Judge Says Americans Can Be Forced To Decrypt Laptops

from the 5th-amendment-begone dept

A few years ago, we wrote about a case, in which a court found that a defendant could not be forced to give up his encryption key for encrypted files on his computer, because that would be a violation of the 5th Amendment. The argument was that the key was a form of speech, and that speech would self-incriminate the person. However, in a new case, a judge has said that it is not a 5th Amendment violation if a defendant is required to decrypt their laptop, even if that laptop contains incriminating information. The difference here? The key. In the first case, the question was over whether or not the defendant had to hand over the key. In this case, there was no request for the key -- just to decrypt the hard drive. As the court saw it, this was no different than demanding a defendant hand over documents related to a case, something that obviously happens all the time. It does seem like a fine line (and perhaps a meaningless distinction if law enforcement now knows to do the latter, rather than the former). Either way, the defendant in this case, Ramona Fricosu, accused of being part of a mortgage scam, is intending to appeal. It would be interesting to see the Supreme Court eventually weigh in, but I would guess that they'll side with this particular ruling.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: decryption, encryption, fifth amendment


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Simon, 25 Jan 2012 @ 4:18am

    Sounds like it's time for TrueCrypt's Plausible deniability mode....

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Jan 2012 @ 5:16am

      Re:

      I sense a need for encryption systems which include an option to store part of their password in a file uploaded to the net. Many file locker services allow setting the uploaded file's expiration date (e.g., yousendit.com, magicvortex.com).

      If law enforcement is already monitoring your net connection, this may not work, but if they have seized the computer and afterwards get the urge to make you decrypt it then you can merely claim that there is no possibility because part of the key has been deleted from the cloud (you can even go through the motions of putting in your key).

      link to this | view in chronology ]

      • icon
        Beta (profile), 25 Jan 2012 @ 6:07am

        Re: Re:

        Better still: when you put in your (incorrect) key, the software tries to retrieve a non-existent file from the locker, and complains about the failure.

        link to this | view in chronology ]

        • icon
          Machin Shin (profile), 25 Jan 2012 @ 6:42am

          Re: Re: Re:

          Or the really good one is have one password to unlock it and one to destroy the file. They ask you for your password and so you give them one. They enter it and destroy any hope of ever getting it. This also eliminates any chance whatsoever of them getting the real password out of you later. The file is destroyed and no amount of threatening you will get them in.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 25 Jan 2012 @ 6:57am

            Re: Re: Re: Re:

            No, forensic analysts copy the original hard drive/disc using a write blocker (no way for write commands to get to the drive. All operations are done on a copy.

            link to this | view in chronology ]

          • icon
            pixelpusher220 (profile), 25 Jan 2012 @ 9:21am

            Re: Re: Re: Re:

            And then they put you away for destruction of evidence...perhaps it's a lesser charge but they have concrete evidence that you entered a password and the data then changed.

            Tampering with evidence is not taken lightly...

            link to this | view in chronology ]

            • identicon
              btr1701, 25 Jan 2012 @ 10:25am

              Re: Re: Re: Re: Re:

              > And then they put you away for destruction of evidence...
              > perhaps it's a lesser charge

              Yes, this isn't about beating the charge completely, but if you know that the drive contains evidence of child porn or murder or worst of all, copyright violation, and you know it will put you away for 30 years to life, then taking a 5-year hit for evidence tampering is a helluva good deal.

              link to this | view in chronology ]

              • icon
                Ian (profile), 25 Jan 2012 @ 1:03pm

                Re: Re: Re: Re: Re: Re:

                Oh, but here's the best part:

                A forensic specialist, on seizing the drive, will have loaded it in a write-blocker, and made a bit-for-bit copy. The only thing they'll give you to let you enter your nuke password on is one of those copies.

                You enter your nuke password, and send back the disk. Now they can compare the two disks, and find that you've changed them.

                Now they're charging you with destruction of evidence, and they /still demand the unencrypted contents/. What does that mean? Well, it means they can hold you in contempt, and detain you indefinitely until you comply. IE, instead of that 30 years to life, you're there for "until you comply". After you comply, you still have the 30 years to life to face.

                link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 25 Jan 2012 @ 9:57pm

                  Re: Re: Re: Re: Re: Re: Re:

                  I don't really think they can charge you for solely that if your decryption method requires writeback to the original file. (For example, Windows' built-in "compress folder" will replace the file with "uncompress copy" if it has been "touched".)

                  Regarding bit-for-bit copy, anyone with experience working on firmware know there's a "write-only" one that you can only program on, but not read back (I don't know whether there're ways read back those chips by other means, though). Working on a bit-to-bit copy won't work if the encryption/decryption program is written on chips.

                  link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 26 Jan 2012 @ 2:22am

                  Re: Re: Re: Re: Re: Re: Re:

                  Since every American is a criminal and a huge part of the population is actually below the poverty line maybe it is a good thing that laws are getting so hard, you get minimum security facilities, with entertainment, 3 meals and healthcare for free, that must sound good to a lot of people.

                  link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 Jan 2012 @ 9:16pm

          Re: Re: Re:

          I'm sorry Judge, I saved my decryption key on a service called "MegaUpload" and it seems to be gone!

          Badum, tish!

          link to this | view in chronology ]

      • identicon
        PRMan, 25 Jan 2012 @ 7:49am

        Re: Re:

        That's exactly what I did! I put my key on megaupload and oh, crap!

        link to this | view in chronology ]

      • identicon
        PRMan, 25 Jan 2012 @ 8:00am

        Re: Re:

        That's exactly what I did! I put my key on megaupload and oh, crap!

        link to this | view in chronology ]

      • icon
        toyotabedzrock (profile), 25 Jan 2012 @ 6:05pm

        Re: Re:

        If this person was conducting business then she has to give the key the same as BP or JPMorgan has to.

        link to this | view in chronology ]

  • icon
    Jeremy Lyman (profile), 25 Jan 2012 @ 4:22am

    Make me.

    Forced to divulge information? I sure hope enhanced interrogation isn't going to fly in the American legal system.

    This seems like a detective asking a robber where he hid the diamonds to me, you'd have to weigh the consequences of not cooperating. Sounds like a reinforcement of the advice that people not know their encryption keys, but know how to get them instead.

    link to this | view in chronology ]

    • icon
      nasch (profile), 25 Jan 2012 @ 6:17am

      Re: Make me.

      Sounds like a reinforcement of the advice that people not know their encryption keys, but know how to get them instead.

      As the story indicated, the police can compel you to decrypt the information. They wouldn't care if you have the key memorized or just know where to get it, as long as you do it. As far as I can tell the only options would be 1) cooperate 2) go to jail 3) convince the judge you're unable to comply or 4) convince the judge/investigators that you have complied even though you haven't.

      Number 3 could perhaps be accomplished by demonstrating a secure delete facility on your computer. You can claim that the encrypted block of data is just garbage created by the secure deleter. I don't know enough about the technology to know if that would fly or not.

      link to this | view in chronology ]

      • icon
        PrometheeFeu (profile), 25 Jan 2012 @ 8:12am

        Re: Re: Make me.

        This is not the police. This is a court. There are appeals and all the usual judicial safeguards. If a cop just walks up to you and asks you to decrypt your hard-drive, you can still tell them to go get a warrant.

        link to this | view in chronology ]

  • icon
    Austin (profile), 25 Jan 2012 @ 4:22am

    Wrong Analogy

    The correct analogy here is a locked safe.

    Courts have held that a suspect is NOT required to hand over the keys to a safe. They have ALSO held that the same suspect is also NOT required to unlock the safe for the police. The distinction between giving the authorities your password or simply decrypting the files for them is the same - if one is considered unlawful, so too should the other be.

    And beyond that, this should be protected under the 4th amendment, regardless of whether or not it violates the 5th. This is about as damn well "unreasonable" as a search can possibly be.

