| ▲ | snowwrestler 2 hours ago | |
> You comply and enter "a" password. The device shows contents. You did what you were asked to do. No, you did something fake to avoid doing what you were asked to do. > If there is no way for the government to prove that you entered a decoy password that shows decoy contents, you are in the clear. But there are very effective ways to find hidden encrypted volumes on devices. And then you’ll be asked to decrypt those too, and then what? This sort of thing is already table stakes for CSAM prosecutions, for example. Law enforcement can read the same blog posts and know as much about technology as you do. Especially if we are hypothesizing an advertised feature of a commercial OS! | ||
| ▲ | dkarras 15 minutes ago | parent [-] | |
>No, you did something fake to avoid doing what you were asked to do. Yes, that is what plausible deniability is. >But there are very effective ways to find hidden encrypted volumes on devices. And then you’ll be asked to decrypt those too, and then what? I emphasized "done right". If existence of hidden encryption can be proven, then you don't have plausible deniability. Something has gone wrong. My point was: OP claimed plausible deniability does not apply in legal cases which is a weird take. If you can have plausible deniability, then it can save you legally. This does not only apply to tech of course, but encryption was the subject here. In all cases though, if your situation is not "plausible" (due to broken tech, backdoors, poor OPSEC in tech, and / or damning other evidence in other cases as well) then you don't have plauisble deniability by definition. Having ways of definitively detecting hidden encrypted volumes might be the norm today, might be impossible tomorrow. Then you will have plausible deniability and it will work legally as far as that piece of "evidence" is concerned. | ||