Slashdot Mirror
Encryption? What Encryption?
Police in Britain have announced that two people have successfully been prosecuted under a UK law that forces defendants to give up their encryption keys and penalizes those who don't comply. Another UK woman's case had attracted attention two years ago, when the government demanded she give up her encryption keys after the police found encryption software on her computer, but the police say she was not one of the two defendant's charged. Is there a software solution to this problem — a way that people can encrypt files on their computers, without arousing the suspicion of law enforcement if the computers are seized?
File encryption, if properly implemented, is generally considered mathematically unbreakable. But to prevent suspicion falling on people just for encrypting files in the first place, requires a human solution as well as an engineering one. One way or another, some file encryption software would have to be in widespread use that has these two properties: (1) it's deployed on a large number of people's machines — not just a large absolute number, but a significant proportion of the total population, so that suspicion does not fall on people just for possessing the software — and (2) it should not be possible to tell the difference between machines where the users use the software regularly, and machines where the software has never been run. Then, and only then, would it be possible to use the encryption software on your machine, without anyone who seizes the machine having reason to think that you had ever encrypted anything at all.
(Of course, in a relatively free society, if law enforcement has probable cause to seize your machine in the first place, then they would presumably already have some evidence against you. But this would at least prevent police officers and judges from becoming more suspicious as a result of encryption software being present on your machine.)
Note that this is similar to the kind of problem that is normally solved with steganography, but by my reasoning, I don't think that using stego would actually gain anything in this situation. Whether you're talking about encryption software or stego software, if it's a program that not a lot of people have installed, then just by virtue of having it on your machine, you'll attract suspicion if your machine is seized. On the other hand, suppose you've cleared that hurdle and the software is installed on a lot of people's computers, so that just having installed it is not by itself grounds for suspicion. If it's stego, then you can embed the hidden data inside other images or videos, so that an intruder can't tell whether you've been using the software to hide anything (assuming the stego software is good enough that the intruder can't tell the images have been tampered with). But you could achieve the same thing with straight encryption software: just have every installation of the program create a "storage volume" file, where encrypted files will be stored. As long as a storage volume file with files embedded in it, is indistinguishable from a storage volume file that has never been touched, the presence of the storage volume file won't give you away.
I'm not actually aware of any encryption program that has that property: that for a given machine with the software installed, it's impossible to tell whether the software has ever been used to encrypt data. This is probably because this would normally not be a useful feature of an encryption program. The whole point of making it impossible to tell whether someone has used the program or not, is that people who have used the program would not attract undue attention to themselves as a result. But if the encryption program is only used by one thousandth of one percent of total Internet users anyway, then just the fact that a user has the program installed, would be enough to draw suspicion to the user if their computer is seized, so there's no benefit to concealing the fact that the program has been used. On the other hand, if the encryption program is installed on a significant proportion of users' machines anyway, then simply having the program installed is no longer grounds for suspicion. And that's when it would become a valuable feature for it to be difficult to tell whether the owner of the machine actually uses the encryption program or not.
This may be hard to implement correctly, and there are some tradeoffs that will have to be decided. For example, if the program creates a default "storage volume" file when it's installed, how big should that initial volume be? The problem with creating a small storage file initially and then letting it grow as encrypted files are added, is that this now makes it easy to tell who is using the program and who isn't — anyone whose storage file has grown beyond the default size, is using it to encrypt files (and is therefore a terrorist movie-downloading child pornographer, etc.). In order to avoid suspicion falling on people who use the program, the storage file would have to be the same size on everyone's computer. If you make it 1 GB, that wastes a lot of space on people's machines who aren't using it. On the other hand, if it's only 1 GB, it also means that users will only be able to store up to 1 GB of encrypted data — any more than that, and they'll have to expand the size of the storage file, thus calling attention to themselves if the machine is ever seized. And then, what about the fact that a large file which is created all at once, is normally not fragmented very much, but if the storage file is frequently modified, it is likely to become more and more fragmented — thus giving people a way to tell if the encryption program is being used frequently. (So you'd either have to deliberately create a very fragmented storage file by default on the first install, or create an unfragmented file on first install but then make sure to read and write from the file in a way that doesn't fragment it further.) I don't want to get too bogged down in implementation details. The point is just that you'd have to block all the possible ways that an intruder would be able to tell whether the software is used frequently — forget one thing, and you've given an intruder a way to identify people who are actually using the software to encrypt files.
