I was one of the activists who had their computers seized. I told the police to kiss my ass and they gave up trying to get my password. Though I guess a 6 month concurrent sentence when you’ve already got 4 years isn’t worth the paperwork. Prison was butlins btw. I highly recommend it. Plenty of time to read books
I'm glad your experience wasn't too bad but it isn't always so. The Austrian state practically terrorised some activists here for years destroying their lives and almost completely got away with it until German reporters wrote about it and helped shine a light on the abuses of power. These activists didn't even do anything illegal they just annoyed some powerful and connected individuals.
Sorry this is only in German but maybe you can find English sources about it
What does animal rights activism to the point of that level of government interest look like? Linked article didn't go into any details on the matter at hand.
“Urban terrorism” according to the incredibly foolish judge. Considering no one ever had a finger laid on them he would have a shock if he ever found out about the IRA
Not sure I feel comfortable with celebrating breaking the law.
No one laid a finger - ok no physical violence. However some off the tactics used against people involved in activities you disagree with were not pleasant. I not sure I agree with the narrative that it is a victimless crime.
On the other hand prison works rehabilitated in to society.
Disclaimer: I’m not an animal rights activist. I have some overlapping politics and some disagreements. My intent isn’t to defend any particular action by GP, but to object to this more generally.
> Not sure I feel comfortable with celebrating breaking the law.
I don’t know where you live, forgive me if this comes off condescending.
In the US, celebrating activism with illegal techniques is part of the fabric of our culture, institutional and even foundational. Approximately everyone is taught about:
- the Boston Tea Party, and the Revolutionary War which that and similar actions ultimately precipitated
- the Underground Railroad and other actions to smuggle slaves to their (relative) freedom
- various illegal actions in the Civil Rights movement, from sit ins at segregated businesses to Rosa Parks’ refusal to sit in the back of the bus to Freedom Riders crossing all sorts of state/county lines to help ensure others’ access to polls
There are of course other illegal actions which are less taught/known but nevertheless shaped our society in ways few could disagree with. We have strikers and work saboteurs to thank for the 5-day/40-hour work week. We have the Black Panthers to thank for breakfast and child care programs in schools, as well as the proliferation of community health clinics.
Some of these were not non-violent actions, some of the actions taken in these contexts and others which moved us as a society forward were morally complicated. But at least from my historical perspective, I cannot justify deference to the law as a moral imperative. Sometimes, often even, it’s the law which is morally unacceptable. And the moral imperative is to go beyond it.
Yeah there is a difference. But it’s a difference of courage, not one I’d be proud of.
Edit: I don’t want to trivialize that courage either. Challenging power can be an incredible risk. Most people under most circumstances will choose to limit their risk no matter what the moral question. I’m honest enough to say, even though I’m not proud to, I haven’t taken all of the risks I wish I had.
So in the future when animal rights are actually respected and the abuse is totally banned we'll be allowed to support them? What sort of argument is this?
Things can be right regardless of the law, history is filled with false and immoral legislation.
Original poster made it seem like there is some unique American culture of anti establishment and celebration of courage and activism. Then goes on to enumerate examples that are now obviously celebrated.
My point is that it's a survivor biased argument. It's very easy _now_ to celebrate past activism that ended up on the good side of history. There's nothing special in American culture about that.
We are talking about a country that started wars on false premises, tortured prisoners, incarcerated whistle-blowers, economically bullies most of its competitors, elected an ultra conservative president, have one of the worst immigration integration policy, etc etc.
> In the US, celebrating activism with illegal techniques is part of the fabric of our culture, institutional and even foundational.
I'm sorry but that just strikes me as plain.. . Maybe that's how Americans see themselves, but get back to earth, 99% of the world would roll on the floor at this.
Most of the activism enumerated in the comment is actually a minority's activism against social problems that only existed in the US in the first place. It requires a very twisted argument to celebrate US activism on issues that the US created for itself.
I didn’t intend to express it as American exceptionalism, but rather to pick examples that were relevant to my own context. I’m quite certain there are examples all over the world where illegal actions have become celebrated. The last point you make is much closer to my intent: when the law is immoral, it is sometimes moral to challenge it by breaking it. And I intentionally added examples which are not as celebrated because, well, they should be.
