On 12/11/14, Mike Hearn <m...@plan99.net> wrote: > For anyone following along who also never heard of "the anakata case", this > is the trial of Per Gottfrid Svartholm Warg for hacking Danish government > databases: > > > http://torrentfreak.com/pirate-bay-founder-guilty-of-hacking-sentenced-to-two-years-in-prison-130620/ > > He was found guilty for two years. Part of the evidence was chat logs > showing him chatting with an accomplice. Presumably he tried to claim the > logs were forged: > > *The Court said that it had found the prosecution’s case against Gottfrid > and his accomplice convincing, since among other things it ruled out the > possibility that a third party could have carried out the hacking from the > defendants’ computers.* > > *The Court also noted that chat conversations between the defendants showed > that in addition to being the perpetrators of the hacking offenses, they > also acted in concert.* > > *As a result, Gottfrid was found guilty of hacking, aggravated fraud and > attempted aggravated fraud, and sentenced to two years in prison. His > 36-year-old accomplice was sentenced to probation.* >
That summary isn't entire correct and in some cases is wildly incorrect. I've requested transcripts for the trial but I'm not sure if or when they will be delivered. I was an expert witness in the case for the defense, I should add. This was related to a previous case where in Sweden, I was similarly an expert witness. He was partially acquitted in Sweden. Things in Denmark are a bit unclear but his co-defendant was eventually found guilty of a crime that he wasn't even indicted for originally. That person did successfully and unsuccessfully dispute parts of some chat logs, as I understand the outcome of the case. > > I think I agree with Eleanor that the costs of real deniability seem to > radically outweigh the benefits, as anything that doesn't involve a simple > on-screen editor for chat logs probably wouldn't be convincing, and that > seems like a lot of effort and UI complexity. Ease of forgery was never raised as an issue - the log files in question were simple text files on a disk. Thus when the computer was said to be compromised, it was decided that the text files on the disk could also be tampered with at the time of compromise. This is part of why the Swedish case and the Danish case went in the direction that they went. Also, the police appear to have lied in court and at least one Danish police officer may be charged for lying under oath and/or for tampering with evidence. I don't know the exact charges but it is exactly such a case where not having non-reputable signatures seem relevant. > > Moreover, I'm struggling to find a use case for this that doesn't involve > someone lying in court. In Anakata's long legal saga, it appears that there were other parties - thus from what I've seen - it isn't a matter of someone lying in court, it is a matter of the person in court disputing things on a pretty obviously compromised and shared computer. The other party wasn't in court as far as I understand things. It's actually a lot less clear than that and since most of the case that I heard was in Danish, I'm mostly in the dark without translated transcripts. > If I'm in a two-party chat, and we have strong > privacy, then I'd probably prefer to have strong evidence (on my local > device only) that what was said, was said. It seems like it can only help > me because: > > - .... if I'm saying "hey dude, let's engage in conspiracy against the > government!" and I'm talking to a double agent, that guy can probably > convince me to do something that isn't deniable i.e. in the real world > before closing the net. So it's hardly enough, to be a dissident. > That doesn't really convince me. With the prevalence of RAT (FinFisher, HackingTeam, UNITED RAKE) like tools, your strong evidence (or keying material) will probably not stay on your local device. > - .... if I'm an ordinary every day guy who is talking to someone, they > accuse me of something and the text message evidence supports my case, I > very much want it to be undeniable. This exact scenario came up in the court case: Alice: "Who wants ice cream?" Alice: "Who wants to kill the president?" Bob: "I do" .... In your case, you'd want it to be undeniable that you wanted which of the two exactly? > > - .... I don't want to ask every chat participant to activate some > special signing mode before they chat to me. This would be interpreted > as > saying "I don't trust you". Of course people only usually want > undeniable > chat logs after it turns out their trust was misplaced. I'd much prefer > to > use a chat network where the social default was undeniability. You never > know when you might turn out to be the poor guy in the newspaper > article. If you use such a system, I think you've clearly signaled that you don't trust me. I wouldn't chat with you and in fact, I didn't sign this email. :) > > W.R.T being quoted out of context, that happens with private speech > conversations all the time and hardly anyone ever says "I didn't say that", > they say "I'm being quoted out of context, here's the full conversation". > As a journalist, I think your protocol design would be fantastic for ensuring that no one ever used that protocol to talk to a journalist. That property would be a total no-go for people who want the ability to deny it. As a technologist, I'm mostly glad that this discussion is already solved in OTR and seemingly also in (n+1)sec/TextSecure designs. Those three protocols seem to have denability of a sort without creating the opportunity for horrible unintended consequences. > Are there other use cases I've overlooked? End point security is rather weak and so I'd wager that you're aiming to design a protocol "feature" that will be fantastic for framing someone. Or in some cases, when the law is "bad" - confirming something that shouldn't be confirmed. There are probably other cases but I'm not up for providing an exhaustive list at the moment. Perhaps after a coffee! All the best, Jacob _______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging
