
UK asked N.Y. Times to destroy Snowden material - primroot
http://www.reuters.com/article/2013/08/30/us-usa-security-snowden-nytimes-idUSBRE97T0RC20130830
======
teamgb
It's all very confusing so no point rushing to any conclusions.

The Register writes:

 _" the government says that Miranda was actually carrying a piece of paper
with a decryption password written on it. This allowed the police to read at
least some of the files he was carrying."_ [1]

While Greenwald just tweeted:

 _" Anyone claiming that David Miranda was carrying a password that allowed
access to documents is lying. UK itself says they can't access them."_[2]

[1]
[http://www.theregister.co.uk/2013/08/30/snowden_journos_boyf...](http://www.theregister.co.uk/2013/08/30/snowden_journos_boyfriend_had_crypto_key_for_thumbdrive_files_written_down_cops/)

[2]
[https://twitter.com/ggreenwald/status/373451644794449922](https://twitter.com/ggreenwald/status/373451644794449922)

~~~
panarky
It's very possible that both statements are true.

1) We know that the UK can imprison people who refuse to disclose encryption
keys.

[http://en.wikipedia.org/wiki/Key_disclosure_law#United_Kingd...](http://en.wikipedia.org/wiki/Key_disclosure_law#United_Kingdom)

2) Miranda could have been carrying a valid password written on a piece of
paper so he would not be jailed simply for failing to remember a complex
password.

3) That password might decrypt one or more TrueCrypt containers, with 20GB of
unimportant decoy documents.

4) In addition to the 20GB of decoy documents, the TrueCrypt containers could
contain hidden volumes for plausible deniability, encrypted with different
keys that Miranda did not know.

[http://www.truecrypt.org/docs/hidden-
volume](http://www.truecrypt.org/docs/hidden-volume)

[http://www.truecrypt.org/docs/plausible-
deniability](http://www.truecrypt.org/docs/plausible-deniability)

5) If the UK authorities didn't discover the hidden volumes until after
Miranda had been released, they're left with a bunch of decoys and 40GB they
can't decrypt.

------
venomsnake
That makes no sense. If you can decrypt 20 gigabytes of a TC volume you can
access the other 40 too.

There are few explanations

1\. The 20 gigabytes in question were not encrypted (which coincidentally is
the size of a windows installation)

2\. The 75 files were temp files

3\. They managed to open 60 gig container but could not access the hidden
volume

The third option makes sense with the decryping passphrase being in possession
of Miranda - the first 20 GB are a warning.

~~~
freehunter
Possibly there are two TrueCrypt volumes, one of which was accessed and one of
which was not (yet).

Or... can you encrypt another volume inside of a TrueCrypt-encrypted volume?

~~~
venomsnake
Yes you can - but you need the outer volume to have fat style file system
where the OS won't write randomly (not sure which of the *nix ones is suitable
for that) at the higher addresses. You basically say - from this address on is
a hidden volume and there is new volume header with new master key that needs
to be mounted separately.

------
late2part
Reading the report at its face, it doesn't say the encrypted data was
obtained.

It says:

1\. Goode said the hard drive contained around 60 gigabytes of data

2\. "of which only 20 have been accessed to date."

3\. She said that she had been advised that the hard drive contains
"approximately 58,000 UK documents which are highly classified in nature, to
the highest level."

4\. Goode said the process to decode the material was complex and that "so far
only 75 documents have been reconstructed since the property was initially
received."

Let's assume (as a possibility) that:

1\. It's a 60GB hard drive 2\. It has a 40GB Truecrypt partition 3\. There are
deleted files on the 20GB partition that were not securely erased

This theory does not explain everything, but might it be plausible?

~~~
sounds
Yes, absolutely.

    
    
      Goode said "renders the material extremely difficult to access."
    

That's government-speak for "resort to brute force." The ability to break RSA
would do the government more damage than it would do Miranda. If they have
broken RSA they aren't admitting it.

