[cryptography] US Appeals Court upholds right not to decrypt a drive
jon at callas.org
Sun Feb 26 14:33:46 EST 2012
On Feb 25, 2012, at 6:35 PM, James A. Donald wrote:
> Jon Callas<jon at callas.org> writes:
> > > I've spoken to law enforcement and border control people
> > > in a country that is not the US, who told me that yeah,
> > > they know all about TrueCrypt and their assumption is that
> > > *everyone* who has TrueCrypt has a hidden volume and if
> > > they find TrueCrypt they just get straight to getting the
> > > second password. They said, "We know about that trick, and
> > > we're not stupid."
> They may assume that - but they cannot prove it.
You're assuming that they operate with the same security model that you do.
Your security model presupposes US law, to start with. I can see that in the glib comment asking if I'd ever heard of "innocent until proven guilty" -- which is a US principle. It is one that I not only have heard of, but think is is pretty darn good idea, too!
Nonetheless, it does not exist everywhere in the world, and I said this was not the US. In fact the very reason I said it wasn't the US was because I wanted to point out that objections to the story based upon US law are irrelevant. Moreover, innocent until proven guilty is interpreted differently depending on what sort of case there is. The term *proven* is context-dependent. There are different ways they prove, different burdens of proof. "Beyond reasonable doubt" and "clear and convincing evidence" are two used in criminal cases in the US. "Preponderance of evidence" is usually used in civil cases.
None of these are "plausible deniability." As I said before, this is a term of spycraft and statecraft. Usually it's used to describe how a powerful entity like a nation state can defend itself against attacks by less-powerful entities. There are forms of torture that are popular because they leave no marks on the victim and therefore give the state plausible deniability. Bureaucracies also use this technique to spread blame or leave the blame with some other person.
In a number of cases involving spectacularly failed companies, the CEO has tried to stick someone else with the blame through plausible denial. Or perhaps the family and associates of a fraudster use a form of plausible denial to avoid conviction or trial. (I am not saying that using plausible means you're guilty -- it only means you don't have a better defense.) It works sometimes and doesn't work others. It didn't work for Bernie Ebbers, for example. Plausible denial combined with a lack of evidence works really well, but it's not a legal principle at all.
Most people who use the term "plausible denial," particularly us crypto people, would be better served to say "reasonable doubt." It's a better marketing term at the very least.
But anyway, back to deniable encryption and what is a language-theoretic issue.
If your security model includes technical issues and policy issues, but your attacker has different policies, then your security might fail for language-theoretic reasons.
To a border control person (and that's who I was talking about), Truecrypt is the same thing as a suitcase with a false bottom. Technically, we'd say that it is a container that (assuming it works correctly) *might* have a secret compartment and that one that does have secret compartment is information-theoretcially indistinguishable from one that has a secret compartment. But if you read the previous sentence to a border control person, they might hear, "...it is a container ... that ... has a secret compartment."
The difference is policy, not technical. If their security model includes the policy that there's no reason to have a suitcase with a false bottom except to put something in it, then how you make a denial becomes everything.
If your denial is "don't be ridiculous, I *know* you guys can spot hidden volumes and that's why I'd never use one -- I use it because I'm cheap" then you're doing well. If your denial is, "you can't prove there's a hidden volume there" then you're not doing so well.
My point is that there are security models out there that know about hidden volumes and have their own defenses against them. I used the word "defenses" intentionally. They are border control people. Their model considers a hidden volume to be an attack, not a defense. They have developed their own defenses against smuggling that take hidden volumes into account.
> Evidently in the case of
> http://www.ca11.uscourts.gov/opinions/ops/201112268.pdf They
> were totally unable to get information out of John Doe
> For the entire case turned on the fact that John Doe never
> admitted the existence of the hidden drive, and forensics were
> entirely unable to prove the existence of the hidden drive.
> Customs may have the authority to search through your stuff,
> but if they cannot find what they are looking for, they have
> no authority to make you tell them that it exists and where
> it is.
> But if you *do* tell them that it exists, then they can make
> you tell them where it is.
Absolutely. This is a good thing, too. Please don't think that I am defending what they do. I think people should have full legal protections at border crossings. I think that the erosion of fourth and fifth amendment rights is deplorable.
But again, you're assuming US law, and you're ignoring administrative actions.
They can seize your laptop and there's not a lot you can do. It's a loss, you'll never get it back, particularly if it's not your country. They can flag you for a full search on every crossing, too.
Ironically, one of the best defenses you'd have (particularly as a US citizen coming into the US) would be to say something like, "Of course there's a hidden volume there. I'll tell you what's in it -- there's the personal records for my customers, and if I open that up for you, I have to notify every one of them under forty-some state laws. There's millions of them there, and I can't afford to do that. That's why I'm using Truecrypt -- I have to have that data with me, and I don't trust other countries from stealing my data. If you have to keep my laptop until my lawyer calls, it will suck, but I understand. But can you cut me some slack this time? I wrote a bunch of emails and memos while I was on the plane and they aren't backed up."
Note that this is also a form of plausible denial, but the plausible denial has nothing to do with the crypto.
More information about the cryptography