Deniability

Robert J. Hansen rjh at sixdemonbag.org
Sat Apr 2 19:25:43 CEST 2011


On 04/01/2011 07:41 PM, Faramir wrote:
>    They said if somebody finds 7-zip in my computer, they could suspect
> I sent compressed and encrypted messages to somebody...

The difference between TrueCrypt and 7-Zip is that no one ever claimed
7-Zip is security software, and no one seriously advocates using 7-Zip
in regimes where there are secret police who see nothing wrong with
torture.  I suspect if you were to ask the 7-Zip folks, they would
(quite reasonably) say, "we don't know anything about that, we're just
trying to write a high quality data compressor."

> But I DO get Robert's point, and what worries me, it's we might get
> into troubles even if we don't have deniability, we just need to be
> linked somehow (maybe by unwanted email messages?) to some evil person.

My general rule of thumb is that the secret police might be monsters,
but they will be *reasonable* monsters.  Not reasonable because they
believe in human rights or anything like that -- reasonable because they
want to succeed and believe reason is a good way to get it.

If you're in the hands of total authority and total capriciousness, then
yes, you're absolutely hosed and there's nothing you or anyone can do
about it.  There's no point in even trying to defend against it because
once you're there the fact you like orchids can be seen as evidence
you're an enemy of the state.

But if the secret police are reasonable monsters, they have an incentive
to behave in certain ways, and a disincentive to behave in others.  In
the case of you getting an email by accident, you could tell the secret
police, "I have no idea what this is about, I've never talked to this
person before in my life!" -- and, after some investigation, the secret
police would probably let you go.

In a repressive regime, there are *always* more potential enemies of the
state than there are trusted agents to ferret out these plots.  They
have to use their limited manpower in a way that best serves the end of
the State.

The real risk is not that you will come to the attention of the secret
police by some random accident.  The real risk is you will come to their
attention by doing something *you had no idea was a crime*... which is a
much more serious thing.





More information about the Gnupg-users mailing list