Shaking Someone Down for His Password

A drug dealer claims that the police leaned him over an 18th floor balcony and threatened to kill him if he didn't give up his password. One of the policemen involved corroborates this story.

This is what's known as "rubber-hose cryptanalysis," well-described in this xkcd cartoon.

Posted on April 28, 2015 at 12:50 PM • 54 Comments

Comments

Plausibly DeniableApril 28, 2015 1:44 PM

And that's why your implementation should have Plausible Deniability features, why is this still a problem and why does practically no-one know about them?

SlavaApril 28, 2015 1:53 PM

Term "thermo-rectal cryptography" was coined about gangster Russia in 1990s. A soldering iron, a rectum and a wall plug.

ChelloveckApril 28, 2015 1:58 PM

@Plausibly Deniable: So say he gives up his duress password, which unlocks an innocent fake partition. What makes you think the police wouldn't just hang him over the balcony again when they figured out there's nothing of interest there? I have a feeling that "Oops, so sorry sir, we must have been mistaken." just wasn't something that was going to happen if they didn't find what they were looking for.

EvanApril 28, 2015 2:06 PM

This practice illustrates the difference between a cipher and code. Encryption uses ciphers to protect data, but once the cipher is broken, the data is available. A code is just arbitrary substitution - if the drug dealer, or anyone, had kept his incriminating data in the form of a household budget, then even having to give up the password wouldn't have helped. It's not a crime to pay your friend to "fix your sidewalk."

rdmApril 28, 2015 2:20 PM

Plausible deniability would mean that the unlocked details should be something at least slightly embarrassing. Ideal, of course, would be if it's embarrassing for them, and/or outside their jurisdiction, but whatever.

Slime Mold with MustardApril 28, 2015 2:25 PM

RE: XKCD

Does XKCD have a search feature that doesn't show because of my security settings? Or do you mark all the good ones? I saved "Rubber Hose Cryptography"!

st37April 28, 2015 2:49 PM

Plausible deniability is not enough you need also obfuscation and camouflage techniques to hide the secrets.

Clive RobinsonApril 28, 2015 3:06 PM

@ Slava,

Term "thermo-rectal cryptography" was coined about gangster Russia in 1990s

It's been around a lot longer than that.

I first heard it back in 1977 (UK Queen's jubilee), it came about through a joke question about "how to make someone 5h1t themselves". The wining suggestion was a cold soldering iron up the rectum, which was connected to a timer that the victim could see. The twist to it was if the soldering iron actually had to heat up or not, and if the victim would actually prolapse the bowel trying to expelle the soldering iron.

The joke made it's way around the UK Royal Signals and REME and was often heard when during NBC training the Porton Down "goat clips" film/video got shown.

No doubt as a meme it's been around for a considerable period of time.

On a historic note early soldering irons were like fireside pokers that you heated over a small brazier. And were known to exist back when a certain English King was murdered by having a red hot poker forced up his rectum...

ContingencyApril 28, 2015 3:22 PM

@Chelloveck: How sure are the interrogators going to be that their victim has the information? If they find a laptop in the possession of someone, and it is encrypted and has a TrueCrypt bootloader on it for instance, that's evidence that that person may know the password. But what evidence is there that there's a hidden volume? Beyond knowing that it's possible, nothing in particular. And most people don't use it. If there's nothing incriminating on the decoy volume, now they're flipped to having to use absence of evidence to continue. It's plausible it could end there.

Sancho_PApril 28, 2015 3:35 PM


Clearly they were milking that guy for months / years but actually urged more.

The obvious point:
Engage with the Mafia (Italian, Russian, Chinese, US, …) and you are doomed.

Not so obvious but very important point:
Drive (device) encryption alone has severe drawbacks.

Dr. I. Needtob AtheApril 28, 2015 4:48 PM

http://talkingpointsmemo.com/news/former-cop-planted-drugs-stole

"More than 160 drug convictions have been overturned since Walker pleaded guilty and the others were named in a 26-count indictment."

