Judge Says Americans Can Be Forced To Decrypt Laptops
from the 5th-amendment-begone dept
A few years ago, we wrote about a case, in which a court found that a defendant could not be forced to give up his encryption key for encrypted files on his computer, because that would be a violation of the 5th Amendment. The argument was that the key was a form of speech, and that speech would self-incriminate the person. However, in a new case, a judge has said that it is not a 5th Amendment violation if a defendant is required to decrypt their laptop, even if that laptop contains incriminating information. The difference here? The key. In the first case, the question was over whether or not the defendant had to hand over the key. In this case, there was no request for the key -- just to decrypt the hard drive. As the court saw it, this was no different than demanding a defendant hand over documents related to a case, something that obviously happens all the time. It does seem like a fine line (and perhaps a meaningless distinction if law enforcement now knows to do the latter, rather than the former). Either way, the defendant in this case, Ramona Fricosu, accused of being part of a mortgage scam, is intending to appeal. It would be interesting to see the Supreme Court eventually weigh in, but I would guess that they'll side with this particular ruling.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: decryption, encryption, fifth amendment
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
If law enforcement is already monitoring your net connection, this may not work, but if they have seized the computer and afterwards get the urge to make you decrypt it then you can merely claim that there is no possibility because part of the key has been deleted from the cloud (you can even go through the motions of putting in your key).
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Tampering with evidence is not taken lightly...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
> perhaps it's a lesser charge
Yes, this isn't about beating the charge completely, but if you know that the drive contains evidence of child porn or murder or worst of all, copyright violation, and you know it will put you away for 30 years to life, then taking a 5-year hit for evidence tampering is a helluva good deal.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
A forensic specialist, on seizing the drive, will have loaded it in a write-blocker, and made a bit-for-bit copy. The only thing they'll give you to let you enter your nuke password on is one of those copies.
You enter your nuke password, and send back the disk. Now they can compare the two disks, and find that you've changed them.
Now they're charging you with destruction of evidence, and they /still demand the unencrypted contents/. What does that mean? Well, it means they can hold you in contempt, and detain you indefinitely until you comply. IE, instead of that 30 years to life, you're there for "until you comply". After you comply, you still have the 30 years to life to face.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
Regarding bit-for-bit copy, anyone with experience working on firmware know there's a "write-only" one that you can only program on, but not read back (I don't know whether there're ways read back those chips by other means, though). Working on a bit-to-bit copy won't work if the encryption/decryption program is written on chips.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Badum, tish!
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Make me.
This seems like a detective asking a robber where he hid the diamonds to me, you'd have to weigh the consequences of not cooperating. Sounds like a reinforcement of the advice that people not know their encryption keys, but know how to get them instead.
[ link to this | view in chronology ]
Re: Make me.
As the story indicated, the police can compel you to decrypt the information. They wouldn't care if you have the key memorized or just know where to get it, as long as you do it. As far as I can tell the only options would be 1) cooperate 2) go to jail 3) convince the judge you're unable to comply or 4) convince the judge/investigators that you have complied even though you haven't.
Number 3 could perhaps be accomplished by demonstrating a secure delete facility on your computer. You can claim that the encrypted block of data is just garbage created by the secure deleter. I don't know enough about the technology to know if that would fly or not.
[ link to this | view in chronology ]
Re: Re: Make me.
[ link to this | view in chronology ]
Wrong Analogy
Courts have held that a suspect is NOT required to hand over the keys to a safe. They have ALSO held that the same suspect is also NOT required to unlock the safe for the police. The distinction between giving the authorities your password or simply decrypting the files for them is the same - if one is considered unlawful, so too should the other be.
And beyond that, this should be protected under the 4th amendment, regardless of whether or not it violates the 5th. This is about as damn well "unreasonable" as a search can possibly be.
Anyhow...if the defendant was asked to have over a disk - still encrypted - with the files on it, that is legal. After that, the police are free to take as much time as they like (should be around 2,000 years with a strong password and good algorithm) and try to crack it themselves. This is like saying they can seize the safe and have a locksmith try to open it for them. Legally, they can do this. But compelling the suspect and/or defendant to make their case for them? Pretty damn unreasonable.