    Anyhow...if the defendant was asked to have over a disk - still encrypted - with the files on it, that is legal. After that, the police are free to take as much time as they like (should be around 2,000 years with a strong password and good algorithm) and try to crack it themselves. This is like saying they can seize the safe and have a locksmith try to open it for them. Legally, they can do this. But compelling the suspect and/or defendant to make their case for them? Pretty damn unreasonable.

    link to this | view in chronology ]

    • icon
      Jeremy Lyman (profile), 25 Jan 2012 @ 4:30am

      Re: Wrong Analogy

      Yeah, it sounds like the government is upset that something exists which they can't overpower with brute force.

      link to this | view in chronology ]

    • icon
      Machin Shin (profile), 25 Jan 2012 @ 7:00am

      Re: Wrong Analogy

      Suddenly there is a solution. If you encrypt your files and instead of using a password you use a key file on a thumb drive. You can now lock that in a safe that you are not required to open. Of course that would only slow them down while they break into the safe but it is something.

      I also wonder though how far you could get by hiding the data they wanted in masses of useless data. Like the key file for your encryption could be a small text file on a thumb drive with millions of text files. Once they have the thumb drive you can honestly tell them they have the key.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Jan 2012 @ 12:59pm

        Re: Re: Wrong Analogy

        Properly you just claim the 5th to any question they ask you about files on your computer or any encryption questions.

        This guy's mistake was the equivalent of saying "I have them and you'll never find read them since they are encrypted!"

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Jan 2012 @ 8:06am

      Re: Wrong Analogy

      The Supreme Court has stated that a defendant may be compelled to turn over the key to a locked safe. (http://supreme.justia.com/cases/federal/us/487/201/case.html#F9). True, a state court may decide not to go that far, but requiring production of the key is certainly constitutional. So the locked-safe analogy is a loser.

      And the 4th Amendment argument will never carry the day (the EFF didn't even attempt to make the 4th Amendment argument in their amicus brief). The police had a perfectly valid warrant to search the computer. The issue is not whether searching the computer was reasonable. Rather it is whether the defendant can be compelled to grant access to the encrypted files.

      I don't mean to imply that I think the court got it right here. Just trying to clear some things up.

      link to this | view in chronology ]

      • identicon
        btr1701, 25 Jan 2012 @ 10:35am

        Re: Re: Wrong Analogy

        > The issue is not whether searching the computer was
        > reasonable. Rather it is whether the defendant can be
        > compelled to grant access to the encrypted files.

        This issue makes for some great law school exam questions and philosophical legal discussions, but the practical reality is that judges, prosecutors, and law enforcement can never actually win this one.

        There are too many ways for defendants to defeat them. Some have been mentioned here-- multiple passwords that unlock some data but not other, cloud keys that expire, etc.-- but even a defendant who just claims not to remember the password will eventually win. Sure, they might get some time in a county jail for contempt, but a judge can't keep someone there for life. Most states top it out at a year. So if the suspect knows that the stuff on his computer will get him 10-20 in a state penitentiary, spending a year in the county lockup for contempt is hardly the worst option on the table.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 Jan 2012 @ 11:40am

          Re: Re: Re: Wrong Analogy

          H. Beatty Chadwick might disagree with you regarding the scope of punishment for contempt. (http://en.wikipedia.org/wiki/H._Beatty_Chadwick). He spent 14 years in prison for failing to comply with an order from a Delaware County court during a divorce proceeding. And his detention was approved by the 3rd Circuit Court of Appeals.

          Sure, a defendant can try and play the "I don't remember" card. But if a court has good reason to believe otherwise, he may find himself held in contempt for a very long time.

          I've never heard the "most states top it out at a year" claim before but I would guess it is a popular misconception, not actual law.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 25 Jan 2012 @ 11:48am

            Re: Re: Re: Re: Wrong Analogy

            ...play the "I don't remember" card. But if a court has good reason to believe otherwise...

            Explain what this “good reason” looks like. Can you touch it? Taste it? Smell it? Explain it?

            No. “Good reason” just means what the court had for lunch today.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 25 Jan 2012 @ 12:12pm

              Re: Re: Re: Re: Re: Wrong Analogy

              Cases may exist where the court doesn't have a good reason. I never excluded that possibility. But if evidence is offered that the defendant regularly, repeatedly and/or recently accessed the encrypted data (either through surveillance, undercover work, eye-witness accounts, etc.), a court could very easily find good reason to believe that a defendant is lying.

              I know you tried to help me out by answering the question you (quite colorfully) posed to me, but I wanted to get my two cents in anyway.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 25 Jan 2012 @ 12:23pm

                Re: Re: Re: Re: Re: Re: Wrong Analogy

                ...a court could very easily find good reason to believe that a defendant is lying.

                The court has no warrant to search the contents of the human mind.

                Everyone has had the experience of forgetting items that they should be able to remember. For some people, it happens when the take tests. For others, it happens when they get out of bed in the morning and can't find their eyeglasses.

                A court that would jail someone because the judge knows that the defendant must have power to recall, is a court defying human experience—a court worth nothing but contempt.

                link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 25 Jan 2012 @ 11:50pm

                  Re: Re: Re: Re: Re: Re: Re: Wrong Analogy

                  You seem to be operating under the misapprehension that the courts are reasonable.

                  link to this | view in chronology ]

          • identicon
            btr1701, 26 Jan 2012 @ 12:23pm

            Re: Re: Re: Re: Wrong Analogy

            > H. Beatty Chadwick might disagree with you regarding the
            > scope of punishment for contempt.

            You can always find a statistical outlier which results from a case with unique circumstances or which occurred before legislative preemption. It's hardly the norm, however.

            Many states have set statutory limits on the length of time a judge can hold someone in contempt. Others have required contempt orders to meet certain criteria for them to be upheld, the most common and important of which is that the contempt cannot be punitive rather than coercive. Once it becomes punitive, the contempt order instantly violates about 50% of the Bill of Rights.

            Judges simply don't have unfettered power to lock people up indefinitely at what essentially amounts to their whim.

            > I've never heard the "most states top it out at a year" claim
            > before but I would guess it is a popular misconception,
            > not actual law.

            As an attorney myself, I tend not to deal in popular misconception.

            link to this | view in chronology ]

          • icon
            btr1701 (profile), 27 Jan 2012 @ 3:39pm

            Re: Re: Re: Re: Wrong Analogy

            > Sure, a defendant can try and play the
            > "I don't remember" card. But if a court
            > has good reason to believe otherwise, he
            > may find himself held in contempt for a
            > very long time.

            In cases where a court has ordered someone to produce an encryption key, which is likely to be a long string of numbers and letters, the longer the contempt order goes on, the more likely it is that the defendant really will forget it, and be truly unable to come up with the key even if he wanted to.

            Such a defendant will cease to 'have the keys to his own jail cell' which will automatically trigger constitutional due process requirements and void the contempt order.

            link to this | view in chronology ]

  • icon
    Swedish Turnip (profile), 25 Jan 2012 @ 4:28am

    Sorry officer, I seem to have forgotten how to decrypt this information. I'm lying? I'm sure I don't know what you mean.

    link to this | view in chronology ]

    • icon
      Michael (profile), 25 Jan 2012 @ 9:22am

      Re:

      No, sir. This is just my encrypted files collection. I never intended to decrypt ANY of them before.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Jan 2012 @ 9:47am

      Re:

      Seriously, what would they do? My passwords are 16-25 random characters usually. In the stress of a court case I could easily forget one of them. I forgot. Oh well.

      link to this | view in chronology ]

    • icon
      Pitabred (profile), 25 Jan 2012 @ 9:47am

      Re:

      Then you'll sit in jail under contempt of court until you remember

      link to this | view in chronology ]

      • icon
        Rikuo (profile), 25 Jan 2012 @ 10:32am

        Re: Re:

        For how long? Surely, there must be a limit. If you genuinely forgot, you forgot.
        What you said up there is having to choose between decrypting the files and, through them as evidence, get sentenced to jail...or not open them, and go to jail anyway.

        link to this | view in chronology ]

        • icon
          Pitabred (profile), 25 Jan 2012 @ 1:20pm

          Re: Re: Re:

          Not really, no. You've gotta prove that to a judge.

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 Jan 2012 @ 9:35pm

          Re: Re: Re:

          Unfortunately, as screwed up as it is, looking at the wikipedia entry for 'contempt of court', it looks like in America at least there is no upper limit for how long a person can be imprisoned, so if someone genuinely forgot something(in this case a password), and the judge didn't believe them... they could potentially spend the rest of their life in jail for it.

          link to this | view in chronology ]

          • icon
            nasch (profile), 25 Jan 2012 @ 11:44pm

            Re: Re: Re: Re:

            if someone genuinely forgot something(in this case a password), and the judge didn't believe them... they could potentially spend the rest of their life in jail for it.

