[cryptography] OTR and deniability
Ian G
iang at iang.org
Mon Jul 18 16:48:37 PDT 2011
Back in the 1980s, a little thing called public key cryptography gave
birth to a metaphor called the "digital signature" which some smart
cryptographers thought to be a technological analogue of the human
manuscript act of signing.
It wasn't, but this didn't stop the world spending vast sums to experiment
with it. They still are, in Europe. Oh well, that would have been OK as
long as it didn't hurt anyone.
But it gets worse. Those same cryptographic dreamers theorised that
because their mathematics was so damn elegant, the maths couldn't lie. So,
they could promote a "non-repudiable signature" as a technological advance
over ink & quill. The maths was undeniable, right? Although these days we
know better, that "non-repudiation" is a crock, we still have people
running around promoting it, and old text books suggesting it as an
important cryptographic feature.
Repudiation is a legal right, it's a valuable option within dispute
resolution, not a mathematical variable to solve out of the equation.
You can't mathematise away legal rights, any more than you can democratise
poverty away in the middle east, nor militarise pleasure away in a random
war on drugs.
OTR makes the same error. It takes a very interesting mathematical
property, and extend it into the hard human world, as if the words carry
the same meaning. Perhaps, once upon a time, in some TV court room drama,
someone got away with lying about a document? From this, OTR suggests that
mathematics can help you deny a transcript? It can't. It can certainly
muddy the waters, it can certainly give you enough rope to hang yourself,
but what it can't do is give some veneer of "it didn't happen." Not in
court, not in the hard world of humans.
I am reminded of a film _A few good men_ which is somewhat apropos of
those two young kids wasting away in some afghan shithole that passes for
military justice. It's that well known scene where Cruise traps Nickolson
in to undenying his repudiation:
Kaffee: *Did you order the Code Red* ?
Col. Jessep: *Youre Goddamn right I did* !
http://www.imdb.com/title/tt0104257/quotes
That's repudiation, real life version. And that's what happens to it, as
summed up by Kafee afterwards: "the witness has rights..." Mathematics has
no place there, as is shown by all the other muddy evidence in the case.
On 16/07/11 6:52 AM, Meredith L. Patterson wrote:
> On Fri, Jul 15, 2011 at 6:45 PM, Marsh Ray <marsh at extendedsubset.com
> <mailto:marsh at extendedsubset.com>> wrote:
>
> On 07/14/2011 01:59 PM, Steven Bellovin wrote:
>
> Put another way, the goal in a trial is not a mathematical proof,
> it's proof to a certain standard of evidence, based on many
> different
> pieces of data. Life isn't a cryptographic protocol.
>
>
> The interesting thing in this case though is that the person
> providing the plaintext log file is:
>
> a) a convicted felon
> b) working for the investigators/prosecutors (since before the
> purported log file's creation?)
> c) himself skilled in hacking
>
>
> Those bullet points are far more likely to be brought up at trial than
> any of the security properties of OTR. Defense counsel has to weigh the
> benefits of presenting evidence -- will it get some point across, or
> will it be lost on the judge/jury?
>
> I submit that a military judge or a panel of commissioned officers (and
> maybe some enlisted personnel) is unlikely to appreciate the finer
> mathematical points, and more likely to fall back on "but there are
> these logs, right there, and the feds say they're authentic." The
> defense has plenty of Lamo's own documented actions to use to undermine
> his credibility.
>
> There's much to be said for "baffle them with bullshit" (not that
> there's necessarily any bullshit even involved), but a jury that doesn't
> understand an argument is likely to dismiss it as bullshit.
>
> Best,
> --mlp
>
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list