Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

DOJ: We Can Force You To Decrypt That Laptop

samzenpus posted more than 3 years ago | from the show-us-everything dept.

Security 887

betterunixthanunix writes "A mortgage-fraud case may have widespread implications for criminals who use cryptography to hide evidence. The US Department of Justice is pushing for the defendant to be forced to decrypt her hard drive, claiming that if they cannot force such decryptions, law enforcement will be unable to gather important evidence. The defendant's lawyer and the Electronic Frontier Foundation have made the claim that forcing such a decryption would be a violation of the defendant's fifth amendment right not to self-incriminate. The prosecutor in the case has insisted that the defendant would not be forced to disclose her passphrase, but only to enter the passphrase into a computer to decrypt the drive."

cancel ×

887 comments

Sorry! There are no comments related to the filter you selected.

When Can They Force Decryption? (1)

jarich (733129) | more than 3 years ago | (#36721222)

Do they have to show cause first or is this a new tool in the arsenal of the TSA?

You don't have to confess (1)

idontgno (624372) | more than 3 years ago | (#36721224)

You just have to sign this confession we very thoughtfully prepared for you.

Yeah, I know, it's not entirely the same; it's not even really analogous. It's just an example of other back-door out-of-the-box problem-solving thinking, the kind of thing that made America great.

I don't recall... (3, Insightful)

Anonymous Coward | more than 3 years ago | (#36721234)

"I'm sorry, but I don't recall my passphrase. I guess the stress of this case has made me forget it!"

If it works for the DoJ it should work for us...

Re:I don't recall... (0)

Anonymous Coward | more than 3 years ago | (#36721324)

I'm sure there are some Enhanced Recollection Techniques that can help you with that.

Re:I don't recall... (1)

hesiod (111176) | more than 3 years ago | (#36721448)

Is someone legally obliged to unlock a safe for police?

Re:I don't recall... (4, Informative)

jeffmeden (135043) | more than 3 years ago | (#36721562)

If it's anything like the movies, a search warrant allows police to search property by any means necessary. So no, they can't force you to open a safe, but they can certainly force the safe open (which, for a safe almost any private citizen can afford, is not terribly challenging.) The thing about encryption is that it isn't so much a "safe", it's more analogous to a private citizen having their own moon on which to store valuables. Getting access to it isn't a matter of will, its a matter of effort (years and years of crunching, even for a massive supercomputer.) As long as the only way to unlock the encryption is in your head, they can't legally force it out.

not fair to ask you to rat on yourself (3, Insightful)

TheGratefulNet (143330) | more than 3 years ago | (#36721236)

hey, if you did something wrong and would be going to jail, why the hell help them even more? either way you go to jail, right?

they won't KILL you if you don't unlock your encr. stream. they will lock you up either way.

so don't give it to them. you cannot be forced to hang yourself.

fuck the DOJ.

Re:not fair to ask you to rat on yourself (4, Insightful)

Skapare (16644) | more than 3 years ago | (#36721462)

That's what the 5th Amendment is about ... you don't have to do their work for them.

Re:not fair to ask you to rat on yourself (5, Insightful)

Nerdfest (867930) | more than 3 years ago | (#36721590)

You shouldn't need to be forced to clear yourself either.

Self-Destructing Key (1)

Psx29 (538840) | more than 3 years ago | (#36721238)

What if the key automatically self destructs and it becomes impossible to decrypt it?

Re:Self-Destructing Key (4, Insightful)

TheGratefulNet (143330) | more than 3 years ago | (#36721296)

obstruction of justice.

probably that's what they'd say.

but which would you rather 'deal with' - that or the fact that they successfully stole your soul? so to speak. forcing someone to unlock their most private journal is a sign of an evil state.

I am under no obligation to comply with the illegal and unconstitutional wishes of evil leaders or states.

but you may have hit on something: if they raise the anty and sell the idea to the public that they are now 'forced' to unlock their journals, I do expect to see more 'destroy on tamper' seals on things.

tit for tat. hey gov, you really want to fight your own people in this way? re-think that, guys. this is not a fight you want with the geek population. we actually outnumber you!

Re:Self-Destructing Key (1)

Anonymous Coward | more than 3 years ago | (#36721426)

As I've always said, use tech against those who oppress you.

