> the information that he claims to have extracted from NSA servers cannot be extracted from him against his will, but I don't assume that to be true in the absence of evidence.
It's not difficult - if you haven't seen all the data. You encrypt the data with a large, randomly generated password, and give pieces of the password (without looking at it) to several people in different countries. You also tell them that they need to be 100% certain you're not being tortured to get the passwords from them.
If you're tortured, then you actually cannot reveal the data. You can reveal who has the password pieces, but if they're all in different countries it will be nearly impossible to get them. It would be easier to get the data directly from the U.S. government.
If you're generating some truly-random "password", I'd call it a key instead. Just a minor terminological note.
Anyway, while that split-the-key scheme works, I wouldn't use it over one of the real secret sharing schemes cryptographers have developed, e.g. Shamir's secret sharing scheme [1]. If you just split a key and give pieces to different people, the more pieces of the key an enemy can collect, the easier time they will have when brute-forcing it.
On the other hand, Shamir's secret sharing scheme is an information-theoretically secure threshold scheme. That is, a key is broken up into n pieces and t of those pieces are required to reconstruct the secret. In Shamir's scheme, the enemy can collect t-1 pieces of the secret and still have no chance in reconstructing the password; it simply is impossible.
The scheme works off of the idea that an m-degree polynomial is uniquely defined by m+1 points. For example, here's a point from a 1-degree polynomial (line), which would model a t=2 scheme: (1,4). Can you figure out the y-intercept? (Actually, Shamir's scheme uses finite fields, but I think asking this question drives the point home.)
So, generate a key, split it up into a bunch of pieces, and require a threshold of those pieces to be present. Coercion-free and even if an intelligence agency can compromise many pieces, they still can't do anything until they've hit the threshold. Also, if you want to require all pieces present, just set t=n.
Maybe he did! I have no idea. But just in case he didn't, or someone else had the interpretation I had, I just wanted to clarify that a real secret-sharing scheme has some pretty nifty properties.
I think you'd have to give some of those key pieces to sociopaths for this to be foolproof. Otherwise they could torture you until you reveal contact information for each of the pieces. Then they can contact each of the people, and show a live video stream of you being tortured and play on their sympathy to give up the piece of key.
Though I guess having a live video stream of you being tortured wouldn't be in the best interests of the person doing the deed. Maybe that's the catch that makes it work?
It's not difficult - if you haven't seen all the data. You encrypt the data with a large, randomly generated password, and give pieces of the password (without looking at it) to several people in different countries. You also tell them that they need to be 100% certain you're not being tortured to get the passwords from them.
If you're tortured, then you actually cannot reveal the data. You can reveal who has the password pieces, but if they're all in different countries it will be nearly impossible to get them. It would be easier to get the data directly from the U.S. government.