Privacy & Individual Rights
Commerce, Security, & the Law
Net Culture, Art, & Literature
International Affairs & National Security
Ethics, Rhetoric, & Metaphysics
Science Fiction Other Resources
Other Book Review Sites
Imagine if you bought a computer today and received nothing but a cold electronic machine. And to get it to do anything you had to program it yourself. Fortunately, that's not what happens, but that's how it was with the first commercial computers. "IBM's first production computer, the 701, came with little more than a user's manual." IBM provided a 103-page manual, a primitive assembler, and a couple of utilities on punch cards. In those days, the 1950s, programmers were not only essential but crucial to running a computer.
Throughout history people have tried to hide messages in code. Cryptography (from the Greek root kryptos, which means hidden, concealed or secret) is the art of encoding messages in a non-readable form. To decrypt, or decode, these messages, the reader needs a key of some sort, ranging from a simple table of letters to the complex keys used in today's cryptography. Steganography, which may at first seem to have something to do with dinosaurs, is a special type of cryptography: the Free On-Line Dictionary of Computing (www.foldoc.org) defines it as "Hiding a secret message within a larger one in such a way that others can not discern the presence or contents of the hidden message."
The main principle behind steganography is simple, and somewhat surprising to those unfamiliar with it: a great deal of data is transferred over the Internet in the form of music and graphic files. Steganography involves "replacing the least important or most redundant bits of data in the original file - bits that are hardly missed by the human eye or ear - with hidden data bits." Think about that white cloud in a landscape picture: its bits could be changed to a series of almost-white grays, of different shades, each of which represents a letter. Or the lowest frequencies in music files - the ones we can't hear - could be full of text. Or even just inserting text after the end-of-file (EOF) marker in an MP3 file; the player will stop at the EOF, but the additional text will be easily hidden in the file. "Where cryptography scrambles a message, . . . steganography hides the message entirely." And by encrypting the text hidden with steganography, messages are nearly impossible to crack.
Hiding in Plain Sight opens with a chapter on the principle of covert communication, then continues with a chapter presenting the basic principles of cryptography. This chapter is one of the clearest introductions to the subject I have read. Cole then goes on to explain steganography; first with an overview, giving plenty of examples of how it can be used and how it can be a powerful tool for sending covert messages overtly, then with a chapter on the nuts and bolts of steganography. This chapter explains how some of the main freeware, shareware and commercial steganography tools work, and talks about some of the programs included on the CD which comes with this book. (The CD includes a couple of dozen programs for Windows and *nix operating systems.) The book also contains an appendix with 80 pages of source code to steganography programs; but this is merely filler: the same source code is on the CD, and it's obvious that no one wants to type it all from the book.
I have to react to some of the author's comments in the book's introduction. Cole says that he decided to write this book "because of a deep frustration [he] felt after September 11, 2001." He says, "the bad guys always seem to have the upper hand and do a better job at breaking into assets than we do protecting them." (Note the use of "we"; Cole formerly worked for the CIA.) He then says, "I wanted to write a book that would help people understand the threat so that we can take action to minimize the damage going forward." To suggest that the US intelligence community, which does not even have enough linguists capable of speaking certain foreign languages, especially those used in recent terrorist attacks, are going to suddenly not only discover coded messages, including those using steganography (not that hard, actually), then decode them and understand what they say is almost risible. Many of his comments throughout the book revolve around a "good guy/bad guy" binary pair, redolent of certain US Administration pronouncements, which suggest that anyone wanting to use encryption has something illegal to hide. If that were the case, he should never have written this book, for he is an accessory to those criminal activities.
Nevertheless, this is a very good book, giving cogent, lucid explanations of complex technologies, and showing how they can and are applied in everyday life. If you have something to hide, steganography is a good way to do it, and this is a good book to tell you how. But bear in mind that a book like this could send you to jail in certain countries where crypto is still illegal...