Canary trap

A canary trap is a method for exposing an information leak by giving different versions of a sensitive document to each of several suspects and seeing which version gets leaked. It could be one false statement, to see if sensitive information gets out to other people as well. Special attention is paid to the quality of the prose of the unique language, in the hopes that the suspect will repeat it verbatim in the leak, thereby identifying the version of the document.

The term was coined by Tom Clancy in his novel Patriot Games, although Clancy did not invent the technique. The actual method (usually referred to as a barium meal test in espionage circles) has been used by intelligence agencies for many years. The fictional character Jack Ryan describes the technique he devised for identifying the sources of leaked classified documents:

Each summary paragraph has six different versions, and the mixture of those paragraphs is unique to each numbered copy of the paper. There are over a thousand possible permutations, but only ninety-six numbered copies of the actual document. The reason the summary paragraphs are so lurid is to entice a reporter to quote them verbatim in the public media. If he quotes something from two or three of those paragraphs, we know which copy he saw and, therefore, who leaked it.

A refinement of this technique uses a thesaurus program to shuffle through synonyms, thus making every copy of the document unique.

Known canary trap cases

Following the troubled production of Star Trek: The Motion Picture in the late 1970s, Paramount Pictures effectively replaced Gene Roddenberry as producer of further movies in the franchise with Harve Bennett. Roddenberry was retained as an "executive consultant", due to the high regard the series' fans held him in; while he had little real authority he was still kept involved in the creative process. The fans often complained about particular plot developments proposed for the films, such as the death of Spock in Star Trek II, that Roddenberry had opposed. So, before any drafts of the screenplay for Star Trek III: The Search for Spock were circulated, Bennett arranged for each individual copy to have subtle clues distinguishing it from the others. Shortly after Roddenberry opposed the destruction of the Enterprise at the climax of that film, fans began to complain to Paramount and Bennett. He found that a leaked copy of the script was the one given to Roddenberry, but was unable to do anything about it.[1]

After a series of leaks at Tesla Motors in 2008, CEO Elon Musk reportedly sent slightly different versions of an e-mail to each employee in an attempt to reveal potential leakers. The e-mail was disguised as a request to employees to sign a new non-disclosure agreement. The plan backfired when the company's general counsel forwarded his own unique version of the e-mail with the attached agreement. As a result, Musk's scheme was realized by employees who now had a safe copy to leak.[2]

In October 2019, British celebrity Coleen Rooney used the technique to identify who was leaking information from her private Instagram stories to tabloid newspaper The Sun by posting fake stories which were blocked to all but one account. When these details appeared in the press, she publicly identified the leaks as coming from the account of Rebekah Vardy, wife of footballer Jamie Vardy.[3].