            If I understand correctly, that is true, but as a practical matter I just don't see that happening. At some point the judge would decide there's nothing to be gained by keeping someone locked up. Not to mention it's likely word would get out, and the pressure to drop the charge would probably mount quickly.

            So far no one's been jailed more than 14 years. And that guy was definitely and clearly not following a court order. Since it was to pay a bunch of money I hope it's not just that he didn't have the money to pay. According to another poster he was released because it was determined the incarceration had become punitive, which is not allowed.

            link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Jan 2012 @ 10:39am

        Re: Re:

        Which could be classified as cruel and unusual punishment. They could claim I'm lying and put me in jail, but if I actually do not remember then that involves indefinite imprisonment with no proof of wrongdoing (forgetting something is not wrongdoing, though lying can be).

        link to this | view in chronology ]

  • identicon
    abc gum, 25 Jan 2012 @ 4:33am

    Was there a search warrant?
    The "authorities" these days do not feel they need no stinkin warrants.

    link to this | view in chronology ]

    • icon
      pixelpusher220 (profile), 25 Jan 2012 @ 9:25am

      Re:

      Yes there was a perfectly valid warrant. This is about how far that warrant should be taken.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jan 2012 @ 4:36am

    I forgot the password.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jan 2012 @ 4:39am

    Seems reasonable if you ask me. If it's legal for the government to demand you hand over documents, I fail to see why the government should not also be able demand that an encryption key be handed over to make the documents legible.

    The only difference is semantic bullshit.

    link to this | view in chronology ]

    • icon
      The eejit (profile), 25 Jan 2012 @ 4:43am

      Re:

      Howso? Just handing over the documents, regardless of legibility, should be sufficient.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Jan 2012 @ 10:12pm

        Re: Re:

        Yes. It should be okay in encrypted form.

        See... For documents handing to court, the documents are not always in English. And the defendents are neither required to hire translators to translate the documents, nor required to pay the fees for court to hire the translators.

        Can't see how they can force you to tranlate the documents if you always write them in some rare or obscure language. :P

        link to this | view in chronology ]

    • identicon
      Simon, 25 Jan 2012 @ 4:47am

      Re:

      Sure, because the idea of democracy and the government serving the electorate is just semantic bullshit.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Jan 2012 @ 5:35am

        Re: Re:

        "because the idea of democracy and the government serving the electorate is just semantic bullshit"

        What does this have to do with 'democracy and the government serving the electorate'? If you don't agree with this decision, fine, but don't get holier than thou.

        link to this | view in chronology ]

        • icon
          The eejit (profile), 25 Jan 2012 @ 5:45am

          Re: Re: Re:

          Why the fuck not? The police can and MUST be held to a higher standard than the rest of the populace, on account of, y'know, being LAW ENFORCEMENT.

          link to this | view in chronology ]

        • identicon
          Simon, 25 Jan 2012 @ 6:13am

          Re: Re: Re:

          It's not a "holier than thou" argument, it's simply that Government is supposed to be elected by, work for, and paid for, by 'the people'. Thus Government documents belong to 'the people'.

          That's very, very different to a citizens personal property.

          link to this | view in chronology ]

          • identicon
            Simon, 25 Jan 2012 @ 6:26am

            Re: Re: Re: Re:

            Plus, having re-read your comment, it turns out I'm an idiot and didn't actually read what you wrote... oops.

            link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Jan 2012 @ 4:59am

      Re:

      There is no lawful warrant to enter the human mind.

      link to this | view in chronology ]

      • icon
        Jeremy Lyman (profile), 25 Jan 2012 @ 6:30am

        Re: Re:

        Yeah, IANAL, but a warrant means police have the authority to go look for something in a specific location, not the authority to command a suspect divulge information. You have to trick them into revealing the secret by leveraging their own ego:

        Col. Jessep: You want answers?
        Kaffee: I think I'm entitled.
        Col. Jessep: You want answers?
        Kaffee: I want the truth!
        Col. Jessep: You can't handle the truth!
        [pause]
        Col. Jessep: Son, we live in a world that has tubes, and those tubes have to be guarded by encryption algorithms. Who's gonna do it? You? You, Lt. Weinburg? I have more numerous salt bits than you could possibly fathom. You weep for digital forensics, and you curse the cipher. You have that luxury. You have the luxury of not knowing what I know. That cryptography's invention, while inconvenient, probably keeps secrets. And my use of it, while absurd and incomprehensible to you, keeps secrets. You don't want the truth because deep down in places you don't talk about at parties, you want secrets to be kept, you need secrets to be kept. We use words like key, code, hash. We use these words as the backbone of a science dedicated to securing communication. You use them as a specter. I have neither the time nor the inclination to explain cryptography to a man who rises and sleeps under the blanket of the very security that it provides, and then questions the security it provides for others. I would rather you just said thank you, and went on your way, Otherwise, I suggest you pick up a decrypter, and start brute forcing. Either way, I don't give a damn what you think you are entitled to.
        Kaffee: Do you know the private key?
        Col. Jessep: I know the premise of encry...
        Kaffee: Do you know the private key?
        Col. Jessep: 4b752O7o3dgJ#?;6q7IxLBr7:#gUL^!

        Boom! Techno-lawyered.

        link to this | view in chronology ]

    • icon
      Richard (profile), 25 Jan 2012 @ 5:14am

      Re:

      Seems reasonable if you ask me. If it's legal for the government to demand you hand over documents, I fail to see why the government should not also be able demand that an encryption key be handed over to make the documents legible.

      The difference is simple. It is comapratively easy to establish whether the documents exist. It is impossible to establish whether a person knows or can remember the encryption key.

      You cannot tell the difference between an innocent person who never knew or has forgotten the keys and someone who is withholding them.

      Basic principles of law require that innocence be given the benefit of the doubt.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Jan 2012 @ 5:24am

        Re: Re:

        You cannot tell the difference between an innocent person who never knew or has forgotten the keys and someone who is withholding them.

        Factual innocence is utterly immaterial: This is Star Chamber.

        Camera Stellata

        link to this | view in chronology ]

    • icon
      ComputerAddict (profile), 25 Jan 2012 @ 5:44am

      Re:

      Wouldn't decrypting the file alter it's state? would you not then be tampering with the 'evidence'?

      link to this | view in chronology ]

      • icon
        Beta (profile), 25 Jan 2012 @ 6:09am

        Re: Re:

        You're the one who's been teaching Congress about Information Technology, aren't you?

        link to this | view in chronology ]

        • icon
          ComputerAddict (profile), 25 Jan 2012 @ 7:01am

          Re: Re: Re:

          No, any forensic scientist (disclaimer: may not apply to DOJ) knows that you'd do a dd copy to another drive before trying anything to the data. It was more a poke a humor...

          link to this | view in chronology ]

      • icon
        nasch (profile), 25 Jan 2012 @ 6:20am

        Re: Re:

        Wouldn't decrypting the file alter it's state? would you not then be tampering with the 'evidence'?

        No, the encrypted file would still be there unchanged. You would have made a new file that's clear text.

        link to this | view in chronology ]

        • icon
          Richard (profile), 25 Jan 2012 @ 7:04am

          Re: Re: Re:

          No, the encrypted file would still be there unchanged.

          Not if you used quantum encryption.

          link to this | view in chronology ]

      • icon
        blaktron (profile), 25 Jan 2012 @ 6:59am

        Re: Re:

        If you could successfully argue this in court, lawyers everywhere would get together and erect a statue of you, and begin praying at your concrete feet.

        link to this | view in chronology ]

    • icon
      Idobek (profile), 25 Jan 2012 @ 6:00am

      Re:

      The government is not asking you to hand over some specific documents with respect to a specific case, it is asking you to handover every document you have with respect to your entire life.

