In my post, Paranoia + Precaution = The Dead Man’s Switch, I vaguely mentioned a method I had for ensuring I wouldn’t reveal information under duress. Someone quite reasonably doubted such a thing could be possible; it does sound rather far fetched, and I think the topic warrants further comment.
I do have vague plans of revealing the method I call the Mutable Thought-Memory Method. I believe it would help a lot of people: from dissidents, to spies, to soldiers taken prisoner, to ordinary people. Anyone who needs to store and remember some small piece of information in their brain that they must not be allowed to recall under emotionally stressful conditions can use this method. But I still have some improvements I wish to make before posting the full information, and I still want to reveal only a variation on the method I actually use so I won’t potentially compromise my own security.
For now, just to satisfy people’s reasonable curiosity, and because I’m rather proud of my scheme, I’ll discuss the approach I came up with in the early 1990s, from which my current approach and the one I’ll reveal later descends.
I was doing some trusted systems work in the early 1990s. Our trusted systems work involved developing the hardware and software necessary to ensure that information can be stored securely and irretrievably in electronic hardware. The data our trusted systems were trying to keep safe were cryptographic keys, with which files or streams of data can be encrypted and decrypted. Protecting the keys is critical because if the keys are compromised and directly readable, then anyone could intercept and falsify any future transmissions anywhere which use those same keys, potentially rendering whole data networks vulnerable. The work I was involved in was intended to secure satellite communications. It’s important that such communication be secured because aside from wanting to protect the data from interception you also want to ensure that the satellite will only accept commands from its owners, not spurious commands sent by hostile nations. And should a satellite fail to achieve orbit and crash halfway around the world, we want to sleep easy knowing no one could recover the cryptographic keys from the wreckage and put other systems at risk.
Commonly with trusted systems the cryptographic keys are stored on the same microchip that holds the code which does the actual data encryption and decryption. The encryption and decryption code is all that can be directly accessed, the keys themselves cannot. To read the key data you would actually need to at least partially physically disassemble the chip itself, and the chip is intentionally designed to be catastrophically damaged if any attempt is made to disassemble it. It’s quite a fascinating and tricky problem, from both the physical construction of the chip to the software and encryption running on it and talking to it.
On the long commutes to and from work I began wondering if I could create a functionally similar scheme that would let me store a memory in my brain in a similarly secure and selectively irretrievable way. On the face of it, it seemed like an unsolvable problem, but those are the kind I like. I explored quite a few unworkable ideas throughout the rest of that summer but made no real breakthrough until just before my mother’s birthday.
My mother’s birthday is on October 10th. No, that is not right, I think my mother’s birthday might be October 12th. No, I’m not entirely sure which one it is in fact, but I know with absolute certainty it is one or the other. I would say I have 70% confidence that her birthday is the 10th, but if you asked me several months from now when the date was closer and the pressure was on to make sure I sent a card, present, and called, then my confidence would fall to 50% and I’d be totally unable to even hazard an informed guess as to which of those two days it was. For some peculiar psychological reason, related either to brain structure or how we humans happen to use it, some memories are peculiarly mutable under stress. In the case of my mother’s birthday, no matter how hard I try to remember absolutely the specific date, I seem unable to with perfect confidence.
My eureka moment came when I realized that this peculiarity of mind was just the building block I needed to develop a method for securely storing other memories such that they could not be retrieved under duress.
Over the months that followed I began to gradually figure out how to take this simple observation and turn it into a more complicated and complete method. Along the way I had to build a few software applications that would help me pick, test, re-enforce, and use these special memories to store and retrieve the information. I discovered that most of the mutable memories were similar in nature to what I experienced with my mother’s birthday; they were cases where I knew an answer was one of only a small handful of possibilities, usually only two, but in some cases three or four. For simplicity’s sake I made the protocol allow only the more common binary mutable memories. Suitable mutable memories I decided would be ones which I could retrieve while under no stress at a success rate no less than 75%, but when under stress at a rate approximating chance (50%). I would record and/or discover new mutable memory elements with the software I wrote, and then it would test my ability over time to remember those things, including under situations with unexpected time constraints and with stressful noises and interruptions (to simulate duress). The software would also intentionally degrade my success rate in testing by sometimes re-enforcing the wrong responses, thereby helping to keep those memory elements mutable. The elements I would choose could not be easily or quickly externally verifiable, my mother’s birth date would be a less than ideal candidate for this reason, whereas my stress-mutable memory of the name of the second girl I ever kissed at summer camp (“Julie” or “Julia”) was a good candidate since no one but myself (and Julie, possibly Julia) knows of her existence. These individual binary mutable memory elements would need to be combined to form an n bit key which would unlock data stored with traditional software based encryption. Because the success rate of retrieving the individual stress-mutable binary memories under no stress is not 100%, I must allow for a m misses in the n field while still declaring the key a match. I developed a formula for working out a suitable n and m which made it extremely probable that under no stress I would be able to produce the key while under stress or with someone randomly guessing the probability of guessing successfully would be very low. I then built the system which interrogates me for the answers in an appropriate way, including a short but not stressful time limitation on providing responses, a randomization of the questions asked, and the allowance of m misses.
In the next major revision of the system I added additional complexity, certainty, and greater stress-sensitivity to the system by requiring the interrogated person to perform geometric spatial rotations of the mutable results mapped onto a variety of regular shapes. Further revisions continued trying to improve the system by striking the best balance between usability and security.
Actually using the current method in practice is pretty intense, each key retrieval I perform represents a mentally miserable 4 minutes that feels like 40 minutes. For that reason I think the current design would not work outside of realms which require very high security and have very intelligent stewards for the data. But perhaps once I release the details of the method I developed others with greater knowledge of psychology and security can improve upon it.
Hopefully this description gives enough detail that those who feel like such a thing is impossible might reconsider that position.
John