[Enigmail] Enigmail beginner

[Robert J. Hansen]

Phil Stracchino wrote:
> There are various software solutions for encrypted filesystems or
> disks on Windows.  Beware; not all are created equal.  Some have been
> recently shown to be disturbingly easy to break into.

And some are just bad ideas.  E.g., I'm no fan of TrueCrypt due to its
hidden volume feature.

Imagine that you're on a crypto-heavy mailing list.  Unbeknownst to you,
someone else on the list is involved with kiddie porn and gets arrested.
Desperate to get a good plea bargain, he starts rolling on all of the
people in his ring, and he even makes up a few just to make things look
good.  Including you.

The district attorney has you arrested.  Your machine is seized.  You
and your lawyer have a sit-down with the DA.  The DA says "look, you say
you're innocent, fine.  But you've got twenty gigs of encrypted data
here.  Now, you can either decrypt it and show me that there's nothing
illegal on there, or I can go down to the grand jury and get subpoenas
on your hard drive, your property, your financial records, your
/everything/, and we'll go all the way with anything we find."

You've got some legal skeletons in your closet.  In our increasingly
litigious culture, it's very easy for a DA to bring felony charges
against essentially _anyone_.  Remember, it's now a violation of the
Computer Fraud and Abuse Act just to violate a website's term of
service.  You very, very, very much want the DA to start looking at
other people and leave you alone.  So you open up your TrueCrypt volumes
and let the DA look through your business records, your personal
correspondence, etc., all to prove that you're not involved with kiddie
porn.

The DA isn't satisfied.  "Okay.  Show us the hidden container, please."

You explain there isn't a hidden container.

"Prove it."

You explain you can't.  That's what it means for the container to be
hidden.  You can't prove it exists.  You can't prove it doesn't.

The DA shrugs.  "Well, the other guys in this kiddie porn ring stored
their data in hidden volumes.  You're on several of the same mailing
lists as the kiddie porn crew.  You use the same crypto software.  And
you say there's no hidden volume?  Fine.  I think you're part of the
ring.  Let's see what the jury says."





... Anyone who says "but the jury would find you not guilty" will be
mocked.  Heavily.  By me and by a lot of other people.  Remember, a jury
found Lori Drew guilty of violating federal law _just for violating a
website's terms of service_.  When it comes to crimes that harm
children, juries are often unpredictable.  You don't want to go in front
of that jury.  You also don't want the DA to go on a fishing expedition
in the rivers of your life.

Sometimes, being able to prove you're not hiding something is critically
important.  TrueCrypt doesn't provide this.  This is why I do not use
TrueCrypt, and only hesitantly recommend it to others.