[vox-tech] Which cipher to use?

ME vox-tech@lists.lugod.org
Wed, 5 Jun 2002 09:18:51 -0700 (PDT)


On Tue, 4 Jun 2002, Joel Baumert wrote:
> You cannot ask for what is in the safe, but I think the prosecution
> could have search warrant for specific items in a safe and a judge
> could command you to produce the key/combo.  I don't think your fifth
> amendment rights protect you in a civil trial unless you can argue
> that you are in criminal jeopardy for something.

Yes and no. When you are being questioned for the key, a useful tactic is
to claim you cannot remember while you are stressed and threat of charges
is an item of stress. Only you can know if that is truthful, so they
cannot get you on perjury. However, they can put you in jail in conptempt
of court and keep you ro either up to 90 days or 180 days (dont recall.)
The judge only has to feel bad on a day, or think you are hindering the
case on purpose (by not giving the key) in order to put you in jail on
contempt charges. Of course, if they have your data and system, then you
*cant* use it. However, if you still have your system, then as soon as you
did enter the key to decrypt the data while the case is being fought, if
the courts/police found out about it, then there is risk of perjury (if
they can prove that you did know the key the whole time - tricky to prove)
or that they could have access to your data by modification of your
equipment before you use it again (a trojan for example.)

> I am more worried about a civil trial than a criminal trial.  I think
> it is more likely that I would develop software that would cause a 
> company to sue me than do something on the computer that is criminal.
> Dunno, maybe I'm naive.  As our Russian friend found out, the DMCA
> does have criminal penalties.

Preventing data from falling into the wrong hands vs. protecting code used
to compile/assemble an application are different problems. In the first
case, you often may have an easier time hiding the data if you are the
only one that needs to view it. In the second case, a distributed
application is subject to examination and possibly reverse engineering by
the courts/investigators. From this they can figure out (to some
extent) how you created it (there are exceptions to make this process
difficult, but not impossible AFAIK since virtual machines can be run
and segments of memory where application resides for running can be
examined outside the virtual machine, thus avoiding uissues in dealing 
with self decrypting executables since they can't be encrypted when
*running* at the assebly level - assuming our standard arch and home
machines here.)

-ME

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ 
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ !PGP
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html