It’s odd to frame actions by some in the US to right wrongs in our country as “issues that the US created for itself”. I mean yes, as a country slavery is a horrible stain on our history. But the abolitionists who fought it since before the US even existed and continue to this day are not implicated in that. And that’s my point: rejection of immoral laws and power structures is valid, and equating legality with morality is sometimes and even often wrong.
Prison doesn’t work. At all. My views are more radical than ever. The lesson to learn is; never try to effect serious social change via peaceful means, go directly to illegal means, bypassing legal protest will mean the police won’t know who they are looking for.
I can’t say I lose a seconds sleep over the “victims”, they are weak minded crybabies
I don't think the point of prison is to change your views (the system doesn't care what your views are). It's to make you less likely to re-offend and the vast majority of people to not offend at all. I would guess that there are lots of people with radical views who never act on them exactly because they are afraid of the legal consequences (e.g. prison). This means the system has worked on them.
EDIT: Not that I'm defending any particular prison system or making a moral statement here. In many countries the prison system is horrible and probably not even very optimal at preventing offences. It's just that in my mind the prison has one main purpose; to act as a deterrent for crime, and most of the time, for most of the population, it somewhat works for that purpose.
The a level was just for fun. I did a masters in computer science from a too 3 UK university. Not that anyone has ever asked to see my degree certificate…
This question somewhat trivializes the "radicals" and their "extreme" views and denies them agency. What would it take for you to change your strongly held views, "extreme" or otherwise? Who the fuck knows, right? But probably nothing formulaic and generalizable. So it is with others.
Nothing, prison is a warehouse. Remember though all that occurred was property damaged and a level of intimidation that would make a person of sturdy character laugh, on the spectrum of political action it really was not that extreme
> level of intimidation that would make a person of sturdy character laugh
The intent was for the intimidation to work, so regardless of how sturdy the character. Its hardly a victimless crime.
Marching and demonstrating maybe not as effective, but I find it hard to celebrating trying to harm another person, regardless of how ineffective. Non-violence is a good way to change unjust laws, intimidation is not just.
How could a prison system ever really do that? It's a punishment. You learn that what you did before has consequences, not that it was wrong.
Rehabilitating someone with "radical" ideas would involve acknowledging and challenging their ideas. That's not how rehabilitation really works even in theory - most rehabilitation is taking criminals who aren't ideologically motivated and solving the much simpler problems of educating them so that they can work.
There are actually three different justifications for prison:
* Retribution ("a punishment")
* General prevention ("a jailed person cannot keep hurting others and prison threat is a deterrent")
* Special prevention (rehabilitation)
Last time I looked, most countries are mostly for general prevention with a pinch of special prevention. Retribution is not currently defensible philosofically or technically, though some people errounesly think it's the basis of the system.
I'm quite curious: who counts as 'civilized' these days? Clearly not the UAE (we've just seen an article on Dubai debtors prisons on these pages) but it seems we'd need to take Japan off the list, for instance (see e.g. https://www.economist.com/asia/2015/12/03/silent-screams ) and if we have to take them off the list I'm not sure where we end up stopping
Apart from the pissing contest of who has a better penal system, can anyone in this discussion show that there’s a system to imprison people which parts people with their strongly held moral beliefs and should do so?
I would assume that in most countries rehabilitation is seen the same way as here in the US. It focuses on the top causes for crimes - lack of education, lack of opportunity. So there are rehabilitation programs that educate people and help place them in work programs.
I would assume that rehabilitation does not focus on changing people's ideological values.
Generally rehabilitating beliefs is associated with authoritarian regimes (reeducation camps) or abuse (claiming to cure innate characteristics that others find inconvenient like sexuality or disability)
As far as I understand it, lengthy sentences don't work -- the likelihood of getting caught does. (I mean in a statistical sense. But I might have read this before the replication crisis, so caveat lector.)
... but also: Do you have any evidence of your claims? Literally any evidence of being who say you are?
Many crimes are barely enforced; I'm thinking of some kinds of moving-traffic offences such as using a phone while driving. Because it's not enforced, people keep doing it; so the government increases the fines.
But increasing the fines has zero effect, if everyone knows the law isn't enforced.
The law is not perfect, and often protects the wrong people doing the wrong thing. Peaceful protest is one of the things that allows average people to put pressure on the legislative and judicial system to change.
