Skip to content

Inconsistent "Encrypted" (vs "Encrypted?") for locked VeraCrypt volumes in GNOME Files

I appreciate that Tails now includes native support for decrypting VeraCrypt volumes for end users.

However, there may be a legal risk in its current design which I would like to bring your attention to.

In Tails’ Nautilus under ‘Other Locations’, it currently automatically labels a drive which may not actually be encrypted (e.g. a DBAN’ed drive with random data written on it) as ‘X GB Encrypted’.

Key disclosure laws are very serious situations, with a lot of case law. Law enforcement in many jurisdictions can compel a citizen to unlock what they assert to be encrypted data based on evidence gathered by examining the user’s computer equipment, and if the user doesn’t give a password or denies the assertion of encryption, they are jailed.

Here are some links:

https://arstechnica.com/tech-policy/2017/03/man-jailed-indefinitely-for-refusing-to-decrypt-hard-drives-loses-appeal/
https://www.msn.com/en-au/news/australia/now-the-police-want-your-passwords-%E2%80%93-and-you-could-be-fined-dollar60000-or-put-in-prison-for-five-years-if-you-refuse/ar-BBNBzP6
https://www.techdirt.com/articles/20140116/09195525902/uk-man-jailed-not-giving-police-thumbstick-password.shtml
https://techcrunch.com/2017/09/25/traveler-who-refused-to-give-device-passwords-to-police-found-guilty-of-obstruction-in-uk-court/
https://nakedsecurity.sophos.com/2018/09/04/how-refusing-to-give-police-your-facebook-password-can-lead-to-prison/

Apart from it being terrible for the user if they are jailed for denying a non-encrypted drive is encrypted, this may be a legal risk for Tails project.

If a user were put in this situation and then it was later shown that police were misled by the Tails user interface in asserting that a random data drive was encrypted, the user could plausibly sue Tails project for millions.

I guess a lawyer could demonstrate in court that another provably DBAN’ed drive (DBAN’ed right there in court) shows in Tails as ‘X GB Encrypted Drive’ as well. But such situations are out of Tails’ control, influence, or even knowledge of such proceedings taking place. There may be liability issues.

I also think it is distressing to Tails users to see this false declaration of their drive being ‘Encrypted’ (before they unlock it), who rely on plausibly deniable encryption to protect their personal information.

There can be a simple fix. It should not say ‘X GB Encrypted’ but something like ‘X GB Possibly Encrypted’.

Thanks
AnonymousUser

GVfs merge request: https://gitlab.gnome.org/GNOME/gvfs/merge_requests/55

Related issues

Original created by @AnonymousUser on 16669 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information