[ link to this | view in chronology ]
Re: Wrong Analogy
[ link to this | view in chronology ]
Re: Re: Wrong Analogy
[ link to this | view in chronology ]
Re: Wrong Analogy
I also wonder though how far you could get by hiding the data they wanted in masses of useless data. Like the key file for your encryption could be a small text file on a thumb drive with millions of text files. Once they have the thumb drive you can honestly tell them they have the key.
[ link to this | view in chronology ]
Re: Re: Wrong Analogy
This guy's mistake was the equivalent of saying "I have them and you'll never find read them since they are encrypted!"
[ link to this | view in chronology ]
Re: Wrong Analogy
And the 4th Amendment argument will never carry the day (the EFF didn't even attempt to make the 4th Amendment argument in their amicus brief). The police had a perfectly valid warrant to search the computer. The issue is not whether searching the computer was reasonable. Rather it is whether the defendant can be compelled to grant access to the encrypted files.
I don't mean to imply that I think the court got it right here. Just trying to clear some things up.
[ link to this | view in chronology ]
Re: Re: Wrong Analogy
> reasonable. Rather it is whether the defendant can be
> compelled to grant access to the encrypted files.
This issue makes for some great law school exam questions and philosophical legal discussions, but the practical reality is that judges, prosecutors, and law enforcement can never actually win this one.
There are too many ways for defendants to defeat them. Some have been mentioned here-- multiple passwords that unlock some data but not other, cloud keys that expire, etc.-- but even a defendant who just claims not to remember the password will eventually win. Sure, they might get some time in a county jail for contempt, but a judge can't keep someone there for life. Most states top it out at a year. So if the suspect knows that the stuff on his computer will get him 10-20 in a state penitentiary, spending a year in the county lockup for contempt is hardly the worst option on the table.
[ link to this | view in chronology ]
Re: Re: Re: Wrong Analogy
Sure, a defendant can try and play the "I don't remember" card. But if a court has good reason to believe otherwise, he may find himself held in contempt for a very long time.
I've never heard the "most states top it out at a year" claim before but I would guess it is a popular misconception, not actual law.
[ link to this | view in chronology ]
Re: Re: Re: Re: Wrong Analogy
Explain what this “good reason” looks like. Can you touch it? Taste it? Smell it? Explain it?
No. “Good reason” just means what the court had for lunch today.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Wrong Analogy
I know you tried to help me out by answering the question you (quite colorfully) posed to me, but I wanted to get my two cents in anyway.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Wrong Analogy
The court has no warrant to search the contents of the human mind.
Everyone has had the experience of forgetting items that they should be able to remember. For some people, it happens when the take tests. For others, it happens when they get out of bed in the morning and can't find their eyeglasses.
A court that would jail someone because the judge knows that the defendant must have power to recall, is a court defying human experience—a court worth nothing but contempt.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Wrong Analogy
[ link to this | view in chronology ]
Re: Re: Re: Re: Wrong Analogy
> scope of punishment for contempt.
You can always find a statistical outlier which results from a case with unique circumstances or which occurred before legislative preemption. It's hardly the norm, however.
Many states have set statutory limits on the length of time a judge can hold someone in contempt. Others have required contempt orders to meet certain criteria for them to be upheld, the most common and important of which is that the contempt cannot be punitive rather than coercive. Once it becomes punitive, the contempt order instantly violates about 50% of the Bill of Rights.
Judges simply don't have unfettered power to lock people up indefinitely at what essentially amounts to their whim.
> I've never heard the "most states top it out at a year" claim
> before but I would guess it is a popular misconception,
> not actual law.
As an attorney myself, I tend not to deal in popular misconception.
[ link to this | view in chronology ]
Re: Re: Re: Re: Wrong Analogy
> "I don't remember" card. But if a court
> has good reason to believe otherwise, he
> may find himself held in contempt for a
> very long time.
In cases where a court has ordered someone to produce an encryption key, which is likely to be a long string of numbers and letters, the longer the contempt order goes on, the more likely it is that the defendant really will forget it, and be truly unable to come up with the key even if he wanted to.
Such a defendant will cease to 'have the keys to his own jail cell' which will automatically trigger constitutional due process requirements and void the contempt order.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
What you said up there is having to choose between decrypting the files and, through them as evidence, get sentenced to jail...or not open them, and go to jail anyway.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Prove that you forgot something? How is that possible?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
If I understand correctly, that is true, but as a practical matter I just don't see that happening. At some point the judge would decide there's nothing to be gained by keeping someone locked up. Not to mention it's likely word would get out, and the pressure to drop the charge would probably mount quickly.
