[Cryptography] Rubber-hose resistance?
Tom Mitchell
mitch at niftyegg.com
Tue Dec 12 16:08:51 EST 2017
On Mon, Dec 11, 2017 at 11:14 PM, Walter van Holst <
walter.van.holst at xs4all.nl> wrote:
> On 2017-12-12 01:14, Jon Callas wrote:
>
>> To me, that goes more to my objection to so-called deniable encryption
>> — that it presumes a threat model in which your adversary is stupid
>> (they don't know or don't care about your false bottom) or
>>
> ....
> Or that they play by the rules, or any rules that matter, to begin with.
.....
> Try being olive skinned, having a few too many Middle Eastern passport
> stamps while having an Arabic name and getting through US border control
> with a truecrypt volume.
>
.....
>
> So yes, most of the "plausible deniability" schemes are just a load of
> bollocks. I am looking at you, OTR, you hateful, user-unfriendly pile of
> bovine excrement.
A difficult problem for encrypted data is the common reality that the data
is not the property
of the business traveler. Data is the property of the employer and in
some cases
like medical and employee data the property of thousands. In the case of
thousands
the "collection" might belong to the collector but the individual data
points the property
of the owner. Like credit card info where each credit card saved is one
more liability
in many that add up.
To unlock or hand over that data without safeguards against impropriety is
ill addressed
in US law as well as other nations.
Not just data but also login credentials to resources near and far.
In the 60,s there was a police office some called "the digger" and he was
known to
pull blond coeds over to get a name and sometimes an address from the
"license
and registration" step. So under the color of authority he was improperly
obtaining
personal information. Last I heard he was not retained on the force and
went back
to driving the hearse.
In all the "just add a backdoor, third magic key to encryption" demands
there is no policy
discussion to address safeguards and abuses.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171212/fd623cbf/attachment.html>
More information about the cryptography
mailing list