I really like his sort of thing, but realize that, like anti-forensics tools, there is a risk to having and using destructive anti-tamper triggers.
If the police actually think you're up to something, raid you, and your "cybernetic boobytrap" destroys your hundreds of GB of actual random data, they may still try and prove that you're a terrible person and destroyed evidence in court. Then it's up to a jury, and a prosecutor bent on making you look guilty as hell.
I'm not trying to dissuade exploration, but understand what can happen if you actually deploy this sort of system.
This program makes me nervous because its primary use case is to obstruct justice, which the author tries to get away from with a thinly-veiled excuse that it could also be used to defend against criminals. I understand that technology is ethically neutral (for example, this program could be used to hinder reverse-engineering of a sealed computing appliance), but the fact that they're basically advertising this thing to obstruct police investigations puts me off.
> This program makes me nervous because its primary use case is to obstruct justice, which the author tries to get away from with a thinly-veiled excuse that it could also be used to defend against criminals
I agree that there's a problem with the author's messaging, but I think the problem is with this first as a tool for "when your house gets raided by the police..."
There are all kinds of reasons to encrypt your data. Some of them involve obstructing justice, some involve protecting oneself from "justice," but there are many others. If you have a good reason to encrypt, then you probably have good reasons to protect your system using a program like this.
Leaving aside the State, and more mundane robberies, some people have good reasons to be concerned about industrial espionage[1]. Tools like this seem like a good way to counter that.
> This program makes me nervous because its primary use case is to obstruct justice
Given the number of raids that happen based on false CI information, typoed street addresses, or government overreach... it's not clear that the program is meant to be used primarily for that.
The police aren't our friends. They don't protect us individually or collectively. Often we need to be protected from them. Any tool that can help with that is a good thing.
1000% agree. I was out having fun one night with some friends in my younger years. We left a bar together and split up. As I and one of the guys I was with entered a parking structured, my other friends drove up to us in a convertible car. They were laughing at me because my fly was down so I pulled it up in a funny gesture as I approached them.
At that point, two cops pulled in behind me and thought I was passing drugs. They looked around on the ground and patted me down and when they found nothing, they trump up some charges and said I indecently exposed myself. When the case went to court, the cops were caught lying. They tried to tell the judge I flashed some girls in a convertible but video showed they lied through their teeth.
So I have my own personal story but don't listen to me, hear what this professor and an ex-cop have to say about talking to the police.
Offtopic nitpick: technology is not ethically neutral but simply amoral. The lawnmower that cuts of your foot doesn't have issues with your foot. It's just rotating blades.
IANAL: what could actually happen to you, legally, if your hard-drive self-destructs after being tampered with?
Is that really "destroying evidence?" What if you just shut down the computer, rendering the hard drive unusable, its contents completely encrypted (a la TrueCrypt). The evidence isn't destroyed, it's just inaccessible.
In the US, it's generally a crime to destroy evidence if you believe there's an investigation. So setting something up to respond to evidence of an investigation seems like a bad idea to me.
In the US, it's also possible to be held in contempt of court for failing to hand over evidence in some cases. There's the Fifth Amendment, but there are enough exceptions to the Fifth Amendment (e.g., I'm not actually charged with a crime, and instead I'm facing fines for not having the right licenses; or the evidence on my computers is meant to be used in proving somebody else committed a crime) that I would want to talk to a lawyer before telling a judge that "the evidence isn't destroyed, it's just inaccessible."
There is a distinction between crime and acts that are morally wrong. For instance hiding Jews from the Nazis would be a crime from the Nazis point of view. But most anyone else would consider it to be the right thing to do.
And given the increasing militarization of the police in the US, and the US governments openly acknowledged policy of torture and refusal to prosecute war criminals...[1]
You should question whether or not your government is legitimate enough to be trusted in matters criminal and judicial.
And since the most likely utility of a program like this one, is to prevent the heimatsicherheit from also wrapping up your friends and family. It may in fact be your moral duty to ensure the safety of others in your affinity group by taking such precautions.