Re:Self-Destructing Key (1)

theillien (984847) | more than 3 years ago | (#36721456)

I am under no obligation to comply with the illegal and unconstitutional wishes of evil leaders or states.

For now. Let's see what happens at the end of this trial and subsequent appellate and Supreme Court decisions.

Re:Self-Destructing Key (1)

moj0joj0 (1119977) | more than 3 years ago | (#36721514)

I am under no obligation to comply with the illegal and unconstitutional wishes of evil leaders or states.

As a citizen of the United States, I am morally bound to oppose the unconstitutional wishes of said leadership. Personally, I believe that the armed forces of the United States are bound by oath to stand up against those that would promote illegal and unconstitutional actions like this.

Re:Self-Destructing Key (0)

Anonymous Coward | more than 3 years ago | (#36721542)

tit for tat. hey gov, you really want to fight your own people in this way? re-think that, guys. this is not a fight you want with the geek population. we actually outnumber you!

We don't outnumber the government - we just understand how to write processes that are measured exponentially.

Re:Self-Destructing Key (1)

NReitzel (77941) | more than 3 years ago | (#36721564)

You know, destroy-on-tamper isn't particularly tough. Use a random third-factor key, and after some number of attempts, trash it.

It would be quick, and as unrecoverable as the key itself.

Re:Self-Destructing Key (0)

Anonymous Coward | more than 3 years ago | (#36721652)

How about a battery-powered GPS attached to the drive that triggers a bulk erase if it is removed from the premises? Then, by removing a device, enforcement would be the cause of the deletion. Ideally, it would be enclosed in a fake drive between two others and be hooked up as if it was a real drive. It would be plausible to classify the device as an anti-theft measure.

Re:Self-Destructing Key (2, Interesting)

Anonymous Coward | more than 3 years ago | (#36721670)

"No, that really is the password, the file(s) must have gotten corrupted. What did you do to my laptop?"

Re:Self-Destructing Key (1)

betterunixthanunix (980855) | more than 3 years ago | (#36721316)

That is not really applicable to hard drives, since you need to enter your passphrase to decrypt the drive as part of the normal operation of the computer. On the other hand, a related question is this: what if you simply forgot your passphrase? Given the amount of time people often sit in jail awaiting trial (on the order of years in some cases), it is entirely conceivable that someone could simply forget their passphrase, especially if it were very long and complex.

Re:Self-Destructing Key (2)

Psx29 (538840) | more than 3 years ago | (#36721350)

I'm thinking along the lines of two-factor authentication that requires a USB key or other external device which could be set to erase itself.

Re:Self-Destructing Key (2)

TheGratefulNet (143330) | more than 3 years ago | (#36721474)

new password tech: the model you have in your mind, on how to vary the password based on current date and time and the matching code in the auth-modules.

there, fixed. there isn't 'one' password anymore, it varies based on when (maybe even where, if you can pull that off). maybe even based on other things: how many times its been booted or something. some variable that raises the bar beyond static passwords.

not needing those DES cards, but still having a varying password that is coded in your system and also in your mind.

slightly better: every user (who wants stronger protection) takes the source code, changes something, compiles and then deletes the source. you keep the secret of the algorithm only in your mind.

again, goverment: you really want to declare war on your geeks like this? this cannot end well, for both sides. please reconsider. we want peace and to be left alone with our privacy. why is that fundamental human right SO DAMNED HARD for you gov types to understand?

Re:Self-Destructing Key (2)

lobsterGun (415085) | more than 3 years ago | (#36721400)

They will have cloned the drive before they let her anywhere near it.

Re:Self-Destructing Key (3, Funny)

Yvan256 (722131) | more than 3 years ago | (#36721484)

Begun, the clone wars has.

Oops, I forgot (1)

Anonymous Coward | more than 3 years ago | (#36721250)

And what if you forgot your passphrase? Can't force you then.

Unfortunately.... (4, Insightful)

LordLimecat (1103839) | more than 3 years ago | (#36721262)

From TFA:

Much of the discussion has been about what analogy comes closest. Prosecutors tend to view PGP passphrases as akin to someone possessing a key to a safe filled with incriminating documents. That person can, in general, be legally compelled to hand over the key. Other examples include the U.S. Supreme Court saying that defendants can be forced to provide fingerprints, blood samples, or voice recordings.