I kept asserting my rights until the cops threatened my wife, then I told them they could write down whatever they wanted and I would sign it. Took 7 years of being in jail before that piece of paper got in front of a judge and he threw it out, though.
It’s chill, I redid my maths my maths A-level and got an A, I basically had a one on one maths tutor for a year in the prison learning complex, came in very useful now I am a software engineer.
The ironic thing is that the police waited about 2 years after they seized the laptop to ask me for the pass phrase. I’m not sure I even actually remembered it as it was so long. PGP Whole Disk Encryption ftw. At the time WDE wasn’t available on the mac and the police got loads of data from my pals text editor temporary files. No one got anything from mine hahaha
I do not have a criminal record. The wonderful conservative/liberal coalition updated the rehabilitation of offenders act 1974 so my conviction became spent. That said I currently work for a 1000 employee plus employer and they never did a criminal record check but others have.
Yeah, I've never known any tech job actually do a background check in the UK. It'd have to be something very specific. Even when I worked for a financial company.
I found this entertaining. Since you cannot legally refuse to give up the password, insult them while you giving up is probably the most appropriate revenge you can do at that situation.
"Tell me, what's your password?" says the adversary, "It's 'kissmybloodyhemorrhoidsassyoudumbshithahaha!', all lowercase, no space, ended with a exclamation point".
The password is cryptographically secure too since it's long. And it's easy to remember, relatively easy to type in. All around, simply a good password.
BIP-39 mnemonics are designed like this, you can add an optional passphrase to the 12/24 mnemonic words and it unlocks a different set of privatekeys. This way you can have a passphrase (or no passphrase) where you only store a small amount of cryptocurrency and a separate passphrase that unlocks your real wallet, to avoid the $5 wrench attack.
In fact, since there's no way you can prove that you haven't used deniable encryption, you'll probably be in a really bad place anyway.
That creates an interesting game theory situation though, where nobody has any incentive to disclose anything, since it wouldn't change the outcome anyway, which ends up negating the whole point of torture: the victim needs to believe that the tormentor will stop if they disclose the truth.
(Unfortunately, the real world isn't a game theory problem…).
This is the game theory that the Rubberhose file system (co-invented by one Julian Assange) is based on.[0] It's a pity the blog post didn't link to that article, and only linked to the one about rubber-hose cryptanalysis, since this prior art does seem to overlap significantly with the scheme that the post is proposing, as does the Owner-Free Filesystem[1].
Anyway, you're right that the real world isn't a game theory problem, but I do think that if someone is faced with being tortured for information, they should at least attempt to ask the torturer "How do I know that you will stop when I give you the information?". Or, perhaps less incriminatingly, "I don't have that information, and it doesn't matter because you'll keep torturing me regardless".
You may not be able to convince the torturer to give up on the torture (much less convince them to let you go free), but you might at least be able to convince yourself that there is no point talking or trying to come up with a lie. Having said that, it's also instructive to look at the example of Marcus McDilda who was tortured by the Japanese for information about atomic bombs, about which he knew nothing.[2] His lies may have saved not just his own life, but millions more.
You can prove you haven't used deniable encryption. Encrypted data looks random. As long as your disks and files don't contain unexplainable random sections, there must be no encrypted data there. Steganography might have been used to hide the encrypted data in otherwise meaningful data, but that is a separate concern.
That's not strictly true, you can format a drive to contain all zeroes. That can then be demonstrated easily via a hex editor looking at the drive. Truecrypt volumes will always look like random scrambled data (like if you formatted your drive with a "secure erase" method).
Allthough this presumes that the guy with the wrench takes the time to check out your disk in a hex editor and that he finds the statement that you directly zero everything you delete to prepare for exactly this scenario not at all suspicious. Doesn't sound like a great plan to me.
What I'm hearing is that I need to keep pounding that $5 wrench after they unlock their wallet in the off chance they have a second passphrase giving a larger payload.
That only works if your threat model is someone that is randomly mugging you. If it is a targeted wrench attack, they would already know your wallet, and the amount of funds it contains.
Crypto has a lot of properties in common with cash, and for security, any large amounts that you don't plan on moving, should use more then one factor. My suggestion for extremely large amounts would be to have at least 3 factors: a password you know, a cold wallet that you have, and the third can be location: keep the cold wallet inside a secured location, with a backup of course in another secure location. And if you have family, make sure to also have plans in place if you don't want to be buried with your crypto.