So far no one's been jailed more than 14 years. And that guy was definitely and clearly not following a court order. Since it was to pay a bunch of money I hope it's not just that he didn't have the money to pay. According to another poster he was released because it was determined the incarceration had become punitive, which is not allowed.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
The "authorities" these days do not feel they need no stinkin warrants.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The only difference is semantic bullshit.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
See... For documents handing to court, the documents are not always in English. And the defendents are neither required to hire translators to translate the documents, nor required to pay the fees for court to hire the translators.
Can't see how they can force you to tranlate the documents if you always write them in some rare or obscure language. :P
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
What does this have to do with 'democracy and the government serving the electorate'? If you don't agree with this decision, fine, but don't get holier than thou.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
That's very, very different to a citizens personal property.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Col. Jessep: You want answers?
Kaffee: I think I'm entitled.
Col. Jessep: You want answers?
Kaffee: I want the truth!
Col. Jessep: You can't handle the truth!
[pause]
Col. Jessep: Son, we live in a world that has tubes, and those tubes have to be guarded by encryption algorithms. Who's gonna do it? You? You, Lt. Weinburg? I have more numerous salt bits than you could possibly fathom. You weep for digital forensics, and you curse the cipher. You have that luxury. You have the luxury of not knowing what I know. That cryptography's invention, while inconvenient, probably keeps secrets. And my use of it, while absurd and incomprehensible to you, keeps secrets. You don't want the truth because deep down in places you don't talk about at parties, you want secrets to be kept, you need secrets to be kept. We use words like key, code, hash. We use these words as the backbone of a science dedicated to securing communication. You use them as a specter. I have neither the time nor the inclination to explain cryptography to a man who rises and sleeps under the blanket of the very security that it provides, and then questions the security it provides for others. I would rather you just said thank you, and went on your way, Otherwise, I suggest you pick up a decrypter, and start brute forcing. Either way, I don't give a damn what you think you are entitled to.
Kaffee: Do you know the private key?
Col. Jessep: I know the premise of encry...
Kaffee: Do you know the private key?
Col. Jessep: 4b752O7o3dgJ#?;6q7IxLBr7:#gUL^!
Boom! Techno-lawyered.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
The difference is simple. It is comapratively easy to establish whether the documents exist. It is impossible to establish whether a person knows or can remember the encryption key.
You cannot tell the difference between an innocent person who never knew or has forgotten the keys and someone who is withholding them.
Basic principles of law require that innocence be given the benefit of the doubt.
[ link to this | view in chronology ]
Re: Re:
Factual innocence is utterly immaterial: This is Star Chamber.
Camera Stellata
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
No, the encrypted file would still be there unchanged. You would have made a new file that's clear text.
[ link to this | view in chronology ]
Re: Re: Re:
Not if you used quantum encryption.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
See the difference now?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Not hardly. They have it, they can do what they want with it, but *I* am not required to 'help' them do that. i.e. the 5th amendment.
The proper way around this is to grant the subject immunity from prosecution for anything found. Then there is no 5th amendment grounds. If the data is that important you do this..but if you only want to prosecute this particular person, then no you aren't supposed to be able to force them to help you.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
password... we dont need a stinking password
[ link to this | view in chronology ]
Morally wrong
A society that has lost respect for the integrity of a person's thoughts—is a society which tortures and kills.
[ link to this | view in chronology ]
Re: Morally wrong
[ link to this | view in chronology ]
Re: Morally wrong
I think the USA already crossed that line.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Turning over a password is an admission of ownership/knowledge of the password and I will not admit that is my laptop.
I never knew the password.
I expect this will get overturned on appeal... or lawyers will be much more careful about what they tell their clients to admit to.
[ link to this | view in chronology ]
Re:
The Court ended up finding that it wasn't contrary to the principle against self-incrimination on the grounds that the law only covered decrypting information as part of the investigation, not as part of the trial, and if issues of self-incrimination did come up, they could be dealt with by declaring either the material uncovered, or the fact that the defendant had handed over the key (thus "proving" knowledge) could be withheld from evidence.
However, that seems to be a particularly English approach, perhaps not reflected in the US, where you start with as much information as possible, then cut out whatever the jury or court shouldn't know about.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
This. The Ars Technica coverage indicates she had specific knowledge of the files in question and that the laptop was indeed hers (via recorded conversation).
