Bug #16669: Inconsistent "Encrypted" (vs "Encrypted?") for locked VeraCrypt volumes in GNOME Files

Bug #16669

Inconsistent "Encrypted" (vs "Encrypted?") for locked VeraCrypt volumes in GNOME Files

Added by AnonymousUser 2019-04-23 23:48:18 . Updated 2019-09-09 09:13:02 .

Status:

In Progress

Priority:

Normal

Assignee:

Category:

Target version:

Tails_5.0

Start date:

Due date:

% Done:

Feature Branch:

Type of work:

Wait

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

I appreciate that Tails now includes native support for decrypting VeraCrypt volumes for end users.

However, there may be a legal risk in its current design which I would like to bring your attention to.

In Tails’ Nautilus under ‘Other Locations’, it currently automatically labels a drive which may not actually be encrypted (e.g. a DBAN’ed drive with random data written on it) as ‘X GB Encrypted’.

Key disclosure laws are very serious situations, with a lot of case law. Law enforcement in many jurisdictions can compel a citizen to unlock what they assert to be encrypted data based on evidence gathered by examining the user’s computer equipment, and if the user doesn’t give a password or denies the assertion of encryption, they are jailed.

Here are some links:

https://arstechnica.com/tech-policy/2017/03/man-jailed-indefinitely-for-refusing-to-decrypt-hard-drives-loses-appeal/
https://www.msn.com/en-au/news/australia/now-the-police-want-your-passwords-%E2%80%93-and-you-could-be-fined-dollar60000-or-put-in-prison-for-five-years-if-you-refuse/ar-BBNBzP6
https://www.techdirt.com/articles/20140116/09195525902/uk-man-jailed-not-giving-police-thumbstick-password.shtml
https://techcrunch.com/2017/09/25/traveler-who-refused-to-give-device-passwords-to-police-found-guilty-of-obstruction-in-uk-court/
https://nakedsecurity.sophos.com/2018/09/04/how-refusing-to-give-police-your-facebook-password-can-lead-to-prison/

Apart from it being terrible for the user if they are jailed for denying a non-encrypted drive is encrypted, this may be a legal risk for Tails project.

If a user were put in this situation and then it was later shown that police were misled by the Tails user interface in asserting that a random data drive was encrypted, the user could plausibly sue Tails project for millions.

I guess a lawyer could demonstrate in court that another provably DBAN’ed drive (DBAN’ed right there in court) shows in Tails as ‘X GB Encrypted Drive’ as well. But such situations are out of Tails’ control, influence, or even knowledge of such proceedings taking place. There may be liability issues.

I also think it is distressing to Tails users to see this false declaration of their drive being ‘Encrypted’ (before they unlock it), who rely on plausibly deniable encryption to protect their personal information.

There can be a simple fix. It should not say ‘X GB Encrypted’ but something like ‘X GB Possibly Encrypted’.

Thanks
AnonymousUser

GVfs merge request: https://gitlab.gnome.org/GNOME/gvfs/merge_requests/55

Subtasks

Related issues

Related to Tails - Feature #14544: Spend software developer time on smallish UX improvements

In Progress

2018-08-31

History

#1 Updated by AnonymousUser 2019-04-27 03:16:30

I now discovered another place that Tails also has this problem. Insert a USB which is wholly made up of a partitionless hidden VeraCrypt volume (which is indistinguishable from other headerless random data), and Nautilus currently will list the USB stick (before mounting) as ‘X GB Encrypted’. It may not be true at all, it again could be a non-encrypted USB stick but Tails falsely suggests it is.

#2 Updated by sajolida 2019-04-30 17:43:59

Subject changed from Potential issue of legal liability to Tails project with the current design of VeraCrypt support in GNOME (simple fix) to Inconsistent "Encrypted" (vs "Encrypted?") for locked VeraCrypt volumes in GNOME Files
Category deleted (~~Accessibility~~)
Status changed from New to Confirmed
Priority changed from Elevated to Low
Type of work changed from Accounting to Code

Right, we’re marking locked VeraCrypt volumes as “Encrypted?” (and “Possibly Encrypted”) in GNOME Disks but only as “Encrypted” in GNOME Files. See screenshot in attachment. Ideally, locked VeraCrypt volumes (and random data partitions) should be labelled as “Encrypted?” everywhere.

@segfault: Is there any reason for this inconsistency?

#3 Updated by segfault 2019-05-01 18:34:28

Assignee set to sajolida
QA Check set to Info Needed

sajolida wrote:
> Right, we’re marking locked VeraCrypt volumes as “Encrypted?” (and “Possibly Encrypted”) in GNOME Disks but only as “Encrypted” in GNOME Files. See screenshot in attachment. Ideally, locked VeraCrypt volumes (and random data partitions) should be labelled as “Encrypted?” everywhere.
>
> @segfault: Is there any reason for this inconsistency?

The reason is that we kept the default behavior in gvfs, which is

if (udisks_id_usage == "crypto") {
  volume->name = "{SIZE} Encrypted"
}

I could create a patch to do the following instead:

if (udisks_id_usage == "crypto") {
  if (udisks_id_type == "crypto_unknown") {
    volume->name = "{SIZE} Encrypted?"
  } else {
    volume->name = "{SIZE} Encrypted"
  }
}

… if we decide that it’s worth the effort. FWIW, gvfs upstream handled our last merge requests very nicely and in a timely manner, so I’m not expecting this to be a lot of effort.

#4 Updated by sajolida 2019-05-03 11:15:58

Assignee deleted (~~sajolida~~)
Priority changed from Low to Normal
QA Check deleted (~~Info Needed~~)

Wow, you already came up with a patch?!?! :)

It’s very good to know that it seems simple to fix but I don’t think that we should prioritize this outside of the process that we have for Feature #14544.

#5 Updated by sajolida 2019-05-03 11:16:11

related to Feature #14544: Spend software developer time on smallish UX improvements added

#6 Updated by segfault 2019-07-21 12:37:03

Assignee set to segfault

#7 Updated by segfault 2019-07-21 13:07:55

Description updated

#8 Updated by segfault 2019-09-08 19:37:00

Status changed from Confirmed to In Progress
Assignee deleted (~~segfault~~)
Target version set to Tails_5.0
Type of work changed from Code to Wait

The MR was merged into GVfs and released in 1.41.90. So this will be fixed in Tails 5.0. In case that we have to rebuild our custom GVfs package at some point during the 4.x cycle, I might backport the patch and include it, but I don’t think it’s worth the effort to rebuild and release a new package for this change only.

#9 Updated by intrigeri 2019-09-09 09:13:02

> The MR was merged into GVfs and released in 1.41.90. So this will be fixed in Tails 5.0.

Great!

> In case that we have to rebuild our custom GVfs package at some point during the 4.x cycle, I might backport the patch and include it, but I don’t think it’s worth the effort to rebuild and release a new package for this change only.

Agreed.