1. as a sidenote the US incarcerates a greater percentage of it's population than soviet Russia ever did, even under Stalin.
To be fair, Stalin had a habit of just killing people instead of sending them to the Gulag. Not that it excuses the US incarceration rate but your comparison isn't very good.
It was intended to be offensive. Although, the actual numbers are quite disputed and most of the ones we hear should be considered propaganda. Besides which; we're hardly ones to point the finger over genocide these days (Iraq, Pakistan, all those Afghan wedding parties).
Yeah, but Stalin also had 700,000 people shot in 2 years, so it doesn't work amazingly.
A more important point is that you must be pragmatic about such things. If you install a dead man's switch to your computer, you must realise that no matter how morally correct you are, in many countries it's very possible that you'll go to prison if the computer is seized in a useless state (for example, in Britain you'll be on the hook for up to 2 years in jail). In many cases, that'll be professional suicide.
So unless you have something to hide that's worth more than that jailtime, this software actually is a hindrance. I think the comment about militarisation and torture is really besides the point - it's clearly unrelated to the issue at hand.
> There is a distinction between crime and acts that are morally wrong. For instance hiding Jews from the Nazis would be a crime from the Nazis point of view. But most anyone else would consider it to be the right thing to do.
You have a point, but recognize that standing on morals won't get you out of punishment.
> You should question whether or not your government is legitimate enough to be trusted in matters criminal and judicial.
But it's very hard to opt out of the system. Personally, I won't intentionally do things that could make life harder on myself and others without first knowing some details. I think it's a bad idea to set up a dead man's switch without first knowing what kind of investigation might trigger it. It would be sad to face charges for destruction of evidence due to accidentally triggering the switch for something silly.
> You have a point, but recognize that standing on morals won't get you out of punishment.
Is that supposed to be a reason not to do it?
You lose rights you don't exercise and it makes vulnerable populations stand out more when they're the only ones trying to protect themselves.
The thing about corrupt law enforcement is that, like other forms of crime, their victims are a large number of people but a small percentage of people. You are not likely to be one of them. But if everybody, especially the innocent, takes practical defensive measures then taking defensive measures is no longer evidence of anything. It's like encouraging people to use Tor to check sports scores and read Wikipedia.
And because you're innocent, whatever legal consequences may currently be the result of defending yourself are irrelevant to you with high probability because they only come into play if you are already a target. And since that is very unlikely to occur, and if it does you're basically already screwed anyway, discouraging people from doing something that allows the innocent actual targets to claim a stronger defense is probably not in the public interest.
> > You have a point, but recognize that standing on morals won't get you out of punishment.
> Is that supposed to be a reason not to do it?
Not really. It's meant to be a "be sure you know what you're getting into" warning.
> But if everybody, especially the innocent, takes practical defensive measures then taking defensive measures is no longer evidence of anything. It's like encouraging people to use Tor to check sports scores and read Wikipedia.
Considering Tor: I'm perfectly OK recommending people check sports scores and read Wikipedia through Tor in the US or other Western countries; but I would feel irresponsible giving that advice to people in, say, North Korea or Iran.
> And because you're innocent, whatever legal consequences may currently be the result of defending yourself are irrelevant to you with high probability because they only come into play if you are already a target. And since that is very unlikely to occur, and if it does you're basically already screwed anyway, discouraging people from doing something that allows the innocent actual targets to claim a stronger defense is probably not in the public interest.
Remember, in criminal law, there has to be an illegal act and a state of mind (the person acted willfully, recklessly, negligently, etc.). The state of mind is nearly impossible to prove with a confession, so it's generally proven by the circumstances: given that the person was under investigation, is it more likely that they destroyed evidence (1) to hinder that investigation, or (2) as a form of civil disobedience and they were unlucky in that they hadn't realized they were under investigation? Of course, in US criminal law, the question is "do you believe, beyond reasonable doubt, that the person destroyed evidence in an effort to interfere with the investigation?" But once proof that the person was being investigated is used to imply their state of mind, the fact that the accused went through a lot of trouble to set up a dead man's switch is going to look sinister; even if there are activists in the world -- who are not under investigation -- going through the same trouble to set up similar systems.
