Sebastien (Or, The Fifth Amendment and PGP)

Starfox

A federal judge recently ordered Sebastien Boucher to decrypt his PGP-protected laptop. Originally it was ruled he did not have to, and I believe Rym and Scott talked about it on the show. Should he have to? I say no. I think there is a fundamental difference between handing over the keys to your safe and this. You don't have to tell the cops where you hid the murder weapon, how is being forced to reveal your password any different?

Incidentally, what would happen to him if he refused to give up the goods? Contempt of court?

Sail

You don't have to tell the cops where you hid the murder weapon, how is being forced to reveal your password any different?

Yeah. I call the 5th amendment on this one. This is being forced to bear witness against yourself.

Rym

This is being forced to bear witness against yourself.

Should there be protection against bearing witness against oneself in the modern era?

Dr. Timo

You don't have to tell the cops where you hid the murder weapon, how is being forced to reveal your password any different?

It is different in that, if the cops have a warrant and want to look in your safe for the murder weapon, you have to, by law, open the safe. Defenses against revealing a password are based on the fact that the "key" can be transmitted verbally, thus they claim it as speech.

The problem here is, in fact, not free speech (or rather the 5th amendment), it is the problem of search warrants in a time when the general populace has easy access to unbreakable, voice recognition operated safes.

Omnutia

What are the problem going to be presented by plausible deniability schemes? As in, having a bunch of random data within a partition which turns into another partition and the rest of the partition is also full of random stuff.

Rym

What are the problem going to be presented by plausible deniability schemes?

If done properly, it cannot be proven that you have not already provided the key. They could never verify that you did not have some other, more hidden level of secrecy, and there would be no possible way to compel you to provide access to it. It's foolproof: mathematically so.

Omnutia

Unless they get spy pics of you using it.
Nothing stays foolproof long, the world is always endeavoring to make bigger and better fools.

Starfox

It is different in that, if the cops have a warrant and want to look in your safe for the murder weapon, you have to, by law, open the safe. Defenses against revealing a password are based on the fact that the "key" can be transmitted verbally, thus they claim it as speech.

I don't think it's like opening up a safe. I think it's more analogous to telling them where in the woods you buried the body.

Apreche

Think of it like this. Let's say you have a safe. It's not a safe with a key, it's a safe with a combination. Well, if they have necessary warrants and such, they are allowed to go in the safe. They can't force you to tell them the combination, but they can bust it open by force. The same goes for a computer with passwords and such. They can't force you to tell them the password. It's something in your brain, not a physical object. However, they can bust in by force. It just so happens that sufficiently strong encryption is effectively impossible to break into by force. It's no different than if you had an uncrackable combination safe.

Rym

It's no different than if you had an uncrackable combination safe.

Deniable encryption goes one step further. It's as though you have a safe, and they demand the key. You give them the key, and the open it only to find nothing incriminating. You actually have another, invisible safe inside of that safe, but they can't see it, can't prove it's there, and can't interact with it in any way. Even if they claim to have seen you place the incriminating evidence inside of the big safe, they can't prove that you haven't already given them all the keys to all your safes.

Kate Monster

What, you mean you can't just hulk smash a computer and all the data won't flow out in magic blue fog that can be trapped in a bottle and will answer all questions put to it?

lackofcheese

Brute force.

Starfox

They can't force you to tell them the password. It's something in your brain, not a physical object.

So what happens when an irresistible force meets an immovable object? The judge said he has to reveal it. Does he go to jail for contempt or what?

Rym

The judge said he has to reveal it. Does he go to jail for contempt or what?

If you have deniable encryption, you can give them the fake key, which works just fine (only doesn't reveal the incriminating evidence), and they can't prove that you even have another key.

Or, you can just say that you forgot.

Kate Monster

The judge said he has to reveal it. Does he go to jail for contempt or what?

If you have deniable encryption, you can give them the fake key, which works just fine (only doesn't reveal the incriminating evidence), and they can't prove that you evenhaveanother key.

Or, you can just say that you forgot.

Except that is perjury and he may not have a false key set up.