Somehow that just doesn't seem like the proper remedy for criminals convicted with legitimate but illegally obtained evidence. Those police committed crimes and certainly ought to be brought to justice, but does that also mean criminals should escape justice, even when they're proven guilty?

Even someone who questions whether drug dealing is a crime has to concede that the same thing happens in other cases that involve what clearly are crimes with victims. Why should crimes committed by police result in courts turning known criminals loose? It seems to me that there has to be a better way.

acApril 28, 2015 5:47 PM

@Steve: Almost--Torture is employed when information does not have to be true to be useful--i.e. propaganda, justification for already-planned military operations, and simply intimidating people. If any of the information ends up being true, then that's a bonus, but it's really beside the point--torture is for getting people to give you the information you want to hear, which is not the same thing as truth.

Which is really a good reason to think that maybe the kindly drug dealer in this story isn't being entirely honest, as if we needed another.

AnuraApril 28, 2015 6:47 PM

@Steve

Torture can work when you can quickly verify the correctness of the information given. It is ineffective when you have no way of knowing if the information is truthful; for example, if you ask a terrorist where they are going to strike next, then they can feed false information and waste resources while possibly even hindering your ability to stop the real attack.

rgaffApril 28, 2015 8:08 PM

@ Dr. I. Needtob Athe

The theory behind the court system, and letting criminals go free when the cops don't present correctly obtained evidence correctly, is that this is supposed to be an incentive for cops to do it right, instead of running around like "bigger" thugs themselves. When this incentive doesn't work any longer, and cops don't seem to care any longer, then we are all in trouble, not only from the real technical criminals, but even moreso from cops that run like a state sponsored mafia organization. Planting evidence is NEVER EVER supposed to be an ok way to convict a criminal, because YOU CAN NEVER THEREFORE BE SURE that the guy they picked wasn't in fact innocent, if all you ever saw was fake planted evidence. And our system is supposed to go by the principle that it's better to let a few criminals go free than to lock up innocent people.

ThothApril 29, 2015 12:40 AM

Cat and mouse game of security. Assuming crypto-chips are strong and trustworthy and you have the PIN and duress PIN setup for hardware encryption, you can present the duress PIN to wipe the keys. All these are technical dream-like assumptions that things go the right way. All you lose is being thrown down the balcony and dead but the enciphered data never make it out decrypted (if you are willing to die for it).

Assuming the crypto-chip is made by Atmel, Harris or some NSA-friendly brands, a duress PIN might give you a surprise or two of it's own and probably you would still be dead if they want.

Guess there are no straight answers to solving these issues except the fact that harder to solve methods like secret-sharing, not putting eggs in one basket, making data seem un-obvious or unrecognizable from other normal objects and the sort makes it much harder to defeat.

Most lay people have the sort of weird notions that scrambled data equates to security but it's a whole load of cans of worms of it's own to deal with again.

Once someone gets their hands onto your stuff, it's quite close to "gone case" scenario. The best defense is to have as little obvious secrets and in as tiny form factor and as small as possible.

rsApril 29, 2015 1:39 AM

@Chelloveck, @Contingency

With a modified version of TrueCrypt 7.1a, you easily can tell if a given password opens an outer (with possibly innoncent stuff) or a hidden container (with the real stuff).
This won't work if one use a combination of passphrase and file.

On the other hand if you manage to dump the TC master key from a memory image for example, it is trivial to open an outer (standard) TC container to which the master key is related to. If the master key is related to the hidden container, I have a script that can search and open it as well.

SchneieronSecurityFanApril 29, 2015 4:17 AM

Back in the 1990s, there was a rumor that rapper Vanilla Ice or a member of his party with Vanilla Ice being present had a similar type balcony encounter with Suge Knight of Death Row Records.

I wonder if anyone in the 2007 story was a fan?

wiredogApril 29, 2015 5:09 AM

@Dr. I. Needtob Athe

In Los Angeles in the 80's it was well known that the police were corrupt and planted evidence. So when Johnny Cochrane claimed that maybe the police planted the bloody glove, it was a reasonable assumption, and his client was found not guilty of murder. Because there was a reasonable doubt. Throwing bad cops in jail and turning loose defendants acts as an incentive for police and prosecutors to to do things properly.

