[messaging] Value of deniability
Eleanor Saitta
ella at dymaxion.org
Wed Dec 10 12:20:23 PST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 2014.12.10 14.57, Jacob Appelbaum wrote:
> On 12/10/14, Eleanor Saitta <ella at dymaxion.org> wrote:
>> On 2014.12.10 13.56, Mike Hearn wrote:
>>> From a privacy perspective the rationale is fairly clear.
>>
>> Has anyone ever seen a case where cryptographic deniability was
>> accepted by a judge? As far as I can tell, its legal value is a
>> fiction from the cryptographic community.
>
> Yes, I think so. The lack of signatures ensures that a text log is
> just that - a text file without cryptographic assurances. It is
> subject to tampering. If I recall correctly, this issue came up a
> bit in Anakata's recent trials.
No, I want specific case law that directly addresses deniability.
Because this still doesn't frankly pass the laugh test from any lawyer
I've seen asked about it, and yet we keep bending over backwards for it.
> Furthermore, the inverse is accepted routinely - digital signature
> laws in some US states. Washington State in the United States seems
> to be an example. If you have a PGP signed email, I'd expect some
> binding laws to apply for statements made in the signed portion of
> the text. Without a signature, I don't it will fall under the same
> digital signature statutes.
That the inverse is accepted does not provide any predictive
properties about the value of the supposed forgability in allowing the
value of a police evidence chain to be called into question.
It's worth noting, further, that the *only* argument in question here
is whether there is any value of deniability during a trial. It is
clear that there is zero operational security value* to deniability in
any plausible case, something rather more critical to the life-safety
use of such systems.
> Repudiation and non-Repudiation are real properties that they have
> contextual value.
Deniability is not the same as repudiation in practice; conflating
them is not reasonable.
E.
*: I invite documented field experiences that contradict this, if
anyone has something they can share.
- --
Ideas are my favorite toys.
-----BEGIN PGP SIGNATURE-----
iF4EAREIAAYFAlSIqwcACgkQQwkE2RkM0wrz5QEAitfQzJO5dbweB4m7U0stbIU+
nA/dWbYfK7PwEkEoD4gBAJHtrJhjvxDJF7nH3k1n+k96v3Bk7mQWDjhbh/XW530n
=ivMu
-----END PGP SIGNATURE-----
More information about the Messaging
mailing list