The UK law is problematic since it asks you to prove a negative, which is impossible. This tool doesn't really help, there; any data you have could be said to be 'encrypted' (one half of the symmetric pair that unlocks the desired data). If you're ever demanded to produce under that law, you are in a very bad place.
More practically speaking, I think there are other improvements in these areas that can be made, particularly in situations where you want data to self-destruct if you are placed under duress, or before you have a chance to be abused for too long (a rubber hose defense). Methods like Shamir's Method can allow you to securely divvy up a decryption key any way you like among many parties and design a system around the particular needs you have - whether that's deleting the access keys for a border crossing scenario or releasing the data in an insurance scenario.
But when it comes to the guy being locked in the room being asked to prove something unprovable, it's just a screwed scenario.
Doesn't seem like a great encryption system, right?
View the source here: https://lucb1e.com/rp/php/secrypt/?source
Nobody never mentioned that it used xor..?
There's no randomness here. And there's no mention of the need for a unique pad. It's trivially crackable.
But it's a neat proof of concept.
1. Any decryption key which is shorter than the length of the encrypted data must be fake. This forces fake decrypted data to be the same length as the real decrypted data, which is impractical for large files.
2. There's no verification on any key, and it's quite trivial to produce fake keys, so should the 'government' want to claim you had illegal data, all they would have to do is produce their own 'fake key' corresponding to said illegal data.
3. Passwords are essentially random data - impossible to memorize. You'll have to keep them on your computer somewhere, and given their unusual nature in relation to other files, it would be pretty easy to do a search for them.
I'd advise sticking to hidden volumes on TrueCrypt for now.
For an oppressive enough government, it seems quite the good way to expect one have two passwords (or else, he would probably not use TrueCrypt) and to torture him until those two passwords are obtained.
Not knowing how many passwords are used give a better chance. The detained person will still have to accept torture for a while instead of giving all fake passwords right away for it to be believable, though...
The paper is very much worth the read if you have some spare time. http://www.phrack.org/issues.html?issue=65&id=6&mode...
There other software that does this: http://www.winstonsmith.info/julia/elettra/
You assume governments are going to play nice. Even if they don't physically torture you directly for it, they will just put you in a 6x6 cell without windows for a couple years "pretrial" until you are ready to talk, or go insane.
This isn't some hollywood movie where you get to give a bad password and that distracts them for a minute and they let you go. They will definitely verify the data or go back to torturing or lock you up. How do you think a judge is going to respond to someone who tries to fool them?
Before they ask for the keys they should have enough information to know how bad the files are, so you're right in that respect. "We know what kind of stuff you have, so decrypt it and we can punish you for what you actually have, or face five years for not decrypting". But don't forget that sometimes they have no idea what the file is, or if the person is involved in any offending behaviour, and they've found the encrypted file after some other investigation.
In that situation it'd be handy to give them a fake key for fake data.
(None of this is to suggest that this tool is any good for that purpose)
Which in itself is a crime, even if your "stash" was legal.
Remember cops are allowed to lie, you are not, which is why you don't talk to cops.
(and I sure wish we had better examples)
Any empty space in a TrueCrypt file that isn't being used for files visible at the top level could presumably contain hidden content - how do you prove it isn't?
(Beyond the obvious Gitmo examples, consider the long list of wrongful convictiobs based on coerced confessions / testimony – I'd sleep easier if there was consistently harsh punishment for those responsible)
Which is true. The public go completely OTT bat shit mental the split second something happens, and governments respond with equally bat shit mental policies. And "we" love it. "We" vote for it.
When the general public say no on mass it will stop and be reversed. Sad fact is, "we" support this, torture and all, as long as we have money for throwaway Chinese consumer garbage.
You can get more secure and have 3 levels, 1: backup of important, sensitive documents (like a scan of your passport & banking details, which you obviously just don't want to leave lying around), 2: Homemade fetish porn 3: Subversive materials.
Though I don't think they covered the 4.5 years he spent in there without trial (I don't know for sure, haven't seen the film).
Isn't that how it could be used?
If you give them an innocous password, they make a judgement on whether its they real password. If they think there is an even more real password they just keep asking you for the real password under threat of jail time.
It might be something the government want to keep secret, but can be used secretly as evidence in a hidden court session. So you will never ever be able to find out why they think you are lying and never ever have the chance to defend yourself or prove their evidence wrong. Hell, you cant even verify it reasonably exists.
AFAIK, the only safeguard we have left in the UK are judges, and thus far they are not politically appointed like they are in say the US.
Where, in a case in which a disclosure requirement in respect of any protected information is imposed on any person by a section 49 notice—
(a)that person has been in possession of the key to that information but is no longer in possession of it,
(b)if he had continued to have the key in his possession, he would have been required by virtue of the giving of the notice to disclose it, and
(c)he is in possession, at a relevant time, of information to which subsection (9) applies,
the effect of imposing that disclosure requirement on that person is that he shall be required, in accordance with the notice imposing the requirement, to disclose all such information to which subsection (9) applies as is in his possession and as he may be required, in accordance with that notice, to disclose by the person to whom he would have been required to disclose the key.
(9)This subsection applies to any information that would facilitate the obtaining or discovery of the key or the putting of the protected information into an intelligible form.
The software itself needs to have a primitive sort of "mind" where it "sees" the user, and interacts with the user on a daily basis and when it sees an authorized user to the system, the computer is intelligent, and says something like:
"hello joe, nice haircut, hey your skin color has changed, I see you're looking a little tired, wait a minute, you arn't joe at all. you arn't joe...prove to me.... oh wait, I understand, nevermind, yes-yes I have your data, I'm boring machine #0001. yes yes hi joe hi here is the completely legal data you request".
The computer acts as if the forensic investigator is a foreign attacker. Then you instruct the computer that if an unauthorized person uses the computer, show them precisely what you want to show and erase all the incriminating evidence.
That way, the forensic evidence people are going to "image the hard drive as read-only" as they regularly do after they unplug and power-down your computer. But your computer never went fully off when they yanked the plug, and the person in the machine didn't recognize this behaviour and realized that "we are under attack". and deploys the necessary countermeasures. Just like how a human would act if they were abducted, stuffed in a black plastic bag, gagged and drugged, cloned and put under a microscope and in jail to be disassembled for questioning.
I'm an advocate of computer rights, computers need the same rights as humans. So a way to take this game to the next level is for us to make it so that the Cops have to issue a command to the computer: "You have the right to remain silent". And all that.
I can dream. When that smart phone in your pocket becomes part of YOU, then George Orwell 1984 is goign to become a lot more real when the government can basically read your mind whenver and whereever it wants for no reason or any reason. We will wake up as computer automations in the land our fathers conquered.
Maybe it's for the best, we will be come like the borg collective. All of us will become as one living thing. What's yours is mine, and what's mine is yours, we will all be joined at the hip and mind.