That sounds like a rather spot on analogy. Sounds like precedent is against her. The argument that the passphrase, itself, is the incriminating self-testimony seems really weak, both because the passphrase is not being required, and because the passphrase is not, in the end, what will incriminate her.

IANAL, of course.

Re:Unfortunately.... (1)

AceCaseOR (594637) | more than 3 years ago | (#36721332)

IANAL but, you can be legally compelled with a warrant for the safe, or one that includes the safe. This isn't such a case.

Re:Unfortunately.... (1)

characterZer0 (138196) | more than 3 years ago | (#36721366)

If your lost your voice due to injury, they obviously cannot force you to give a voice recording.

Have a fall and forget your password. What can they do?

I have complicated passwords and change them frequently. I tend to forget them if I have not used them in more than a week. "Sorry your honor, I have not logged in since this all started two months ago just to make sure there is no appearance of evidence tampering, and now I do not remember my password."

Trick is (1)

p4nther2004 (1171621) | more than 3 years ago | (#36721368)

As several people have pointed out - it is perfectly reasonable for someone to forget a password/combination or lose a key. (Sorry, yer honor, I can't remember it/find it)

As an aside - the obvious next step is to include in the software a destroy password. This would be akin to a safe having an incinerate button. Then the police *WILL* ask you for the password and not just have you type it in.

Finally, most safes, even if you don't have the key/combo can eventually be opened. Police have that option...same as they do in this case.

Re:Unfortunately.... (4, Interesting)

betterunixthanunix (980855) | more than 3 years ago | (#36721416)

On the other hand, decrypting data amounts to interpreting evidence for the prosecutor. Suppose the defendant had been using secret code words, known only to her and her co-conspirators; should the prosecutor have the right to compel her to explain those code-words? What makes AES any different, other than the fact that it is a well-designed and difficult to crack cipher?

The argument that the police will be unable to gather evidence if criminals use encryption is just as weak, considering the techniques they have developed for defeating such measures:

http://cryptome.org/isp-spy/crypto-spy.pdf [cryptome.org]

Re:Unfortunately.... (5, Interesting)

idontgno (624372) | more than 3 years ago | (#36721472)

Me too, but EFF's perspective is also useful, and forms a valuable distinction:

The Fifth Amendment generally protects a person from being compelled to give testimony that would incriminate her. United States v. Hubbell, 530 U.S. 27, 34 (2000) (Hubbell I); Fisher v. United States, 425 U.S. 391, 408 (1976). The privilege is limited to testimonial evidence, or a communication that "itself, explicitly or implicitly, relate[s] a factual assertion or disclose[s] information." Doe v. United States, 487 U.S. 201, 210 (1988) (Doe I). Put a different way, the privilege protects the "expression of the contents of an individual's mind."

(Quote from EFF's amicus brief, emphasis mine)

So, while you can be compelled to surrender a physical object (the key to the safe, in the previous analogy), the 5th Amendment is specifically is about something in your mind.

If the "locked safe" in the previous analogy is not locked, but hidden, can a defendant be compelled to disclose its location?

As to the DoJ's "end run" based on the principle "don't tell us, just type it into the computer".... would the 5th Amendment not apply is a defendant is compelled to type self-incriminating testimony into a computer instead of speaking it to a law-enforcement officer?

The DoJ, IMHaUO*, hasn't got a leg to stand on.

*In My Humble and Uneducated Opinion... IANAL, after all.

Re:Unfortunately.... (1)

UnknowingFool (672806) | more than 3 years ago | (#36721494)

I don't think that providing fingerprints or DNA samples is analogous as they are used to match one of their samples to one provided by the defendant rather than forcing the defendant to divulge information that the prosecution may not have.

Re:Unfortunately.... (1)

Bob the Super Hamste (1152367) | more than 3 years ago | (#36721522)

While I agree that the analogy is spot on the discussion then should shift to whether the government can or should be able to force someone to give up things like safe keys, passwords, locations of items. If they want to trot out obstruction of justice for not giving up information then I think we have failed as a society. I would think that obstruction of justice would be justified in providing false information, but not for not providing information.

Now for a real straw man argument on obstruction of justice, if taken to its current logical end it should be possible to further convict someone of obstruction of justice if they are found guilty if that individual did not immediately sign a confession when initially questioned by law enforcement. I don't see us getting there soon, but I wouldn't put it past some over ambitious DAs or prosecuting attorneys.