A program called TrueCrypt achieves something close to this — TrueCrypt allows you to encrypt a storage volume with two different passwords, so that one password provides access to "innocent-looking" data, while the other password provides access to the data that you really want to keep secure. If someone is compelled to give up their password, they could provide only the password that unlocks the "innocent-looking" data — and there's no way, from examining the encrypted file, to tell that there is a second password guarding even-more secret data. (Of course, the "innocent-looking" data can't be truly innocent-looking, because it has to look like the kind of thing that someone would believe you might want to encrypt — so it should look suspicious enough that you would genuinely want to hide it, but not bad enough to get you in real trouble if you're forced to reveal it!) The Achilles heel of this scheme is that just having TrueCrypt on your computer in the first place, would at least signal to an intruder that you're encrypting files. And even if they can't prove that you might have another "super-secret password" guarding more private data on your encrypted volume, they would certainly suspect it, if they already had grounds to be investigating you and if they knew anything about how TrueCrypt works. To provide true plausible deniability of any encryption at all, you need a program that already exists on lots of people's machines, so that an intruder doesn't suspect anything when they find it on your computer.
(The same objection also applies to many other non-solutions to the problem, like using a Linux distro that encrypts your entire file system. Even assuming this would be within the technical means of the average person who wanted to do encryption, it's still going to look suspicious as long as the vast majority of people are not doing it.)
Which leads to the other half of the problem, which is getting the software widely deployed enough that it would not look suspicious for someone to have the program installed in the first place. Best of all for the purpose of avoiding suspicion, of course, would be for the program to come installed by default with a popular operating system. Windows XP and Vista have the built-in ability to encrypt folders, but anyone who seizes the machine can still see that you encrypted a folder, so this don't have the undetectability factor. Built-in deniable encryption of the kind that I'm describing, doesn't instinctively feel like the sort of thing that Microsoft would start bundling with its operating system. (Among other things, they might say that while companies often have business reasons for encrypting files, it's harder to think of a business case where employees would need to encrypt files and hide the fact that they were encrypting anything.)
Perhaps instead it could be bundled with a popular free software program beholden to no for-profit corporate masters. (My first thought was Firefox, but I was quickly told that Firefox was created specifically to strip out many of the features that had caused bloat in the original Mozilla project, and that any bundling of unnecessary tools would go against the whole ethos of the project.) Maybe a good place to include something like this would be the Google Pack — it's installed by lots of people, and currently doesn't have a file-encryption tool in the bundle. Beholden to for-profit corporate masters, yes, but ones that frequently declare "Don't Be Evil" and often seem to do cool stuff just to see what would happen.
Another possibility would be for a next-generation P2P program to bundle this capability with their software. This provides a nice dovetailing of interests — P2P users might want a way to hide the files that they've downloaded, while at the same time, intruders who seize the computer and found the P2P application installed, wouldn't necessarily suspect the owner of anything more than a little copyrighted file trading. "Well, he's got this NiftyP2P program installed, which comes with 'plausibly deniable' encryption, but most people use just NiftyP2P to download mp3 files and movies anyway. And I can't tell if he was actually using the encrypted file storage volume, because that's how 'plausibly deniable' encryption works. Is this the same guy who uploaded those subversive anti-government documents? I dunno."
Anyway, if you actually want to give people a way to run encryption software on their PCs, while ensuring that anyone who seizes their machine cannot tell that any encryption has been going on, these are the hurdles that you'd have to clear. I'm not sure whether this is better viewed as a blueprint for how to achieve this goal, or an argument for why it will probably never happen. There are lots of almost-solutions, like TrueCrypt with its ability to encrypt different sets of data into the same storage volume. But you still can't actually hide the fact that you're doing encryption in the first place.
(If you're willing to store your encryption software away from your computer, you could keep a steganography program on a CD or USB drive hidden in your house, and then whenever you need access to the encrypted data, plug in the program and use it to extract data that has been hidden in a large number of image or video files. That would achieve the goals I've outlined in the article: the ability to encrypt files, while still ensuring that anyone who seizes your computer won't be able to tell that you've encrypted anything. The problem is that it would require enough self-discipline to always return the CD or USB stick to its hiding place when you were done with it — and still, you'd have to hope that whatever authorities seize your computer, don't also search your house and find the CD or USB stick where you keep your stego software.)