      See the difference now?

      link to this | view in chronology ]

    • icon
      Franklin G Ryzzo (profile), 25 Jan 2012 @ 9:39am

      Re:

      The government can compel you to hand over documents, but if those physical documents are written in a language that no one can read, can they compel you to translate the documents as well? This is how I see the situation and I'm not convinced they should be allowed to compel decryption. How would it be any different if I created my own code language and used that to write all my documents in, whether they be physical pieces of paper or files on a hard drive?

      link to this | view in chronology ]

    • icon
      pixelpusher220 (profile), 25 Jan 2012 @ 9:43am

      Re:

      If it was simply written in a language that they don't understand, I am supposed to translate it for them?

      Not hardly. They have it, they can do what they want with it, but *I* am not required to 'help' them do that. i.e. the 5th amendment.

      The proper way around this is to grant the subject immunity from prosecution for anything found. Then there is no 5th amendment grounds. If the data is that important you do this..but if you only want to prosecute this particular person, then no you aren't supposed to be able to force them to help you.

      link to this | view in chronology ]

    • icon
      The Infamous Joe (profile), 25 Jan 2012 @ 9:50am

      Re:

      Hypothetically speaking, if I had written the documents in a language I made up and was unable to be decoded, except by myself, could I be compelled to decode them for the court?

      link to this | view in chronology ]

    • icon
      George (profile), 25 Jan 2012 @ 10:14am

      Re:

      BS, its a fishing expatiation. they are not asking for a specific document, like a tax return. They want free run of the data on the laptop. what laptop has communicated or connected with. If they have a problem decrypting the data. oh well. This is too evasive.

      password... we dont need a stinking password

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jan 2012 @ 4:46am

    Morally wrong

    Evil, totalitarian, and wrong.

    A society that has lost respect for the integrity of a person's thoughts—is a society which tortures and kills.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Jan 2012 @ 12:22pm

      Re: Morally wrong

      Well we know they do that so....

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Jan 2012 @ 3:16am

      Re: Morally wrong

      "A society that has lost respect for the integrity of a person's thoughts—is a society which tortures and kills."

      I think the USA already crossed that line.

      link to this | view in chronology ]

  • identicon
    Kevin Malmo, 25 Jan 2012 @ 5:00am

    So it violates the purpose of encryption... I would only do that when I'm summoned by Cort.

    link to this | view in chronology ]

  • icon
    A Guy (profile), 25 Jan 2012 @ 5:02am

    I forgot my password.

    Turning over a password is an admission of ownership/knowledge of the password and I will not admit that is my laptop.

    I never knew the password.

    I expect this will get overturned on appeal... or lawyers will be much more careful about what they tell their clients to admit to.

    link to this | view in chronology ]

    • icon
      Duke (profile), 25 Jan 2012 @ 6:16am

      Re:

      There was a case on the UK equivalent of this ruling a while back (the requirement to hand over keys is enshrined in legislation over here), and they discussed the issue of self incrimination, and admissions of ownership/knowledge.

      The Court ended up finding that it wasn't contrary to the principle against self-incrimination on the grounds that the law only covered decrypting information as part of the investigation, not as part of the trial, and if issues of self-incrimination did come up, they could be dealt with by declaring either the material uncovered, or the fact that the defendant had handed over the key (thus "proving" knowledge) could be withheld from evidence.

      However, that seems to be a particularly English approach, perhaps not reflected in the US, where you start with as much information as possible, then cut out whatever the jury or court shouldn't know about.

      link to this | view in chronology ]

      • icon
        A Guy (profile), 25 Jan 2012 @ 7:16am

        Re: Re:

        That would require that you admit it is your computer and/or you have knowledge of the password to the judge. Over here, I'm pretty sure that's goes against the Constitution.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 Jan 2012 @ 8:38am

          Re: Re: Re:

          They already know it's her laptop from other evidence and she references it as hers in a documented conversation.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 25 Jan 2012 @ 9:35am

            Re: Re: Re: Re:

            They already know it's her laptop from other evidence and she references it as hers in a documented conversation.

            This. The Ars Technica coverage indicates she had specific knowledge of the files in question and that the laptop was indeed hers (via recorded conversation).

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 25 Jan 2012 @ 10:45am

              Re: Re: Re: Re: Re:

              Then it requires admitting you have knowledge of the encrypted files. I don't admit this. That could be incriminating.

              link to this | view in chronology ]

    • icon
      pixelpusher220 (profile), 25 Jan 2012 @ 9:35am

      Re:

      I believe the specific request made by the court is that they will not consider providing the password as 'proof of ownership'. They are absolving the defendant of that point to get access to the data contained.

      link to this | view in chronology ]

      • icon
        A Guy (profile), 25 Jan 2012 @ 7:14pm

        Re: Re:

        But it is proof of knowledge of the password. Unless she has already admitted that she knows the password, which she should not have done, then it would be self incrimination.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jan 2012 @ 5:07am

    I think I'll make a few 500 meg files of just random hash if I ever go traveling. Tell the authorities truthfully they are just gibberish, and if they want to find out what they mean to analyze them themselves.

    link to this | view in chronology ]

    • icon
      Beta (profile), 25 Jan 2012 @ 6:02am

      Re:

      You are volunteering to be a martyr, to educate the authorities in basic cryptography theory at your own expense. A slightly less costly approach would be to carry a 500MB file of random bits called "OneTimePad.txt", along with some simple scripts to use it, and maybe a couple of innocuous encrypted letters and the one-pages you carelessly forgot to delete.

      And if that doesn't get you locked up, you can then do the same thing but with a random-looking 500MB file containing all of your juicy secrets.

      link to this | view in chronology ]

      • icon
        The Groove Tiger (profile), 25 Jan 2012 @ 6:14am

        Re: Re:

        Better to have a 500 mb encrypted volume full of photoshopped pictures of this judge in compromising situations (p0rn, or worse) and maybe the head of the FBI or whatever.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jan 2012 @ 5:10am

    Judge

    P*ss up a rope.

    link to this | view in chronology ]

  • icon
    Richard (profile), 25 Jan 2012 @ 5:16am

    "Judge Says Americans Can Be Forced To Decrypt Laptops"

    The Judge is factually wrong. No one can be forced to give up a password. At most they can be punished for not doing so.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Jan 2012 @ 5:22am

      Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"

      No one can be forced to give up a password.

      Try waterboarding.

      link to this | view in chronology ]

      • icon
        Richard (profile), 25 Jan 2012 @ 5:25am

        Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"

        You might still fail.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 Jan 2012 @ 5:30am

          Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"

          You might still fail.

          If the bitch drowns, that proves God has condemned her soul to hell.

          link to this | view in chronology ]

          • icon
            Machin Shin (profile), 25 Jan 2012 @ 5:53am

            Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"

            Well shoot, why you even need to decrypt anything? Just toss the person in a lake. If they drown they are guilty if not they must be innocent.

            link to this | view in chronology ]

            • icon
              Richard (profile), 25 Jan 2012 @ 6:00am

              Re: Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"

              No - just check to see if they weigh the same as a duck!

              link to this | view in chronology ]

            • icon
              The Groove Tiger (profile), 25 Jan 2012 @ 6:19am

              Re: Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"

              It's the other way around: if they drown they were innocent, if they float they are a witch. Then you burn them.

              link to this | view in chronology ]

              • identicon
                DogBreath, 25 Jan 2012 @ 9:30am

                Re: Re: Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"

                Witches float because they are made of wood!

                link to this | view in chronology ]

                • icon
                  Franklin G Ryzzo (profile), 25 Jan 2012 @ 9:57am

                  Re: Re: Re: Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"

                  While most witches are in fact made of wood, some are actually made of bridges or tiny pebbles.

                  link to this | view in chronology ]

                  • icon
                    The Groove Tiger (profile), 25 Jan 2012 @ 4:26pm

                    Re: Re: Re: Re: Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"

                    What's important is that pirates must burn because they are witches. Witch-pirates.

                    link to this | view in chronology ]

            • icon
              John Bivens (profile), 15 May 2012 @ 9:34am

              Re: Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"

              No....If they drown, they are innocent!!!! If they float, they are guilty!!!

              link to this | view in chronology ]

      • icon
        Machin Shin (profile), 25 Jan 2012 @ 5:42am

        Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"

        Think his point is that it is impossible to actually "force" someone to tell you something. You can be "very persuasive" by water boarding and such. This still cannot "force" them to tell you. The person always has the option to not tell you.

        link to this | view in chronology ]

        • icon
          Violated (profile), 25 Jan 2012 @ 10:17am

          Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"

          See the movie Unthinkable.

