In today's Times - now more stego mythology

[Ross Anderson]

A journalist called me from the Times and told me he'd had a
briefing from the security service on steganography. He had a
lot of strange ideas, and I spent maybe 30 minutes trying to
explain the sort of things that are common knowledge to
members of this list. In particular, all we appear to know so
far is that the bad guys used plaintext emails, and this is
precisely what one expects a competent opponent to do: you do
not want to draw attention to yourself by being among the few
users of an exotic confidentiality or anonymity service, and
in any case normal emails are hidden in just the same way as a
pebble on brighton beach (Caspar's analogy).

However, it transpired that he was determined (or had been
instructed) to write the story anyway.

The comments ascribed to me in the article in question are
simply wrong. I did not at any time suggest that the bad guys
would generate cover traffic themselves, merely hide their own
emails in the huge volumes of email that exist anyway.

Apart from that, the articles should be seen as a deliberate
plant by MI5. The fact that the Times ran them, even after it
had been explained to them in detail why their version of
events was implausible, seriously undermines the credibility
of that paper's news coverage.

Ross Anderson