[messaging] plausible deniability and transcript editors
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Jun 26 17:28:08 PDT 2014
On 06/26/2014 08:11 PM, Guy K. Kloss wrote:
> last night in a discussion (in meat space) the issue of plausible
> deniability came up again. As far as it stands, I guess most people are
> of the opinion that even if a protocol features the capability for
> plausible deniability, it probably won't hold up in court.
>
> We've been thinking what could be done to "better" the chances that
> something like this might actually hold up. That one could believably
> argue that one for example has been framed through a
> doctored/manufactured transcript.
>
> One thought was, that it's too difficult to make anybody believe that
> somebody has actually tampered with a transcript. So, an idea came up
> that one actually might just need to provide a tool that's reasonably
> easy to use for an average Joe to read a recorded transcript, edit it,
> and save the modified version again.
>
> I could imagine this to work reasonably easy, if one can actually use an
> existing session transcript as a "seed", which includes the initial
> session key negotiation, and in the following only authenticates
> messages through session secrets, rather than using the long term static
> secrets (like private OTR key, or any other personal authentication
> mechanism).
>
> Any thoughts on this?
Certainly, having a readily-accessible tool for transcript-editing would
make a more plausible claim that a transcript *could have* been edited.
and as for an interesting project for comp-sci students, many people
have done less interesting/sophisticated/relevant work for their final
project.
But as for courts, I think many transcripts from unencrypted,
non-cryptographically-bound communications that are presented to judges
and juries are in the form of word documents -- pretty much the
layperson's classic example of an editable document. And people still
get convicted with those documents, even if there was no attempt to
claim cryptographic proof-of-origin.
I wrote up some notes from a similar meatspace discussion at the end of
last year:
https://www.debian-administration.org/users/dkg/weblog/104
I'd say: go for it, make a transcript editor. But don't do it with the
idea that this is going to make any sort of legal slam dunk -- the
courts seem to be perfectly willing to rely on forgeable evidence anyway. :(
(a similarly educational tool of similarly doubtful legal utility would
be a read/write mode for wireshark)
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140626/e00df9b1/attachment.sig>
More information about the Messaging
mailing list