Hushmail in U.S. v. Tyler Stumbo
Leichter, Jerry
leichter_jerrold at emc.com
Mon Nov 5 14:09:08 EST 2007
In previous cases of the government somehow magically gaining access to
"securely encrypted" data, it eventually turned out that the government
had compromised the target's machine and installed a key logger, or some
other piece of software to record the relevant secret information. So
far, I've seen no information ruling this kind of thing out. It's in
the government's interest to keep its methodology as secret and
mysterious as it can.
A common mistake is looking at PGP or Hushmail or some other kind of
secure mail system and saying "only I can read my my mail. Not even
close to true: Unless you're doing all your decryption with a pencil
and a piece of paper, it's your *computer* that can read your mail.
And today's computers simply cannot be treated as trusted.
None of which argues against alternative possible scenarios, such as
the "turned" correspondent at the other end of the mail interchange.
The fact is, we just don't know how this information was obtained.
We *may* learn more as the result of discovery leading up to trial.
It's generally difficult for the government to keep out of the record
the methods they use to obtain evidence, as doing so will tend to
taint the evidence and make it inadmissible. I'm sure there are
plenty of lawyers looking closely at how to struture things to keep
as many details hidden as possible, however. The fact that information
came from a "confidential informant" has to be revealed, but the
identify of that informant can generally be kept concealed. Someone
will argue that the decrypted data plays the role of the "confidential
informant"....
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list