of them passing through the mails, the U.S. government went sort of nuts and started seeing hidden messages everywhere. By the end of the war, censors had either prohibited or tampered with flower deliveries, commercial-radio song requests, broadcast weather reports, postal chess games, children's drawings on their way to Grandma, knitting instructions, and anything else that might too easily encode Axis intelligence. At one point, an entire shipment of watches was held up so officials could spin the dials and wipe out any messages hidden in the positions of the hands.
In the half century since the war, however, the sweeping digitization of communications tech has caused steganography at last to veer away from the material world, joining cryptography in the realms of math and abstraction. As ever, of course, information still reaches the mind in the form of concrete sensory stimuli -- as light and sound -- but increasingly it is the universal code of binary numbers that shapes that information, and it is in the numbers that hackers and spooks have looked for places to hide still more information.
They have found those places. Digital stego takes a number of forms, but most of them are variations on the most popular technique (the one most likely to be used by bin Laden and company, in fact, if they are really using any at all). It's called "least significant bit" steganography, and to understand how it works you have to think a little about how digital media work. Consider the dots of light that compose an image on a computer screen. Or the slivers of sound that blend together to form a song as it streams from a CD player. Each dot, each sliver, is recorded as a small number of bits -- ones and zeroes -- maybe sixteen of them, maybe twenty-four. Most of the bits specify crucial information about the color or tone of the sensory blip they represent, but a few stand for nuances the average eye or ear won't even pick up. These latter, the so-called least significant bits (LSBs), are effectively indistinguishable from noise -- from the random hiss and blur that shows up in any information channel. And since properly encrypted data is also indistinguishable from noise, it turns out that an untouched digital copy of a song or photograph is very hard to tell from a copy whose LSBs have been overwritten with a well-enciphered message. The collected LSBs of a Radiohead CD, for instance, might encode a completely undetectable blueprint of the Stealth bomber. This sentence might fit imperceptibly inside a small JPEG image embedded in a Web page somewhere.
Indeed, this sentence actually does fit inside a small JPEG image on a Web page somewhere -- the one directly to the left of this paragraph, to be precise. It's in there right now, braided into the bits with the aid of a free stego program I downloaded just the other day, a program called Jsteg.
Or maybe it isn't.
And how would you ever know?
I FIRST LEARNED what digital steganography was, as I said, in 1992. I learned it from a man named Timothy C. May, a forty-year-old microchip physicist who had retired from Intel a wealthy man several years earlier. May was soon to land on the cover of Wired magazine's début issue as one of the founding members of the Cypherpunks, a mostly online collective of mostly hardcore technolibertarians united to promote the spread of digital encryption tools in what was then just beginning to be called cyberspace. Cryptography was itself about to hit a sort of big time. In mid-1993, the freshly elected Clinton Administration would make its mark on technological history by announcing a new digital encryption standard, Clipper, equipped with an FBI-accessible back door aimed at heading off precisely what the Cypherpunks aimed to achieve: the complete invulnerability of private electronic communications to government surveillance.
Grippingly chronicled in Steven Levy's new history of digital-age encryption, Crypto, the resulting political struggle between Clipper's backers at the FBI, CIA, and NSA, on the one hand, and a coalition of hackers, civil-liberties advocates, and software industrialists, on the other, became the Internet's first great privacy crisis -- and arguably never ended. Today's Cypherpunk diehards, for instance, mostly dismissed the recent news about bin Laden's porn habit as yet another attempt by the Three-Letter Agencies to soften up the populace for restrictions on crypto, and they may well have been right. Though the TLAs long ago lost the Clipper battle (unbreakable crypto has become the infrastructural backbone of e-commerce), their panic-mongering pronouncements on terrorists' use of crypto suggests they may not have given up hopes of winning the war.
But back in the summer of '92, all that was future history. Cryptography was still just an obscurely fascinating field I had read about in an old paperback I'd picked up secondhand (David Kahn's crypto-history bible, The Codebreakers), and Tim May was just a guy whose obscurely fascinating remarks on the subject I had come across on my local bulletin board's Usenet feed. Out of professional curiosity, I got him on the phone one day and didn't get off for another forty-five minutes, during which time I did very little of the talking. "When Tim May thought about crypto," writes Levy in his chapter on the Cypherpunks, "it was almost like dropping acid" -- and when he talked about crypto it was almost like you'd drunk from the same spiked punch bowl. He conjured visions of a world in which entire virtual communities disappeared into the dark freedom of impenetrable privacy. A world in which all markets were black, untaxable, and in which the tyranny of the nation-state therefore withered inexorably away. A world always just beneath the surface of this one but at the same time light-years distant, safe behind a wall of math so thick even the NSA's most powerful computers could never crunch through it.
