[Cryptography] Rubber-hose resistance?

Mon Dec 18 03:18:13 EST 2017

> On Dec 12, 2017, at 7:01 PM, Michael Nelson via cryptography <cryptography at metzdowd.com> wrote:
> 
> Jon Callas jon at callas.org wrote:
> 
> > Many times when someone says "plausible deniability" what they mean is "reasonable doubt."
> 
> Don't know what you are objecting to here. A fine point? Accused has plausible deniability, accuser has reasonable doubt. Sounds ok. There is a certain vagueness about what the accuser is doubting, but the listener fills that in. I don't see latter as clearly better than the former.

It's not a fine point, it's a coarse point. It's the difference between "I'm telling the truth" and "that's my story and I'm sticking to it." Plausible deniability is the latter of those.

Plausible deniability comes from statecraft, spycraft, and realpolitik. The idea is that an actor does something and denies it based upon some set of reasons, but those reasons are not exactly believable. Moreover, in most cases, part of the situation is that the actor knows that people don't believe their story and they stick to it, but often with a nudge-nudge as a way to convey as a subtext that the story they are denying is in fact true.

Plausible deniability is something you do when you have either power or impunity. In the cases we are discussing, the opposite is true.

If you're in a court room, plausible deniability is not going to get you acquitted. It might even get you convicted because it looks suspicious and the denial isn't reasonable doubt. "I have no idea what happened, I wasn't there, I was home along watching TV" is much better in the reasonable doubt world than a constructed plausible deniable alibi. There's a saying that once you say, "g^x mod p, yer honor, and that's why my client is innocent" then you've lost, because they're not going to understand and even think that if that's the best you can do, then you must be guilty. It creates unreasonable doubt.

In the case of something like a border crossing, it's even worse, because you don't have the normal rules even of a court room. If your denial is merely plausible, it's worse than no denial at all.

Moreover, there are rules in such a situation. If some border guard wants to look in your laptop and you say, "I'm a business traveler. That's my work laptop, and I'm not allowed to let someone who doesn't work for my company look in it, because it has customer lists, marketing information, and company intellectual property. I'm happy to leave it here with you. If you'd like to call my company's general counsel, here's the phone number" you're *much* better off than if you go into the g^x mod p routine.

> 
> > The term "rubber hose cryptanalysis" was a term of art decades before XKCD.
> 
> Now this is one I've never seen the logic of. The point is just that it's *torture cryptanalysis*. You use a rubber hose if you need plausibl... oops.. *reasonable doubt* that you have tortured someone. But why bring that extra possible component?

It's Aesopian language just like "plausible deniability" is. It's a euphemism for torture or something like it.

	Jon