Re:Unfortunately.... (1)

hedwards (940851) | more than 3 years ago | (#36721528)

If they need into the safe they can usually find a locksmith that can open it, probably damaging it in the process, but they would ultimately be able to open it without the person's cooperation. However with a properly encrypted file, they might not be able to decrypt it until the statute of limitations is up without the help of the suspect.

That's a completely different situation to be in, the fifth amendment is there to protect a suspect in cases where the prosecution can't turn up any witnesses or evidence other than the suspect's own testimony.

Re:Unfortunately.... (5, Interesting)

ClubPetey (324486) | more than 3 years ago | (#36721554)

Simple solution, just make your pass-phrase "IKilledAGuyIn1998@Work!"

Not only does it meat the requiments of a strong password. Your pass-phrase WOULD be incriminating evidence, and they cannot get you to reveal it.

Funny... (1)

AngryDeuce (2205124) | more than 3 years ago | (#36721264)

If it gets to the point that the authorities are trying to force a person to decrypt their computer, then I seriously doubt the threat of additional prison time is going to sway said people to do so.

I mean, what the hell are they gonna do? Send you off to Guantanamo or some other gulag?

I'll go ahead and decrypt this big middle finger for them, though. Hell, I'll even throw in a second one.

Oh crap (0)

Anonymous Coward | more than 3 years ago | (#36721266)

I totally forgot the passphrase!

Re:Oh crap (1)

cvtan (752695) | more than 3 years ago | (#36721488)

How about 12345?

Search And Seizure Explained - They Took My Laptop (5, Informative)

tdc_vga (787793) | more than 3 years ago | (#36721272)

Here's a presentation discussing the issue of force password disclosures and laptops I gave at DefCon 17: http://www.youtube.com/watch?v=ibQGWXfWc7c [youtube.com]

Check the law and make up your own mind.

The EFF's argument makes sense. (4, Insightful)

FoolishOwl (1698506) | more than 3 years ago | (#36721278)

I am no lawyer, but the argument that this is a fifth amendment issue seems strong to me.

How is allowing the defendant to keep the password private a meaningful concession? The password has no value if the hard drive has been decrypted.

Re:The EFF's argument makes sense. (2)

Matheus (586080) | more than 3 years ago | (#36721398)

...mostly because of the worst abuse of passwords: She probably uses that password elsewhere and having the information in the public domain could potentially lead to more of her life being exposed than what's required for the case.

This is just another good reason for not reusing passwords.

Re:The EFF's argument makes sense. (1)

danmart1 (1839394) | more than 3 years ago | (#36721436)

I disagree. While I do not like the thought of the government being able to look through my digital documents, how is it any different than keeping paper documentation? If I have a locked file cabinet filled with evidence the police can, with a proper warrant, sieze said cabinet, open it up and search it. At it's core, an encrypted hard drive is not much different from the aforementioned cabinet. A change in technology, paper to silicon, should not exempt people from the laws of society.

Re:The EFF's argument makes sense. (1)

betterunixthanunix (980855) | more than 3 years ago | (#36721538)

If I have a locked file cabinet filled with evidence the police can, with a proper warrant, sieze said cabinet, open it up and search it. At it's core, an encrypted hard drive is not much different from the aforementioned cabinet.

Actually, it is more akin to writing everything in a secret code that only you understand. One that is well designed and difficult to execute a ciphertext-only attack on. Should the government be able to demand that a defendant translate that secret code for them?

Re:The EFF's argument makes sense. (1)

Manfre (631065) | more than 3 years ago | (#36721544)

The warrant gives the police the authority to open the cabinet. The defendant is not required to provide the police with the key. It's not the defendant's fault that the police lack the knowledge/resources to bypass the lock.

Re:The EFF's argument makes sense. (0)

Anonymous Coward | more than 3 years ago | (#36721604)

Its different because they can do it without your assistance.

Nemo tenetur— forcing specific performance to incriminate yourself is a kind of torture.

Re:The EFF's argument makes sense. (1)

idontgno (624372) | more than 3 years ago | (#36721610)

If it's an uncrackable* combination locked safe, can you be compelled to divulge the combination? Or, tailoring the argument to the DoJ's work-around, can you be compelled to use the combination and unlock the safe?