She could claim that the key for those books has been lost or forgotten.
I wonder if this "I forgot" defense is more accepted now that there are stories of people having forgotten the password to their multi-million dollar cryptocurrency wallets.
And after the extreme political fallout of the Iran Contra nobody involved ever stood a chance in politics ever again. I don't know if you recall what happened to Oliver North but it was brutal - he had to endure cushy political appointments for the rest of his life.
(This is an article I wrote for Risks digest in 1995 regarding a proposed law that would have made it illegal to transmit pornography over the internet.)
> It's probably old news for RISKS readers, but a very difficult concept for
> lawmakers, that the semantic content of bit streams is in the eye of the
> beholder, and that the apparent correspondence between bits and semantics is
> the result of engineering convention and not an inherent property of the
> bits.
Nice article with great points. I gave a talk about this in 2005 on
why the more data intelligence agencies collect the worse their
results if their analysis does not match their reach. It goes back to
Quine and Shannon's ideas of salience as pre-agreed patterns of
interpretation.
The talk was actually about a spooky phenomenon called "listening in
readiness". Mediums/charlatans and other cold-reading hucksters used
EVP (electronic voice phenomena) in the 1930's and 40s, when radio,
Theramins and such-like were more woo-woo and barely understood by
ordinary people. If you play what is essentially noise/static to
people and _tell_ (or suggest) to them that voices are saying
something - they will hear that.
The phenomenon is surprisingly reproducible. It works because the
cochlea and auditory neural system (See a text like Nelken, King and
Schupp's Auditory Neuroscience) can "listen in readiness". We have
affective and sensory hairs and feedback loops in the cochlea that
allow us to "tune" to what we _expect_ to hear. In simple words,
people can hear what they expect/want to hear.
When we apply AI and adaptive filters to data, a similar thing is
happening. False positives, indeed very elaborate misinformation can
be derived in intelligence work based on unsupervised (arbitrary mass
surveillance) when the gatherer starts with an a-priori idea of what
they are looking for and sifts through chatter.
I am not sure exactly how yet, but I think this can be leveraged to
some good use in privacy protection if, as in the Dissident scheme
discussed in TFA, there is some "fuzzy" decryption and very many
plausible but false decodings adjacent to cipher-text.
This leads to the idea of a cupher that is apparently very easy to
crack, but yields a false plaintext. When you "can't remember" the
password, your adversary finds a low hanging "trap password" and
smugly thinks they defeated your poor opsec.
One, the wrench can be metaphorical. If you brick the device that's antagonistic. Getting you on a petty crime, as a cop, or getting $50 from your wallet as a criminal, may stop them from looking. Being combative results in retribution, and as we all know cops can be petty, and selective enforcement of rules is one of the hallmarks of Institutional sexism/classism/racism. If using Crypto While Black isn't already a thing, it's gonna be, and there's nothing you and I can do to stop it. Slow it down, absolutely, but stop it? Not without help from our kids and possibly grandkids.
This isn't a chess match between equals. This is someone who can ruin your life just to make a point. Even keeping you in custody for a day or three can screw up a lot of people.
The Lockpicking Lawyer put it pretty well recently. The people who make locks are following rules that nobody else is beholden to follow. The designer looks at the parts and thinks about their purpose. Their design. The picker is looking at what they can make the thing do, not what it's 'meant' to do.
They are repurposing things, to circumvent the wishes of the manufacture and the consumer. That's where the wrench comes in. That's where cloning the device comes in. That's where giving the adversary a fictional win to regain your liberty comes in.
Again, if it's an option, it's more like violence would have been used to get the password, and further violence against your family/loved ones if you were antagonistic.
This is why plausibly deniable encryption is such a boon. If you have something somewhat valuable behind some weak encryption or in plaintext and a big blob of mystery on your device it's a lot easier to make the claim that you've surrendered everything without giving up the game.
If they know you're hiding something, for certain, they'll go to much further lengths to find that out compared to suspecting you might be hiding something and finding some other stuff you'd obviously like to hide. If you've got an envelope with 100k in your pocket and you get mugged throw your wallet at the dude as quickly as possible and just book it - chances are that the mugger will either: A) consider the risk/reward at this point to be too dangerous since they've already got a nice bit of cash or B) assume you're just scared and have nothing else. If you say "Hey, I just threw you 200$, I'm going to run off with this 100k now" you're definitely not going to have a good day.
