<h2><b>What happens when you are forced to give out your password?</b></h2>
<p>Let’s say that Bob is using a popular online forum to leak information about a government agency’s unethical behavior. To stay anonymous, he makes sure to connect to the forum using Tor at the very minimum. He uses a burner email address to sign up to the forum and upload the sensitive files. His Anonymity during this sensitive action remains intact.</p>
<p>However, there are only 10 people who could have originally had access to the leaked information, and Bob is one of those 10 potential suspects. </p>
<p>The adversary makes use of key disclosure legislation to issue search warrants to all 10 people, and to get to know the contents of their personal drives. Essentially, the adversary doesn’t have anything solid against any of them, since the perpetrator’s anonymity is intact, <b>but some guess work is being done to try and find something incriminating anyway.</b></p>
<p>Here’s the problem: the adversary can just bust down Bob’s door and <b>force him to unlock his laptop, including every encrypted volume.</b> What happens then?</p>
<p><imgsrc="../de2.png"><b>Since Bob has no other choice but to comply when the adversary forces him to unlock his hard drives, and since he didn’t implement Deniable Encryption</b>, he has to show all the incriminating evidence, and therefore he can no longer deny implications with the sensitive activity.</p>
<p><imgsrc="../de0.png">For instance, if Bob had implemented <ahref="../veracrypt/index.html">VeraCrypt’s deniable encryption</a> to store the sensitive data, <b>he could’ve given password A to open the decoy volume for the adversary, and could’ve claimed that there was no hidden volume. The adversary would have no way to prove otherwise.</b></p>
Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <ahref="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><imgsrc="\CC0.png">