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
And if that doesn't get you locked up, you can then do the same thing but with a random-looking 500MB file containing all of your juicy secrets.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Judge
[ link to this | view in chronology ]
"Judge Says Americans Can Be Forced To Decrypt Laptops"
[ link to this | view in chronology ]
Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"
Try waterboarding.
[ link to this | view in chronology ]
Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"
[ link to this | view in chronology ]
Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"
If the bitch drowns, that proves God has condemned her soul to hell.
[ link to this | view in chronology ]
Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"
[ link to this | view in chronology ]
Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"
[ link to this | view in chronology ]
Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"
If the stakes are extremely high how far are you willing to go? Ignore human rights laws? Torture? Torturing and killing their partner? Torturing and killing their children?
And what does that then make you? All they claimed you were.
[ link to this | view in chronology ]
Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"
Not hardly. If they create such an extreme situation that it drives people to do something they would never normally do (in your 'Unthinkable' movie example-- nationwide nuclear holocaust), then it's ridiculous to then turn around and say, "See! They're barbarians after all!"
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"
[ link to this | view in chronology ]
Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"
The term "compel" legally means if you don't do it the government is allowed to arrest and imprison you. You can complain about the usage, or just understand it and move on. ;-)
[ link to this | view in chronology ]
Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"
There would probably be different results between refusing a legal order to decrypt and saying you forgot the password.
[ link to this | view in chronology ]
Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"
IOW, you probably would do less time just providing the documents and being found guilty than you would trying to cover things up.
[ link to this | view in chronology ]
Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"
Actually most states have limited the length of detainment for contempt to a year, barring extraordinary circumstances.
Judges are not dictators with ultimate power to do whatever they like.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"
It's a federal judge: Judge Robert Blackburn, appointed by George W. Bush.
You may presume that Judge Blackburn, like most of his black-robed brethren on the federal bench, doth truly and sincerely believe himself God, and is thus totally undaunted by quaint notions of brimstone and hellfire.
[ link to this | view in chronology ]
Re: Re: Re: "Judge Says Americans Can Be Forced To Decrypt Laptops"
In civil contempt cases there is no principle of proportionality. In Chadwick v. Janecka (3d Cir. 2002), a U.S. court of appeals held that H. Beatty Chadwick could be held indefinitely under federal law, for his failure to produce US$ 2.5 mill. as state court ordered in a civil trial. Chadwick had been imprisoned for nine years at that time and continued to be held in prison until 2009, when a state court set him free after 14 years, making his imprisonment the longest on a contempt charge to date."
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Relevent
Simpsons, I mean, xkcd did it first!
[ link to this | view in chronology ]
RE
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
This is why...
[ link to this | view in chronology ]
Re: This is why...
Due to the ex post facto principle, you cannot be prosecuted for any such act (not to mention statutes of limitation). Also, anything not specifically illegal is legal.
[ link to this | view in chronology ]
Re: Re: This is why...
[ link to this | view in chronology ]
Re: Re: Re: This is why...
Yeah, like innocent people being executed.
And as to the statute of limitations; it would seem that there is considerable pressure towards extending that limit in some cases.
Yes, but you can never be prosecuted for something that wasn't illegal when you did it. The statute of limitation cannot be extended retroactively. That's what ex post facto means.
If the government or some determined character or just fate is out to get you, life can be pretty nasty. The less evidence one supplies, the safer one is.
Can't argue with that. It's unfortunate that law enforcement has the ability to nearly ruin someone's life even if they don't have enough evidence for a conviction.
[ link to this | view in chronology ]
Re: Re: Re: Re: This is why...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: This is why...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
I'm going to assume you mean "wipe out the data on the drive" as opposed to the computer bursting into flames (typical movie nonsense). Those that wipe data when incorrect passwords are entered already exist, however you'll need to think about using it as that could get you a destruction of evidence charge. Also, it probably wouldn't be much use anyway, as any competent forensic computer tech wouldn't be using the real drive, but would have cloned it multiple times and be working on a copy (perhaps even in a virtual environment with the ability to restore back should something like that happen).
A better option would be TrueCrypt with hidden partitions in which one password unlocks the operating system and nonsensitive files, and another unlocks the stuff you really want to be secret. If set up properly, it is virtually impossible to tell whether (or how many) hidden partitions exist.