Finally, risking the wrath of my civil-libertarian allies, I'll admit it may not actually be a positive thing for every citizen to be able to hide the fact from their local law enforcement that they're encrypting files on their computer. Many times if the police in a mostly-free country like the US or the UK seize a person's computer, they're trying to prevent real harm, and not every person with an encrypted file volume is a good guy. For some of the people who have left enough of an evidence trail that their computers get seized, it would be perfectly rational to view them with suspicion because of an encrypted volume found on their computer. But if you assume it's a worthwhile goal for people to be able to encrypt files without attracting suspicion, my argument is that the prerequisites in this article are necessary for that to work. At the moment it seems a long way off. But if someone created an encryption program with "deniability" — so that it was impossible to tell whether the program had ever been used after it was installed — and someone at Google thought "Hey, that's cool" and added it to the Google Pack, everything would change very suddenly.
http://xkcd.com/538/
It's funny cause it's true.
Sent from your iPad.
A smart crook with stolen state secrets or child porn on their encrypted drives would just tell 'em to fuck off.
5 years in the pen for obstruction of justice ain't shit compared death for treason or being ganged-raped on a daily basis before having to live the rest of your life as a sex-offender.
People will respect you on the inside and the outside because inmates and corporations both don't like snitches.
captcha: harming
-- Ethanol-fueled
If he has comments, he should post them under the story like everyone else. If they are good, they'll be modded up. There's no reason to post two stories on the front page on the same day for the same event. It's still a dupe, even if you acknowledge the previous story.
Give me Classic Slashdot or give me death!
I've often wondered why when you are setting up your user account on a box, and it gets to the part with setting up email, it didn't give you a chance to generate or import public/private keys right there and them upload the public to a server. Particularly on linux boxes, this seems like a completely feasible option.
One might also envision having a secret key storage mechanism, either by local external media or via remote storage where it could go look.
-- Who is the bigger fool? The fool or the fool who follows him? --
What all the talks on crypto seem to forget is that crypto only protects your data when you are not using it.
If they are investigating you to the point where they are going to be seizing your computer they have means of acquiring your password.
They can get a warrant an put a key logger on your system. Optionally they could acquire a warrant to install some sort of surveillance with the intent of either shoulder surfing the password or to simply read the data off the screen.
I find being offended by me offensive.
If it's not going to be a part of the OS itself, make it a part of the browser. Firefox could "reclaim the heart of the people" by adding this as a part of browser security. By default, the browser should encrypt all personal data, such as passwords and even file/URL history. Add a small option as a menu item in Tools/Privacy/Encryption/Personal History and allow you to create as large a file as you want (password protected of course) and use the browser to save to/browse the file.
This tool should also use a form of "hidden volumes" like truecrypt and it should save in the browser history folder, but give you the option to create it anywhere you want.
If 25%-plus of the population has it installed, it becomes much less suspicious.
Hell, if MS put it in IE 8.1 it would possibly even win-over the geek crowd.
put the what in the where?
because when you can't provide them the encryption keys for that random file they'll lock you in jail for 2 years.
Okay, the author makes an interesting statement - unless you have something to hide, why encrypt? IOTW, for those looking at computers, the author argues that encryption is nto widespread enough to have it be looked at without suspicion.
;)
Now - let's turn it around. In my work, we manadate that all laptops and usb keys are encrypted. Always. When we get a laptop (I think my department has around 800 laptops, with mine the only one running Ubuntu.) the hard drive gets encrypted. Any USB key gets encrypted.
I do the same for home. My three desktop PCs (two Ubuntu one Vista) are all encrypted.
Why?
In the case of work, they don't want the possibility of any portable device having personal or otherwise comprimising data being stolen. (See: http://www.washingtonpost.com/wp-dyn/content/article/2006/09/21/AR2006092101602.html or http://blog.internetnews.com/agoldman/2009/04/lost-laptop-okdhs.html for examples.)
In the case of my house, I don't want the possibility of my home PC being run off with my last years tax statements in plain view. (Actually I have those on a separate hard drive, but you get the idea.)
Now - for downloading pr0n, one should simply do what comes naturally and use a neighbors open unprotected wifi connection...
The Kai's Semi-Updated Website Thingy
gWVg+xEojKXMDhE2m4cdSEMYkx1KkL6oTIGqxVFksjxhY6h4aELohkJDrFX+P6ESb/Qmhpjw6ySB
mg6nGIbrWVlQpCSTSaePyU8hCACOiAUQQ7HsV6S5dS9JKiklzPzXpLl1L0kqKSXM/NxpWKAVvARQ
t4DSEpQHz7zVuolJ/gBYUEHwIUUoSymmUFCAIg1H1GFWRL5GEMIP0klImAAdywQgAg3RhAkgsLCC
QcNpCdksSV0tgMgg/6qTIdQIMVDJBEGCdyBAQJ0zbBIOyQ1JAYQGQRogyxsoDGEEIhAkgmJqGoKg
iKTNVL+mmhAQIa7IQkA4VKCUwBWVVAQ+NAgExIGovYL0oETDQKoIRMVQHyacMEh+ilDACHYWxQEJ
First rule of crypto: you do not talk about crypto.
