humlug
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

ethical question

from Eric A [Permanent Link]
To: LINUX <linux@xxxxxxxxxxxxxxxxxxxx>
Subject: ethical question
From: "Eric A" <erpo41@xxxxxxxxx>
Date: Sun, 12 Nov 2006 01:53:03 -0800 
So I was researching different ways of encrypting my new disk drive
and I notices that LUKS, the soon-to-be-standard way of encrypting a
disk under linux doesn't provide plausible deniability.

Plausible deniability, in cryptography, means being able to deny the
existence of encrypted data.

Now, suppose somebody caught you with a disk full of random-looking
data and a CD with a decryption program on it. You would have a pretty
hard time convincing your adversary that you do not have secret data
on the disk. Instead of trying to unscramble the data by using a
technical tool like a password cracker, your adversary might be
inclined to beat the decryption key out of you.

To avoid this possibility, you could use a program like TrueCrypt that
provides plausible deniability. First, you could create a scrambled
data area on the disk and fill it with private information that could
be exposed with no great loss. Second, you could create a scrambled
area on the same disk HIDDEN INSIDE THE FREE SPACE left by the first
scrambled area.
Your adversary might be able to get the first decryption key out of
you by force, but that would explain the presence if an encrypted
disk. He or she would have no particular reason to believe that a
second "hidden" volume existed containing the information you really
wanted to keep secret. You could "plausibly deny" that such a hidden
volume existed.

So here is my ethical question: Is creating software that provides
plausible deniability a moral thing to do?

Up until today, I had always thought the answer was yes, my private
data is PRIVATE, and any software that helps me keep it private is
good, in a power to the people sort of way. But now that I think about
it, I wonder if the availability of software implementing plausible
deniability is stopping people from engaging in important political
activism. "Why should I campaign for laws preventing law enforcement
agencies from demanding my decryption keys?" hypothetical person asks.
"I have software that provides me with plausible deniability, so I'll
never have to deal with negative consequences arising from perfectly
legal demands for my private data."

AFAIK, this is the situation in the UK: If you don't turn over your
decryption keys to the police on demand, they can put you in jail.

So, what do you think?


Eric
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: 750GB for $230: good deal on hard drives, Eric A
Next by Date:  Re: ethical question, Rev Josh J. Davies, KSC
Previous by Thread:  digital racism summary, Eric A
Next by Thread:  Re: ethical question, Rev Josh J. Davies, KSC
Indexes:  [Date] [Thread] [Top] [All Lists]