[messaging] plausible deniability and transcript editors

Ximin Luo infinity0 at pwned.gg
Fri Jun 27 04:30:56 PDT 2014


On 27/06/14 08:59, Ben Laurie wrote:
> On 26 June 2014 21:53, Guy K. Kloss <gk at mega.co.nz> wrote:
>> On 27/06/14 12:28, Daniel Kahn Gillmor wrote:
>>> But as for courts, I think many transcripts from unencrypted,
>>> non-cryptographically-bound communications that are presented to judges
>>> and juries are in the form of word documents -- pretty much the
>>> layperson's classic example of an editable document.  And people still
>>> get convicted with those documents, even if there was no attempt to
>>> claim cryptographic proof-of-origin.
>>
>> Yes, that's very sad, indeed. Especially when viewing the fact that
>> there are web sites that can help you "digitally sign" documents by
>> pasting either a scanned signature or "Your Name" in a chosen font under
>> the document. And these are deemed to be legally valid ...
> 
> Signatures, at least in UK law, are about intent. See
> http://www.apache-ssl.org/tech-legal.pdf ("Signatures: an Interface
> between Law and Technology").

I see ciphertext deniability as a necessary-not-sufficient property to build systems that might eventually give physical plausible deniability in court.

Ciphertext deniability gives you the ability to deny "the bits-and-bytes" of the communication, but not the real physical fact "witness W observed these bits on this physical medium, from address A to address B". People are building other communications systems that leak less information than this, and this would improve physical plausible deniability.

Compared to a non-deniable ciphertext, where it doesn't matter where I got the bits-and-bytes from - it's hard to argue your signature was made by someone else, even if I presented the bits-and-bytes on my own usb stick and refused to tell anyone where I got it. I don't need to invoke the ISP here ("a trusted party" in the judge's eyes); but with a deniable ciphertext, I do need to invoke other parties.

X

-- 
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 880 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140627/1602e2e5/attachment.sig>


More information about the Messaging mailing list