[ link to this | view in chronology ]
Re: Re:
http://en.wikipedia.org/wiki/Lp0_on_fire
[ link to this | view in chronology ]
Re:
Truecrypt does better than that, with one password that unlocks boring stuff and one that unlocks the secret stuff. And after unlocking the boring stuff there's no way to know the secret stuff is even there.
[ link to this | view in chronology ]
Re: Re:
No - perjury
Yes - see answer for first password if you said yes
no comment - see answer for first password if you refused
[ link to this | view in chronology ]
Re: Re: Re:
> Truecrypt and would ask you if there are multiple
> passwords in use.
> No - perjury
Not hardly. In order to be charged/convicted of perjury you have to be testifying under oath, and as the defendant, you have the 5th Amendment right not to testify at all. So unless you've been stupid enough to voluntarily take the stand at trial and then start lying about your passwords, there's no danger of perjury for saying 'no' to anyone else's questions about your passwords.
[ link to this | view in chronology ]
Re: Re: Re:
Committing an act of perjury, perhaps. But they'll have a hard time convicting you if they can't prove you're lying, and to do that they must decrypt the file, which brings us right back to where we started.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
“By the time you wake up and realize that you are living in a totalitarian state—it is already too late.”
——attributed to Hannah Arendt
It is already too late.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Response to: Anonymous Coward on Jan 25th, 2012 @ 6:58am
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
why go through all this
in short if you are smart enough giving an eccryption key is not going to let anyone else get to you...
and ya.. I have nothing special in my special encrypted partition.. its there caz I could do it..
[ link to this | view in chronology ]
A "deadman switch" algorithm
1. You use Truecrypt with a plausible deniability volume, and you use a password that's very long -- much too long for you to memorize.
2. You put that password in a file. You encrypt that file with Truecrypt and use a second password -- and this second one, you memorize.
3. You store that encrypted file on a server -- let's say, a very cheap virtual server in a country with reasonably strong data privacy laws, like Switzerland. You stipulate to the service provider that you do NOT want your virtual server backed up.
4. You set up a cron job on that server, such that it regularly checks to see if you've logged in recently...where "recently" might be "within the last week".
5. If you actually need password #1, you log into the server, retrieve the file, and use password #2 to recover it.
6. But if that "recent login" check fails, the file gets automagically deleted. You never knew password #1, because you couldn't memorize it; now you can't retrieve it, either.
Of course, variations on this are possible: it's possible to use multiple files on multiple virtual servers, diminishing the probability that an attacker could acquire them all. You could also hedge your bet by splitting password #1 into (let's say) 3 pieces and distributing those across 3 servers in this fashion: server 1 (parts 1 and 2); server 2 (parts 2 and 3); server (parts 1 and 3) so that you could suffer the loss of any one server and still be able to recover the file with encrypted password #1. This also helps if one of the service providers -- against your wishes -- backs up the file, because what's in their backups only has 2/3 of password #1, thus if they're compelled to disclose it via legal process, the best they can do is cough up an encrypted file with incomplete data.
Note also: there are cryptographic algorithms that are based on multiple keys (say, M keys) but only require N, N<=M keys to work. This allows, let's say, a group of 7 people to decrypt an encrypted file if any 4 of them agree to use their keys. I think this technology could also be applied here.
[ link to this | view in chronology ]
Re: A "deadman switch" algorithm
Why not just stop here? If done properly, they could not prove there's anything else to decrypt, right? So decrypt the first layer for them, and you're done. You've satisfied the warrant while keeping your secrets.
[ link to this | view in chronology ]
Re: Re: A "deadman switch" algorithm
The other concern is that disclosure of a p.d. volume may be viewed by the legal process as just that. Given the way this ruling has been written, I wouldn't be surprised to see the same judge (if asked to rule on a case involving a p.d. volume) write a ruling that treats that in a way unfavorable to privacy. I'm not saying it will happen; I'm not saying it's a good thing or a desirable thing; I'm just saying that it seems within the realm of possibility, and therefore I'm concerned about it.
