Strong, properly implemented encryption, will protect your data against most mathematical and technical attacks. The encryption available to the average person today will defeat attempts at decryption by anyone who does not have access to the associated keys (passwords) to decrypt the data. You as the owner of the encrypted data no doubt possess the encryption / decryption keys for your own data, but can you be forced to provide those keys to another person, against your will, thus providing that person access to your private information once it has been decrypted?
The phrase "rubber hose cryptanalysis" is a euphemism for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion or torture - such as beating that person with a rubber hose, hence the name - in contrast to a mathematical or technical cryptanalytic attack. Of course, this coercion need not be an actual rubber hose; a court could order you jailed until such time as you provided the password to decrypt your files. Some countries, such as Australia and the United Kingdom have laws that require a suspect to provide known decryption keys to law enforcement, or face fines and jail. Other countries, such as the Czech Republic, Germany, and the United States have laws that protect a person from self-incrimination or being forced to provide testimony against themselves. But even in countries with protection against self-incrimination, courts have sometimes ruled that there are exceptions to those protections and ordered suspects to disclose their passwords or decryption keys.
In the case of State of Florida v. Aaron Stahl, Case No. 2D14-4283 (December 7, 2016) the court ordered Stahl to provide his password to decrypt is iPhone, stating: "We are not inclined to believe that the Fifth Amendment should provide greater protection to individuals who passcode protect their iPhones with letter and number combinations than to individuals who use their fingerprint as the passcode." "Compelling an individual to place his finger on the iPhone would not be a protected act; it would be an exhibition of a physical characteristic, the forced production of physical evidence, not unlike being compelled to provide a blood sample or provide a handwriting exemplar." "This is a case of surrender and not testimony," the court concluded. This Florida appeals case is an exception, as many other courts - including the trial court in the above case - have held that suspects may not be compelled to disclose the content of their mind (i.e. provide a password or other testimony against themselves).
It is important to note here that while suspects may be protected against compelled testimony, this does not apply to being forced to unlock a device using a fingerprint or facial recognition scan. The police can force you to provide a fingerprint or facial scan to unlock a device. When the law protects against self-incrimination it only protects the content of your mind. The law allows you to remain silent, it does not protect against being compelled to provide other things to the police - such as fingerprints, facial scans, blood samples, and DNA. In May 2016, the Department of Justice obtained a warrant to compel everyone at a home in Lancaster, California to provide his or her fingerprint on the sensor of their cell-phones, thus allowing police to search them on the spot. Those individuals who used their fingerprint to unlock their phones had their private information reviewed by police. Those individuals who used a password / PIN could not be compelled to disclose it under the warrant.
The National Domestic Violence Hotline has warned about the Dangers of Sharing Passwords, saying: "By obtaining a password, an abuser is able to use the digital realm to affect a victim’s offline daily life. They can monitor actions, watch bank accounts to limit access to money, isolate the victim by controlling social media interactions and even use online activities as validation or excuses for abuse. This extension of control can be extremely dangerous." An abuser could certainly force a victim to unlock a phone with a fingerprint, and might be able to coerce a victim into revealing passwords protecting computer files, on-line accounts, and e-mail.
Techniques to Survive Rubber Hose Cryptanalysis
Avoid using biometric identifiers (i.e. fingerprints, facial recognition) as the sole means of accessing sensitive information. You have no right against self-incrimination with biometric identifiers - police can compel you to use them to unlock devices - and an abuser could use physical force to cause you to use a fingerprint or facial scan to access your private data.
VeraCrypt Hidden Volume allows you to create a hidden and encrypted space inside of an existing VeraCrypt encrypted volume. If you are forced to provide the password to your VeraCrypt encrypted volume, the hidden volume still remains undisclosed. This allows you to give the appearance of cooperating with demands for your passwords without disclosing your hidden information.
Use two factor authentication whenever possible. In this way even if you are forced to reveal your password, your data or account is still protected by the second factor of your two factor authentication scheme.
The Electronic Frontier Foundation (EFF) has published a guide: Digital Privacy at the U.S. Border: Protecting the Data On Your Devices and In the Cloud that discusses protecting your personal information when traveling.
Use a data shredder, such as Freeraser, to permanently destroy sensitive data on your computer. Know how to remotely erase your Apple or Android smartphone if it is lost, stolen, or seized. Know how to do a factory reset on your smartphone if necessary. This procedure will vary from one model of phone to the next, but be sure that you know how to do it on your phone.
Use an encrypted password manager, such as KeePass, to store your passwords and decryption keys. Password managers create an encrypted database that is used to store your passwords. Use long, complex, non-memorable passwords to protect your accounts and sensitive information. When using a password manager you won't know what the passwords to your accounts are, rather you will remember a single password for the password manager. If you don't know the passwords to your accounts you can't be forced to reveal them. Use a data shredder to destroy your password manager database if you come under duress. Keep a copy of the database in a secure location outside of the reach and jurisdiction of your adversary. Arrange to recover the database only after it can be shown that you are not being coerced and are not under duress (perhaps you store a copy with your attorney).
Store sensitive data in the Cloud to prevent it from being compromised if your computer or smartphone is lost, stolen, or seized. Remember that all data stored in the Cloud should be encrypted before it is uploaded. I recommend SpiderOak for Cloud storage, but also use Yandex Disk for storing some files.
The techniques for defeating rubber hose cryptanalysis are twofold. First is to use technical means to prevent you from being able to reveal information while under duress (you can't disclose a password that you don't know, and you can't share a private key that you don't possess). Second is to employ obfuscation (i.e. hidden files) to allow you to give the appearance of cooperation without compromising your most sensitive data.
Use two factor authentication whenever possible. In this way even if you are forced to reveal your password, your data or account is still protected by the second factor of your two factor authentication scheme.
The Electronic Frontier Foundation (EFF) has published a guide: Digital Privacy at the U.S. Border: Protecting the Data On Your Devices and In the Cloud that discusses protecting your personal information when traveling.
Use a data shredder, such as Freeraser, to permanently destroy sensitive data on your computer. Know how to remotely erase your Apple or Android smartphone if it is lost, stolen, or seized. Know how to do a factory reset on your smartphone if necessary. This procedure will vary from one model of phone to the next, but be sure that you know how to do it on your phone.
Use an encrypted password manager, such as KeePass, to store your passwords and decryption keys. Password managers create an encrypted database that is used to store your passwords. Use long, complex, non-memorable passwords to protect your accounts and sensitive information. When using a password manager you won't know what the passwords to your accounts are, rather you will remember a single password for the password manager. If you don't know the passwords to your accounts you can't be forced to reveal them. Use a data shredder to destroy your password manager database if you come under duress. Keep a copy of the database in a secure location outside of the reach and jurisdiction of your adversary. Arrange to recover the database only after it can be shown that you are not being coerced and are not under duress (perhaps you store a copy with your attorney).
Store sensitive data in the Cloud to prevent it from being compromised if your computer or smartphone is lost, stolen, or seized. Remember that all data stored in the Cloud should be encrypted before it is uploaded. I recommend SpiderOak for Cloud storage, but also use Yandex Disk for storing some files.
The techniques for defeating rubber hose cryptanalysis are twofold. First is to use technical means to prevent you from being able to reveal information while under duress (you can't disclose a password that you don't know, and you can't share a private key that you don't possess). Second is to employ obfuscation (i.e. hidden files) to allow you to give the appearance of cooperation without compromising your most sensitive data.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.