Judge orders defendant to decrypt PGP-protected laptop

[Perry E. Metzger]

Adam Fields <cryptography23094893 at aquick.org> writes:
> The privacy issues are troubling, of course, but it would seem trivial
> to bypass this sort of compulsion by having the disk encryption
> software allow multiple passwords, each of which unlocks a different
> version of the encrypted partition.

This sort of thing has been discussed for a long time, but I doubt
that would work in practice. Law is not like software. Judges operate
on reasonableness, not on literal interpretation. If it was reasonably
obvious that you were using software like that and probably not
cooperating, the judge would just throw you in jail for contempt of
court anyway.

> When compelled to give out your password, you give out the one that
> unlocks the partition full of kitten and puppy pictures, and who's to
> say that's not all there is on the drive?

Well, it should be clear that any such scheme necessarily will produce
encrypted partitions with less storage capacity than one with only one
set of cleartext. You can't magically store 2N bytes in an N byte
drive -- something has to give. It should therefore be reasonably
obvious from partition sizes that there is something hidden.

In any case, unless you're really very energetic about it, it will be
obvious from things like access times and other content clues ("gee,
why is there nothing in the browser cache from the current year?")
that what is there is not the "real" partition you use day to day.

Perry
-- 
Perry E. Metzger		perry at piermont.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com