Mr. Matt :debian: :linux:
Follow

Privacy and Self-incrimination Show more

Privacy and Self-incrimination Show more

Privacy and Self-incrimination Show more

Privacy and Self-incrimination Show more

Privacy and Self-incrimination Show more

Privacy and Self-incrimination Show more

Privacy and Self-incrimination Show more

Privacy and Self-incrimination Show more

Privacy and Self-incrimination Show more

@omnipotens

@matt

As I understand it any enforcement of the IP Act does require a court order, however it is issued by political committee and not reviewed by the judiciary, which is i Think contrary to established methodology as it Is a criminal not civilian matter

This will only get worse post-brexit

@jason @omnipotens in the US, if it's not issued by a judge, it's not a court order (Imo, but IANAL).

On the other hand, NSLs...

@matt

Yeah, as i understand it tradionally a judge would sign off on a court order, however since the enactment of the [sarcasm]balanced and fair[/sarcasm] laws the IP Act brings to the tables the politicians decided to help out and not increase the judiciary workload and oversee such things themselves

@omnipotens

Privacy and Self-incrimination Show more

Privacy and Self-incrimination Show more

Privacy and Self-incrimination Show more

Privacy and Self-incrimination Show more

@matt

This is why plausible deniability, in combination with proper #opsec hygiene, segmentation and isolation is needed. Can't convict someone of refusing to hand out the encryption keys for data that isn't there.

@h3artbl33d @matt exactly, I remember a feature of true crypt was a hidden encrypted partition, you get two password, one show a dummy partition, the other the real.

@benoitj @matt

Exactly! It should be noted that the non-hidden part shouldn't be a brand new, default OS installation as that would raise suspicion.

Another method would be using a live environment that encrypts all temporary data, whether in RAM or on disk. Having a password vault hidden and inaccessable 'somewhere' might make this more viable.

But in the end - this is mitigating a situation that shouldn't be there in the first place. Madness!

@h3artbl33d @benoitj I would be careful with that approach. At least in regards to TrueCrypt, the authorities are well versed in hidden partitions.

@matt @benoitj

True that. I think hidden partitions aren't the best means to achieve opsec. Also, one shouldn't trust a sole method. Like TOR - even if properly used, if there is a vulnerability in the browser, the user and location info could be at serious risk.

The best bet - as far as I am concerned - is to design the opsec model to the particular situation, with the assumption that everything is comprimised from the start.

@h3artbl33d @benoitj my assumption is that encryption will only thwart a casual burglar or thief. A state sponsored attacker will have means to break in (either via brute force, or drugs and a $5 wrench).

@matt @benoitj

Well spoken. Though regular users aren't in the crosshairs of a state actor, eg, the NSA TAO division - they will obtain access.

No system is 100% safe/secure.

Privacy and Self-incrimination Show more

Privacy and Self-incrimination Show more

Privacy and Self-incrimination Show more

Privacy and Self-incrimination Show more

Sign in to participate in the conversation
LinuxRocks.Online

Linux Geeks doing what Linux Geeks do..