Perhaps Miranda needed to transfer some of his sensitive data to a machine he
couldn't supply the password to. (Maybe he thought the machine might be unsafe
or keylogged etc.) Or maybe the 20 GB partition was his "plausible
deniability" partition and he surrendered that key to avoid getting arrested.

After moving the files to his unencrypted partition, he could access them on
any machine by simply plugging in the hard drive. He should have securely
erased the data after he was done, yes, but that can be difficult when
traveling.

This can be seen as an interesting commentary on the legitimate usability
problems with using crypto, even though the crypto itself is doing its job
just fine.

~~~
nextstep
TrueCrypt doesn't use RSA or any asymmetric cryptography.

------
primroot
"In her witness statement submitted to the British court on Friday, Detective
Superintendent Caroline Goode, who said she was in charge of Scotland Yard's
Snowden-related investigation, said that among materials officials had seized
from Miranda while detaining him was an "external hard drive" containing data
encrypted by a system called "True Crypt," which Goode said "renders the
material extremely difficult to access."

Goode said the hard drive contained around 60 gigabytes of data, "of which
only 20 have been accessed to date." She said that she had been advised that
the hard drive contains "approximately 58,000 UK documents which are highly
classified in nature, to the highest level."

Isn't this supposed to be very unlikely to happen when using TrueCrypt? Can
someone explain what could have gone wrong in the process of storing this
data?

~~~
superuser2
See also: [http://www.jsonline.com/news/crime/west-allis-man-
indicted-o...](http://www.jsonline.com/news/crime/west-allis-man-indicted-on-
federal-child-porn-charges-b9984158z1-221218841.html)

It would appear that governments are able to somewhat efficiently bruteforce
TrueCrypt volumes and access a little bit of data at a time. I couldn't get
anyone interested in this article, but I would also like to know what's going
on here. If a TrueCrypt volume can be broken for a small-time case of a child
porn possession, that would seem to have dramatic ramifications for the
security of pretty much everything in the world.

Unless RSA is still solid and it's just TrueCrypt.

Can any crypto experts comment?

~~~
rwmj
They said on the news that he had the password written down on a piece of
paper (which was also seized / found during the search). I don't think there's
any mystery here.

~~~
pbhjpbhj
That sounds like a line they'd use to try and cover up the abilities of GCHQ
(or whoever) to access such filesystems. If they had the password then what
prevented them from accessing the whole volume?

------
ecaron
A big thank-you to the HN mods for not rewriting this posts headline to match
the article's. Although "UK asked N.Y. Times to destroy Snowden material"
matches the main focus of the article, the part involve TrueCrypt is what
makes it applicable to the HN audience.

So a big round of applause for not clobbering this article's rewritten
headline - you're all called out far too often for doing negative work and
deserve acknowledgement for doing good;-)

------
smegel
Snowden must have really hit the jackpot.

It will be interesting to see what else comes out.

------
devx
I'm disappointed in how Greenwald planned the whole thing. Did he really not
expect this to happen - especially in UK? Why didn't he have Miranda delete
the files as soon as he gave them to Laura Poitras or whatever he did with
them in Germany.

Now, whatever Greenwald wants to release next needs to be done fast, before
the governments prepare well crafted rebuttals to whatever he's releasing,
because they'll know what he'll release next.

~~~
alasdair_
What I don't understand is why anyone would bother physically transporting
such files at all. Why not just encrypt them, upload them to a server and have
Poitras download them?

Put them on a tor hidden server if there is concern about someone finding the
box directly, and bring the box down once the download is complete.

~~~
kawera
_What I don 't understand is why anyone would bother physically transporting
such files at all._

Even if they had a reason to physically transport then, what I don't
understand is why he flew through London since there are several daily non-
stop flights between Frankfurt and Rio.

~~~
glomph
Is it possible they just wanted even more news exposure?