[ link to this | view in chronology ]
Re: Re: Re: A "deadman switch" algorithm
[ link to this | view in chronology ]
Re: Re: Re: A "deadman switch" algorithm
As for legal process, it's possible they could force you to disclose the password to a hidden volume, but that's only if they know there is one. Since there's no technical way to reveal the presence of a hidden volume, the only way they could know about this is if (1) they force you to reveal your state of mind, which is clearly forbidden by the 5th Amendment, or (2) you do something stupid like brag about your hidden volume to a police officer.
As for the deadman's switch idea, I'm not a fan. In order to explain why you don't have the password, you have to reveal that there is a deadman's switch. And the presence of a deadman's switch may indicate to authorities a sign of wrongdoing. Or may be interpreted as an attempt to destroy evidence.
[ link to this | view in chronology ]
Re: Re: Re: A "deadman switch" algorithm
http://www.truecrypt.org/docs/?s=hidden-volume
[ link to this | view in chronology ]
So what did the court do here? Well the court looked at the facts and said: We already know it's your laptop, hard-drive and data. Also, the government has agreed to grant you immunity from that testimony. (They won't be able to tell the jury that you were able to decrypt the data) So decrypt the data already.
In the real world, the court couldn't force you to tell them that you have the key to a safe, but it could force you to open the safe once it's been established that you have the key.
Let's also remember this is not some creepy executive action such as border search, national security letters or whatever. This is a judge issuing a warrant. There are all sorts of safe-guards such as appeal, judicial standards to be met, etc...
[ link to this | view in chronology ]
Re:
Also note that the judge directed that the prosecution was NOT allowed to use the fact that she decrypted it against her.
[ link to this | view in chronology ]
Re: Re:
Yes, we understand that the magical phrase “probable cause” renders the former constitution null, void, and a farce.
You have lost the respect for human dignity that forms the foundation and cornerstone of ordered liberty.
[ link to this | view in chronology ]
Re: Re: Re:
Arguing about what constitutes probable cause is quite valid. But the fact that it exists shouldn't be an issue.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Yes. I understand that you have adjudged her guilty, and consider the trial an empty formality.
What you have forgotten is the principles of human dignity and freedom of conscience that once animated our former bill of rights. You have lost sight of the history: The phrase camera stellata holds no meaning for you.
So, you go around waving the magic phrase “probable cause” and insist upon a warrant to search this woman's mind.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
But as it stands, the information stored in her mind is not requested which means her rights under the 5th Amendment are being respected. And just to be sure, the prosecution agreed that they could not bring the fact that she was capable of decrypting the drive as evidence against her.
What were you expecting? That if you store a piece of evidence in an envelope they can force you to hand it over, but if you encrypt it they can't? That would be an absurd result.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
You, and Blackburn, start with the assumption that the state has an absolute right to any papers the state covets. And you reach the conclusion that any means justify that end.
We have an irreconciliable difference in values.
I do not believe that citizens exist solely to serve the state. Rather, people have a foundational liberty in their own conscience, and fundamental rights to the freedom of their own thoughts.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
The phrase "probable cause" is in the Constitution. That is the bar that the 4th Amendment itself says you must clear in order to compel production of evidence. If you believe that the Constitution does not adequately protect people, that is your right. But do not go about complaining about "probable cause" nullifying the Constitution.
[ link to this | view in chronology ]
Re: Re: Re: Re:
And why not? You have emptied the phrase, and stood the words on their heads. The guarantee runs against unreasonable searches—yet you insist that probable cause overrides all to permit a search against reason.
The guarantees of the Bill of Rights were enacted by men of their times, who held a memory of the great abuses of the Crown. They looked to their own history, knew well the old horrors of rule by Sterr'd Chambre, and set out pickets and wards against return of that evil.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
How long can you be kept in jail for contempt?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
http://www.totaldivorce.com/news/articles/process/man-jailed-fourteen-years-for-hidden-ass ets.aspx
http://www.post-gazette.com/pg/09192/983301-454.stm
Note that the release was authorized because the incarceration had lost its coercive effect and had become punitive. Take that for what it's worth.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Check again. This is federal.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
No way in hell
If we don't stand up for our rights then no one else will either.
[ link to this | view in chronology ]
Re: No way in hell
Peine forte et dure.
Giles Corey (died September 19, 1692, Salem Village, Province of Massachusetts Bay)
[ link to this | view in chronology ]
Re: Re: No way in hell
The laws are quite a bit different now. Anything they can get away with doing, legal or not, are not things that are sufficient for me to give into these assholes.