After all, a combination is just a set of secret information contained in your head... just like a password...and completely unlike a physical key.

*"Uncrackable" for certain "practical" values of "crackable".... like a heavily-armored multi-tumbler safe. Every safe is crackable, given enough effort, and I'd argue that every consumer-grade encryption scheme is also crackable given enough effort.

So, is there any case law or precedent about the 5th Amendment protections to combination lock combinations?

Re:The EFF's argument makes sense. (1)

idontgno (624372) | more than 3 years ago | (#36721664)

And as further proof I'm not a locksmith the same way I'm not a lawyer, I meant a "multiple-bolt" lock, not a multiple-tumbler. I assume a combination lock has something analogous to tumblers, but I'm trying to convey the idea of physical impenetrability.

Re:The EFF's argument makes sense. (1)

jittles (1613415) | more than 3 years ago | (#36721668)

As someone stated above, a key is a physical object. The passphrase is something you keep in your mind. You're not required to say "Oh by the way there is a physical object over at XYZ that will incriminate me." You're volunteering information from your mind. If they really want what is encrypted by your hardrive, then they can break the encryption. Just like they can pick the lock on your safe if you forget the combination.

Re:The EFF's argument makes sense. (0)

Anonymous Coward | more than 3 years ago | (#36721446)

It counters the argument that the defendant is being compelled to provide testimony. They government isn't requiring her to provide the password in testimony; it's requiring her to perform the decryption.

Still violates the 5th (4, Insightful)

zooblethorpe (686757) | more than 3 years ago | (#36721288)

The prosecutor in the case has insisted that the defendant would not be forced to disclose her passphrase, but only to enter the passphrase into a computer to decrypt the drive."

That would still seem to violate the 5th amendment. The relevant text is bolded below:

No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.

Anyone of more legal background care to comment?

Cheers,

Re:Still violates the 5th (2)

aardwolf64 (160070) | more than 3 years ago | (#36721410)

She's not being compelled to be a witness against herself... The hard drive is a piece of evidence that is in effect a "witness" against her.

It's like you're hiding a dead body in the trunk of your car... and you've modified it with a special lock that cannot be forced. This is the equivalent of them getting a warrant on searching your car, and you being forced to come up with a key.

Re:Still violates the 5th (1)

black soap (2201626) | more than 3 years ago | (#36721598)

If something in my diary could be used as evidence against me, is it written testimony?

Useful analogy (1)

zooblethorpe (686757) | more than 3 years ago | (#36721656)

Instead of just spouting vituperative nonsense like a few others have, thank you for writing something useful and relevant. This key argument makes sense.

Cheers,

Re:Still violates the 5th (1)

Nimey (114278) | more than 3 years ago | (#36721420)

The dodge is probably that chattel isn't covered by that clause.

Chattel (1)

zooblethorpe (686757) | more than 3 years ago | (#36721676)

This makes sense, thank you for this.

Cheers,

Re:Still violates the 5th (1)

MichaelKristopeit424 (2018894) | more than 3 years ago | (#36721452)

the prosecutor's argument is obviously that the defendant would only be a witness to their computer system, and then the computer system would serve as a witness against the defendant.

the defense should argue that the drive is not encrypted, and rather was written full of random data during benchmarking tests, and hasn't been used since. how could the prosecutors prove that it wasn't?

Re:Still violates the 5th (-1)

Anonymous Coward | more than 3 years ago | (#36721476)

Are you a fucking lawyer? Of course not, so how can you so boldly claim this violated the 5th amendment?

Would you then try to explain why DNA and fingerprint examinations are a violation, when the courts have ruled that are not.

I thought not. I just absolutely fucking destroyed your idiocy. I win.

Re:Still violates the 5th (1)

Jaktar (975138) | more than 3 years ago | (#36721490)

It's almost as if the 5th amendment was written before computer encryption was even invented.

I wonder how you would go about setting a legal precedent that would require, in legal cases, the decryption of a hard drive so that it might be entered into evidence. Aw heck, why don't they just hold her in jail while they brute force the password?

Re:Still violates the 5th (1)

NatasRevol (731260) | more than 3 years ago | (#36721614)

why don't they just hold her in jail while they brute force the password?

You don't think that's what she's already been threatened with?

