Tracking devices is nothing new. In the auto industry, multiple vendors compete to convince drivers to install the devices in their cars, promising that if it gets stolen, the cops will know right where to find it. In law enforcement, criminals on probation sometimes are required to wear an ankle bracelet that does the same thing \u2013 tells authorities exactly where they are.It is also possible to do that with data. Digital watermarking can track where it is being viewed or downloaded, and also identify the IP address and the type of device doing it. It is not in widespread use, according to experts, and could in some cases have privacy implications, but its advocates say while it doesn\u2019t prevent a data breach, it can let an organization that has been breached know about it almost immediately, instead of months later.Their mantra is: Breaches are not preventable, but they are discoverable.\u201dAs Rich Campagna, vice president, products, at Bitglass put it, \u201cThe average data breach goes undetected for seven months. Identifying a breach early can help prevent further exfiltration and render breached data useless,\u201d by, for example, canceling and reissuing credit cards before they can be sold.To demonstrate the effectiveness of watermarking and to illustrate how widely stolen data can \u201ctravel\u201d, Bitglass created a fake data file earlier this year of 1,568 names, Social Security numbers, credit card numbers, addresses and phone numbers. It watermarked the file and then posted it anonymously to DropBox plus seven other sites on the Dark Web suspected of being cybercrime marketplaces.According to the company, the watermarking can survive copying, pasting and other file manipulations. Every time the file is opened, it \u201ccalls home\u201d with information on where and how it was accessed.The company reported that after 12 days, the file had been accessed from 22 countries on five continents, including the U.S., Brazil, Nigeria, Hong Kong, Spain, Germany, the United Kingdom, France, Sweden, Canada, the Russian Federation, the Czech Republic, Italy and Turkey.The data was viewed 1,081 times, with 47 unique downloads, and was accessed most frequently from Nigeria, Russia and Brazil. Campagna said that, \u201cvery few of the people who downloaded the file took any steps to obscure their location or device.\u201dOf course, knowing where your stolen data went, or even who downloaded it isn\u2019t going to help you get it back, like a car, or even erase it. Many of the countries from which the downloads occurred are essentially beyond the reach of U.S. law enforcement.Still, knowing about it has enormous value, according to Paul Henry, IT security consultant for Blancco Technology Group, who said he has used watermarking in his incident response and forensics business since 2007.\u201cIt\u2019s a great tool,\u201d he said. \u201cI\u2019ve used it in several email-related cases to determine specifically who was reading another party\u2019s email without their permission. I also use it with retained clients with their intellectual property-related data to eliminate false positives when searching sites like Pastebin and others on the Dark Web to see if their data shows up.\u201dHenry agreed that there is value in being able to take measures quickly to mitigate damage from stolen data. But he said the amount of identification it provides can help in legal proceedings as well.\u201cWhen used properly, you actually can see an evidence trail that meets court requirements for admissibility,\u201d he said. \u201cFor enterprise businesses, that\u2019s going to help them solidify their intellectual property defense in court.\u201dAnd, relatively speaking, it does not amount to big bucks. Campagna said watermarking is part of the company\u2019s broader security package with a monthly license fee starting at $5 per user.While watermarking is still not nearly as common as software aimed at detecting and preventing malware, it got a burst of publicity during the past two weeks in connection with the high-profile hack\u00a0of Hacking Team, the Italian company that sells hacking and surveillance tools to governments and law enforcement agencies, and is viewed as an \u201cenemy of the Internet\u201d by privacy and human rights groups.Reportedly, Hacking Team watermarks\u00a0its Galileo software, which would mean that anyone reading those hacked files will be able to find out who is using it and who their targets are.That prompted Bruce Schneier, security guru and CTO at Resilient Systems, to muse on his blog, \u201cIt's one thing to have dissatisfied customers. It's another to have dissatisfied customers with death squads. I don't think the company is going to survive this.\u201dCampagna said the Bitglass watermarking is different. \u201cHacking Team has watermarked its software to prevent piracy,\u201d he said. \u201cA copy sold to the U.S. government would have a different watermark than a copy sold to the Russian government. If the software later showed up elsewhere, Hacking Team could track that copy back to the customer from which it was taken.\u201dBy contrast, he said, Bitglass watermarking is designed for visibility, wherever the data go. \u201cWhen data is found on Dropbox or on an identity trafficking site, the company can verify that it was Paul from accounting that leaked the document, as an example,\u201d he said.Still, Henry said there are legal and privacy implications with watermarking, since it causes a device to execute an instruction that does not come from the user or that the device would do on its own.\u201cCertain law enforcement agencies cannot cause a computer to exercise any instruction it would not have issued itself or it is considered entrapment,\u201d he said, and a watermark does, in fact, cause the user's computer to exercise instructions it otherwise would not have issued.\u201dAnd, as is the case with any security tool, it is not bulletproof. Henry said there is no doubt in his mind that a criminal savvy to watermarking, \u201ccould have the information containing the watermark and still remain undiscovered.\u201dAnd Campagna acknowledged that it is possible to defeat a watermark by taking a screenshot of a file or converting it to plaintext.Still, it is a visibility tool that Henry said could provide some legal muscle \u2013 what he called, \u201cthe \u2018smoking gun\u2019 evidence\u201d that could support a prosecution.