"You can get further away in cyberspace than you could in going to Alpha Centauri," May told me. "Some of these things sound like just a bunch of fucking numbers, but what they really are is they're things which in computability space take more energy to get to than to drive a car to Andromeda."
In a certain light, of course, May's prophecies were just an extreme form of sci-fi geekdom and really not quite my cup of Kool-Aid. As it turned out (and as I should not have been surprised to learn), May was an energetic adept of Extropianism, a scientistic California semi-cult devoted to Ayn Rand, immortality through cryogenics, and the Gnostic dream of uploading human consciousness into computers -- all of which was a bit much to swallow for a club-hopping young New Yorker still tipsy on the soft-Marxist politics and anti-positivist literary theory he'd imbibed in college.
And yet at its core May's "crypto anarchist" vision (his phrase) resonated deeply with some of the latest wrinkles in soft Marxism and literary anti-positivism coming out of the theory mills. In particular, it seemed almost to have taken direct inspiration from Hakim Bey's lively anarcho-Baudrillardian classic The Temporary Autonomous Zone, a then recently published tract celebrating not the final utopias yearned for in traditional radicalism (and finally junk-piled by the events of '89) but the brief liberatory grace of failed uprisings, transient communes, excellent parties, and other carnivalesque moments smuggled out from under the controlling gaze of the state. Itself inspired by the shadow history of "pirate utopias" -- tropical island havens of democratic lawlessness to which eighteenth-century buccaneers repaired between bouts of bloody economic parasitism -- Hakim Bey's notion of the temporary autonomous zone, or TAZ, embraced with guarded enthusiasm the possibility of virtual outlaw colonies taking quiet shape amid the burgeoning connections of the world's computer networks. "Islands in the Net," Bey called them, hip enough to borrow the phrase from arch-cyberpunk Bruce Sterling's latest novel.
As it happens, The Temporary Autonomous Zone has just been republished by the MIT Press in Crypto Anarchy, Cyberstates, and Pirate Utopias, an anthology of essays on "emerging political structures in cyberspace" that, as its title indicates, includes a couple of Tim May's visionary rants as well. But it didn't take that juxtaposition for me to see the connection. The way I heard it on the phone that day nine years ago, May's project was really just a more pragmatic version of Bey's -- an attempt to frame the prospects for online autonomous zones in the only discursive terms Net culture had ever really respected: rough consensus and running code. May laid a whole shopping list of cool hacks and peer-to-peer conspiracies on me -- anonymous remailers, untraceable e-cash, zero-knowledge markets in corporate secrets, pirated software, and murder contracts -- and each one grabbed my attention like he was telling me the precise date and channel the revolution would be televised on.
But, curiously, none of them captured my imagination like a certain very cool but essentially minor hack he mentioned toward the end of our conversation, almost in passing. The hack was LSB stego, and only now, having seen in the pages of USA Today how the very thought of it affects grown national-security experts, can I quite articulate what so thrilled me about it back then. It was the idea that any piece of information I came across on the Net might secretly hold within it yet another piece, which for that matter might contain another one in its turn, and so on and on. It was the way this idea seemed itself to contain all the headiest meanings swirling through that historical moment -- the way it metaphorized both Tim May's and Hakim Bey's schemes for hiding micro-utopias beneath the surface of the social. The way it literalized how pregnant with possible futures the post-Cold War world had become and the Net was then becoming. The way it even somehow conceptually resembled the iconic cybercultural image of the day -- the fractal Mandelbrot set, with its levels within levels of intricately chaotic structure, swirling psychedelically on a million dorm-room computer screens like so many digital-age lava lamps, blowing minds the same way Tim May had just blown mine.
It was stego. And it was so -- I can't think how else to put it -- so very 1992.
THESE DAYS, steganography is not very 1992 at all -- and, needless to say, neither are these days.
