The "encryption" of the original photo appears to have been performed with somewhat linear algorithm, whereby an equation describing a spiral of a fixed ratio, with the origin centered on the iris of one eye, was applied to the digitized photo. It wouldn't take much to "reverse engineer" that algorithm from the "encrypted" product, and "break the code." The "encrypted" image in the comment above just isn't chaotic, and might more correctly described as "scrambled".

Even if the spiral encryption algorithm used in the example had been applied several times, using a different axis on each pass, superimposed on the previous encryption product, the final product would still have betrayed its method, and the multiple spiral scramblings could have been unpeeled back to the original source photo.

A more robust encryption process would involve a more thorough, pseudo-random scrambling of the bits/pixels of the original photo by some equation that isn't so graphically apparent in the final product. More security could be obtained by successive encryptions (encrypting the encryption) using a variety of equations applied variously to parts of previous successive encryption products.

In other words, state security forces can't be said to have closed the book on image encryption as suggested in the orginal article posted above.

The purpose in the example wasn't (apparently) to protect information from detection from unauthorized eyes, ensuring revelation of the original to only authorized recipients. (In that case, the more complicated the encryption process, the more burdensome and corruptible it would be to decrypt.) Since the apparent purpose in the example was to obscure identity from all eyes, forever, a very complex, convoluted encryption process would carry no security/complexity trade-offs.

(It almost appears that the alleged perp, in his alleged photo, was engaging in the detective story cliché proverb: that self-absorbed clever outlaws--heros and villains, alike--like to brag. It seems that he wanted to "be cute", show how "clever" he [thinks he] is, daring someone to catch him. If he really wanted to remain anonymous, he would have done a more thorough job of concealing facial identity.)

I agree that the less reliance on the false "holy grail" of technology, the better. Primitive, one-time pad encryption beats the most tech-intense encryption every time.

i haven't posted this info anywhere else, and it doesn't seem to be too widely published. please take a minute or two to let people know, post to lists, etc. the more people know the better decisions we can all make in dealing with this sensitive issue.

The description above is a good comment and explanation. There was also an actually interesting thread in a similar vein on Slashdot when this was reported:  http://yro.slashdot.org/article.pl?sid=07/10/09/0235235

 http://www.epuk.org/News-snippets/714/police-reveal-sex-offender-picture

a mask

What about totally covering the faces in a photograph, such as with dark shapes?

Also, word to the wise, a good tip if you're putting out photos where you've obscured the faces is to do a screen capture of the image and then distribute that screen capture image of the photo rather than the original file, this helps to eliminate possible identifying traces that would be in the original image file.