On Feb 24, 2012, at 5:43 PM, James A. Donald wrote:
> Truecrypt supports an inner and outer encrypted volume, encryption hidden
> inside encryption, the intended usage being that you reveal the outer
> encrypted volume, and refuse to admit the existence of the inner hidden
> volume.
>
> To summarize the judgment: Plausibile deniability, or even not very
> plausible deniability, means you don't have to produce the key for the inner
> volume. The government first has to *prove* that the inner volume exists,
> and contains something hot. Only then can it demand the key for the inner
> volume.
>
> Defendant revealed, or forensics discovered, the outer volume, which was
> completely empty. (Bad idea - you should have something there for plausible
> deniability, such as legal but mildly embarrassing pornography, and a
> complete operating system for managing your private business documents,
> protected by a password that forensics can crack with a dictionary attack)
>
> Forensics felt that with FIVE TERABYTES of seemingly empty truecrypt drives,
> there had to be an inner volume, but a strong odor of rat is no substitute
> for proof.
>
> (Does there exist FIVE TERABYTES of child pornography in the entire world?)
>
> Despite forensics suspicions, no one, except the defendant, knows whether
> there is an inner volume or not, and so the Judge invoked the following
> precedent.
>
> http://www.ca11.uscourts.gov/opinions/ops/201112268.pdf
>
> That producing the key is protected if "conceding the existence, possession,
> and control of the documents tended to incriminate" the defendant.
>
> The Judge concluded that in order to compel production of the key, the
> government has to first prove that specific identified documents exist, and
> are in the possession and control of the defendant, for example the
> government would have to prove that the encrypted inner volume existed, was
> controlled by the defendant, and that he had stored on it a movie called
> "Lolita does LA", which the police department wanted to watch.
There is no such thing as plausible deniability in a legal context.
Plausible deniability is a term that comes from conspiracy theorists (and like
many things contains a kernel of truth) to describe a political technique where
everyone knows what happened but the people who did it just assert that it
can't be proven, along with a wink and a nudge.
But to get to the specifics here, I've spoken to law enforcement and border
control people in a country that is not the US, who told me that yeah, they
know all about TrueCrypt and their assumption is that *everyone* who has
TrueCrypt has a hidden volume and if they find TrueCrypt they just get straight
to getting the second password. They said, "We know about that trick, and we're
not stupid."
I asked them about the case where someone has TrueCrypt but doesn't have a
hidden volume, what would happen to someone doesn't have one? Their response
was, "Why would you do a dumb thing like that? The whole point of TrueCrypt is
to have a hidden volume, and I suppose if you don't have one, you'll be sitting
in a room by yourself for a long time. We're not *stupid*."
Jon
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