Torture anyone? (3, Insightful)

aaaaaaargh! (1150173) | more than 3 years ago | (#36721310)

Why do US authorities not just torture people to get the information they need? Wouldn't that be more effective and convenient?

Oh wait...they already did in Abu Ghraib and Guantanamo...

Unlock a safe (2)

grahamm (8844) | more than 3 years ago | (#36721314)

If you have a safe with a combination lock, can the authorities legally require you to either tell them the combination or unlock the safe? The passphrase to allow access to an encrypted drive is equivalent to the combination of a safe, so the same rules should apply.

Re:Unlock a safe (1)

Xeroxis (2163152) | more than 3 years ago | (#36721478)

well basic safes have should not be a problem since if safe has 4 digits it takes 1000 combinations, and if each is 10s to try its still 28h of trying (thought it was less so changed my mind at this point but still doable,) but if u have just basic xx.x combo that is 3 rotations (LRL or RLR) that makes 1000.000.000 and if 20 sec per try since its more hard now that makes it 55555555h or 643 years (so yea again thoght it would be way lower) I must have made a mistake in second one, could it be that much? So yea no point in doing anything of this i guess 8=) 8=) 8=)

Re:Unlock a safe (0)

Anonymous Coward | more than 3 years ago | (#36721546)

They can get a warrant for the conetnts of the safe and if you refuse to give them the combination or open the safe for them (your fourth and fith ammendment rights) they can cese the proporty and break the lock to get at the contents (though they need a warrant first).

Applied to cyptiography this would mean they could cese the hard drive and hook it up to a super computer to brute force the key. But super computers are expensive (and good crptography can't be reliably broken by them in a timely fassion) so they're trying to float the premis that they can force you to decript it which would be equivilent to forcing you to open the safe.

Personally I don't see this as being constitutional.

Re:Unlock a safe (1)

MichaelKristopeit420 (2018880) | more than 3 years ago | (#36721556)

let me guess... you're not a lawyer?

a physical safe, and physical things inside a physical safe, is not the same thing as a set of digital bits. the bits are just bits... encrypted bits are no different than unencrypted bits... just because it doesn't mean anything to you, yet you think it means something to someone else, doesn't mean you don't already have access to the bits. physical access is not being restricted, instead meaning has simply been obfuscated. the same rules most certainly should not apply.

you're an idiot.

Re:Unlock a safe (1)

hedwards (940851) | more than 3 years ago | (#36721576)

They can, but the reality is that they can open the thing with or without the cooperation of the individual, it's just less time consuming to do so. However, in the case of an encrypted file, they likely wouldn't be able to get at the contents while it's still relevant to the case.

Taking a leaf out of the UK's book (4, Interesting)

Geeky (90998) | more than 3 years ago | (#36721326)

Sadly this is taking a leaf out of the UK's book. I say sadly, sad that we got there first on this sort of nonsense. It's a crime not to reveal passwords when required to do so. It's part of the Regulation of Investigatory Power Act 2000 (look it up!)

If I recall someone demonstrated the stupidity of it by sending an encrypted file to the then home secretary. He was then in possession of a file that he could not possibly decrypt, but it would be a criminal offence for him not to supply the passphrase to decrypt it if required to do so. In other words, a law that he could not possibly obey no matter how much he wanted to.

Despite this demonstration of the stupidity of the act, I believe it still stands.

In the UK... (3, Informative)

BandoMcHando (85123) | more than 3 years ago | (#36721328)

... they already can.

(Legally compel you to reveal crypto keys or render the relevant information intelligible that is. Well, you could refuse, but that's an offence obviously. Section 49 of Part III of the Regulation of Investigatory Powers (RIPA)).

http://www.legislation.gov.uk/ukpga/2000/23/section/49 [legislation.gov.uk]

Interpretation (5, Interesting)

MetalliQaZ (539913) | more than 3 years ago | (#36721330)

"The prosecutor in the case has insisted that the defendant would not be forced to disclose her passphrase, but only to enter the passphrase into a computer to decrypt the drive."

I can see that there is a difference between forcing the disclosure of the password and being able to read something that is already decrypted, however I can't see how that wouldn't still be self-incrimination. I assume the police would either bring her to the evidence room and tell her to enter the passphrase, or they would simply demand that she deliver an un-encrypted copy of the drive. Either way they are forcing her to give up evidence that may be used to incriminate. This seems to be a seriously frightening precedent to set.

