Steganography and E-Discovery: What will Courts and litigators do when spam contains hidden messages?
From time to time issues will arise under the evolving e-discovery rules that frankly seem pretty darn hard to resolve - the use of Steganography is one of them. Steganography is the art and science of hiding or obscuring messages so as to engage in covert communications. In terms of e-discovery and evidence issues steganography involves placing a hidden encrypted message in other data, usually a digital photograph, video file, audio file, or yes even spam. The recipient of the steganographic data would use a steganography key to unlock and decrypt the message.
For example using an inexpensive steganographic program ill intentioned parties, who do not want their communications handed over in any upcoming case, can use a proxy server to send the appearance of spam back and forth which contain images that have embedded encrypted steganographic messages. What a nightmare for litigators on both sides of the case. The nightmare multiples if the supposed spam e-mails contain links to third party web sites that manifest steganographic images.
The current mainstream thought under the revised e-discovery rules is that requests for e-discovery should be proportional in nature and reasonably tailored to the facts and issues in the case. In essence, litigators currently make widespread use of reasonable keyword and "soundex" searches to distill out responsive electronic documents and emails - emails that look like spam are generally not produced nor are they requested (unless the case is over unsolicited e-mail).
But no automated keyword search will be able to distill out relevant messages made using steganography. No manual visual inspection will be able to detect messages in steganographic form - the photos look the same.
To be fair there are a lot of socially important uses for steganography. For example, in many contexts the right to privacy is protected and advanced by using steganographic messages and one can certainly appreciate using steganography to protect important personal information like passwords, lock combinations, trade secrets, and financial information. In addition, steganography can be used to protect intellectual property such as embedding a secret message in photos, websites, and videos and thus proving that an alleged defendant copied your works. Steganography can also be used by our intelligence services as a secure method of communication.
There are numerous inexpensive programs that help you to create steganographic messages such as Invisible Secrets. There are also some programs that help you to detect steganographic files such as Stego Suite from Wetstone. I suspect programs like the Stego Suite will become a more important part of the modern civil litigators e-discovery toolkit - especially if there is some access during the case to hard drives and server drives for automated analysis.
What will Courts and litigators do if steganography becomes more widespread due to both socially acceptable and unacceptable uses? What if steganography starts to make up the majority of sensitive corporate communications? Can corporations communicate the most important sensitive digital messages in the manner and method they choose or do they have an obligation once litigation commences to use a tangible-centralized easily searchable form? How are outside litigators supposed to ensure the integrity and completeness of the e-discovery process in a world of steganography?
What if spam contains hidden messages?
The only way to perform e-discovery in such a steganographic world would be to ask for and get all communications, all server drives, and all hard drives, and hope that there is no off site storage five thousand miles away in a jurisdiction hostile to American law. Such a broad request will not be meet with enthusiasm by the other side or most Judges. If a miracle occurs and you get the overbroad discovery and access then you would need to use automated steganography detection software with robust artificial intelligence like Stego Suite to possibly detect steganographic carrier files. Break the encryption if you are lucky and then run your keyword search to see if the data is relevant to the case. The e-discovery effort, time, and cost from the possible use of steganograpy can become mind boggling.
It will be an interesting evolution as the e-discovery cases evolve as to how the steganography legal and technical issues will be handled.