[ link to this | view in chronology ]
Re: Re: Re: No way in hell
Today, as in 1692, the court orders this woman to criminate herself.
[ link to this | view in chronology ]
Re: Re: Re: Re: No way in hell
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: No way in hell
Let me put this in language which maybe will make sense to your kind: even Harry Potter concedes that death is not the worst fate a man can meet.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: No way in hell
Is not the cell that kills you, is your expectations.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: No way in hell
Well, prisoners who are actually in that situation almost universally prefer life imprisonment over death.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: No way in hell
http://abcnews.go.com/US/death-row-inmate-writes-taunting-letter-life-leisure/story?id=1543 8651#.TyKkl3IgjWw
[ link to this | view in chronology ]
Re: Re: Re: Re: No way in hell
[ link to this | view in chronology ]
Re: No way in hell
[ link to this | view in chronology ]
Re: Re: No way in hell
Yes. When the warrant runs contrary to reason.
Humans have an inviolable right to the integrity of their own minds. You may try to brainwash it away, but people have no duty to aid your evil.
[ link to this | view in chronology ]
Re: Re: Re: No way in hell
[ link to this | view in chronology ]
Re: Re: No way in hell
If it's a combination lock, can they compel you to open it or tell them the combination? It seems like that would be a pretty exact analogue for an encrypted file.
[ link to this | view in chronology ]
So many complicated ideas
All of them are too complicated. It's really very easy -- if you must keep extremely sensitive data in electronic form, do not keep it on a hard drive, laptop, cell phone, etc. Keep it encrypted on a microSD card, and keep that on your person. Should there be a danger of it falling into the hands of people you don't want to have access to it, lose or swallow the card.
Just don't let anyone see you, or you may find your shit confiscated.
[ link to this | view in chronology ]
Re: So many complicated ideas
[ link to this | view in chronology ]
Re: Re: So many complicated ideas
[ link to this | view in chronology ]
Re: Re: Re: So many complicated ideas
[ link to this | view in chronology ]
Re: So many complicated ideas
Just don't let anyone see you, or you may find your shit confiscated.
Actually if they see you you could be on the hook for destruction of evidence. The point of these techniques is to avoid both disclosing your data and going to prison.
[ link to this | view in chronology ]
Re: Re: So many complicated ideas
[ link to this | view in chronology ]
Re: Re: Re: So many complicated ideas
I blame pjerky for ruining your joke, he was in first. ;-)
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Technicalities
'I am guilty as sin'
Then it WILL be a 5th amendment issue.
[ link to this | view in chronology ]
Re: Technicalities
[ link to this | view in chronology ]
Key to Self Incrimination
Here is one example...
A 19-year old from Lancashire has been sentenced to 16 weeks in a young offenders institution for refusing to give police the password to an encrypted file on his computer. Oliver Drage, from Naze Lane, Freckleton, Lancashire was arrested in May as part of an investigation into child sexual abuse images. His computer was seized.
Talk about incriminating yourself or jailed if you don't.
The best defence if you encrypt your HDD is to say this partition is just random data because you just erased your HDD (using some random data tool) and so there is nothing to decrypt. There is no way they can prove the data is encrypted through examining it.
[ link to this | view in chronology ]
Another amendment is applicable
[ link to this | view in chronology ]
Re: Another amendment is applicable
[ link to this | view in chronology ]
You may use logical threats/arguments to avoid being required to do this.
And yes, I wrote that.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Go to jail. Go directly to jail. Do not pass go. Pay $200,000.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
well, shit
[ link to this | view in chronology ]
Re: well, shit
[ link to this | view in chronology ]
Re: Re: well, shit
It is totalitarianism.
You are unwilling to cede the individual a sphere of personal autonomy proof against all the demands of the state.
You insist that the state may grab hold of this woman's very thoughts—and examine the harvest of those thoughts to see whether they lead to heresy.
[ link to this | view in chronology ]
Re: Re: Re: well, shit
[ link to this | view in chronology ]
I think I now have a new idea for a business
"Have data you need to keep secure from prying eyes? Don't want to have your stupidly kept documents incriminating you in court? Then buy the Ultra-Secure Laptop. Guaranteed to destroy all of your data the second any law-enforcement officer touches it!!"
Just have to work out the details now.
[ link to this | view in chronology ]
I forgot
[ link to this | view in chronology ]