[dane-pgp]

> until they get the data they want.

The game theory here is interesting. If they are sure that you have the information (for example, the private key to your bitcoin wallet) then "plausible deniability" isn't really a useful feature. It means you can credibly bluff "The key isn't on this device", but they can just torture you until you reveal which device it is on.

In contrast, the threat model of Rubberhose[0] assumes that the secret police believe that you have an incriminating file on your device, but they aren't sure. That means if you are innocent and disclose all your passwords to them, they won't be satisfied and will have to keep on torturing you forever, hoping that you might give them the information you don't actually have. Therefore they have to convince you that there is some information that you could hand over which would satisfy them, and they mustn't over-estimate what information you have, otherwise they are committing to torturing you forever and there is no advantage to you disclosing even the information you do have.

[0] https://en.wikipedia.org/wiki/Rubberhose_%28file_system%29

[orev]

Exactly this. In True/VeraCrypt, there’s only the possibility of having two keys, the main and hidden one. Just the existence of this feature places everyone using the software in danger (at least people who are potential targets of this type of regime), because if you’re not using the hidden volume, you can’t ever prove it. To be really safe, everyone would need to use both volumes, with the hidden one being empty so it can be proven nothing is in there.

But with something that has an arbitrary number of hidden volumes, you have no way to prove it and they can interrogate you forever.

[anigbrowl]

It's bleakly amusing that you think torturers are worried about some sort of credibility calculus. Where torture is sanctioned or tolerated, people are sometimes tortured for information, sometimes for compliance - but those considerations are often excuses offered to justify the torture to external critics. In many cases, people are tortured purely in order to terrorize others into compliance, or because the torturers are sadists who get off on it.

A lot of HN discussions on this topic are based on the implicit assumption that torture is a rational tactic, if extremely brutal and unpleasant one, because most people will eventually tell torturers what they want to hear in hopes of making it stop, and giving up secrets is a bargaining option. The sad fact is that many torturers are motivated by their enjoyment of others' suffering, so you could give them everything only to have them laugh at your dismay when you figured out they never cared about your secrets in the first place.

In some historical conflicts, this realization ahs been exploited by the underdogs; Algerian guerrillas under French occupation had standing agreements to maintain silence for 24 hours if arrested, but after that they could spill everything freely without fear of moral compromise, thus denying the incumbent powers a credible excuse for carrying out torture. Guerrillas were expected to keep abreast of each others' liberty status and to have an unshared plan to bail out if their network was compromised.

I point this out purely as a tactical maneuver; following the ejection of the French the newly independent Algerian state itself instituted all kinds of unethical and repressive practices.

[ativzzz]

> It's bleakly amusing that you think torturers are worried about some sort of credibility calculus. Where torture is sanctioned or tolerated, people are sometimes tortured for information, sometimes for compliance - but those considerations are often excuses offered to justify the torture to external critics. In many cases, people are tortured purely in order to terrorize others into compliance, or because the torturers are sadists who get off on it.

They actually are in some ways. I toured a former secret East German prison in Berlin, and they would keep prisoners for a long time, and psychologically torture them until they confessed, and would then send them to "trial" with their confession as proof.

I asked the guide why they didn't just physically torture them or falsify the trial right off the bat and he answered something along the lines of the prison guards thinking they were civilized people and wouldn't resort to such barabarous manners.

Torturers are still people and have some level of cognitive dissonance going on, but do require some kind of credibility.

[orev]

I said interrogation, not torture. There are now at least a few law abiding countries (e.g. UK) where disclosing passwords is mandatory by law as part of an investigation, where interrogation is the process where they demand the suspect reveal such information. With a tool like this, it would be impossible to prove you have revealed every password, and they could hold you in contempt forever.

Don’t assume everyone is making an argument from an extreme position, as reality is rarely ever black and white.

[anigbrowl]

You did, but as soon as you are discussing things in the context of rubber hoses that includes extreme interrogation methods.

[a1369209993]

> but those considerations are often excuses offered to justify the torture to external critics. In many cases, people are tortured purely in order to terrorize others into compliance, or because the torturers are sadists who get off on it.

Sure, but in that case you're fucked regardless, so there's not much point worrying about it.

[a1369209993]

> Therefore they have to convince you that there is some information that you could hand over which would satisfy them, and they mustn't over-estimate what information you have, otherwise they are committing to torturing you forever and there is no advantage to you disclosing even the information you do have.

This is a very useful explanation/articulation of the idea here, thank you.