INOC | Network Operations SolutionApril 29, 2015 5:31 AM

This shows that the toughest security measures can be broken easily if the key person behind it sings. Better make sure that your state of the art security protocol is in the hands of someone who cannot be threatened, coerced or bribed.

Andrew WallaceApril 29, 2015 5:44 AM

To not give your password to the Police in the United Kingdom could be classed as

1. Obstructing a Police officer.

2. An attempt to pervert the course of justice.

3. Probably more once I remember.

Andrew

Clive RobinsonApril 29, 2015 6:14 AM

@ INOC,

Better make sure that your state of the art security protocol is in the hands of someone who cannot be threatened, coerced or bribed.

There are ways around "single points of failure" in any jurisdiction, the technology involved has been known for some time.

You will if you look back on this blog find various discussions about the basics of it held between @Nick P, myself and others on various occasions.

If I remember correctly the most recent indepth conversation was when Bruce posted about security measures for crossing the US and other border zones.

Clive RobinsonApril 29, 2015 6:44 AM

@ Andrew Wallace,

Sorry but you are incorrect.

The UK Police whilst "in the UK jurisdiction" can not just ask for your password and demand you hand it over or suffer imprisonment, they have to go through a formal proceadure that can and should be challenged (see RIPA). As for "obstructing a police officer" I realy suggest you go and look that up.

Likewise look up what is required to "attempt to pervert the course of justice", and whilst you are at it also look at what is the reason that the police have to read you your rights and what follows on from that.

What the UK does have is some rather silly legislation about border zones, that they have not tested in court. The reason for the UK not testing it in court is that they are very likely to fail once it gets into either a UK Court, European or other International court. Whilst the likes of UK politicos such as Tony Blair may think they can legislate what they like they can not the judiciary still hold sway.

You are probably not old enough to remember action precipitated by Margret Thatcher much against prosfessional legal advice getting laughed out of court on a number of occasions, but you can be sure that the UK Civil Service does, and don't want to be laughed out of court or dismissed like dogs with their tails between their legs again.

Oh and it was these legal defeats that apparently convinced some of Margret Thatchers ministers and back benchers that "the old bat" had gone from "bad to sad" in the publics eye, which precipitated them stabbing her in the back and deposing her as Conservative leader and thus Prime Minister. Atleast unlike a later PM who had fallen from grace in the public eye she went with some semblance of dignity.

Andrew WallaceApril 29, 2015 6:53 AM

I'm 34 years old and old enough to remember Maggie.

I can tell you I would arrest and charge someone for perverting the course of justice and obstructing a police officer and would leave it up to the CPS to decide.

Andrew

host86April 29, 2015 7:09 AM

"I can tell you I would arrest and charge someone for perverting the course of justice and obstructing a police officer and would leave it up to the CPS to decide."

From the Ministry of Truth comes 'Now that's what I call Democracy 2'!

Andrew WallaceApril 29, 2015 7:16 AM

It is also an offence under the Police and Criminal Evidence Act 1984.

If you were thinking about not giving your password to the authorities. Think Twice.

Andrew

Blue PossumApril 29, 2015 7:17 AM

@Andrew Wallace

In 31C3, Jacob Appelbaum mentioned that the UK is no longer a very nice place to live in if you value your personal liberties. At the time I didn't quite get it, but I'm starting to see what he means.

The scariest part of the "arrest first, ask later" policy, or the "you are NOT entitled to a lawyer" and "you are NOT entitled to maintain silence" rule is that there is no written constitution to protect British citizens (let alone foreigners). The "unwritten constitution" is a poor excuse for the government to wing it in the face of whichever strategic interest takes predominance.

