Some legal trouble with TOR in France
Tony
Tony at tdrmail.co.uk
Sun May 14 13:45:01 UTC 2006
Correct that they can demand physical keys or passwords - but only if
they realise that they exist. As you say they will usually turn up and
just seize your hardware - you might not even be home! Before they
realise that they need a key you can microwave the token. You can then
surrender it when required and still meet your legal obligations... 'It
must have been static damage officer...you need to be more careful with
my equipment'
Yes they could get code signed in theory, but it makes it that much
harder - im sure Microsoft wouldn't be very keen on signing code for
government organisations to spy on people - imagine the impact on their
sales if it became public knowledge. Anyway, you can spot any changes in
your boot config checksums and be immediately alerted to a change.
-----Original Message-----
From: owner-or-talk at freehaven.net [mailto:owner-or-talk at freehaven.net]
On Behalf Of Dave Page
Sent: 14 May 2006 14:33
To: or-talk at freehaven.net
Subject: Re: Some legal trouble with TOR in France
On Sun, May 14, 2006 at 01:34:51PM +0100, Tony wrote:
> So if for instance they take your disks away as per the French TOR
node,
> then you could destroy your hardware key (wipe TPM module, destroy
> motherboard chipset or USB dongle) and they are not going to be
reading
> anything, ever. Even if they do take the whole system away then they
> wont be able to login to access your data even if they can boot unless
> they have your password (and biometrics or USB token, etc.)
Under the British "Regulation of Investigatory Powers Act", they would
simply confiscate the entire machine, demand any authentication tokens
required to access it, and lock you up if you refused to surrender them.
I believe similar laws exist in most EU jurisdictions now.
> Another advantage of this is that they can't easily trojan or root kit
> your OS at a low level - it would fail the signed code integrity
checks
> and would not boot.
You're assuming that the police are not colluding with the DRM
manufacturers. If they have access to a signing key which the TPM
module will trust, they can put any trojan or rootkit they want on your
machine, assuming that Microsoft haven't done so already ;)
Remember, the point of restrictions management systems like TPM is that
Intel, Microsoft and other members of the TPM Alliance get to control
who has access to your computer, not you.
More reading:
http://www.schneier.com/blog/archives/2006/05/bitlocker.html
Dave
--
Dave Page <grimoire at sparky.ox.compsoc.net>
Jabber: grimoire at jabber.earth.li
More information about the tor-talk
mailing list