          If the stakes are extremely high how far are you willing to go? Ignore human rights laws? Torture? Torturing and killing their partner? Torturing and killing their children?

          And what does that then make you? All they claimed you were.

          link to this | view in chronology ]

          • identicon
            btr1701, 25 Jan 2012 @ 10:50am

            Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"

            > And what does that then make you? All they claimed you were.

            Not hardly. If they create such an extreme situation that it drives people to do something they would never normally do (in your 'Unthinkable' movie example-- nationwide nuclear holocaust), then it's ridiculous to then turn around and say, "See! They're barbarians after all!"

            link to this | view in chronology ]

            • icon
              nasch (profile), 25 Jan 2012 @ 2:03pm

              Re: Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"

              Exactly. Normal people will commit terrible acts under the right (wrong) circumstances. Check out the Milgram experiments if you haven't already.

              link to this | view in chronology ]

    • icon
      nasch (profile), 25 Jan 2012 @ 6:23am

      Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"

      The Judge is factually wrong. No one can be forced to give up a password. At most they can be punished for not doing so.

      The term "compel" legally means if you don't do it the government is allowed to arrest and imprison you. You can complain about the usage, or just understand it and move on. ;-)

      link to this | view in chronology ]

      • identicon
        New Mexico Mark, 25 Jan 2012 @ 8:09am

        Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"

        I'm sure you could be imprisoned and life could be very difficult for a while. But sooner or later (probably sooner if you could afford a high-powered lawyer to keep pressing the issue) it seems you would have to be released or just punished under whatever laws cover destruction of evidence, just as if you had shredded everything.

        There would probably be different results between refusing a legal order to decrypt and saying you forgot the password.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 Jan 2012 @ 9:29am

          Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"

          Well, I don't really agree with the ruling in this case, but I do want to point out a few things that a lot of folks overlook in all this: If the judge decides to hold you in contempt, there is no sentence length. He could keep you in prison in contempt for 75 years if he wants. As for destruction of evidence, those penalties are stiff, ever since SOX. I believe it's 20 years at the federal level. And that exceeds most federal sentence lengths except the most heinous.

          IOW, you probably would do less time just providing the documents and being found guilty than you would trying to cover things up.

          link to this | view in chronology ]

          • identicon
            btr1701, 25 Jan 2012 @ 10:57am

            Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"

            > He could keep you in prison in contempt for 75 years if he wants.

            Actually most states have limited the length of detainment for contempt to a year, barring extraordinary circumstances.

            Judges are not dictators with ultimate power to do whatever they like.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 25 Jan 2012 @ 11:16am

              Re: Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"

              Judges are not dictators with ultimate power to do whatever they like.

              It's a federal judge: Judge Robert Blackburn, appointed by George W. Bush.

              You may presume that Judge Blackburn, like most of his black-robed brethren on the federal bench, doth truly and sincerely believe himself God, and is thus totally undaunted by quaint notions of brimstone and hellfire.

              link to this | view in chronology ]

        • icon
          nasch (profile), 25 Jan 2012 @ 1:44pm

          Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"

          From WP: "The civil sanction for contempt (which is typically incarceration in the custody of the sheriff or similar court officer) is limited in its imposition for so long as the disobedience to the court's order continues: once the party complies with the court's order, the sanction is lifted. The imposed party is said to "hold the keys" to his or her own cell, thus conventional due process is not required...

          In civil contempt cases there is no principle of proportionality. In Chadwick v. Janecka (3d Cir. 2002), a U.S. court of appeals held that H. Beatty Chadwick could be held indefinitely under federal law, for his failure to produce US$ 2.5 mill. as state court ordered in a civil trial. Chadwick had been imprisoned for nine years at that time and continued to be held in prison until 2009, when a state court set him free after 14 years, making his imprisonment the longest on a contempt charge to date."

          link to this | view in chronology ]

  • icon
    btrussell (profile), 25 Jan 2012 @ 5:47am

    What is it worth to you?

    link to this | view in chronology ]

  • identicon
    pegr, 25 Jan 2012 @ 5:52am

    Relevent

    http://xkcd.com/538/

    Simpsons, I mean, xkcd did it first!

    link to this | view in chronology ]

  • identicon
    Digitari, 25 Jan 2012 @ 6:12am

    RE

    what if the "password" is just a thumb or finger print, specifically a middle finger (in my case at work) so can I just flip you the bird? I complied didn't I?

    link to this | view in chronology ]

  • icon
    harbingerofdoom (profile), 25 Jan 2012 @ 6:16am

    im no lawyer, but i think one email being present that is either from or to your lawyer would then cover it by attorney client privilege?

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 25 Jan 2012 @ 9:13am

      Re:

      I think this would be easy to route around. All the prosecutors would have to do is have an independent third party presort the information and to remove privileged communications prior to turning the data over to the prosecution.

      link to this | view in chronology ]

  • identicon
    ASTROBOI, 25 Jan 2012 @ 6:18am

    This is why...

    I've never kept a diary. Sure, it would be fun to read how I felt 20, 30 years ago. I'd enjoy reading my childish thoughts as a student. But you have a whole lifetime for this sort of thing to fall into the wrong hands. I think of all the things I did as a youngster which were legal then, or at least not specifically illegal, which are crimes now. Best advice I'd give a kid these days is "keep yer mouth shut and don't put anything in writing".

    link to this | view in chronology ]

    • icon
      nasch (profile), 25 Jan 2012 @ 6:25am

      Re: This is why...

      I think of all the things I did as a youngster which were legal then, or at least not specifically illegal, which are crimes now.

      Due to the ex post facto principle, you cannot be prosecuted for any such act (not to mention statutes of limitation). Also, anything not specifically illegal is legal.

      link to this | view in chronology ]

      • identicon
        ASTROBOI, 25 Jan 2012 @ 7:06am

        Re: Re: This is why...

        Iunderstand what you are saying. But do we not see many examples of situations where a person is innocent, or at least not guilty, but is punished all the same. Maybe not prison, but loss of employment, loss of reputation or other unpleasantness. And as to the statute of limitations; it would seem that there is considerable pressure towards extending that limit in some cases. We have, for instance, extremely broad limits for some sex offenses, in some cases many decades. Yet the limit for, say, arson might be 5 or 7 years. How will this change in future? What about laws that were not enforced in the past suddenly being agressivly enforced. The recent file-sharing situation is an example. If the government or some determined character or just fate is out to get you, life can be pretty nasty. The less evidence one supplies, the safer one is.

        link to this | view in chronology ]

        • icon
          nasch (profile), 25 Jan 2012 @ 7:42am

          Re: Re: Re: This is why...

          But do we not see many examples of situations where a person is innocent, or at least not guilty, but is punished all the same. Maybe not prison, but loss of employment, loss of reputation or other unpleasantness.

          Yeah, like innocent people being executed.

          And as to the statute of limitations; it would seem that there is considerable pressure towards extending that limit in some cases.

          Yes, but you can never be prosecuted for something that wasn't illegal when you did it. The statute of limitation cannot be extended retroactively. That's what ex post facto means.

          If the government or some determined character or just fate is out to get you, life can be pretty nasty. The less evidence one supplies, the safer one is.

          Can't argue with that. It's unfortunate that law enforcement has the ability to nearly ruin someone's life even if they don't have enough evidence for a conviction.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 25 Jan 2012 @ 11:57pm

            Re: Re: Re: Re: This is why...

            Except that it has been applied retroactively.

            link to this | view in chronology ]

            • icon
              nasch (profile), 26 Jan 2012 @ 12:29pm

              Re: Re: Re: Re: Re: This is why...

              What specifically has been applied retroactively? Are you claiming there's been a backwards extension of a statute of limitation that violates ex post facto?

              link to this | view in chronology ]

  • identicon
    wifezilla, 25 Jan 2012 @ 6:22am

    Ok all you smarty pants programmers... how about and encryption program with 2 passwords. One safely unlocks the hards drive. The other one causes the computer to melt.

    link to this | view in chronology ]

    • icon
      Josh in CharlotteNC (profile), 25 Jan 2012 @ 6:57am

      Re:

      The other one causes the computer to melt.