Civil disobedience is admirable, but it's easy to forget that civil disobedience is most effective when people are severely punished for standing on their morals, especially when the punishments are extra-judicial (unnecessarily rough arrests, paperwork snafus with real world consequences, difficulty getting medication ( http://herculesandtheumpire.com/2013/12/28/casual-cruetly/ ), etc.). We recently celebrated Martin Luther King, Jr. Day in the US. According to the Letter From Birmingham Jail ( http://www.africa.upenn.edu/Articles_Gen/Letter_Birmingham.h... ), King made sure to tell protestors that they could be beaten and jailed for their protests ("We began a series of workshops on nonviolence, and we repeatedly asked ourselves: 'Are you able to accept blows without retaliating?' 'Are you able to endure the ordeal of jail?'"). It's admirable that people took him up on the offer, but it's very important that people know what they're signing up for.
> Considering Tor: I'm perfectly OK recommending people check sports scores and read Wikipedia through Tor in the US or other Western countries; but I would feel irresponsible giving that advice to people in, say, North Korea or Iran.
Shouldn't it feel more uncomfortable than this casting the US into a comparison with North Korea and Iran? It seems like it should feel more uncomfortable than this.
But let's see if we can at least distinguish them a little so we can at least pretend. Using Tor is (presumably) illegal in itself in North Korea and Iran. Having your computer set up to delete data in the event of a home invasion isn't, to my knowledge, illegal in the US. You aren't guilty of destroying evidence of a crime if the thing you destroyed was not evidence of a crime.
The concern is presumably that it would look like destroying evidence of a crime, and that you might be prosecuted or falsely convicted for that even though it isn't what you did. But if you haven't committed any serious crime then the probability of a police raid against you is (hopefully) very low, which is the only apparent circumstance where it becomes an issue. Moreover, the more innocent people who have such a thing set up, the less prosecutors are able to argue that only the guilty would do it. Having innocent people do it is the only way to allow the argument that someone doing it is innocent.
> Civil disobedience is admirable, but it's easy to forget that civil disobedience is most effective when people are severely punished for standing on their morals, especially when the punishments are extra-judicial (unnecessarily rough arrests, paperwork snafus with real world consequences, difficulty getting medication ( http://herculesandtheumpire.com/2013/12/28/casual-cruetly/ ), etc.).
I don't think I can agree with that. Civil disobedience is most effective when people are unjustly and publicly harmed but not destroyed. MLK was in the Birmingham jail for eight days. Being beaten by the police while offering no resistance or being jailed for a matter of days is exactly what you want, because the next day the victim is standing behind a podium in front of a thousand people decrying the obvious injustice and demonstrating that their resolve holds.
Which is why the police don't do those things anymore. Today you don't get beaten, you get shot and killed. You don't go to jail for a few days only to be released into a community that rallies behind you, you get prosecuted for years until your entire family is bankrupt and then go to prison until your ties to your community are severed. Can you even name a US civil rights leader who is under 40 and has been incarcerated? An obvious example might have been Aaron Swartz. Or Manning, or Snowden. But those people can't exactly lead a march on Washington now, can they?
We need a different tack. And something that could conceivably work is for as many people as possible to interfere with the ability of malicious government officials to persecute citizens who do the right thing, by doing things that aren't strictly illegal, like operating Tor nodes and using encryption and so on. And yes, that means some risk that a prosecutor somewhere is going to step way over the line and make somebody's life hard who wasn't doing anything wrong. But that isn't the tone of your previous post. There is a big difference between "there is a chance this could go badly, are you in?" and "I wouldn't do that if I were you."
We're clearly not making any progress, so I'll boil down my objections and leave it at that. My biggest problem with the original article is simply that it doesn't mention that setting up a dead man's switch could expose somebody to a legitimate charge of destruction of evidence or contempt of court. That seems like an important detail.
