Re: LITTLE BROTHER INSIDE
C'punks,
On Tue, 26 Jul 1994, Jim choate wrote:
. . . This would of course assume that the police were silly enough to use the disk and such from your machine in your machine. From my experience w/ Mentor and Erik Blookaxe during Operation Sun Devil this is not very realistic....Also it would only work once. Thereafter they would either examine the equipment in a Farady Cage or else start doing pager rental scans prior to seizure.
Why not just use an encrypted partition. I guess then it is a problem of not being persuaded to reveal the key. What laws/rights does the user have as to revealing the key ? And if the user says "I forget" what would be likely response ? How many users would hold tight, from cases I have heard they usually give in when the stakes are raised.
I'm not so sure. Operation Sun Devil was a more sophisticated operation than the average cops run. Cops, for the most part, are incredibly lazy and stupid. I think you could count on lots of them not doing it right.
A while back a local BBS system was investigated, it was amazing to find that the police had little knowledge of the software (MSDOS and OS/2 - Remote Acess RA and Front Door) and hardware being used. Apparently the sysop had the system setup so that he could quickly delete the drives FAT and do random zeroing of the drives. Although it wasn't performed as they weren't even familar with hidden (attrib) directories or using non-printable dir names. Essentially they relied on information from the sysop to carry out the investigation. -- +---------------------+--------------------------------------------------+ | ____ ___ | Justin Lister ruf@cs.uow.edu.au | | | \\ /\ __\ | Center for Computer Security Research | | | |) / \_/ / |_ | Dept. Computer Science voice: 61-42-835-114 | | | _ \\ /| _/ | University of Wollongong fax: 61-42-214-329 | | |_/ \/ \_/ |_| (tm) | Computer Security a utopian dream... | | | LiNuX - the only justification for using iNTeL | +---------------------+--------------------------------------------------+
Why not just use an encrypted partition. I guess then it is a problem of not being persuaded to reveal the key. What laws/rights does the user have as to revealing the key ? If the court order you to produce something, you have to or be in comptempt. The court will not order you to testify against yourself. The court can make you show up with the electronic storage that holds your keys, for example, because this is a physical device. So the issue hinges upon the question of whether uttering a passphrase which makes the device usable counts as giving testimony. Is explaining how something works (aka giving a passphrase) testimony? Quite possibly not. The explanation or passphrase is not incriminating by itself; it says nothing and claims nothing. One solution to this is to give the passphrase (or other access information) to someone who won't give it back to you if you are under duress, investigation, court order, etc. One would desire that this entity be in a jurisdiction other than where an investigation might happen. Eric
C'punks, On Tue, 26 Jul 1994, Eric Hughes wrote:
. . . One solution to this is to give the passphrase (or other access information) to someone who won't give it back to you if you are under duress, investigation, court order, etc. One would desire that this entity be in a jurisdiction other than where an investigation might happen.
And one way to do this that fits in with my original post is via a pager-delivered instruction. Prior to seizure/theft, you would make an arrangement with an offshore "escrow agent." After seizure you would send your computer the instruction that says, "encrypt my disk with the escrow agents public key." After that, only the escrow agent could decrypt your disk. Of course, the escrow agent would only do that when conditions you had stipulated were in effect. S a n d y
Prior to seizure/theft, you would make an arrangement with an offshore "escrow agent." After seizure you would send your computer the instruction that says, "encrypt my disk with the escrow agents public key." You don't even need public key. Just place a secret key in the hands of your if-duress-no-release agent and put the same key in the right place in nonvolatile, but erasable, storage inside the computer. In a standard PC, there's room for this in the battery-backed configuration RAM, which has lots of extra space on many newer models. The use of public key would still require that a session key for a (fast) symmetric cipher be generated and then destroyed, so you're not that much better off. The advantage is that you don't have to destroy the public key. Since destruction is pretty easy for information, I don't consider it much of an advantage. And, lastly, if you were to use public key, you'd want the agent to generate a key pair for your use only. This avoids linkage with other information. Eric
On Tue, 26 Jul 1994, Eric Hughes wrote:
Is explaining how something works (aka giving a passphrase) testimony? Quite possibly not. The explanation or passphrase is not incriminating by itself; it says nothing and claims nothing.
