Extracting encryption keys through coercion or torture rather than mathematical attack
Rubber hose cryptanalysis is a euphemism for extracting cryptographic keys or passwords through coercion, threats, or physical torture rather than through mathematical or computational attacks on the encryption itself. The term acknowledges that the weakest point in any cryptographic system is not the algorithm but the human who holds the key.
The concept is darkly relevant to the intersection of surveillance, encryption, and government power. As consumer encryption has become stronger — with services like Signal offering end-to-end encryption that even the provider cannot break — governments have increasingly turned to compulsion rather than computation. The UK's Regulation of Investigatory Powers Act (RIPA) makes it a criminal offense to refuse to surrender encryption keys when ordered by a court. Australia's Assistance and Access Act of 2018 can compel technology companies to build backdoors into their products.
In the context of intelligence operations, the CIA's enhanced interrogation program and the detention conditions at facilities like Guantanamo Bay represent rubber hose cryptanalysis applied to human intelligence — extracting information through physical and psychological coercion rather than voluntary cooperation. The Senate Intelligence Committee's torture report found that these methods were less effective than conventional interrogation techniques.