I'll accept your argument that there may be valid reasons for innocent people to set up a dead man's switch, but even so it's irresponsible to tell people "look at this cool thing you can do" without mentioning that doing it could -- in some circumstances -- lead to jail time and legal bills.
Yes, if I set up a dead man's switch and am never investigated, it will never be triggered, and I will never face charges because of it. But then the police will never know that the thing existed, so they would have no reason to believe that lots of innocent people are using dead man's switches for legitimate purposes.
I would still insist on a disclaimer if the advice only increased the chance somebody would be charged with a crime, even if it were impossible to be convicted. I don't believe everything should carry a disclaimer, but I do believe that if I'm aware of a nonobvious risk, I should mention it.
Years ago, I was a teller for BB&T bank. When the economy started slowing down in early 2001, and our competitors announced layoffs, the CEO sent out a memo stating that BB&T didn't plan any layoffs and that the CEO thought the company had a bright future. As proof of that bright future, he mentioned that he was "fully vested" in the company, i.e., his only investments were cash and BB&T stock, and he swore that he would not sell his stock because a captain has a duty to go down with the ship. It's certainly legal to put all of your investments in one company, but it's generally considered a risky move, so the CEO also included a disclaimer that he wasn't suggesting we put all of our money in BB&T stock. But he wanted us to know that he either sincerely believed in the company, or was willing to risk a fortune pretending to.
> > Considering Tor: I'm perfectly OK recommending people check sports scores and read Wikipedia through Tor in the US or other Western countries; but I would feel irresponsible giving that advice to people in, say, North Korea or Iran.
> Shouldn't it feel more uncomfortable than this casting the US into a comparison with North Korea and Iran? It seems like it should feel more uncomfortable than this.
I'm feeling the smugness, but I'm not able to figure out the logic behind it. My complaint with the original article is that it gives advice without mentioning the consequences for following that advice. My list of things that should include disclaimers is based on my understanding of US law and the potential consequences of using Tor, secure HTTP connections, encrypted email, etc. It seems obvious to me that the list of things that should include disclaimers under various legal regimes will be influenced by the consequences of taking those actions in those regimes. Indeed, mentioning that the consequences of using Tor, encrypted email, etc. are different in the US than in North Korea (or Iran, or Saudi Arabia, or Cuba, depending on who's on the other end of the connection) seems to me to be a compliment to the US.
> In the US, it's generally a crime to destroy evidence if you believe there's an investigation
There are situations where obstruction charges/fines/jail-time are far less severe than the crime originally intended for prosecution. Without the evidence on your system, the prosecution may not be able to put together a solid case.
If Ulbricht had been able to destroy his data or shut off his laptop before the FBI (controversially) distracted and stole his laptop out from underneath his arms prior to arrest, the prosecution's case would not be nearly as strong. So far most of the evidence submitted in court has originated from his laptop and personal diary (kept on the laptop).
I enjoy your snarkiness daniel, but I think it's a bit more complex than "I'm so clever", FDE is a feature of MacOSX, Ubuntu, and .. I dunno.. probably Windows by now? Who cares.
They can essentially use all the tactics they would get you to use to reveal any other information, and if they have probable cause for that drive, the encryption keys are what they'll ask for.
Destroying them could put you in a tough situation, because they might not believe you destroyed them. Proving that nowhere in the world do you have access to a few kilobyte is pretty hard, and although the burden of proof is generally on the prosecution, it's up to them and law enforcement to interpret that outside of court. Because federal judges are protected by Federal Marshals - DOJ employees - they also have an IMO unhealthy relationship with the DOJ.
Full disk encryption isn't an "I'm so clever" excuse - take Ulbricht for instance even if he had shut down his computer before being arrested FDE wouldn't be help from someone asking his password. If you've been seen using the computer recently it's going to pretty hard to convince the courts that you don't know the FDE encryption password.
"I'm so clever" is running something that destroys all the data on your laptop and then claiming that you didn't do that in response to an investigation (and therefore obstructed justice).
