On Feb 24, 2012, at 5:43 PM, James A. Donald wrote: > Truecrypt supports an inner and outer encrypted volume, encryption hidden > inside encryption, the intended usage being that you reveal the outer > encrypted volume, and refuse to admit the existence of the inner hidden > volume. > > To summarize the judgment: Plausibile deniability, or even not very > plausible deniability, means you don't have to produce the key for the inner > volume. The government first has to *prove* that the inner volume exists, > and contains something hot. Only then can it demand the key for the inner > volume. > > Defendant revealed, or forensics discovered, the outer volume, which was > completely empty. (Bad idea - you should have something there for plausible > deniability, such as legal but mildly embarrassing pornography, and a > complete operating system for managing your private business documents, > protected by a password that forensics can crack with a dictionary attack) > > Forensics felt that with FIVE TERABYTES of seemingly empty truecrypt drives, > there had to be an inner volume, but a strong odor of rat is no substitute > for proof. > > (Does there exist FIVE TERABYTES of child pornography in the entire world?) > > Despite forensics suspicions, no one, except the defendant, knows whether > there is an inner volume or not, and so the Judge invoked the following > precedent. > > http://www.ca11.uscourts.gov/opinions/ops/201112268.pdf > > That producing the key is protected if "conceding the existence, possession, > and control of the documents tended to incriminate" the defendant. > > The Judge concluded that in order to compel production of the key, the > government has to first prove that specific identified documents exist, and > are in the possession and control of the defendant, for example the > government would have to prove that the encrypted inner volume existed, was > controlled by the defendant, and that he had stored on it a movie called > "Lolita does LA", which the police department wanted to watch.
There is no such thing as plausible deniability in a legal context. Plausible deniability is a term that comes from conspiracy theorists (and like many things contains a kernel of truth) to describe a political technique where everyone knows what happened but the people who did it just assert that it can't be proven, along with a wink and a nudge. But to get to the specifics here, I've spoken to law enforcement and border control people in a country that is not the US, who told me that yeah, they know all about TrueCrypt and their assumption is that *everyone* who has TrueCrypt has a hidden volume and if they find TrueCrypt they just get straight to getting the second password. They said, "We know about that trick, and we're not stupid." I asked them about the case where someone has TrueCrypt but doesn't have a hidden volume, what would happen to someone doesn't have one? Their response was, "Why would you do a dumb thing like that? The whole point of TrueCrypt is to have a hidden volume, and I suppose if you don't have one, you'll be sitting in a room by yourself for a long time. We're not *stupid*." Jon _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography