On Oct 7, 2010, at 1:10 PM, Bernie Cosell wrote:
a 19-year-old just got a 16-month jail sentence for his refusal to
disclose the password that would have allowed investigators to see
what was on his hard drive.
What about http://www.truecrypt.org/docs/?s=plausible-deniability
Could this be used?
Sure. And the technology used would have no effect on the standard
... used in court:
I think you're not getting the trick here: with truecrypt's plausible
deniability hack you *CAN* give them the password and they *CAN*
decrypt
the file [or filesystem]. BUT: it is a double encryption setup. If
you
use one password only some of it gets decrypted, if you use the other
password all of it is decrypted. There's no way to tell if you used
the
first password that you didn't decrypt everything. So in theory you
could hide the nasty stuff behind the second passsword, a ton of
innocent
stuff behind the first password and just give them the first password
when asked. In practice, I dunno if it really works or will really
let
you slide by.
You're thinking too much about the technology.
The court demands a company turn over its books. The company denies it
keeps any books. Sure - massive fines, possible jail sentences for the
principals.
Alternatively, the company turns over fake books. There is evidence
that the
books are fake - they show the company only did 2000 transactions last
year,
but somehow the company paid a staff of 200 to take phone calls last
year.
Or the books don't show any payments for things that we see sitting in
the
warehouse. Or maybe there are just purely statistical anomalies: The
variation in income from week to week is way out of the range shown by
other businesses. Or there's just someone who swears that these are not
the books he's seen in the past. Same outcome for the company.
Maybe the high-tech cheats let you get away with stuff; maybe they
don't.
Then again, maybe the fake paper books let you get away with stuff, and
maybe they don't. Technology lets you play some games more easily,
but it's not magic pixie dust that immunizes you from reality.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com