next up previous
Next: Using tamper-proof hardware Up: The Eternity Service Previous: A simple design

The perjury trap

Significant improvements might be obtained by intelligent optimisation of the legal environment. For example, server should not delete eternity files without manual approval from a security officer, whose logon procedure should require him to declare under oath that he is a free agent, while the logon banner states that access is only authorised under conditions of free will.

Thus, in order to log on under duress, he would have to commit perjury and (in the UK at least) contravene the Computer Misuse Act as well. Courts in most countries will not compel people to commit perjury or other criminal offences.

We refer to this protection measure as a `perjury trap'. It might be useful in other applications as well, ranging from root logon to general systems to the passphrases used to unlock decryption and signature keys in electronic mail encryption software like PGP.

Ross Anderson
Tue Jun 17 15:08:09 BST 1997