In late 2007 the U.K. advanced the Regulation of Investigatory Powers Act or RIPA making it illegal for suspects to refuse to decrypt or provide encryption keys requested by authorities in criminal or terrorism cases. In a criminal case suspects refusing to comply can face two additional years in prison while in terrorism cases, the prison sentence can be an additional five years.

This latest legal volley has served as a catalyst for technology developers to add a new dimension to encryption in the form of steganography. Steganography differs from encryption in that it attempts to hide the mere existence of information, messages or in this case file systems making it extremely difficult (proposed to be impossible) for law enforcement to determine if the suspects are in compliance with the laws. Whether impossible or not SFS potentially provides plausible deniability to suspects that wish to circumvent the new laws.

The technology simply stated allows users to create an encrypted file system (both Windows and Linux software is available). The user then stores legitimate or non-incriminating files in the files system under one password/encryption key and then subsequently stores incriminating files using a separate password/encryption key. When law enforcement demands the keys or password the suspect simply provides the password/key that allows extraction of the non-incriminating files. The producers of the SFS offer the rationale that the purpose of the technology is not to hinder law enforcement, but rather to protect their users from disclosing valuable information under duress to criminals. The software we have examined or dissected is quite sophisticated in that determining whether or not all the keys have been provided can be daunting.

We certainly can help combat and investigate SFS, as well as, more traditional forms of steganography, so there is never a dead end. However, this is just one more example of how steganography continues to evolve based on the need to hide the existence of incriminating information in this ever increasing digital world in which we live.

Chet Hosmer is the Chief Scientist at WetStone and would like to hear your comments and feedback to his opinions.