8 votes

CNN: Former NSA Contractor designs 'Surveillance-Proof' Font

Former NSA contractor designs 'surveillance-proof' font

By Arion McNicoll, for CNN
September 30, 2013
Updated 1445 GMT (2245 HKT)


Former NSA contractor Sang Mun's ZXX font is designed to disrupt Optical Character Recognition (OCR) -- the software used by Google and others to scan books or physical documents.

STORY HIGHLIGHTS

+ Designer Sang Mun creates 'unhackable' fonts
+ The four fonts are designed to disrupt Optical Character Recognition software
+ Experts suggest that to be effective such fonts would need to be used with encryption


Can this font help protect your privacy?

(CNN) -- Can graphic design help protect your privacy? Sang Mun, a designer and former NSA contractor, thinks so.

Just months after Edward Snowden controversially lifted the lid on digital surveillance being conducted by the U.S. and other governments, the issue of online privacy is back in the spotlight.

Earlier this month Facebook CEO Mark Zuckerberg expressed concern that users' trust in internet companies had been damaged by the revelations. Google's Eric Schmidt also called for greater transparency from the U.S. government over surveillance.

H/T: Becky Akers @ LewRockwell.com

RELATED:

NYT Reporting NSA Spying On Anyone SUSPECTED Of A Crime!

http://youtu.be/iSCagoyjPaA
MOXNEWSd0tC0M
Published on Sep 30, 2013

September 30, 2013 CBC News
http://MOXNews.com

RELATED

SHOCKING! (Okay...Not Really, by Now) NYT: NSA spying on Anyone Suspected of a 'Crime!'

TechDirt.com: "NSA Has Built Its Own, Secret, Warrantless, Shadow Social Network, And You've Already Joined It"!

NSA Has Built Its Own, Secret, Warrantless, Shadow Social Network, And You've Already Joined It

by Mike Masnick | (Mis)Uses of Technology
Mon, Sep 30th 2013 5:43am

Somewhat amazingly, the new report notes that in 2006, the NSA asked the Justice Department for permission to do exactly this sort of thing, and was rejected, saying that a "misuse" of that kind of data "could raise serious concerns." Indeed, it could, and does raise serious concerns, but apparently the current administration just doesn't give a crap.

[As in, even GWB's regime actually gave slightly more crap about their Constitutional Oath, than oBUSHma; indeed, as Sy Hersh asserted: Obama is worse than Bush.]

Soon after the very earliest reporting on Ed Snowden's leaked documents about PRISM, the folks from Datacoup put together the very amusing GETPRSM website, which looks very much like the announcement of a new social network, but (the joke is) it's really the NSA scooping up all our data and making the connections. It's pretty funny. Except, of course, when you find out that it's real. And, yes, that seems to be the latest revelation out of Ed Snowden's leaks. The NY Times has an article by James Risen and Laura Poitras (what a combo reporting team there!) detailing how the NSA has basically built its own "shadow" social network in which it tries to create a "social graph" of pretty much everyone that everyone knows, foreign or American, and it all happens (of course) without a warrant. And, note, this is relatively new:

The agency was authorized to conduct “large-scale graph analysis on very large sets of communications metadata without having to check foreignness” of every e-mail address, phone number or other identifier, the document said. Because of concerns about infringing on the privacy of American citizens, the computer analysis of such data had previously been permitted only for foreigners.

The agency can augment the communications data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data, according to the documents. They do not indicate any restrictions on the use of such “enrichment” data, and several former senior Obama administration officials said the agency drew on it for both Americans and foreigners.

There were apparently two policy changes that allowed this to happen, and both occurred in the past three years. First, in November of 2010, the NSA was allowed to start looking at phone call and email logs of Americans to try to help figure out associations for "foreign intelligence purposes." Note that phrase. We'll come back to it. For years, the NSA had been barred from viewing any content on US persons, and the NSA, President Obama and others have continued to insist to this day that there are minimization procedures that prevent spying on Americans. Except, this latest revelation shows that, yet again, this isn't actually true.

The second policy change came in January of 2011, when the NSA was told it could start creating this massive "social graph" on Americans without having to make sure they weren't Americans any more, as indicated above.



