Plausible Deniability

[metatron]

Me and some friend where talking about plausible deniability and we where talking about setting up a wireless access point and leaving it open so if the police track you down and kick your door in, as long as you keep your computers clean you can deny you had anything to do with it and blame it on some one using your access point.

What is everyone’s view on this idea?

[melodic]

lol i say thats a GOOD idea :D

my ap is open, but i live all around old people so i dont really worry

[stingwray]

Well unless they can prove that it was you beyond reasonable doubt then it would be fine. Its a good initial excuse but as you said, you've got to keep your computers clean otherwise it won't be much good.

All you need is a big read button that you can slam down that wipes the hard drives in your house and your fine.

I've always liked using TrueCrypt to encrypt most things, with hidden encyption paritions so that when they come wanting the key I can give it to them and all they will get is all my personal details, some work etc. They will never be able to prove that there is a second encypted parition so everythings save.

[Sparda]

It depends... if the police do a bit of background reasearch into what you do they will probably find you are part of the infromared minority... and as such suspect that you did make your wireless access point open so that they would think that it wasn't you.

[Shaun]

Me and some friend where talking about plausible deniability and we where talking about setting up a wireless access point and leaving it open so if the police track you down and kick your door in, as long as you keep your computers clean you can deny you had anything to do with it and blame it on some one using you access point.

What is everyone’s view on this idea?

I think maybe if you want plausible deniability through this method it's best not to post on a public forum about it...

[cooper]

You're a security professional. For you to unintentionally have an open access point is by itself not very plausible.

For us mere mortals though, there might be some sense in doing this to cover our asses.

[metatron]

I personally don’t like the idea of having an unsecured AP on my network but the idea came up in a conversation.

[VaKo]

I like it, seen the idea kicked about a few times. Open AP... "it was them dang kids who done downloaded those etunemajigs". But a better tactic would just be to use somone elses open AP, theres enough of them, and that way the cops will be kicking in other doors.

[armadaender]

I can't see how claiming stupidity to information being sent across your open ap could stand up in court. But, then again most judicial governments are far behind the 'information age' and therefore such a defense might just work.

I don't exactly recall but I believe I've read somewhere about families (In the US) whom were accused of torrenting illegal data and claimed such a defense. They ended up having the charges dropped because no 'illegal data' was found in their possession. Therefore, a defense might work if you can hide the data well enough to not be found by the fuzz (police).

But, why create so much work for yourself if you were using this defense as a way to cover your ass and not just torrent through a onion router or some other means of hiding your tracks?

[metatron]

Onion router's are slow and if you are torrenting files that are over 1GB you don’t really want to take a hit in the speed department, plus (I’m not sure if this happens much) I have heard that people have been setting up fake Onion router's and analysing the traffic.

[armadaender]

plus (I’m not sure if this happens much) I have heard that people have been setting up fake Onion router's and analysing the traffic.

Hm, havn't heard about any of those but I wouldn't be suprised if people did.

[Snowy©]

Time to build that CD/DVD case with the Acid vial in it then or maybe I should just use an old microwave LMAO

What if you had an open AP with a very simple password on it?

Or just open for one IP? - claim you were out/sleeping then lol set your PC up to turn off by itself while your out too lol

[cooper]

The problem with this topic is that we're geeks and not lawyers (um... right?) so it's really hard to say anything sensible.

I still say that if Metatron has an open AP on his network and a hack originated from that same network, even if his logs (yes, you're keeping them) show (yes, you can also edit them) that the activity came from the 'outside' using your unsecured access point, you'd have a very hard time convincing a judge that this was just plain oversight. Someone in your line of work should know better. And given your in-depth knowledge of security and its potential weaknesses the chances of you being the one that actually did the hack and set up the open AP as a denyability clause, which I'm sure the prosecutor will argue to be the case here, are pretty good. In other words, either you did it, or you were in on it. Either way, you're in for some 'quality time' with Bubba.

But for those who are allowed to be stupid enough to run one and be, both physically and legally, blissfully unaware of the consequences of it this will probably work like a charm. Hell, some guy got out of a kiddie porn charge on the basis that some piece of spyware or virus or whatever *planted* that stuff on his machine, and that it wasn't actually his. Anybody who can program his damned VCR knows that line was bullshit. But given the fact that the guy didn't know shit about computers, and his machine had more virusses in it than a calcutta whore, it was plausible. And he got off.

If THAT works, surely this will work wonders.

[stingwray]

If you keep your computers clean then your not going to be convicted of doing anything. The law has to prove beyond reasonable doubt that you committed the crime. Its like if you owned a shotgun, that you mislayed and then was used to kill someone, they are not going to convict you of the murder. In this case you might get a punishment for not looking after the weapon, but as far as I know your not going to be punished for having an Internet Connection and a Wireless Network.

The most they will be able to say is that the said crime originated from this Internet connection and that you were in the house at the same time. That wouldn't be enough to convict you in a fair trial.

Plus with wireless encyption be almost trival to break these days any person comitting the crime on the internet would most likely to be able to break the encyption on the wireless network in the first place.

[cooper]

The assumption here is that a hack has been traced back to your house already. Given that, would you have an 'out' for your courtcase by blaming an unknown person performed the hack from your network by accessing your insecure access point?