GorkApril 29, 2015 7:26 AM

It begs the question: where have the judges and legal experts been hiding for the last ten years as the western world descends into Brave New World? Separation of power anyone? Checks and balances?

mosseyApril 29, 2015 7:51 AM

@Blue Possum: I live in the UK. I moved to London 8 years ago. If I look out of my window I can see no less than 6 CCTV cameras. In the last half hour or so 3 military helicopters have flown over my roof making my windows rattle (this happens every day, night and day). Every time I connect to the internet, all torrent sharing sites and anything deemed "adult content" is censored by default (courtesy of Cameron's i-Nanny law). Every time I send an e-mail or use my travel card, I know the GCHQ is keeping a record. So yes, I can confirm that the UK has become a no very nice place to live in for anyone who cares about personal liberties. Thankfully, I've never had any encounters with the law, but the mind boggles.

Danger MouseApril 29, 2015 7:58 AM

@mossey: Don't forget the IMSI Catchers. Speaking of which, how's that list of London's Stingray locations coming along, Andrew Wallace?

Clive RobinsonApril 29, 2015 8:00 AM

@ Andrew Wallace,

It is also an offence under the Police and Criminal Evidence Act 1984

I realy think you should substantiate that claim with which section and paragraph you think applies...

Just a hint RIPA and ECA were brought in after PACE for good reason.

Also have a check when Maggie Thatcher got the "Et tu Brute" treatment, it was Nov 1990... how old were you then?

From what you say you would have been around nine years old, yet you claim to have political memories from when you were younger...

Your credibility is not looking to good on this...

Clive RobinsonApril 29, 2015 8:25 AM

@ mossey

In the last half hour or so 3 military helicopters have flown over my roof making my windows rattle (this happens every day, night and day)

That used to happen in Deptford / Greenwhich, I was walking down a road there about 16:00 a few years ago when an Apache Gun Ship flew down the length of the road maybe fifty feet above the rooftops. I and a couple of locals were watching it with some disbelief, to ease the tension I joked it was "Lewisham Council's new parking enforcment contractor" which produced a few wry laughs [1]. What was not funny is that it was carrying on the weapons racks, I don't know if they were live or training and to be honest I would not wish one to "accidently drop off" to find out which... It's just one of the reasons I find other parts of London more conducive to "living" quietly these days.

[1] Sadly two of the people died at Xmas back in december when a fire trapped them in their house.

GreenSquirrelApril 29, 2015 8:27 AM

@Andrew Wallace

"It is also an offence under the Police and Criminal Evidence Act 1984."

Are you sure about this? Which bit of PACE would you use for the offence here?

GreenSquirrelApril 29, 2015 8:31 AM

It seems I got distracted while typing and Clive beat me to the punch with PACE.

The best I can think of is section 20 which states:

"Every power of seizure which is conferred by an enactment to which this section applies on a constable who has entered premises in the exercise of a power conferred by an enactment shall be construed as including a power to require any information stored in any electronic form, contained in a computer and accessible from the premises to be produced in a form in which it can be taken away and in which it is visible and legible, or from which it can readily be produced in a visible and legible form."

However this isnt the same as forcing someone to provide a password to random officers.

mosseyApril 29, 2015 8:51 AM

@Clive Robinson
"That used to happen in Deptford / Greenwhich"

Yup that's my neck of the woods, and it still happens (if anything it's been getting worse). The war helicopters carry just about anything, not just weapons racks. I've seen them with big dodgy spheres (radars / scanners of some sort?) hanging from the bottom of the aircraft (god knows what they're scanning for), I've seen soldiers hanging out of one side of the aircraft, pointing a long metal rod down at the buildings, I've been woken up at 3.00am by a loud roar, just to find a military helicopter hovering a few dozen metres above my neighbour's building. The government probably thinks it's a sign of strength. To us in the area it's the sign of a Banana Republic.

SJApril 29, 2015 9:09 AM

@Clive,

RE: helicopter with potentially live/training rounds visible.

I think the U.S. Military paints "training" rounds white, and "live" rounds green. However, I can't remember where I learned that...

I kind of suspect that whatever pattern the U.S. military uses is shared with NATO forces.

For my own story:

One time, my employer tagged me to take part in an off-site brainstorm session. They were kind enough to rent rooms in the Renaissance Center Hotel overlooking the Detroit River.