Trending on the Web

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Its a fraud. Probably some kind of counter intelligence

All that needs to be done is for current OCR to add on a few templates that recognize letters from the font.
If the guy invented a 'virtual font' that could add shot noise to each character that on average prevented OCR I would use it. As it is he just gave somebody at the NSA a couple hours of homework.
From the article, the reporter debunks her own story:

Ross Anderson, Professor in Security Engineering at the University of Cambridge Computer Laboratory, shares Green's criticisms: "I don't think any of this is more than privacy theater. The fonts could probably be broken."
Mun concedes that the fonts' actual effectiveness may be limited,

This is incorrect

Fonts do not work in this fashion
FOnts only matter to humans
NSA can get access to databases, they do not care what font choice you have selected to view your data in

I retract- it is useful

This is (potentially) a way to post images on facebook instead of text messages. Better privacy. IT fails because its not really camo or noiseif its fixed and the same for every character. Its just another font.

wow

good point the ocr is for analyzing images. But who scans documents these days?

Cyril's picture

Wxxl, cyyyk tzzs oxt:

Wxxl, cyyyk tzzs oxt:

cyn yzu rxxd tyys sxxtxxxe?

Yyp, yzzr bxxxn iy azzzzzg. ;)

Vxxy gyyd rzzd, bxw:

http://www.amazon.com/dp/0486240614

"Cyril" pronounced "see real". I code stuff.

http://Laissez-Faire.Me/Liberty

"To study and not think is a waste. To think and not study is dangerous." -- Confucius

It is an interesting experiment.

The 'noise' is the same for every character so an OCR would probably just learn it the same as any other decorative font. Only real noise (shot noise, random pixels) would confuse a machine classifier. For us, however, this fake noise is the same as real noise (each character in the font is simply decorated with extra pixels).
I would guess when combined with your example, it indicates we use different strategies to recognize letters and words. With letters we use distance from a prototype? and words we use a look up table that matches first and last letters?

Cyril's picture

iy tze bxxk lyykyd azzve

Ix's vyyy wzzl explxxnxd iy tze bxxk I lyykyd azzve. ;)

"Cyril" pronounced "see real". I code stuff.

http://Laissez-Faire.Me/Liberty

"To study and not think is a waste. To think and not study is dangerous." -- Confucius

not sure what sxxtxxxe is

But wont spoil it.

Cyril's picture

I will, to disambiguate:

"sentence".

But I know you guessed it right. ;)

"Cyril" pronounced "see real". I code stuff.

http://Laissez-Faire.Me/Liberty

"To study and not think is a waste. To think and not study is dangerous." -- Confucius

deacon's picture

disambiguate

disambiguate
  Use Disambiguate in a sentence
dis·am·big·u·ate
[dis-am-big-yoo-eyt] Show IPA
verb (used with object), dis·am·big·u·at·ed, dis·am·big·u·at·ing.
to remove the ambiguity from; make unambiguous: In order to disambiguate the sentence “She lectured on the famous passenger ship,” you'll have to write either “lectured on board” or “lectured about.”
Origin:
yeah MON,that explains that word,oh so well :)

If we deny truth before your very eyes,then the rest of what we have to say,is of little consequence

Cyril's picture

Lol

Lol.

Keep cool, my friend.

Consider yourself lucky.

Dear wife on this end has less than two weeks to dodge the bullet of my crash course / refresher on the French language before she has to put it in application with my folks over there. ;)

"Cyril" pronounced "see real". I code stuff.

http://Laissez-Faire.Me/Liberty

"To study and not think is a waste. To think and not study is dangerous." -- Confucius

I can read that! Did you see this?

http://www.dailypaul.com/300892/loo-x-u-op-pisdn-oo

Pandacentricism will be our downfall.

LOL

dude, ya gotta stop messin' me up!

I see two "XX"

I'm thinking, where's the third??

LOL

hey didn't they say most men think about it like 500 times a day or somethin'??

guilty, as charged.

xD

Predictions in due Time...
http://www.youtube.com/watch?v=zGDisyWkIBM

"Let it not be said that no one cared, that no one objected once it's realized that our liberties and wealth are in jeopardy." - Dr. Ronald Ernest Paul

Cyril's picture

Mxxe iy 5,zzz txxxs/dyy, oz txxs eyd.