If your threat model is the police, a wrench could be a best case scenario for you. If you can prove the police took a wrench to you during an interrogation you're definitely getting the case thrown out.
LOL. Yes, possibly, but think of the time. I didn't break when the cops put a loaded gun to my head or threatened me and refused me a lawyer. I broke an hour later when they decided threatening my wife would be a better plan.
It took 7 years of sitting in jail to get the judge to watch the video and throw shit out.
With police you can start a Twitter mob if you're lucky but there are ten thousand other George Floyds out there that didn't get any justice when police took wrenches, tasers, knees, guns to them.
And that doesn't really apply to the CBP and the CBP equivalents of other countries. They're ruthless and can lock you up in cages, there isn't really the opportunity to start a "case" until you're past the CBP. If you aren't a citizen you sadly don't have access to a lawyer if the CBP wants to hit you with a $5 wrench, because you aren't even in the US yet.
with LUKS you can just use a detached header stored on a USB thumb drive. Then just toss the thumb drive.
But this isn't plausible deniability. You still have a hard drive in your possession and it's still covered by random data. Better deniability: always use an external drive and then distance yourself from the drive. You want plausible deniability of the entire drive to the extent that no one even suspects you of being the owner. Or, have such little sensitive data that you can use steganography to hide it in an image or video file. Just don't put the steganography tools on the same computer as the hidden data.
The whole concept of nuke keys is snake oil unless they're implemented with something like a TPM or HSM, since otherwise the attacker can just restore the pre-nuke image if you set it off.
While I agree with you with the snakeoil argument, I also have to say:
TPM chips are useless because there's already tools available to listen on the SPI bus for encryption keys. [1] [2]
It's only a matter of time until other key formats (other than Bitlocker) are supported.
I think the only way to secure the drive is being able to write your own drive controller firmware. But even then HDD plates could be just "swapped into" another HDD.
That attack isn't relevant in this case, because it only lets you steal the keys if the TPM chooses to release them to the CPU, but if you don't know the right PIN, or use a nuke PIN, then it won't do so.
> If, under duress, Alice is forced to reveal a decoy key that pieces together data from `m` books, she needs some way to explain the remaining `n−m` books that were not used.
If I read it correctly, then the adversary might extract the data decrypted via the decoy key, and then reconstruct the encrypted payload using the extracted data and the decoy key. By comparing reconstructed encryption payload with the actual sample, it is easy for the adversary to figure out a better `m` to determine whether Alice is hiding something or not.
I assume the approach that the article is showing only works if the encrypted meaningful data is stored in a fix sized container (say a disk volume or a fix sized file) that is initialized with random data, so knowing the size of `n-m` doesn't matter.
> She could claim that,
It just don't work like this if the adversary knows that you have installed some encryption software on your system that allows you to decrypt different content with different passwords.
Just hide your real crypto wallet on one of your 10 years old HDD that still got Windows 7, Microsoft Office and Doom installed. Encrypt the wallet, then put it inside C:\Windows\System32 or similar and give it a system-like name such as `sysdump`.
After you've done that, make a fake crypto wallet and put it on a expensive USB drive, lock the drive in a safe, then hide the safe in a hole of your basement.
Trim is not really recommended for any encrypted volume to begin with, since it clearly reveals how much space is being used as well as some other filesystem metadata.
It does not apply to most mainstream encryption methods. Most methods will allocate the sectors containing encrypted data, but you need to use the decryption APIs to access the data.
Using TRIM means you can't plausibly deny using encryption on the disk. Any data trimmed will read as zeros. It also opens you up to a few more attack vectors since the attacker knows exactly where the ciphertext is located (start, end, size, etc.). This means that if your filesystem has data structures in fixed locations, they know exactly where in the ciphertext those would be located and can focus attacks on those since there is a significantly smaller set of possibilities for what the plaintext could be.
In practice, it depends on the level of paranoia that's needed for your situation. Trying to prevent your average thief from getting your bank info off your laptop? Probably not an issue. Hiding data from the NSA? Possibly a problem. I run TRIM on my SSDs, but I also live in a country where theoretically I don't have to give up the key. Admittedly, I'm not doing anything illegal, the only thing they'll find are a bunch of git repos, game installs, 2000's alternative rock, Scandinavian folk metal, and bad vacation pictures.
