[michaelt]

The first two paragraphs of the article are about a journalist covering war crimes exiting a country and being searched.

Fifth amendment distinctions between passwords and fingerprints aren't a solution to the problems in Egypt, China and Turkey as those countries aren't subject to US law.

In that situation, from one perspective a duress code that wiped the phone might seem useful - it would establish that there's no point in continuing to torture you for the unlock code, as there's no longer any data to decrypt. But when the thugs saw you'd used the factory reset duress code, wouldn't they throw you in jail anyway?

What you want in that situation is to present a plausible alternative story ("as you can see, I was writing a story about the great success of your glorious leader's agricultural productivity reforms") while keeping the war crimes work hidden from accidental or forensic discovery.

Of course, it would take work to keep the alternative story plausible - which a journalist working on war crimes might be willing to do, but your average mobile phone user probably wouldn't.

[1] https://cpj.org/imprisoned/2016.php

[joekrill]

I guess ideally a duress code would make it seem as though regular access was given, while silently either wiping sensitive data or keeping it hidden.

[77pt77]

The most disseminated example is TrueCrypt's hidden volumes.

[rattray]

Can you (or others) elaborate here?

[ianferrel]

Truecrypt is a (now discontinued) encryption program that allowed you to nest encrypted containers within one another in a way that if you provided Password1, it would open Container1, and if you provided Password2, it would open Container2.

Since the Container's full size was allocated at creation, and the size of the contents cannot be determined without the key, this gave plausible deniability. You could keep your real sensitive information in an encrypted volume, and put something that could plausibly be sensitive but that you didn't really care about someone getting in a nested volume, and when forced by the law/rubber hose to decrypt, provide the password to the volume you don't care about, and there's no way for anyone to prove that you didn't fully decrypt the contents.

[usefulcat]

Side note: TrueCrypt lives on as VeraCrypt.

[SilasX]

But isn't it a non-trivial problem to generate plausible fake data?

[ensignavenger]

You would use a 'fake' container for safe work that you don't mind revealing, while only entering your 'secret' container only when, and alway when, doing work you want to keep secret. This way. there isn't really any 'fake' data, just different data.

[kilotaras]

Truecrypt didn't generate fake date, you (the user) did. E.g. put porn on "show to thugs" partition and "Death star plans" on "true" encrypted partition.

[smellf]

    echo "Truecrypt test" > /mnt/plausible_deniability_volume/README && history -d $(history | tail -n1 | cut -d' ' -f1)

[77pt77]

I've never used it so all I could say you can find in the documentation.

[mulmen]

Could a cooperative effort to create a plausible body of work help in these situations? A journalist could keep a plausible number of canned stories on their machine and when the duress code is triggered everyone stops using them and more are written to take their place.

What level of quality in the writing is needed? Can some kind of news aggregating algorithm generate plausible stories? Some kind of propaganda bot that writes stories that are favorable to the regime for the purpose of creating a plausible cover?

Do I need to go get more coffee and watch fewer spy movies?

[jacobush]

More coffee and more movies. :) How about some real canned stories but of less devastating effect.

[wang_li]

In the kind of place where you have to worry about rubber hoses, it seems probable that you'd not want to be carrying a device that has the known purpose of secreting information.