Mxxe iy 5,zzz txxxs/dyy, oz txxs eyd.

z/x lyyyys! ;p

"Cyril" pronounced "see real". I code stuff.

http://Laissez-Faire.Me/Liberty

"To study and not think is a waste. To think and not study is dangerous." -- Confucius

I have been working on...

I have been working on a surveillance proof font myself. It is a combination of an algorithm that involves a one finger salute and the repetitive phrase "NSA you're #1"

RickStone

LOL

I KNEW there would be an alternate meaning to the finger gesture!!!

xD

Predictions in due Time...
http://www.youtube.com/watch?v=zGDisyWkIBM

"Let it not be said that no one cared, that no one objected once it's realized that our liberties and wealth are in jeopardy." - Dr. Ronald Ernest Paul

Someone get Michael to make this a font option on dailypaul!!!1!

Th#t w0uld be s() aw3som3!!!!1!!!!

Ahem.

Actually ... it doesn't do you any good at all if you're using it in a word processing document, or a web page, etc. It's designed to defeat OCR, which means it makes it difficult for computers to read *printed* pages. It would also work if you wrote something in a window on your computer, took a screen shot of that, and posted just the image. If it's not an image or hard copy it makes no difference. When the NSA is snooping on electronic content the font you're using doesn't matter in the slightest.

If people did start going to the trouble of posting images of text in this font thinking it would defeat OCR, and it became popular enough to matter, it would be trivial to modify the OCR to recognize the fonts. So it's not really even effect when used the only way that would make sense.

Now that I look more closely at the article, in the image captions for the original article it points out that the fonts wouldn't really pose any significant difficulty for the NSA, and then notes: Mun says that he understands the criticisms, but says that his fonts are meant to spark dialogue and make people think about their own online security: 'ZXX is a call to action, both practically and symbolically, to raise questions about privacy.' So there you go.

Interesting AnCap

But I have a question.

It is my understanding that the font is just a computer code to describe how an ASCII code will 'appear' on a screen or piece of paper?

If so, wouldn't it be the ASCII code that is scanned by the nsa for key words and content?

EDIT: Spelling and grammar. I never was very good at multitasking and I'm getting worse as I get older.

moi, not sure...

moi just know how to QWERTY, not what makes it go QWERTY .D

I thought ASCII is just another set of DOS & Pre-DOS fonts. Not sure how NSA encryption/decryption algorithms would or would not work on/against vs. individual fonts.

I know recently it was revealed that NSA can 'tap into' almost any web backbone and can intercept/decrypt data from one known service provider to another. But, even so, it is my understanding that individualized peer-to-peer-encryption-key-based-security between, given Person A to Person B, is, in practical terms, damn near impossible to decrypt/intercept/crack, unless the interceptor has the same exact key as the party/parties who was/are intended to receive the said text/data/file between those two persons A & B.

The NSA technically can run a farm of Cray supercomputers and/or its equivalent or even more powerful bespoke machines, to decrypt that single data file.

But for one thing, they'd have to know that, the one single file that they've decided to decrypt is EXACTLY the one file that they actually want, among multi-trillions if not more files, that they regularly collect. Hey, say even if NSA was a legit agency and they wanted to decrypt a banking transaction related email sent from Target A to Target B. Well, if the two parties exchanged 20 emails that day with only one being the relevant one, the NSA could potentially be spending days trying to decrypt a sexting image. LOL.

To know that they're targeting the right file, belonging to a single individual target, they'd have to have done some recon, probably more in-person recon, before determining and assigning resources to target that one file by that one party.

And, assuming that the file the NSA's after is urgent, it'd still be fruitless, as it will still take a long time for even the most powerful farm full of supercomputers to decrypt, which kinda defeats the purpose, as well as their claims to 'urgency.' Well, that is as far as I know, from what I can gather from what I've been able to find publicly.

But, WTF isn't 'urgent' to govt terrorists; anytime you hear them say it, 99% of the time, history has shown that they're merely crying wolf and playing PsyOp.

