[cryptography] OTR and deniability
iang at iang.org
Mon Jul 18 19:48:37 EDT 2011
Back in the 1980s, a little thing called public key cryptography gave
birth to a metaphor called the "digital signature" which some smart
cryptographers thought to be a technological analogue of the human
manuscript act of signing.
It wasn't, but this didn't stop the world spending vast sums to
experiment with it. They still are, in Europe. Oh well, that would
have been OK as long as it didn't hurt anyone.
But it gets worse. Those same cryptographic dreamers theorised that
because their mathematics was so damn elegant, the maths couldn't lie.
So, they could promote a "non-repudiable signature" as a technological
advance over ink & quill. The maths was undeniable, right? Although
these days we know better, that "non-repudiation" is a crock, we still
have people running around promoting it, and old text books suggesting
it as an important cryptographic feature.
Repudiation is a legal right, it's a valuable option within dispute
resolution, not a mathematical variable to solve out of the equation.
You can't mathematise away legal rights, any more than you can
democratise poverty away in the middle east, nor militarise pleasure
away in a random war on drugs.
OTR makes the same error. It takes a very interesting mathematical
property, and extend it into the hard human world, as if the words carry
the same meaning. Perhaps, once upon a time, in some TV court room
drama, someone got away with lying about a document? From this, OTR
suggests that mathematics can help you deny a transcript? It can't. It
can certainly muddy the waters, it can certainly give you enough rope to
hang yourself, but what it can't do is give some veneer of "it didn't
happen." Not in court, not in the hard world of humans.
I am reminded of a film _A few good men_ which is somewhat apropos of
those two young kids wasting away in some afghan shithole that passes
for military justice. It's that well known scene where Cruise traps
Nickolson in to undenying his repudiation:
Kaffee: *Did you order the Code Red* ?
Col. Jessep: *Youre Goddamn right I did* !
That's repudiation, real life version. And that's what happens to it,
as summed up by Kafee afterwards: "the witness has rights..."
Mathematics has no place there, as is shown by all the other muddy
evidence in the case.
On 16/07/11 6:52 AM, Meredith L. Patterson wrote:
> On Fri, Jul 15, 2011 at 6:45 PM, Marsh Ray <marsh at extendedsubset.com
> <mailto:marsh at extendedsubset.com>> wrote:
> On 07/14/2011 01:59 PM, Steven Bellovin wrote:
> Put another way, the goal in a trial is not a mathematical proof,
> it's proof to a certain standard of evidence, based on many
> pieces of data. Life isn't a cryptographic protocol.
> The interesting thing in this case though is that the person
> providing the plaintext log file is:
> a) a convicted felon
> b) working for the investigators/prosecutors (since before the
> purported log file's creation?)
> c) himself skilled in hacking
> Those bullet points are far more likely to be brought up at trial than
> any of the security properties of OTR. Defense counsel has to weigh the
> benefits of presenting evidence -- will it get some point across, or
> will it be lost on the judge/jury?
> I submit that a military judge or a panel of commissioned officers (and
> maybe some enlisted personnel) is unlikely to appreciate the finer
> mathematical points, and more likely to fall back on "but there are
> these logs, right there, and the feds say they're authentic." The
> defense has plenty of Lamo's own documented actions to use to undermine
> his credibility.
> There's much to be said for "baffle them with bullshit" (not that
> there's necessarily any bullshit even involved), but a jury that doesn't
> understand an argument is likely to dismiss it as bullshit.
> cryptography mailing list
> cryptography at randombit.net
More information about the cryptography