Even with Truecrypt installed there's still plenty of ways evidence can be collected that can be used to demonstrate that you realistically have access to encrypted and hidden data. It isn't as simple as installing Truecrypt and thinking you're safe. Be it recently accessed documents lists for folders that don't exist, Truecrypt being installed, having software installed (and with recent execution dates) that don't have any corresponding data files anywhere on the system etc etc.
Think of it like Cold War espionage - you could live your life by "Moscow Rules" where you do everything possible to be able to claim, convincingly, that you're not being so clever. However even very talented agents and intelligence assets failed to not slip up on many occasions, and it involved huge amounts of time, effort and money on their parts.
Not sure which country you hail from, but I know that there are laws compelling you to hand over keys generally worldwide[1]. So I guess it depends if the crime you're guilty of (Otherwise why would you even need to hide everything) outweighs the punishment for withholding keys.
Thankfully, the USA still has a fair amount of really strong legal protection from the bill of rights (1st-10th amendments). The 5th amendment protects US citizens from being forced to reveal their encryption keys.
Forced key disclosure with sentencing for failure to disclose (like in the UK) is particularly odious. If I have a hard drive full of random data, the UK government can imprison me for up to five years just by accusing me of terrorism or child pornography possession and demanding that I turn over the key to the hard drive. They don't have to prove that I did what they're accusing me of, or that I even have a key.
In the UK, if you can meet the evidential burden to raise the issue that your hard disk is in fact full of random data, then it must be proved beyond reasonable doubt that that is not the case. In other words, unless you aren't even permitted to use that as a defence, the prosecution does actually have to prove that you have a key. Now that we have some experience of successful RIPA prosecutions, the smart advice appears to be 1) don't claim to have created a key that you refuse on principle to turn over, or 2) to have created a key that you've since forgotten: you will be asked how long it is – if short, it won't be reasonable to have forgotten it, if long, unreasonable not to have recorded it elsewhere. Basically don't admit to use of encryption unless you're capable of producing a key.
> you will be asked how long it is – if short, it won't be reasonable to have forgotten it, if long, unreasonable not to have recorded it elsewhere.
Bullocks. Just yesterday they replaced the keypad on a door I've used a hundred times before and I completely blanked on the combination. It was the same 4-digit number it was before but the keypad was different and that was all it took. On the other hand, the passwords for the computers are 14 random characters, and nobody ever wrote them down because a) they were explicitly forbidden to and b) everyone used them so often they didn't need to. Except that half the time anyone would go on vacation for more than a week they would forget and have to beg the backup admins to restore their home directory because the local data was encrypted but the backups weren't.
The idea that it isn't "reasonable" for people to do these things is belied by the fact that they regularly do. And having the police break into your house and turn your life upside down by carting off with half your stuff is exactly the sort of shock that will interfere with your ability to remember.
They aren't calling it unreasonable because it's unreasonable, they're calling it unreasonable because they'd rather put innocent people in prison than let guilty people go. The prosecutor is willing to lie about what is reasonable and the judge is willing to believe the lie. But at that point it doesn't matter what you actually do because facts and logic are no longer in play. They're just making things up. If they don't get you for not providing your encryption key then they'll just make up something else for you to be guilty of.
> The 5th amendment protects US citizens from being forced to reveal their encryption keys.
IANAL, but it does not. It protects against self incrimination. They can make you incriminate someone else just fine, and if you try to object on 5th amendment grounds they can grant you immunity to whatever they might find there.
I wonder, though, if your key were a confession to a crime you did actually commit (perhaps you stole a pack of gum) and you cannot be compelled to testify against yourself, how would that turn out?
This has gone both ways so far in cases in the United States[1]. One of the fundamental questions is whether or not you giving up the key is testimonial or not. There is a litany of things which have been held to not be testimonial, and thus not implicated by the 5th amendment, including giving up your saliva, blood, fingerprints, standing in a line up, etc.
