aid worker stego

Ben Nagy ben at iagu.net
Tue Mar 29 09:04:05 EST 2005 

My response is totally off topic, but this stinks.

This is exactly why workers from reputable aid agencies operate under
pre-agreed legal status agreements with the country concerned. These
agreements cover, among other things, telecommunications infrastructure and
legal immunities. Aid agencies that _don't_ do that are part of the reason
why the more paranoid governments are reluctant to allow any foreign aid,
and I feel somewhat ashamed that people are apparently involved in looking
for ways to secretly transmit information without the knowledge and accord
of the host state.

Every aid worker operating in 'difficult' countries has potential issues
with how much they can communicate - both internally to their organisation
and externally, but to attempt to communicate in this fashion amounts, quite
simply (and probably in legal terms), to espionage.

I would suggest that you advise your correspondant to discontinue this line
of enquiry - for their own good and that of the aid community at large. "Not
getting caught" is a derivation of "the ends justify the means".

ben 

> -----Original Message-----
> From: owner-cryptography at metzdowd.com 
> [mailto:owner-cryptography at metzdowd.com] On Behalf Of Peter 
> Fairbrother
> Sent: Tuesday, March 29, 2005 9:45 AM
> To: cryptography at metzdowd.com
> Subject: aid worker stego
> 
> I've been asked to advise an aid worker about stego. Potential major
> government attacker.
> 
> I don't think there is much danger of severe torture, but I 
> don't think
> "innocent-until-proven-guilty" applies either, and suspicion should be
> minimised or avoided.
> 
> 
> 
> I though about recommending Best/Drive -Crypt as they are supposedly
> general-purpose encryption programs which can also do 
> encrypted containers
> which are undetectable, but I don't know if that's actually 
> so, or which to
> choose.
> 
> If he's using Windows will they clean up the temp and swap files?
> 
> 
> 
> An alternative is a stego program to hide data in eg images.  
> I don't know
> which are the better ones now available, can anyone advise?
> 
> The other point is that the stego program itself will be 
> visible on disk. Is
> there a small stego program that you could eg hide in an 
> image and somehow
> bootstrap from something totally innocuous?
> 
> 
> 
> 
> Any other ideas?
> 
> 
> -- 
> Peter Fairbrother
> 
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to 
> majordomo at metzdowd.com


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list