I am saying that if you use a disk encryption technology that puts the encrypted data in unallocated sectors (which is a plausibly deniable method), if you run (or your OS automatically runs) trim on the media, all of the data in the unallocated space will be lost.
The article seems to be based on the assumption that plausible deniablility requires hidden volumes or unused "random" data.
Surely the use of one-time pads gets around that? A OTP cyphertext can be decrypted to any desired plaintext by providing the appropriate key. It's trivial to generate a key from an OTP cyphertext that will turn that cyphertext into a collection of kitten photos, for example.
So Alice produces the kitten key under duress, and Mallory can't show that she also has a missile-secrets key that she hasn't disclosed. There's no unexplained "random" data, and no unused space on the storage medium.
Voila - Alice is off the hook (unless Mallory is the kind of person that enjoys pulling fingernails, and carries on with the $5-wrench thing anyway).
To avoid questions of suspicious unallocated space with hidden volume, what about this: Use disk with vastly higher capacity than you really need. Use standard filesystem on it. For hidden volume, store data redundantly in multiple locations inside unallocated space of standard filesystem. When running from hidden volume you can avoid overwriting data on standard filesystem. When running from standard volume you cannot, and it could overwrite some parts of hidden data, but it will be repaired from copies stored in many other locations. Standard volume should be also encrypted to provide deniability why unallocated space contains random-looking data.
What are "PCIe SSD speeds"? A good CPU can do thousands of megabytes per second using a LUKS with a strong cipher (ecryptfs is a very different thing, not speaking of that). What numbers did you get from "cryptsetup benchmark"?
Saying you want "actually competent encryption" and then resorting to using "BIOS SSD password encryption thingy" is kinda funny.
A coworker who grew up in Pakistan was telling stories one day. He said the place that he grew up in had the best police in the whole world. There were no unsolved crimes. The police always got a confession.
XKCD-538 has an implied third panel:
Right guy: Wait, we can use the $5 wrench? Why not just hit him until he confesses and names all his friends as co-conspirators as per normal?
Left guy: Yes, let's skip the geeky stuff entirely. We will be done before lunch.
People that use torture are not interested in any sort of objective truth. Otherwise they would not do that.
Right guy: Actually, why did we waste that $5 on a wrench when we can just forge a confession document?
Left guy: Yeah, and we can say that he also told us the names of his co-conspirators, who happen to be the people I owe money to, the annoying guy who lives next door to me, my ex-wife, and anyone I can think of from the minority group that I want to feel superior to.
So we are getting into information theory, but any cryptographic protocol that generates cyphertext that is distinguishable from random noise is easier to crack than the stated security level. So a 128 bit encryption protocol, if the cyphertext can be found to have any data in it that can be demonstrated to be non random, the protocol does not have 128 bits of security.
All good encryption protocols will always create cyphertext that is indistinguishable from random noise, this is not an endorsement of any "good" protocols, but rather a general statement about encryption which must be true. You should not be able to infer anything about the data encoded in the cyphertext without the key.
This motivated me to create PUREE (https://puree.cc). PUREE satisfies the "random-looking" goal, and in my (biased) opinion is easier to use than LUKS.
"Plausibile deniability" is a fuzzy, more complicated subject of which PUREE provides no claims.
I think sometimes this makes sense. In a lot of math, there isn’t actually a reasonable name for the variable. It’s intermediary and has no real meaning other than it’s full definition.
But I think sometimes they do take it too far and use single letters when full names could exist.
In this case the author literally gives the full names sometimes. And in fact he leads a paragraph with "Asserting the non-existence (2) of the ciphertext" so whether something gets a one letter variable and some formal logic operator or whether it gets expressed in plain English seems totally arbitrary.
There's a lot of symmetry in the formula, and if you start throwing a bunch of english into the mix, it becomes harder to see. That symmetry is often important for synthesizine a new argument, whereas the naming conventions are important for reminding you what the objects in question are.
This factors the reader's job and the writer's job fairly cleanly. The reader is responsible for mapping their intuition onto the objects being referenced, and the writer is responsible for demonstrating their relationship.