Near lunch, while I was standing at the window, I saw an F-16 perform a flight down the river, at an altitude of approximately 1000 ft.

It was traveling along the airspace boundary between the United States and Canada. [1]

I figured that the plane had taken off from Selfridge Air Force Base up the river. However, I couldn't tell whether it had weapons mounted on the wings...


--------------------
[1] Amusing geographical detail: downtown Detroit is on the North side of the Detroit river, and the city of Windsor in Ontario is on the South side of the Detroit river.

Thus, I was in the United States and looking South across the border, towards Canada.

MikeAApril 29, 2015 10:36 AM

@Wiredog There are some folks of my acquaintance who wonder if someone in the L.A. Police assigned a certain detective to the case _specifically_ so that OJ could "buy himself a reasonable doubt". That's the problem with widespread corruption, eventually it becomes "just part of the landscape", another factor in planning.

SchneieronSecurityFanApril 29, 2015 2:15 PM

The source article mentions that the incident occured in 2007 and that the device in question was a Palm Pilot. This dates from the very early iPhone era and before Android OS smartphones.

Was the Palm Pilot becoming uncommon then? Did possesing the older device aggravate the situation?

SchneieronSecurityFanApril 29, 2015 2:21 PM

@ Mossey

I think those are cameras or infrared cameras. The infrared cameras would be used at night or to check for heat coming from a recently run vehicle.

Slime Mold with MustardApril 29, 2015 2:39 PM

@ SJ
Walk three blocks west of the Renaissance Center and there are no "training rounds". It's strictly live fire.

ChelloveckApril 29, 2015 4:53 PM

@Contingency: How did the police know there was anything to find at all? They seemed sure enough that they thought it was worth threatening the man's life to get the password. If they found nothing incriminating but were still "sure" it was there, and they were aware of the possibility of a decoy partition, why wouldn't they try threatening again? Deniability stops being plausible if they're already convinced you're hiding something.

Jonas SilverApril 30, 2015 7:44 AM

Just more evidence the entire system has deep points of corruption all through it. What impact even would this case have made if the cops were not corrupt and the case made it through? The entire "war on drugs" is the same sort of scenario. It has altogether been games for government to get engaged in to increase corruption and destabilize the nation.

These cops know these arrests are bogus, and they know that the US prison systems are chock full of people who should not be there. No wonder there is such rampant corruption. They don't care, corruption takes a long time to really bear fruit, and by the time the whole system is in ruins they expect to have retired. In the meantime, they take what they can, while they can.

Worse, there is no way to fix this sort of problem. You can legalize marijuana recreationally, which can help substantially, but ultimately will just tide the problem over. And even that will take a very long time to take place. That, at least, can help tamp the immense demand.

Attacking anything but the demand is stupid.

@mossey

That is a bleak and depressing portrait. Makes me think the Nazis won, in the end. Just not the same Nazis. Their Nazis. So the devil you know is better then the devil you don't know.

For awhile, anyway.

But they are still devils, and whether you think you know them or not, they are still going to stick their pitchforks in your asses.

Jonas SilverApril 30, 2015 7:58 AM

@'Plausible Deniability' problem


I think each and every one of the points against that or clarifying it are good:

1. they already knew there was more information somehow
2. the plausibly deniable information should not just be blank, but something that has some value or is at least embarrassing and sufficiently enough to argue "what the target would not want to give up"
3. steganography or other means of obscuring the secret *container* should be relied on, eg, if there is a container that visibly is meant to store secrets, "they" will want to get the key for that container


But, problem can be in hiding the secret storage container in the first place. It generally will not be convenient. The method has requirements for being unique. And the more technically inclined the target, the more likely their information is more valuable, and so more likely more sophisticated resources will be put on it and so the method revealed. eg, secret breakin, video wire up the place, watch the target hide the data.

"Convenient" -- easy to utilize meaning more fungible or higher level of utilization for wider scope of user, "unique" -- hiding your stash in the small selection of hideway cans you can find at every smoke shop in town won't do you much good.