What if the passphrase was something like "I do not pay income taxes"? (half-joking, half-serious) ____ Robert A. Hayden <=> hayden@vorlon.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> I do not necessarily speak for the \/ Finger for PGP Public Key <=> City of Mankato or anyone else, dammit -=-=-=-=-=-=-=- (GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++ j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++**
On Tue, 26 Jul 1994, Robert A. Hayden wrote:
Is explaining how something works (aka giving a passphrase) testimony? Quite possibly not. The explanation or passphrase is not incriminating by itself; it says nothing and claims nothing.
What if the passphrase was something like "I do not pay income taxes"? (half-joking, half-serious)
Apparently the only way you would not get contempt of court is if it were against the law for you to be in possetion of the password say for example a friend of yours works for NASA and happens to give you the password. you store drug shipment info/kiddy porn (whatever) and they want it (what they want to do with it after the investigation is beside the point) the phrase isn't incriminating, it could be "The judge is a bed-wetter" what we NEED is a 2 passphrase program, 1 password decrypts your infor for you, the other formats your hard drive or prinst out a fake diary or something. the best defense is to say you forgot it, it was some program you didn't want your children editing at the time, then again whats a year in jail for contempt of court compared to 20-30 (or whatever) years for child pornography -- Finger yusuf921@raven.csrv.uidaho.edu for PGP public key 2.6ui "When I was crossing the border into Canada, they asked if I had any firearms with me. I said, `Well, what do you need?'" -- Steven Wright
What if the passphrase was something like "I do not pay income taxes"? (half-joking, half-serious) Since this comes up frequently, I'll comment. When, under oath, you utter the words "I do not pay income taxes", you are less abbreviatedly say "I testify under oath that I do not pay income taxes". When, under oath, you tell the judge that the passphrase is "I do not pay income taxes", the less abbreviated version is "I testify under oath that the passphrase is 'I do not pay income taxes'." The second statement is not testimony that you do not pay income taxes. This distinction between the performative and the descriptive was used by one of the video game companies to try to prevent compatible cartridges from being manufactured. Part of the protocol required that the cartridge send back the string "(c) Slimy Video Games, Inc.". The company then argued an unfair trade practice, claiming that a compatible cartridge written by another party was asserting a false designation of origin. In fact, the sending of the string as part of the protocol is a merely syntactic use of these characters for purposes of interoperation. In the same way that the meaning of a passphrase is immaterial as a passphrase, so the transmission of the (c) copyright sign is not a claim of copyright nor a designation of origin. Eric
C'punks, On Tue, 26 Jul 1994, Eric Hughes wrote:
. . . When, under oath, you tell the judge that the passphrase is "I do not pay income taxes", the less abbreviated version is "I testify under oath that the passphrase is 'I do not pay income taxes'."
The second statement is not testimony that you do not pay income taxes.
Just to play Devil's Advocate, here is another twist to this "passphrase as self-incrimination" thread. Let us say you have, in fact, committed a more serious offense about which the government knows nothing. If your passphrase not only admitted the crime, but gave information which could lead to corroboration of the admission, you could arguably withhold the passphrase. As an example, your passphrase could be: I shot a cop in the back and buried his body under the porch at 123 Main St., anywhere USA. The gun is wrapped in an oily cloth in my mother's attic. "I decline to answer on the grounds that my passphrase is a statement which may tend to incriminate me. I will only give my passphrase if I am given immunity from prosecution for the actions to which it alludes." Too cute, I know, but who knows, it might work. S a n d y
Let us say you have, in fact, committed a more serious offense about which the government knows nothing. If your passphrase not only admitted the crime, but gave information which could lead to corroboration of the admission, [...] Well, I'd call that situation stupidity rather than cleverness. Eric
participants (5)
-
hughes@ah.com -
Justin Lister -
Robert A. Hayden -
Sandy Sandfort -
Yarkumila