Regardless, I'm sure I'm nowhere as informed on this issue, say vs. a professional IT & encryption specialist, as these things really are specialist-specific arenas.

As for the fonts: I've done design work in the past, but not that up on the intricacies of the nature of electronic fonts itself

I'm pretty sure I came across a few computer coders here at DP who are infinitely more qualified than I am on these matters. They maybe able to help you answer your inquiries.)

Predictions in due Time...
http://www.youtube.com/watch?v=zGDisyWkIBM

"Let it not be said that no one cared, that no one objected once it's realized that our liberties and wealth are in jeopardy." - Dr. Ronald Ernest Paul

Thanks for the reply AnCap

This is my understanding. I worked @ Hewlett Packard back in the day and though my formal training is physics and mechanical properties related, I did pick up a few things about computers during my 10 yr stay there. And though I haven't been in the field, it still worked the same way when I left on 1996.

There is a universal ASCII character code set that defines each "character" on the keyboard. Every keyboard, for every computer, regardless of the verbal language it represents.

By that, I mean that every character is represented by a unique series of 1's and 0's in the same size 'byte' of information.

The font code is something that is included along side the of the "A" that says how it should be displayed when printed or seen on a screen.

In other words, "A", "A" (in bold), "A" (in italic), and "A" (underlined), all carry the same ASCII code to represent a Capital character we call 'a'.

I don't want to belabor the point at all, and only post this for the purpose of education and discussion.

But if I'm right, changing a font won't defeat anything except the nsa or anyone else trying to turn WRITTEN material into computer searchable data.

Whew

wow thanks! definitely a lesson for me.

I didn't know anything about that.

learn something new everyday from DP r3VOL!

yeah, with fonts, I figured as much: 'encryption' probably most likely wouldn't be at an individual letter level...

but I tried to examine what they really meant with their recent news about how NSA could 'crack' encryptions say between someone writing from a Yahoo email to another with a Gmail account. well, those providers are already NSA compromised and acquiescent as is. And even if the email servers were from other companies, the current internet runs on backbone built by the govt, so it's not hard to figure that as long as they can access 'transfer' points, it wouldn't be hard.

that said, none of what they said was about peer-to-peer one on one encryption keys between individuals at individual levels. if I recall, I believe Snowden also said in one of his few public videos with Greenwald that private peer-to-peer encryption key based transmissions was one of the few ways that NSA couldn't break.

would it be overly optimistic to assume hope-iate that the CONgress will eventually repeal Nat. Sec. Act of 1947 altogether?

lol.

hey, but who knows? you never know; things are getting so crazy, anything is possible at this point, both good and bad...so it seems.)

Predictions in due Time...
http://www.youtube.com/watch?v=zGDisyWkIBM

"Let it not be said that no one cared, that no one objected once it's realized that our liberties and wealth are in jeopardy." - Dr. Ronald Ernest Paul

What I think we do know.

Former NSA contractor designs 'surveillance-proof' font

By Arion McNicoll, for CNN
September 30, 2013

As Reported by CNN is definite misinformation. That is information itself ;)

They are one of two things, DECEIVERS or the DECEIVED promoting a false message.

I would guess actually a mixture of the two. The story was initiated by someone that wanted people to spend time looking into fonts and not pay attention to what else was being done, and the drones working for the MSM mindlessly carried the water.

The value of DP (and many other forums) is there is so much knowledge and experience represented here.

That is why the trolls have become present particularly in the last 1-2 years, and they all speak up for Granger.

They are all very real and an example of our current society.

As for the peer to peer encryption, I absolutely agree as it encrypts the ASCII code.

I appreciate all of your posts AnCap.

Thank you Sir.

Hey Chris/Pol-Pot: my shortest headline EVER!

infinitely Twitter-able .D

Predictions in due Time...
http://www.youtube.com/watch?v=zGDisyWkIBM

"Let it not be said that no one cared, that no one objected once it's realized that our liberties and wealth are in jeopardy." - Dr. Ronald Ernest Paul

updated

...

Predictions in due Time...
http://www.youtube.com/watch?v=zGDisyWkIBM

"Let it not be said that no one cared, that no one objected once it's realized that our liberties and wealth are in jeopardy." - Dr. Ronald Ernest Paul