      I'm going to assume you mean "wipe out the data on the drive" as opposed to the computer bursting into flames (typical movie nonsense). Those that wipe data when incorrect passwords are entered already exist, however you'll need to think about using it as that could get you a destruction of evidence charge. Also, it probably wouldn't be much use anyway, as any competent forensic computer tech wouldn't be using the real drive, but would have cloned it multiple times and be working on a copy (perhaps even in a virtual environment with the ability to restore back should something like that happen).

      A better option would be TrueCrypt with hidden partitions in which one password unlocks the operating system and nonsensitive files, and another unlocks the stuff you really want to be secret. If set up properly, it is virtually impossible to tell whether (or how many) hidden partitions exist.

      link to this | view in chronology ]

    • icon
      nasch (profile), 25 Jan 2012 @ 7:19am

      Re:

      how about and encryption program with 2 passwords. One safely unlocks the hards drive. The other one causes the computer to melt.

      Truecrypt does better than that, with one password that unlocks boring stuff and one that unlocks the secret stuff. And after unlocking the boring stuff there's no way to know the secret stuff is even there.

      link to this | view in chronology ]

      • icon
        pixelpusher220 (profile), 25 Jan 2012 @ 10:54am

        Re: Re:

        well except for the fact that they probably know about Truecrypt and would ask you if there are multiple passwords in use.

        No - perjury
        Yes - see answer for first password if you said yes
        no comment - see answer for first password if you refused

        link to this | view in chronology ]

        • identicon
          btr1701, 25 Jan 2012 @ 11:04am

          Re: Re: Re:

          > well except for the fact that they probably know about
          > Truecrypt and would ask you if there are multiple
          > passwords in use.

          > No - perjury

          Not hardly. In order to be charged/convicted of perjury you have to be testifying under oath, and as the defendant, you have the 5th Amendment right not to testify at all. So unless you've been stupid enough to voluntarily take the stand at trial and then start lying about your passwords, there's no danger of perjury for saying 'no' to anyone else's questions about your passwords.

          link to this | view in chronology ]

        • icon
          Beta (profile), 25 Jan 2012 @ 3:26pm

          Re: Re: Re:

          >No - perjury

          Committing an act of perjury, perhaps. But they'll have a hard time convicting you if they can't prove you're lying, and to do that they must decrypt the file, which brings us right back to where we started.

          link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jan 2012 @ 6:26am

    Law enforcement...police state, what's the difference anymore?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Jan 2012 @ 6:35am

      Re:

      Law enforcement...police state, what's the difference anymore?


      “By the time you wake up and realize that you are living in a totalitarian state—it is already too late.”

                 ——attributed to Hannah Arendt

       

      It is already too late.

       

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jan 2012 @ 6:58am

    The difference with this case is that the defendant admitted on tape that the encrypted volume contained the information the investigators wanted. That is a subtle, but important aspect when it comes to the 5th amendment.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Jan 2012 @ 7:25am

      Response to: Anonymous Coward on Jan 25th, 2012 @ 6:58am

      You get it. Masnick conveniently left this aspect out in his rush to promote the FUD aspect. Or he is just ignorant. It's one or the other.

      link to this | view in chronology ]

    • icon
      Pitabred (profile), 25 Jan 2012 @ 9:49am

      Re:

      Came here to say that. Thanks.

      link to this | view in chronology ]

  • identicon
    KK, 25 Jan 2012 @ 7:23am

    why go through all this

    I have an encrypted drive inside an encrypted drive(which is appended to a movie's file). You can still watch the movie never knowing that there is something I'm trying to hide..
    in short if you are smart enough giving an eccryption key is not going to let anyone else get to you...
    and ya.. I have nothing special in my special encrypted partition.. its there caz I could do it..

    link to this | view in chronology ]

  • identicon
    Rich Kulawiec, 25 Jan 2012 @ 7:26am

    A "deadman switch" algorithm

    You can't disclose what you don't know.

    1. You use Truecrypt with a plausible deniability volume, and you use a password that's very long -- much too long for you to memorize.

    2. You put that password in a file. You encrypt that file with Truecrypt and use a second password -- and this second one, you memorize.

    3. You store that encrypted file on a server -- let's say, a very cheap virtual server in a country with reasonably strong data privacy laws, like Switzerland. You stipulate to the service provider that you do NOT want your virtual server backed up.

    4. You set up a cron job on that server, such that it regularly checks to see if you've logged in recently...where "recently" might be "within the last week".

    5. If you actually need password #1, you log into the server, retrieve the file, and use password #2 to recover it.

    6. But if that "recent login" check fails, the file gets automagically deleted. You never knew password #1, because you couldn't memorize it; now you can't retrieve it, either.

    Of course, variations on this are possible: it's possible to use multiple files on multiple virtual servers, diminishing the probability that an attacker could acquire them all. You could also hedge your bet by splitting password #1 into (let's say) 3 pieces and distributing those across 3 servers in this fashion: server 1 (parts 1 and 2); server 2 (parts 2 and 3); server (parts 1 and 3) so that you could suffer the loss of any one server and still be able to recover the file with encrypted password #1. This also helps if one of the service providers -- against your wishes -- backs up the file, because what's in their backups only has 2/3 of password #1, thus if they're compelled to disclose it via legal process, the best they can do is cough up an encrypted file with incomplete data.

    Note also: there are cryptographic algorithms that are based on multiple keys (say, M keys) but only require N, N<=M keys to work. This allows, let's say, a group of 7 people to decrypt an encrypted file if any 4 of them agree to use their keys. I think this technology could also be applied here.

    link to this | view in chronology ]

    • icon
      nasch (profile), 25 Jan 2012 @ 7:45am

      Re: A "deadman switch" algorithm

      1. You use Truecrypt with a plausible deniability volume

      Why not just stop here? If done properly, they could not prove there's anything else to decrypt, right? So decrypt the first layer for them, and you're done. You've satisfied the warrant while keeping your secrets.

      link to this | view in chronology ]

      • identicon
        Rich Kulawiec, 25 Jan 2012 @ 8:29am

        Re: Re: A "deadman switch" algorithm

        I have two concerns about that, one of which may stem from my incomplete understanding of how the Truecrypt plausible deniability volume works. I'm concerned that it may be possible to use (virtual) disk usage/size measurements to infer the existence of another volume -- say, by attempting to fill up the p.d. volume and noting at which point calls to write(2) fail. If they do so when (let's say) a 100G disk only appears to have 60G on it, then can we not infer that the other 40G is unavailable because it's in use?

        The other concern is that disclosure of a p.d. volume may be viewed by the legal process as just that. Given the way this ruling has been written, I wouldn't be surprised to see the same judge (if asked to rule on a case involving a p.d. volume) write a ruling that treats that in a way unfavorable to privacy. I'm not saying it will happen; I'm not saying it's a good thing or a desirable thing; I'm just saying that it seems within the realm of possibility, and therefore I'm concerned about it.

        link to this | view in chronology ]

        • identicon
          Difster, 25 Jan 2012 @ 9:02am

          Re: Re: Re: A "deadman switch" algorithm

          Read the TruCrypt documentation on that and find out why inferring the presence of a hidden volume isn't a possibility.

          link to this | view in chronology ]

        • icon
          Andrew F (profile), 25 Jan 2012 @ 10:11am

          Re: Re: Re: A "deadman switch" algorithm

          If you're hiding a TrueCrypt volume within another volume, mounting only the outer volume won't reveal the existence of the hidden volume. First, the "empty" space in a volume is always filled with noise, so the presence of a hidden volume can't be inferred by size. Second, attempting to write past the size limit of the outer volume won't result in a failure. You'll just overwrite the hidden volume. This happens because TrueCrypt assumes if you enter in only the password for the outer volume, you're in plausible deniability mode and that it's preferable to overwrite hidden data than reveal it.

          As for legal process, it's possible they could force you to disclose the password to a hidden volume, but that's only if they know there is one. Since there's no technical way to reveal the presence of a hidden volume, the only way they could know about this is if (1) they force you to reveal your state of mind, which is clearly forbidden by the 5th Amendment, or (2) you do something stupid like brag about your hidden volume to a police officer.

