[IP] more on Can you be compelled to give a password?

[Ed Gerck]

List,

the Subject says it all. This might be of interest
here, for comments.

--------------------
The answer is definitely NO even for the naive user,
just requiring the tech-savvy for set up. Several
examples are possible.

John Smith can set two passwords, one for normal use
and the other when in distress. The distress password
may simply announce that the data is expired or, more
creatively, also make the data unreadable.

John Smith can also set two passwords, one of them
unknown to him but known to a third-party (that
John S does not have to trust) that is subject to
a different jurisdiction /or rules /or is in another
place. John Smith may comply with any demand to
disclose his password but such a demand may not be
effective for the third-party.

John Smith can have the data, encrypted with a key
controlled by his password, sitting on some Internet
server somewhere. John S never carries the data
and anyone finding the data does not know to whom it
belongs to.

John Smith can also use keys with short expiration
dates in order to circumvent by delay tactics any
demand to reveal their passwords, during which time
the password expires.

Of course, this is not really a safe heaven for
criminals because criminal activity is often detected
and evidenced by its "outside" effects, including
tracing.

Cheers,
Ed Gerck

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com