>* "IP number capturing" software
>* "chat monitoring" software
>* "image matching" software
>* "steganography detection" software
>* a "framework for a program" to enable remotely searching subjects' PCs.
>
>Any of these could raise some obvious concerns. I'm curious if anyone
>might have a clear idea what "image matching software" is, and whether
>"steganography detection software" is even feasible and what one might
>do to defeat it. The others are fairly obivious in both intent and
>viability.
Re image matching - see <http://www.newsbytes.com/pubNews/00/153556.html>
for a press release from a private company today who are (trying to decode
the PR-speak) using hashing to match files.
The problem with using that technology with intercepts is that data over
the wire will be packetized; so the surveilling software will need to
reassemble streams of data to compare, or else store hashes of common
packet sizes (like the max packet size for PPP, which is around 1500 bytes,
IIRC). That still won't work well where the first packet is going to have a
bunch of crap (err, headers) meant for interpretation by a requesting web
browser - would probably work better for FTP's or Napster-like transfers.
(Sure, it's possible to do the stream reassembly and header-stripping, but
harder to do in realtime for appreciable bandwidth.)
For stego detection, seems like it wouldn't be so hard to build a profile
for expected entropy as a function of filetype and size, then look for
out-of-profile traffic. See above for practical limits.
Yesterday's Murky News (I left my copy on the train, alas) said that they
got special access to the plea agreement in the Naughton case via a motion
before the sentencing judge.
--
Greg Broiles
[EMAIL PROTECTED]