          As for the deadman's switch idea, I'm not a fan. In order to explain why you don't have the password, you have to reveal that there is a deadman's switch. And the presence of a deadman's switch may indicate to authorities a sign of wrongdoing. Or may be interpreted as an attempt to destroy evidence.

          link to this | view in chronology ]

        • identicon
          Headbanger, 25 Jan 2012 @ 10:46am

          Re: Re: Re: A "deadman switch" algorithm

          It is my understanding that a standard Truecrypt volume contains a significant amount of random data in any case, i.e. if you don't have a hidden volume, a good portion of the volume is still going to be occupied by random data.

          http://www.truecrypt.org/docs/?s=hidden-volume

          link to this | view in chronology ]

  • icon
    PrometheeFeu (profile), 25 Jan 2012 @ 8:09am

    This is an important-enough issue that it deserves details. The 5th amendment issue is not actually with producing the information on the drive. It's long-established law that a court can make you produce evidence even if that evidence will incriminate you. The issue was that by decrypting the drive, you are demonstrating that it is your hard-drive and your data. THAT is self-incriminating testimony.

    So what did the court do here? Well the court looked at the facts and said: We already know it's your laptop, hard-drive and data. Also, the government has agreed to grant you immunity from that testimony. (They won't be able to tell the jury that you were able to decrypt the data) So decrypt the data already.

    In the real world, the court couldn't force you to tell them that you have the key to a safe, but it could force you to open the safe once it's been established that you have the key.

    Let's also remember this is not some creepy executive action such as border search, national security letters or whatever. This is a judge issuing a warrant. There are all sorts of safe-guards such as appeal, judicial standards to be met, etc...

    link to this | view in chronology ]

    • icon
      Pitabred (profile), 25 Jan 2012 @ 9:51am

      Re:

      The government ALSO had a conversation in which she admitted the information that was encrypted was related to the case. They have probable cause, which significantly changes the 4th and 5th amendment's scope.

      Also note that the judge directed that the prosecution was NOT allowed to use the fact that she decrypted it against her.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Jan 2012 @ 10:02am

        Re: Re:

        They have probable cause, which significantly changes the 4th and 5th amendment's scope.


        Yes, we understand that the magical phrase “probable cause” renders the former constitution null, void, and a farce.

        You have lost the respect for human dignity that forms the foundation and cornerstone of ordered liberty.

        link to this | view in chronology ]

        • icon
          Pitabred (profile), 25 Jan 2012 @ 1:24pm

          Re: Re: Re:

          It's not a magical phrase. They have her on tape saying that there was evidence in that encrypted volume. That's pretty cut and dry.

          Arguing about what constitutes probable cause is quite valid. But the fact that it exists shouldn't be an issue.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 25 Jan 2012 @ 3:06pm

            Re: Re: Re: Re:

            That's pretty cut and dry.

            Yes. I understand that you have adjudged her guilty, and consider the trial an empty formality.

            What you have forgotten is the principles of human dignity and freedom of conscience that once animated our former bill of rights. You have lost sight of the history: The phrase camera stellata holds no meaning for you.

            So, you go around waving the magic phrase “probable cause” and insist upon a warrant to search this woman's mind.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 26 Jan 2012 @ 12:01am

              Re: Re: Re: Re: Re:

              Give it up, AC. People like this can't understand the idea of freedom, of not being owned by their government.

              link to this | view in chronology ]

            • icon
              PrometheeFeu (profile), 26 Jan 2012 @ 10:59pm

              Re: Re: Re: Re: Re:

              Wow, I love the hyperbole. Nobody is searching that woman's mind. That woman is simply ordered to produce the evidence that she admitted to storing on her hard drive the same way she might be ordered to produce evidence stored in a locked box or hidden under floorboards. For that order to be lawfully issued, the prosecution had to demonstrate that they had "probable cause" (a direct quotation from the 4th amendment if you believe it) to believe that there was evidence on the hard drive. They did so by having her on tape admitting to that fact. If she doesn't like that outcome, she can file an appeal and then request certiorari from SCOTUS.

              But as it stands, the information stored in her mind is not requested which means her rights under the 5th Amendment are being respected. And just to be sure, the prosecution agreed that they could not bring the fact that she was capable of decrypting the drive as evidence against her.

              What were you expecting? That if you store a piece of evidence in an envelope they can force you to hand it over, but if you encrypt it they can't? That would be an absurd result.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 27 Jan 2012 @ 3:32am

                Re: Re: Re: Re: Re: Re:

                That would be an absurd result.

                You, and Blackburn, start with the assumption that the state has an absolute right to any papers the state covets. And you reach the conclusion that any means justify that end.

                We have an irreconciliable difference in values.

                I do not believe that citizens exist solely to serve the state. Rather, people have a foundational liberty in their own conscience, and fundamental rights to the freedom of their own thoughts.

                link to this | view in chronology ]

                • icon
                  PrometheeFeu (profile), 27 Jan 2012 @ 10:43pm

                  Re: Re: Re: Re: Re: Re: Re:

                  Actually no. I don't believe the state has any right to any papers at all. I do however believe that people have a right to not be defrauded and that that right must be balanced against people's right to privacy. The 4th amendment, the probable cause requirement and independent courts arbitrate between the two. That's their job and here, they did it well.

                  link to this | view in chronology ]

        • icon
          PrometheeFeu (profile), 26 Jan 2012 @ 10:48pm

          Re: Re: Re:

          "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

          The phrase "probable cause" is in the Constitution. That is the bar that the 4th Amendment itself says you must clear in order to compel production of evidence. If you believe that the Constitution does not adequately protect people, that is your right. But do not go about complaining about "probable cause" nullifying the Constitution.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 27 Jan 2012 @ 4:46am

            Re: Re: Re: Re:

            But do not go about complaining about "probable cause" nullifying the Constitution.

            And why not? You have emptied the phrase, and stood the words on their heads. The guarantee runs against unreasonable searches—yet you insist that probable cause overrides all to permit a search against reason.

            The guarantees of the Bill of Rights were enacted by men of their times, who held a memory of the great abuses of the Crown. They looked to their own history, knew well the old horrors of rule by Sterr'd Chambre, and set out pickets and wards against return of that evil.

            link to this | view in chronology ]

            • icon
              PrometheeFeu (profile), 27 Jan 2012 @ 10:50pm

              Re: Re: Re: Re: Re:

              They have that woman on tape admitting there is evidence on her hard-drive. What more do you want?

              link to this | view in chronology ]

  • icon
    framitz (profile), 25 Jan 2012 @ 8:46am

    I guess I'd be sitting in jail for contempt as I would never give out such information on principal.

    How long can you be kept in jail for contempt?

    link to this | view in chronology ]

  • icon
    Pjerky (profile), 25 Jan 2012 @ 9:08am

    No way in hell

    I don't care what they threaten me with. Even if I only have pictures of cute little kittens on my computer. There is no way in hell that I would give them access to the data on my computer. I would resist simply on principle, but also because I believe it a violation of my rights. If I have to go to jail for what I believe in then so be it.

    If we don't stand up for our rights then no one else will either.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Jan 2012 @ 9:57am

      Re: No way in hell

      I don't care what they threaten me with. Even if I only have pictures of cute little kittens on my computer.


      Peine forte et dure.

      Giles Corey (died September 19, 1692, Salem Village, Province of Massachusetts Bay)
      On Monday, September 19, Corey was stripped naked, a board placed upon his chest, and then--while his neighbors watched--heavy stones and rocks were piled on the board. Corey pleaded to have more weight added, so that his death might come quickly.

      Samuel Sewall reported Corey's death: "About noon, at Salem, Giles Corey was press'd to death for standing mute." Robert Calef, in his report of the event, added a gruesome detail: Giles's "tongue being prest out of his mouth, the Sheriff with his cane forced it in again, when he was dying." Judge Jonathan Corwin ordered Corey buried in an unmarked grave on Gallows Hill.

      link to this | view in chronology ]

      • icon
        Pjerky (profile), 25 Jan 2012 @ 10:30am

        Re: Re: No way in hell

        So your quoting actions that happened in the British colonies almost a full 100 years before the American Revolutionary War (http://en.wikipedia.org/wiki/American_Revolutionary_War).

        The laws are quite a bit different now. Anything they can get away with doing, legal or not, are not things that are sufficient for me to give into these assholes.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 Jan 2012 @ 10:39am

          Re: Re: Re: No way in hell

          The laws are quite a bit different now.

