On Wed, Mar 07, 2012 at 12:22:28AM +0100, Ondrej Mikle wrote:
Zdar,
ku koncu sa to s otazkami hodne zacalo tahat k pravnym veciam a plausible deniability.
Plausible deniability az na specialne pripady (napr. provozovani Tor exit node) nepomoze, podobne ako to nepomohlo Manningovi s OTR. Celkom dobre to ilustruje
Vies o jednom pripade, kedy bol niekto realne stihany a kriminalizovany za prevadzku Tor exit-nodeu? Teda myslim normalne krajiny zapadneho sveta, nie nejaky Pakistan, ci Iran.
Ja neviem o ziadnom pripade v EU a EFF si mysli to iste v pripade US:
https://www.torproject.org/eff/tor-legal-faq.html
Has anyone ever been sued or prosecuted for running Tor?
No, we aren’t aware of anyone being sued or prosecuted in the United States for running a Tor relay. Further, we believe that running a Tor relay — including an exit relay that allows people to anonymously send and receive traffic — is lawful under U.S. law.
Takze ocividne ta konspiracna "plausible deniability" funguje, inak by uz vsetci prevadzkovatelia exit nodeov uz boli vo vazeni.
Podobne "plausible deniability" funguje v pripade "hidden volumes" (truecrypt).
To, ze niekto skonci vo vazeni, lebo "niekto iny" si mysli, ze na tom sifrovanom disku ma detsku pornografiu a pritom to nevie nijako dokazat (lebo nevie k nemu heslo), je podla mna uplne potlacenie individualnych slobod a je to uplne nespravne.
Jon Callas na cryptography@lists.randombit.net:
There is no such thing as plausible deniability in a legal context.
Plausible deniability is a term that comes from conspiracy theorists (and like many things contains a kernel of truth) to describe a political technique where everyone knows what happened but the people who did it just assert that it can't be proven, along with a wink and a nudge.
But to get to the specifics here, I've spoken to law enforcement and border control people in a country that is not the US, who told me that yeah, they know all about TrueCrypt and their assumption is that *everyone* who has TrueCrypt has a hidden volume and if they find TrueCrypt they just get straight to getting the second password. They said, "We know about that trick, and we're not stupid."
"We are not stupid" znamena, ze s tym dokazu nieco robit? :-)
Chcu drzat daneho cloveka nekonecne dlhu dobu, kym nepovie heslo?
A nutit ho povedat "druhe heslo", ked nemaju ziadnu istotu, ze to druhe heslo vobec existuje a nevedia mu to nijako dokazat?
Rovnako ako neuspeje argumentacia "ja som len generoval nahodne cisla a vzdy mi z toho vysiel HTTP POST request". U sudu sa zavola sudny znalec a on to rozhodne nezozere.
OK, tak toto je statistika. Je dost mala pravdepodobnost, ze mi moj generator nahodny cisel vygeneruje SQL injection POST request, takze toto sa tazko ukecava.
Ak mam ale truecrypt s hidden volume, tak minimalne ja by som to heslo nikdy nikomu nepovedal nezavisle od toho, co tam mam ulozene - cisto z principu, lebo som presvedceny o tom, ze ziadna vlada nema pravo intruzivne zasahovat do mojho sukromia.
Pavol