I don't understand the point of having "popular" software the natively supports having 2 keys. One that reveals "safe" data and one that reveals your "secret" encrypted data. If the software becomes popular so too will the knowledge that it supports multiple keys.
You: Okay police officer here is my encryption key.
Police officer: What a nice porn collection... I notice that you're using TrueCrypt, now give us your "other" key
You: Uhh what other key? I don't know what you're talking about.
That whole plausible deniability thing kind of falls off the table w/ truecrypt if it's common knowledge that it contains multiple keys.
Which would work nicely if TrueCrypt didn't make a point of advertising that it could be used for this sort of thing. All it takes is one person to bother looking that up and then it's "right, what are you really hiding?"
The main difference would be that they can't actually prove that you have a second key, so it's a lot harder to convict you for refusing to give it.
The people mentioned in the original article were convicted because they refused to give their main encryption key. Since it was easily provable that they had encryption on their machines, it was enough to get them convicted.
It really depends what you're trying to protect yourself from: TrueCrypt or a similar solution may be enough to keep you from getting convicted in a trial, but it probably won't offer much protection from organizations willing to use torture, blackmail, etc. In a trial you need evidence, in the other case suspicion will do.
PageTurner Reader: open-source e-reader for Android with cloudsync. http://pageturner-reader.org
I provided a solution that doesn't have that problem in the first place.
No, you didn't because you are misunderstanding the problem. The problem isn't going to jail or being pressured to give up your encryption password. The problem is being harassed and having your privacy invaded simply because you have a program installed on your computer. If I'm going through customs and get harassed and annoyed because I have TrueCrypt installed, that is still a major problem even if I can provide access to an innocent volumn.
Ideally, the solution would offer both forms of deniability. A) Not having an unusual encryption utility installed and B) Being capable of offering an innocent volumn if pressed for a password anyway. You need A to avoid casual detection and the harassment that stems from it. You need B because a forensic analysis of the disk can still determine that there are encrypted volumns present.
If you did it right, they will spend hundreds of years TRYING (and failing) to crack your encryption. And thats why they won't try.
If you find a typo, you may keep it.
Plausible deniability was always weak, and assumed you were dealing with law enforcement in a free country. If the new standard is guilty until proven innocent, we are all fucked. If you are under suspicion they will jail you until you produce the evidence to put you in jail. Evidence that you have visited Slashdot is enough to show that you have knowledge of cryptography and stenography, and therefore could be hiding something. The only way to prove your innocence is to die under horrendous torture without confessing...and even then it probably just proves you were well trained in Afghanistan to resist torture.
Oddly enough, when the police come to sieze your computer, they sometimes search your house and person for other computer-related stuff, including memory sticks. Weird, huh?
I guess it's possible to hide a memory stick really well, but that sounds impractical for a computer you'd use every day, and if the police show up while the computer is being used (which they'd make an effort to do if this sort of thing became a problem) you'd still be screwed. Plus, they'd just start jailing anyone with random-seeming data on their hard drive until an encryptio key was provided (and anyone who atually had random data, like a securely erased drive, could just rot in prison).
Really, it's just a small step from here to "you go to jail until you confess to whatever crimes we accuse you of". This is not a problem with a technological solution!
Socialism: a lie told by totalitarians and believed by fools.
If TrueCrypt is illegal, you're stil screwed. But really, this is just a witch hunt, so no rational solution will help.
Police: You've been accused of child pron/disliking the government - provide your encryption key so we can get the evidence.
You: OK, here's my key.
Police: OK, that was *a* key, but you can just stay in jail until you produce a key that gives us the evidence we're looking for.
Once the police can just decide you're guilty and jail/torture you until you confess, software is not going to help you.
Socialism: a lie told by totalitarians and believed by fools.
The true thrust of his article is that just having TrueCrypt (or any other advanced encryption tool) installed on your machine is enough to pique the interest of law enforcement.
Not if you have a good enough reason to have it installed. My wife uses her laptop for medical dictation, so I installed TrueCrypt with a boot password so that no one can access patient information if her computer gets stolen. There are enough stories about things like that happening that just about anyone can justify having TrueCrypt installed:
"I keep my Quicken files on there."