Churba

The judge said he has to reveal it. Does he go to jail for contempt or what?

One would suspect that Judge does not trump Constitution, however, He could be looking at jail time until a challenge could be mounted, I suspect.

Rym

he may not have a false key set up.

Then he isn't using deniable encryption. The whole point of deniable encryption is that, if it is implemented correctly, it is impossible to prove that a person hasn't complied with a demand for decryption.

You actually have the same mathematical problem with One Time Pads. For any message encrypted using a proper OTP, there is a real key which will resolve it to ANY MESSAGE you wish of the same length. If my encrypted message was:

AAFFQQW

It is equally likely that my message says:

FUCKYOU

as it is that it says:

KILLHIM

as it is that it says:

TUESDAY

I can provide a perfectly valid key which will reveal whatever message I want, and there is absolutely no mathematical way to prove that one is more likely than another.

Omnutia

Problem being, if they can in any way prove the partition exists then they can get you on contempt of court, it's a real gamble.

Rym

if they can in any way prove the partition exists then they can get you on contempt of court

There could be any number of "partitions" in a deniable space. No matter how many you choose to provide access to, there would be no way to determine if you were holding out on one. Mathematically, you could provide a key which revealed a lurid fanfic about the judge's grandparents if you wanted to.

Omnutia

I meant, as in, some kind of proof outside of the computer e.g. photographic.

Mathematically, you could provide a key which revealed thousands upon thousands of funny kitten pictures.

Apreche

Maybe this will help people understand.

Imagine a door with a lock. Most doors with locks are opened by a key. Usually there is only one key that will open the lock. Every other key will fail to open the lock. You know if you have found the right key because the door will open. You know you don't have the right key because the door will not open.

Now, imagine a door that can be opened by any key. There are infinity different keys, and all of them open the door. Doesn't sound very secure does it? Well, here's the catch. Depending on which key you use, the door will go to a different place. Use this key, and the door goes to Jupiter. Use this key and the door goes to Bermuda. Use this key and the door goes to your office. No matter what key you use, you go somewhere different. Every key opens the door.

If you force me to give you the key to the door, how do you know if I've given you the "correct" key or not? Even if I do give you the correct key, you don't know whether I'm lying or not.

Imagine a safe that opens no matter what combination you pick, but every combination changes the contents of the safe. You try 1,1,1 and you find a baseball. 2,2,2 finds a pile of money. 3,3,3 finds a computer disk. 34,12,18 finds a rock. 4,34.3 finds child porn. Even without the fifth amendment, it is fruitless to ask for the key. It's impossible to know if the person is lying.

Think about this scary thing, though. Let's say you have such a safe. You tell the "true" combination. They find your baseball card collection, which is really what was in there. They accuse you of lying. They keep trying different combinations until they find child porn. They decide the combination that leads to child porn is the "true" combination, even though there is no such thing.

The laws of the physical realm can not reasonably apply to the digital realm. Things are possible in the digital realm that would effectively be magic if they were in the physical realm. Our laws can not accommodate magic. If judges and lawyers fail to understand this technology, it means very bad things for all of us.

Omnutia

And on that note: Break time.

Starfox

This is still apparently a debate. How is plausible deniability holding up these days? The Bruce was equivocal in 2008, but that was 5 years ago.

With the rate technology legislation is going, I don't see this (or anything else for that matter) being resolved satisfactorily in the next... what, 10 years? Rym, how's the Pragma party coming?

ninjarabbi

The funny thing is they might still be better off getting the contempt charge and dealing with that if their case rested on getting to the encrypted data.

lackofcheese

With the rate technology legislation is going, I don't see this (or anything else for that matter) being resolved satisfactorily in the next... what, 10 years? Rym, how's the Pragma party coming?

You gotta work on the Logos before you can have a Pragma party.

Greg

Tech legislation will change once the majority of the electorate understands it. Political science dictates it. Problem is, that's not gonna happen until the baby boomers are an insignificant force -- a long time from now.

Rym

Tech legislation will change once the majority of the electorate understands it.

Hah!