          Today, as in 1692, the court orders this woman to criminate herself.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 25 Jan 2012 @ 9:56pm

            Re: Re: Re: Re: No way in hell

            Indeed, the methodology may be less extreme, jail time instead of massive rocks, but both essentially boil down to: 'admit to committing a crime, give up the evidence needed to convict you of said crime, or you shall be punished/tortured until you do.'

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 26 Jan 2012 @ 12:05am

              Re: Re: Re: Re: Re: No way in hell

              So there's no difference, really. Do you really think sitting in a cell for a hundred years is better than dying?

              Let me put this in language which maybe will make sense to your kind: even Harry Potter concedes that death is not the worst fate a man can meet.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 26 Jan 2012 @ 2:19am

                Re: Re: Re: Re: Re: Re: No way in hell

                Sitting in a cell for a hundred years can be good for the soul or disastrous for those who have no control over their emotions.

                Is not the cell that kills you, is your expectations.

                link to this | view in chronology ]

              • icon
                nasch (profile), 26 Jan 2012 @ 12:31pm

                Re: Re: Re: Re: Re: Re: No way in hell

                Do you really think sitting in a cell for a hundred years is better than dying?

                Well, prisoners who are actually in that situation almost universally prefer life imprisonment over death.

                link to this | view in chronology ]

          • icon
            PrometheeFeu (profile), 27 Jan 2012 @ 10:59pm

            Re: Re: Re: Re: No way in hell

            No they are not. They are ordering her to hand over evidence that she has admitted to be in her possession. This is no different than saying: "Open this safe which you said contains evidence."

            link to this | view in chronology ]

    • icon
      PrometheeFeu (profile), 26 Jan 2012 @ 11:10pm

      Re: No way in hell

      Can you please explain to us which ones of your rights are being violated? Is it your right to ignore a narrowly drafted warrant for evidence based upon a finding of probable cause by an impartial judge? Would you complain as much if instead of being encrypted the data was printed out and in a safe? What's the difference?

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 27 Jan 2012 @ 4:00am

        Re: Re: No way in hell

        Is it your right to ignore a narrowly drafted warrant for evidence based upon a finding of probable cause by an impartial judge?

        Yes. When the warrant runs contrary to reason.

        Humans have an inviolable right to the integrity of their own minds. You may try to brainwash it away, but people have no duty to aid your evil.

        link to this | view in chronology ]

        • icon
          PrometheeFeu (profile), 27 Jan 2012 @ 11:04pm

          Re: Re: Re: No way in hell

          What evil? They have her on tape admitting to the presence of the evidence on her hard-drive. All they are saying is: give us that thing we know you have. Her mind is not being violated.

          link to this | view in chronology ]

      • icon
        nasch (profile), 27 Jan 2012 @ 7:26am

        Re: Re: No way in hell

        Would you complain as much if instead of being encrypted the data was printed out and in a safe?

        If it's a combination lock, can they compel you to open it or tell them the combination? It seems like that would be a pretty exact analogue for an encrypted file.

        link to this | view in chronology ]

  • icon
    John Fenderson (profile), 25 Jan 2012 @ 9:17am

    So many complicated ideas

    It's interesting how many comments here are proposing ways to avoid disclosure of the decrypted data (which is tangential to the point of this article, imo).

    All of them are too complicated. It's really very easy -- if you must keep extremely sensitive data in electronic form, do not keep it on a hard drive, laptop, cell phone, etc. Keep it encrypted on a microSD card, and keep that on your person. Should there be a danger of it falling into the hands of people you don't want to have access to it, lose or swallow the card.

    Just don't let anyone see you, or you may find your shit confiscated.

    link to this | view in chronology ]

    • icon
      Pjerky (profile), 25 Jan 2012 @ 10:31am

      Re: So many complicated ideas

      If you swallow it you may literally "find your shit confiscated". Just saying!

      link to this | view in chronology ]

    • icon
      nasch (profile), 25 Jan 2012 @ 1:55pm

      Re: So many complicated ideas


      Just don't let anyone see you, or you may find your shit confiscated.


      Actually if they see you you could be on the hook for destruction of evidence. The point of these techniques is to avoid both disclosing your data and going to prison.

      link to this | view in chronology ]

  • icon
    timmaguire42 (profile), 25 Jan 2012 @ 9:19am

    And how will they determine that it was decrypted accurately?

    link to this | view in chronology ]

  • icon
    M. Wright (profile), 25 Jan 2012 @ 9:26am

    Technicalities

    Working with legal technicalities works both ways. From now on, my passwords will all be a form of:

    'I am guilty as sin'

    Then it WILL be a 5th amendment issue.

    link to this | view in chronology ]

  • icon
    Violated (profile), 25 Jan 2012 @ 9:53am

    Key to Self Incrimination

    They already do this in the UK. Refuse to hand over your password and they can put you into prison for years. Innocent or guilty makes little difference.

    Here is one example...

    A 19-year old from Lancashire has been sentenced to 16 weeks in a young offenders institution for refusing to give police the password to an encrypted file on his computer. Oliver Drage, from Naze Lane, Freckleton, Lancashire was arrested in May as part of an investigation into child sexual abuse images. His computer was seized.

    Talk about incriminating yourself or jailed if you don't.

    The best defence if you encrypt your HDD is to say this partition is just random data because you just erased your HDD (using some random data tool) and so there is nothing to decrypt. There is no way they can prove the data is encrypted through examining it.

    link to this | view in chronology ]

  • identicon
    Steve, 25 Jan 2012 @ 10:12am

    Another amendment is applicable

    If the constitution still mattered, and was taken seriously, the judge's order could be overruled as a violation of the 13th amendment.

    link to this | view in chronology ]

  • icon
    Pjerky (profile), 25 Jan 2012 @ 10:41am

    You may use logical threats/arguments to avoid being required to do this.

    You could try stating the following to avoid giving it up (the password/key you perv):

    Your attempts to force me to give you my password/encryption key violates my 4th amendment rights. If I have anything incriminating on the machine then it also violates my 5th amendment rights against self-incrimination. Are there any more of my constitutional rights you want to violate today? I am sure my lawyer would love to add those to the list of items during the trial against you and your superiors.


    And yes, I wrote that.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jan 2012 @ 11:42am

    I forgot the password (PERIOD)

    link to this | view in chronology ]

  • icon
    Al Bert (profile), 25 Jan 2012 @ 8:46pm

    well, shit

    This is getting ridiculous. Every time i turn around, they're finding new ways to better institute fascism.

    link to this | view in chronology ]

    • icon
      PrometheeFeu (profile), 26 Jan 2012 @ 11:25pm

      Re: well, shit

      Fascism? Isn't that a bit of an exageration for a court finding that they can force you to produce evidence even if that evidence is encrypted rather than buried or locked up or whatever?

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 27 Jan 2012 @ 3:54am

        Re: Re: well, shit

        Fascism?

        It is totalitarianism.

        You are unwilling to cede the individual a sphere of personal autonomy proof against all the demands of the state.

        You insist that the state may grab hold of this woman's very thoughts—and examine the harvest of those thoughts to see whether they lead to heresy.

        link to this | view in chronology ]

        • icon
          PrometheeFeu (profile), 27 Jan 2012 @ 11:07pm

          Re: Re: Re: well, shit

          Nobody is saying that they may examine her thoughts! We are saying that she has to hand over evidence which is in her possession when an impartial arbiter has determined that there is probable cause that the evidence is relevant to a case where she may have violated the rights of another individual. That's it. What's wrong with that?

          link to this | view in chronology ]

  • icon
    Skeptical Cynic (profile), 26 Jan 2012 @ 7:14am

    I think I now have a new idea for a business

    The Ultra-Secure Laptop. Guaranteed data destruction if your computer is every touched by law-enforcement.

    "Have data you need to keep secure from prying eyes? Don't want to have your stupidly kept documents incriminating you in court? Then buy the Ultra-Secure Laptop. Guaranteed to destroy all of your data the second any law-enforcement officer touches it!!"

    Just have to work out the details now.

    link to this | view in chronology ]

  • identicon
    Jerm, 28 Apr 2013 @ 7:38pm

    I forgot

    "When those brutish police officers arrested me, they slammed my head into the floor - on the way down I clipped a piece of furniture. I seem to be having memory issues now, sorry"

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.