"I don't want someone getting my online banking passwords."
"I don't want none of that identity theft!"
Dewey, what part of this looks like authorities should be involved?
is the same scenario described by the editorial's opening paragraph here:
I don't disagree that there are more general problems to consider when implementing any sort of encryption solution. The concern you raise about customs agents is quite valid, particularly since they increasingly seem to resemble thugs and have recently been known to copy data from laptops and other devices. It wouldn't surprise me in the least if they viewed encryption not as a privacy protection, but as an obstacle to their surveillence. A thoughtful person who travels outside of his or her country would certainly take that into account when thinking of which encryption system to use. You are, however, the first person in this entire discussion to mention customs. For that reason, the solution I proposed was aimed at the scenario that was described in the summary/editorial.
The UK law mentioned dictates that you must surrender your encryption keys/passwords to the authorities whenever they lawfully ask you to do so. That's a notably different scenario from "customs might give you a hard time." The program I mentioned, Rubberhose, is specifically designed for cases where you might be coerced to give up encryption keys/passwords, like what the author of this editorial specifically mentioned. It was designed both for laws like this one, and also for less-than-legal scenarios where some thugs might try to beat it out of you (hence the name "rubberhose" since apparently that's a favored way to inflict pain during violent interrogations as it is rumored to leave minimal welts/marks on the body).
My point for you is that if you are going to say "uh, no" and proceed to correct me, please have a more solid basis for so doing. I think that's a reasonable thing to ask. I don't mind being wrong because if you really do find I've made an error then you're doing me a favor, it's just the jumping to that conclusion that I dislike. Otherwise, I appreciate that you gave me a real (and tactful) answer as to why you disagreed with my proposal. The author of the condescending response has so far not bothered to do so, though I guess i's not a surprise if actual discourse was not his goal.
It is a miracle that curiosity survives formal education. - Einstein
Maybe this is a new business opportunity for the Pirate Bay. In addition to the private VPN service, you could also get remote anonymous encrypted storage. If you only access the storage through the VPN, it could make it pretty difficult to track.
This also sounds like an opportunity for the NSA and the Russian Mafia.
For anyone, really, who has a clue to what use might be made of front organizations like Pirate Bay and billions of dollars to invest in traffic analysis and crypto.
I'm not saying that Rubberhose and TrueCrypt don't help the situation. However, the author brings up TrueCrypt and its ability to hide an incriminating volume behind a relatively innocent one (which seems to be the same functionality that is offered by Rubberhose) and finds them lacking for the problem he is trying (albeit rather poorly) to describe.
From the Article...
The Achilles heel of this scheme is that just having TrueCrypt on your computer in the first place, would at least signal to an intruder that you're encrypting files. And even if they can't prove that you might have another "super-secret password" guarding more private data on your encrypted volume, they would certainly suspect it, if they already had grounds to be investigating you and if they knew anything about how TrueCrypt works. To provide true plausible deniability of any encryption at all, you need a program that already exists on lots of people's machines, so that an intruder doesn't suspect anything when they find it on your computer.
This is the paragraph that I am addressing when I say that Rubberhose and programs like it don't solve the problem that the author is proposing. What if I install TrueCrypt and never get around to setting it up and an over-zealous investigator is threatening jail time if I don't hand over the non-existent password? What if I set it up and don't use it for months or years and forget the password? The fact that having an encryption utility installed is enough to land you in prison is the real problem. Better never to have the police ask for the password in the first place. That means making encryption software common enough to not rouse suspicion or portable enough to leave no traces (other than the encrypted volume) behind after it's done.
If someone has searched your computer such that they've closely examined all of the software you have installed, then you've *already* been harassed and had your privacy invaded.
Aside from that, customs is one of the few places where I can see it as reasonable to require access to encrypted information. It's no different than having a locked container in your luggage and not allowing any agent to see the contents. Don't expect to just say "trust me," and walk away.
https://www.eff.org/https-everywhere
This is a reasonable possibility, though it lacks the sought-for plausible deniability of there being any encrypted data in the first place. After all, it would be pretty difficult to believe that a person suddenly can't recall their login credentials that they have been using every day, wouldn't it? Your suggestion would make for good practice and security for the everyday user, and provides protection from those with general malintent, but it does not afford the kind of protection from being forced to reveal encryption keys that is necessary in the face of kinds of laws in question.
And I think God should torture everyone without a Bible...
He already does. And you folks are that tourture.