Canary trap

A canary trap is a method for exposing an information leak by giving different versions of a sensitive document to each of several suspects and seeing which version gets leaked. Special attention is paid to the quality of the prose of the unique language, in the hopes that the suspect will repeat it verbatim in the leak, thereby identifying the version of the document.

The term was coined by Tom Clancy in his novel Patriot Games, although Clancy did not invent the technique. The actual method (usually referred to as a barium meal test in espionage circles) has been used by intelligence agencies for many years. The fictional character Jack Ryan describes the technique he devised for identifying the sources of leaked classified documents:

Each summary paragraph has six different versions, and the mixture of those paragraphs is unique to each numbered copy of the paper. There are over a thousand possible permutations, but only ninety-six numbered copies of the actual document. The reason the summary paragraphs are so lurid is to entice a reporter to quote them verbatim in the public media. If he quotes something from two or three of those paragraphs, we know which copy he saw and, therefore, who leaked it.

A refinement of this technique uses a thesaurus program to shuffle through synonyms, thus making every copy of the document unique.

Known canary trap cases

After a series of leaks at Tesla Motors in 2008, CEO Elon Musk reportedly sent slightly different versions of an e-mail to each employee in an attempt to reveal potential leakers. The e-mail was disguised as a request to employees to sign a new non-disclosure agreement. The plan backfired when the company's general counsel forwarded his own unique version of the e-mail with the attached agreement. As a result, Musk's scheme was realized by employees who now had a safe copy to leak.^[1]

Barium meal test

According to the book Spycatcher by Peter Wright (published in 1987) the technique is standard practice that has been used by MI5 (and other intelligence agencies) for many years, under the name "barium meal test". A barium meal test is more sophisticated than a canary trap because it is flexible and may take many different forms. However, the basic premise is to reveal a secret to a suspected enemy (but nobody else) then monitor whether there is evidence of the fake information being utilised by the other side. For example, the double agent could be offered some tempting "bait": e.g., be told that important information was stored at a dead drop site. The fake dead drop site could then be periodically checked for signs of disturbance. If the site showed signs of being disturbed (in order to copy the microfilm stored there) then this would confirm that the suspected enemy really was an enemy: e.g., a double agent.

Embedding information

The technique of embedding significant information in a hidden form in a medium has been used in many ways, which are usually classified according to intent:

Watermarks are used to show that items are authentic and not forged.
Steganography is used to hide a secret message in an apparently innocuous message, in order to escape detection.
A canary trap hides information in a document that uniquely identifies it, so that copies of it can be traced.
Screener versions of DVDs are often marked in some way so as to allow the tracking of unauthorised releases to their source.
Major films or television productions frequently give out scripts to the cast and crew in which one or two lines are different in each individual version. Thus if the entire script is copied and leaked to the public, the producers can track down the specific person who leaked the script. In practice this does not prevent generalized information about the script from being leaked, but it does discourage leaking verbatim copies of the script itself.
Trap streets on maps, or intentionally fictitious streets, are sometimes included to track copyright violations by those who might republish copyrighted maps illegally.
Spurious words are sometimes included in dictionaries so as to detect other publishers copying from them - the OED contains an appendix of such words with which edition of which dictionary first used them and which first duplicated them.

In popular culture

The canary trap was also used in Clancy's (chronologically) earlier novel, Without Remorse, when a CIA official alters a report given to a senator, revealing an internal leak who was giving information to the KGB. Different versions of the report were given to other suspected leakers.
Barium meals are also administered in Robert Littel's book The Company, and later in the TV short-series with same name.
The technique (not named) was used in the 1970s BBC television serial 1990. The same unnamed technique also appeared in Irving Wallace's book The Word (1972).
A variation of the canary trap was used in Miami Vice, with various rendezvous dates leaked to different groups.
In the third-season finale of The Mentalist, the characters use a canary trap (giving different hotel room numbers to different suspects) to uncover a mole within their agency. A similar ruse is used in the TV series Ashes to Ashes.
In A Clash of Kings, the second book in the A Song of Ice and Fire series, Tyrion Lannister uses the trap to find out which member of the King's Privy Council is reporting to his sister, the Queen Regent Cersei Lannister. To the Grand Maester Pycelle, he tells of a plot to marry his niece, Princess Myrcella, to Prince Trystane of the powerful House Martell, from Dorne. To Littlefinger, he claims he will instead send Myrcella to be raised by Lysa Arryn and married to her son Robert. To Varys, he says his plan is to send his nephew Tommen to the Martells. When Cersei confronts him, and knows only of the plan to send Myrcella to Dorne, Tyrion knows Pycelle to be the leak.
When distributing Broken to friends, Trent Reznor claims that he watermarked the tapes with dropouts at certain points so that he could identify if a leak would surface.

References

↑ Owen Thomas (2009). "Tesla CEO in Digital Witch Hunt". Gawker Media. Retrieved 2013-11-16.

External links

Fingerprinting gives a good overview of different kinds of canary trap techniques.
EFF.org DocuColor Tracking Dot Decoding Guide How to read the date, time, and printer serial number from forensic tracking codes in a Xerox DocuColor color laser printout.