Imagine a computer decryption program that creates a random number of nonsense files that look like encrypted files but for which no password will work. Now, if the government orders you to decrypt all of your files and you have a file you don’t want to decrypt the government won’t be able to prove that you have the password to that file since given that you are using the program there will definitely exist files you can’t decrypt.
This is basically the idea behind TrueCrypt hidden volumes and similar: there should be no way for the police to prove that there exists additional volumes which you have not decrypted for them.
But afaik, no case in the United States so far has involved an order to just “decrypt all your files”. In all the cases I have heard about, they had something specific that they wanted the key for, and they had separate evidence that the defendant knew the key. In that case no technical solution can help you.
Another way to deal with the issue would be to claim that you memorized the password via a mnemonic like a memory place that’s easily destructible. If you fill up a memory place with a bunch of new items, the old memory that stores the password becomes inaccessible because of memory interference.
It’s also the only way to protect encrypted files against torture. Have the memory in a form that’s easily destroyed. Memory places provide that ability when you overwrite them.
Writing this myself might also be a good precommitment ;)
What makes you think a court would believe your story about a memory palace, precommitment or no, and not throw you in jail indefinitely for contempt of court until you retrieve the files for them?
Demonstrating mnemonics abilities if demanded to do so is easy and there are various outside mnemonics experts that can attest to the fact that it’s possible to do so.
At the moment I don’t have secrets that are worth protecting enough to go for years into prison but there are people who have secrets that are worth protecting.
The tactic not only works against courts forcing you to give evidence but also against torture. If someone throws you bound and gagged in the back of a truck it’s time to delete the password.
At the moment I think there are three people in the UK who didn’t give up their password but did face prison. If anyone thinks there a possibility that he could come in that position he could prepare for the mnemonics defence and it would be interesting how it plays out in court.
It’s also not clear how many judges actually like the principle of putting people into prison for refusing to hand over passwords. A judge won’t decide against he law, but if you can make a plausible case for reasonable doubt, than you could help the judge to make case law.
You could also take a polygraph to verify that you tell the truth about having deleted the password.
Demonstrating mnemonics abilities if demanded to do so is easy and there are various outside mnemonics experts that can attest to the fact that it’s possible to do so.
Yes, but you need to be demonstrating the forgetting exists and is accidental. ‘Oh, I’m sorry judge, I totally forgot! also, this is totally not destruction of evidence so please don’t have me up on either contempt of court or obstruction of justice!’
You could also take a polygraph to verify that you tell the truth about having deleted the password.
Polygraphs aren’t very reliable for verifying you’re telling the truth and I think judges know that by this point. Plus, that could easily backfire the other way: you could be nervous enough that your readings are consistent with lying.
Another way to deal with the issue would be to claim that you memorized the password via a mnemonic like a memory place that’s easily destructible. If you fill up a memory place with a bunch of new items, the old memory that stores the password becomes inaccessible because of memory interference.
That sounds like an overly convoluted way of saying “I forgot”, with the added disadvantage of making the judge think you’re up to no good.
Imagine a computer decryption program that creates a random number of nonsense files that look like encrypted files but for which no password will work. Now, if the government orders you to decrypt all of your files and you have a file you don’t want to decrypt the government won’t be able to prove that you have the password to that file since given that you are using the program there will definitely exist files you can’t decrypt.
This is basically the idea behind TrueCrypt hidden volumes and similar: there should be no way for the police to prove that there exists additional volumes which you have not decrypted for them.
But afaik, no case in the United States so far has involved an order to just “decrypt all your files”. In all the cases I have heard about, they had something specific that they wanted the key for, and they had separate evidence that the defendant knew the key. In that case no technical solution can help you.
Another way to deal with the issue would be to claim that you memorized the password via a mnemonic like a memory place that’s easily destructible. If you fill up a memory place with a bunch of new items, the old memory that stores the password becomes inaccessible because of memory interference.
It’s also the only way to protect encrypted files against torture. Have the memory in a form that’s easily destroyed. Memory places provide that ability when you overwrite them.
Writing this myself might also be a good precommitment ;)
What makes you think a court would believe your story about a memory palace, precommitment or no, and not throw you in jail indefinitely for contempt of court until you retrieve the files for them?
Demonstrating mnemonics abilities if demanded to do so is easy and there are various outside mnemonics experts that can attest to the fact that it’s possible to do so.
At the moment I don’t have secrets that are worth protecting enough to go for years into prison but there are people who have secrets that are worth protecting.
The tactic not only works against courts forcing you to give evidence but also against torture. If someone throws you bound and gagged in the back of a truck it’s time to delete the password.
At the moment I think there are three people in the UK who didn’t give up their password but did face prison. If anyone thinks there a possibility that he could come in that position he could prepare for the mnemonics defence and it would be interesting how it plays out in court.
It’s also not clear how many judges actually like the principle of putting people into prison for refusing to hand over passwords. A judge won’t decide against he law, but if you can make a plausible case for reasonable doubt, than you could help the judge to make case law.
You could also take a polygraph to verify that you tell the truth about having deleted the password.
Yes, but you need to be demonstrating the forgetting exists and is accidental. ‘Oh, I’m sorry judge, I totally forgot! also, this is totally not destruction of evidence so please don’t have me up on either contempt of court or obstruction of justice!’
Polygraphs aren’t very reliable for verifying you’re telling the truth and I think judges know that by this point. Plus, that could easily backfire the other way: you could be nervous enough that your readings are consistent with lying.
That sounds like an overly convoluted way of saying “I forgot”, with the added disadvantage of making the judge think you’re up to no good.