The really interesting legal question to me is as neuroscience advances, it is likely in the near future that scientists may be able recover one's key (or other relevant information regarding crime) through studying one's brain by imaging or the use of other sensors. Under current case law there is a really really good argument this would not be testimonial (i.e. it is similar to taking your fingerprints or blood), yet provides the same information they could obtain by compelling your testimony.
Does the 5th Amendment prohibit the government from scanning your brain to obtain information about a crime? I think there is a significant number of judges who would find under current law it does not.
I knew the key and would readily input the key frequently in the past so that I could access my information, but now that you want that information I have conveniently forgotten the key.
Yes, they would put you in jail, but more for being a bad liar than for having a faulty memory.
What if you used it before, but not like yesterday? What if you last used it a month ago? A week ago? What is "frequently", once a day? Once every two days? Once a week?
It works for so many Presidents and Congressmen though!
Honestly, if I have a 32 character master-password on a strip of paper in my wallet and I just happen to lose my wallet before I get raided, then I'm pretty sure that I could show that I simply don't know the key.
The hard part would be to prove that you "just happened" to lose your wallet before you got raided, rather than disposed of it in expectation of the raid. Or that the whole story of that being where the key was is true, in the first place.
Isn't the burden of proof on the police to prove that you are lying? So if neither side has proof it must be assumed that you did indeed just happen to lose it.
Because realistically would you write down the pass key in only one place? That's all of your data after all. Your livelihood if you're a developer etc. You may get asked what sort of things losing that password has cost you, if you're the sort of person who has that level of security that probably means you're locked out of all sorts of other systems (thanks to now not having access to private keys) so they can be subpoenaed to see if you've managed to log into your hosting account recently despite not having the private key to do so. And if you magically have preserved your private keys elsewhere why should you be believed that your passkey solely exists on a piece of paper in your wallet...
What about your friends, co-workers etc who might be compelled to testify as to having seen you work on your computer and have never seen you get your wallet out at any point.
And as soon as that isn't believed all other testimony you may give is tainted because you've just lied to the court. Good luck with any mitigation in the event of a guilty plea as well because you've demonstrated you haven't acted in good faith.
Yes, but "proof" in the legal sense isn't mathematical/logical proof; even the criminal "beyond a reasonable doubt" standard does not involve elimination of all doubt: a fairly typical jury instruction [0] on the standard says of reasonable doubt that "[i]t is such a doubt as, in serious affairs that concern you, you would heed; that is, such a doubt as would cause reasonable men and women to hesitate to act upon it in matters of importance."
I think part of the problem with these discussions is that there are countless cases where the police won't stop just because there's a law that says so and so.
They often work hard to find workarounds or ways to charge you with other things to punish you anyway. The most obvious example is being innocent until proven guilty, and yet there are a lot of cases where the police shot someone to death because they raided the wrong home for example (which is why the tool is called SWATd I believe)
No. But if you say "I forget" and "they" don't believe you and a judge/jury doesn't believe you then you can likely be convicted and imprisoned for perjury and/or criminal contempt.
IANAL as well, and obviously depends on the jurisdiction, but as far as I understand previous discussions: using a tamperproof or encrypted disk is mostly fine. Actively triggering anything that destroys data after you've been become aware of the fact that law enforcement has a warrant is not.
Dead-man switch kind of things are harder to categorize, e.g. having a daemon format the disk if GPS reports locations outside a certain area, or if you don't press a key kombination every 2 minutes (is one allowed to lie about them if asked?)
if you just use encryption you might be forced to turn over the keys.
Digital laws are so barbaric and unbalanced today. I'd be worried they'd find a copy of an xfiles episode in some subfolder somewhere or god knows what. All of a sudden I'm facing federal prison and fines sizeable enough to ruin my entire life just because I was being 'accused' of xyz?
If the police actually think you're up to something, raid you, and your "cybernetic boobytrap" destroys your hundreds of GB of actual random data, they may still try and prove that you're a terrible person and destroyed evidence in court. Then it's up to a jury, and a prosecutor bent on making you look guilty as hell.
I'm not trying to dissuade exploration, but understand what can happen if you actually deploy this sort of system.