The moment when the Net could serve as an empty screen to project dreams of radical autonomy onto has long since passed. Already in 1995, old-school Net evangelist John Perry Barlow was drawing snickers from the post-soft-Marxist set for his "Declaration of the Independence of Cyberspace," a classic bit of mailing-list bluster that proclaimed to the governments of the industrial world ("you weary giants of flesh and steel") that their laws and their intellectual-property regimes held no sovereignty over "Cyberspace, the new home of Mind." Nowadays, the snickerers would probably find it a balm to be able to entertain the fantasy for just a moment or two, but at this point that is surely beyond the powers of even Barlow's expansive imagination.
And as for those intellectual-property regimes -- well, let's just say that if ever there was a genuine pirate utopia online, it was Napster, and that if ever there was an online equivalent to the appearance of His Majesty's gunships in the waters off the last genuine pirate utopia before that -- Blackbeard's beachfront shantytown at Nassau in the Bahamas -- it was the Ninth Circuit Court of Appeals judgment last week effectively handing Napster's ass to the record industry. It's probably too soon to predict with any precision the future of Napster's fifty-eight-million-member "community," but anyone planning on giving it a shot could do worse than look for precedent in the Nassau colony's overnight collapse at the first appearance of the Law. "Blackbeard and 'Calico Jack' Rackham and his crew of pirate women moved on to wilder shores and nastier fates," writes Hakim Bey in one of the gloomier moments of his TAZ, "while others meekly accepted the Pardon and reformed."
In the midst of all these less-than-thrilling changes, steganography, sadly and ironically enough, remains a mirror of its times. Rumors of terrorist applications notwithstanding, the majority of interest in steganographic techniques these days comes not from criminal and/or libertarian hackers looking for virtual hidey-holes but from corporate researchers looking for a way to put digital locks on intellectual property. It turns out stego's pretty good for that: by weaving encrypted copyright information and serial numbers into the binary code of photos, songs, and movies, rights owners can sear a sort of virtual brand into their property. These digital watermarks, as they're called, have the usefully paired qualities of being (a) difficult to erase and (b) easy to trace. Some watermark schemes haunting the research journals propose sending mark-hunting Web spiders out to troll for content pirates and ID them for prosecution. One imagines fleets of radio-sensitive vans cruising urban business districts, scanning for stego-marked elecromagnetic emissions that would give away the presence of pirated software in nearby offices.
Whether any of these plans will take hold in the real world remains to be seen -- and may be beside the point. As in '92, so in '01 it's not so much the quality of the tech as the quality of the dreams behind the tech that give the tenor of the times. And if pirate-chasing stego systems is where the dreams lie these days, then the times they are depressing.
And yet I can't help hoping. The anarcho-visionary energy of the Cypherpunk movement may have dissipated -- siphoned off into the mundane importance of making the world safe for online credit-card transactions -- but here and there imaginative hackers are still drawn to stego. They code their cool little apps: the aforementioned Jsteg, which hides data in JPEGs, and MP3Stego, which does the same with MP3s. There is Snow, which embeds information in the white space of text documents. And the hilarious Spam Mimic, which translates brief messages into the semi-coherent raving of junk-email-speak. They're so much fun, these programs, that I suppose it's possible that fun is really all they're about. And yet, all the same, their presence makes me suspect there's still an urge out there to drop off the radar, to find that dark freedom Tim May used to rant about.
Heaven knows, they inspire my own small dreams, chief among them the dream that somewhere, someone has embedded the text of Hakim Bey's tribute to pirate utopias in an album's worth of Metallica MP3s and thrown it up on Napster, thereby both flipping the bird to the RIAA and at the same time, by ineradicably marking his own connection to an act of piracy, daring them to come after him. I'd do it myself if I were hacker enough. Or, more to the point, I'd do it if I didn't prefer the fantasy that someone besides me has already been moved by the spirit of '92 to make it happen. It's not that I'm embarrassed by my own political nostalgia. After all, if Hakim Bey has the right idea, then nostalgia is no longer the radical sin it used to be: Utopias exist in the past as well as the future now, and yearning for the ones gone by is pretty much the same as hoping for the next one to come along.
I'd just like to think I'm not the only one doing the hoping, is all