"Unique" -- if every spy on the network uses the same method of steganography and just one is caught in action, then every other spy on the network has just lost all their data.

Keiser SoeseApril 30, 2015 9:09 AM

I'm terribly sorry for any inconvenience, but the stress of being dangled from a balcony has caused me to forget all of my passwords.

Graphic IndescretionApril 30, 2015 12:37 PM

@Keyer Soese

I'm terribly sorry for any inconvenience, but the stress of being dangled from a balcony has caused me to forget all of my passwords.

The 'Green Prince' depicts a Hamas leader's son in jail in Israel. He gets in there and is interrogated by the Israelis, as every prisoner is. He comes out and is put in the Hamas wing. The Hamas leadership in prison asks him if they talked to him. He says "Yes", says he pretended to turn to be left alone, and they ask him "what the network is".

He says he was not given a network, and after awhile, they leave him alone and forget about him. Probably because he was a leader's son.

Not long afterward, they stage a prison riot so they can get rid of all suspected informants. They turn up all the devices they have really loud to mask the screams. These "informants" are the ones who they believed were informants but did not give up their networks.

The young man realized they were insane and none of them were informants. This display turned him to be a real informant. He later asked his case officer why he was not given a network, and his case officer explained intelligence does not work that way. That if he gave other people's information to informants then they would be found out.

Torture is one of the most stupid ways possible to get information from people.

But most other methods require careful planning and so thinking.

Sancho_PApril 30, 2015 6:08 PM

@Jonas Silver (plausible deniability)

Your first point is true, thats how the Mafia works. They know who is cheating with their “taxes” by comparing their books.

So your 2 and 3 are obsolete.
The’d know you are cheating, you’d only have a small chance if you obey.

If not protected by “law” (e.g. IRS, police) it’s called organized crime.

Jonas SilverApril 30, 2015 11:36 PM

@Sancho P


1. they already knew there was more information somehow
2. the plausibly deniable information should not just be blank, but something that has some value or is at least embarrassing and sufficiently enough to argue "what the target would not want to give up"
3. steganography or other means of obscuring the secret *container* should be relied on, eg, if there is a container that visibly is meant to store secrets, "they" will want to get the key for that container

Your first point is true, thats how the Mafia works. They know who is cheating with their “taxes” by comparing their books.
So your 2 and 3 are obsolete.The’d know you are cheating, you’d only have a small chance if you obey.
If not protected by “law” (e.g. IRS, police) it’s called organized crime.

It can depend on the "market" you are talking about, of course. I usually will have in mind in these situations a spy vs spy thing, where typically the "spy" is, for instance, a dissident in a totalitarian country.

Secondary condition, which is also often primary in my considerations on such matters, are individuals who may be targeted by, for instance, totalitarian countries, or other manner of invasive and malicious law enforcement or intelligence agencies.

Criminal market is substantially different, though I have studied them considerably. Besides whatever ties they may have into these matters.

Number one, by far, of course, is the best attack scenario. If at all possible, if there is suspicion of someone being extremely tricky with their information and that information is particularly valuable you definitely want to do a slow and safe analysis. If at all possible, you would want to give them true and false information of substantial value, and then see what they will do with that.

Conversely, for defense, that strategy has to be considered as the most likely attack avenue.


2, which actually another poster presented, is very important tactic, however, to be held on hand for a wide variety of matters. It is very much akin to an everyday tactic to be relied on in terms of giving up 'something' when there is suspicion, and when necessary, to give up something that is compellingly not something you would seemingly want to give up.

In general, that kind of attitude is good to have for when there is a real consideration of potential 24/7 surveillance. Do that which no one would ordinarily do under surveillance so as to persuade the surveillors that you are oblivious to the surveillance. This sort of tactic, is more base then even that circumstance, however and is used frequently in cover lies.

'Honey, no, I was not out sleeping with another woman, but I hate to admit it, I did get so drunk I fell asleep in the gutter and woke up with puke all over me.' blah blah blah, etc etc etc.

The general consideration is something sun tzu well said about spies being willing to embrace shame in their cover.


