Avoiding a public record

| Comments (1) |
Obviously, having people say that you solicit 16-year-olds isn't exactly good for your reputation, but what's really killing Mark Foley in trouble is that you can see his IMs for yourself. That's not something people are going to forget. Because the interaction style of IM feels more like telephony than e-mail it's easy to forget that most IM programs have a feature that lets you log your entire conversation.

It's worth noting that crypto doesn't really help in situations like this because the person revealing the information isn't an attacker listening on the network but the intended recipient of the messages. Even something like Off-the-Record doesn't solve the problem. It's true that it provides confidentiality without any ability to prove the source of the e-mails, but it's highly unlikely that there was any cryptographic proof that Foley sent these messages in the first place. Rather, the recipient claims that he got them and Foley (probably wisely) hasn't said otherwise. In order to have plausible deniability, you first need to be willing to issue a denial.

I've of course seen products that aim (typically cryptographically) to ensure that the receiver doesn't keep a copy of the communication, at all.1 The problem with this kind of thing is that there are lots of reasons why the recipients want to do so anyway, and as long as they control their own computer they can bypass whatever protection you've put in place. Really doing an adequate job requires trusted hardware and tightly controlled software, which users are (understandably) reluctant to deploy.

1. I've skimmed the OTR source code and don't see any evidence that it attempts to suppress logging, but even if it did, since it's distributed in source code it would be easy to disable.


OTR doesn't disable logging. We've been asked to do that as a feature, but a lot of people want to be able to have private but logged conversations (so not off-the-record per se), and most of the proponents of turning off logging, when pressed, really want logging turned off for the other side, since they are obviously able to turn them off on their end.

Leave a comment