Alv20121208 rubberfuse

From Technologia Incognita
Jump to: navigation, search

Some people have raised concerns that working on an opensource cryptographic software called rubberfuse.

"Rubberfuse - RubberHose like, but rewritten. It's the next generation plausible deniability filesystem." Where one could plead deniability about the fact that there are more encrypted volumes then the adversaries could proof.

The concerns working on it and having a wiki project space would damage the space "reputation" and potentially "would get us all arrested". If the law would become active. I quote below from an email;

However, this is what concerns me. "Motivation behind this project would be
a proposed law (in the Netherlands) similar to one in Great Britain (
https://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act_2000)
in which one could be forced to hand over encryption keys." [1] What that
sentence means is that this isn't a project as an exercise in cryptography.
It isn't meant to be something to protect your privacy. It is intended to
be able to circumvent a proposed Dutch law when it comes into effect. I am
aware that developing software that allows someone to break the law is not
illegal, although I do believe the quote already constitutes abetting.
However, the issue is more nuanced than this.

First, I would like to take a look at the actual proposal. [2] "Uit de
voorlopige resultaten komt naar voren dat de ontwikkelingen in het
buitenland en in de techniek suggereren dat een ontsleutelplicht voor
verdachten wel verenigbaar is met het nemo tenetur-beginsel (het recht dat
verdachten niet actief mee hoeven te werken aan hun eigen veroordeling) en
ook effectief zou kunnen zijn, mits een eventuele wettelijke regeling en de
uitvoering daarvan met voldoende waarborgen is omkleed. Zo zal naarmate de
dwang om mee te werken groter wordt en het afgedwongen materiaal een
zwaardere rol heeft bij het bewijs, het publiek belang van de afgedwongen
medewerking des te groter moeten zijn en zullen er meer waarborgen moeten
zijn voor rechtsbescherming." The proposal would mean that anyone can be
asked for their encryption keys if there is probable cause, even if they
are a suspect.

= snip =

But if the government decides that Tech Inc is an organisation that
intentionally broke a counter-terrorism law, they will label Tech Inc
itself as a terrorist organisation. This can incriminate every single
member of Tech Inc.

So, I would like to clear up, what is allowed? When is it not allowed anymore? Where do we draw a line to say that working on a project in the space or on our wiki is not allowed anymore?