3 also can be used in many different circumstances, even everyday conversation, and, of course, in a wide variety of honeypot scenarios. But even more basic, it can help direct attention. For instance, the "valuable container" may not be even a literal container, but it could be, say, some interesting place you have stated you worked without elaboration... or some matter of particular interest to the subject which you then "accidentally" move the topic away from.


To be blunt. Why not.

Darren MMay 1, 2015 2:53 PM

@Dr. I. Needtob Athe

Our legal system is based on the presumption of innocence; the State needs to provide compelling evidence that proves beyond a reasonable doubt that a person is guilty.

If the evidence the court relied onto convict them turns out to have been planted, then the State has not made its case, and we're back to presuming the accused innocent. Now you could argue that you should be able to re-try that person, but that has its own problems, which is why we have the concept of forbidding "Double Jeopardy".

Jonas SilverMay 1, 2015 10:00 PM

An additional add to the above information:

One concept in terms of passwording individuals in disguise or whom one has never met I have seen in operation is where the information is what can be said to be "non-fungible".

Often this is called "plausibly deniable" disclosures.

It has much in common with coded speech methodologies and steganographical strategies and tactics.

But the key principle maintained is the data is non-fungible. "Fungible" is a bit of an awkward word which is applied often to currency. Information can be put into a currency model. "Fungible" speaks of a currency's capacity to be exchangeable. For instance, a dead cow or a basket full of wheat while exchangeable, has very limited exchangeability possibilities. A dollar bill, on the other hand, or coins, are easily tradeable. They can be easily carried and accepted by many.

For controlling information, there can be many different limits placed on the fungibility of that information. So, for instance, consider there is information which can be used for authentication which only two parties may know. Or there is information which - say - might be stolen and so "credentials" for "authentication" (and, indeed, "authorization") might be effectively forged by the stealing of that information depending on conditions.

Some of the more sophisticated forms of this sort of information exchange is in disclosures where there is a high degree of implausibility about the information if it is attempted to be exchanged with anyone else. So, for instance, it is useless for informants or other forms of spying agents.

Other forms of one on one or very closed circuit - highly non-fungible - information disclosures may include a degree of intimacy so one would not wish to share. Sharing might induce embarrassment or shame, for instance.

One of my favorite examples of elegant methodologies "like this" is in horror movies... where a spirit communicates with a person but they find themselves in a situation - which even the audience agrees - that the information exchange is non-fungible.

Very often this sort of message is actually non-verbal, where it is even far more easy to relay information in a manner which is significantly "non-fungible".

BuckMay 2, 2015 12:40 AM

@Jonas Silver

One of my favorite examples of elegant methodologies "like this" is in horror movies... where a spirit communicates with a person but they find themselves in a situation - which even the audience agrees - that the information exchange is non-fungible.
Very often this sort of message is actually non-verbal, where it is even far more easy to relay information in a manner which is significantly "non-fungible".
Shared dream space is my favorite form of this.
All evidence (to my knowledge) of the phenomenon actually existing is either purely anecdotal or nearly impossible to reliably reproduce, so there's plenty of "plausible deniability" built right in! ;-)

Jonas SilverMay 2, 2015 1:19 AM

@Buck

Shared dream space is my favorite form of this. All evidence (to my knowledge) of the phenomenon actually existing is either purely anecdotal or nearly impossible to reliably reproduce, so there's plenty of "plausible deniability" built right in! ;-)

My HS BF hits me with that. :-/

Probably does not help I early on really dug into Casteneda, and still take merit there, despite later discovering his fraudulent capacities....

My latest vivid dreams have been a smorgasbord of horror. One dream, I had of having a tuxedo given by an ex-supervisor. Too big, did not fit. Mix of marriage and funeral suit. Woot. Last night's super vivid dream was of being - yet again - at an airport. Hotel mixed with air ticket. One party I was forced to share the ticket and hotel room with was wedding/funeral mix.

Pleasantries? I got to share a bed with a beloved in the wait... and in another dream, found super secret rooms to delight in.

But? Enough of such things.

Prolly some evil code hidden in there.


Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.