They would never be able to take someone accused of murder and say, in effect: "look, we KNOW you did it, we just lack all the evidence needed to convict. You are now ordered to show us every place you visited on the day in question, including where the body is hidden."

-d

Re:Interpretation (1)

Attila Dimedici (1036002) | more than 3 years ago | (#36721558)

Exactly, I cannot understand what relevance the fact that she would not be forced to disclose her password has to the argument being made about self incrimination.

Papers and effects (5, Insightful)

Compaqt (1758360) | more than 3 years ago | (#36721340)

Whoever said that you have to arrange your papers and effects in such a way that the government can understand it?

Does this also apply to paper documents?

Are you not allowed to write your thoughts in a coded manner?

Is it also OK to use euphemisms in your diary?

Is it the government's position that you also have to interpret your diary for the prosecution?

Deniable Encryption (0)

Anonymous Coward | more than 3 years ago | (#36721344)

Sounds like this might have helped...

http://en.wikipedia.org/wiki/Deniable_encryption

What about plausible deniability? (1)

gadget junkie (618542) | more than 3 years ago | (#36721346)

I am only a middling user, but Truecrypt [truecrypt.org] offers also plausible deniability, in that two different passwords offer access to a whole different set of data ("hidden volume"). It would be very difficult to assess if it has been used.

Re:What about plausible deniability? (1)

Duradin (1261418) | more than 3 years ago | (#36721512)

So what happens when "they" know about Truecrypt and its plausible deniability?

Re:What about plausible deniability? (0)

Anonymous Coward | more than 3 years ago | (#36721640)

"I didn't know it did that."
Plausible deniability. Hur dur.

what we need to avoid this (0)

Anonymous Coward | more than 3 years ago | (#36721354)

So, what we need is an encryption program that has two passwords. One password to decrypt all the data, and a second password that decrypts harmless data but secretly destroys sensitive data. When the cops force you to enter your password, you enter the second password and they are none the wiser.

Of course, you'd need some way to separate the two types of data, but that could easily be accomplished by using different folders.

Re:what we need to avoid this (1)

gazbo (517111) | more than 3 years ago | (#36721500)

That's a terrible idea. They're not going to put the only copy of the data in front of you on your own laptop for you to type what the hell you want and tamper with the only copy of evidence. They'll clone the drive and have you decrypt that copy.

Then, when they don't believe that all you had were copies of hello.jpg they'll compare the disk with the original, see all the unrelated blocks being written to, and know for sure that you have hidden data. Plus evidence that you've attempted to destroy evidence from their investigation.

"I forgot" worked for alberto gonzales (4, Insightful)

Dan667 (564390) | more than 3 years ago | (#36721362)

sounds like the best course of action is to say you forgot your passphrase. Problem solved.

Re:"I forgot" worked for alberto gonzales (3, Funny)

Cro Magnon (467622) | more than 3 years ago | (#36721584)

What if your passphrase is "I forgot"?

1 question (1)

Xeroxis (2163152) | more than 3 years ago | (#36721374)

is this encryption so hard that it cant be bruteforced? if it is just simple password could work ofc if it is more advanced stuff like for web then then i understand

'Panic' passphrase (0)

Anonymous Coward | more than 3 years ago | (#36721386)

Sounds like we need to build-in a 'panic' phrase that would scramble the data rather than decrypt it. Or, perhaps, render the data into text files of "Mary had a little lamb." Nothing incriminating about that!

"Want me to decrypt my drive? Sure... here's the passphrase. Gee, I'm sorry. Not sure what happened to my data. Have you guys been messing with my drive?"

the check is in the mail (0)

TheGratefulNet (143330) | more than 3 years ago | (#36721404)

and I won't come in your mouth, I promise.

quote:


Prosecutors stressed that they don't actually require the passphrase itself, meaning Fricosu would be permitted to type it in and unlock the files without anyone looking over her shoulder. They say they want only the decrypted data and are not demanding "the password to the drive, either orally or in written form."

bullshit. if there ever was a lie, it is this. how many here believe they'll let you enter your passphrase and NOT have a keylogger on that system?

fucking bullshit. boldface liars. nope, I won't come in your mouth. I'll pull out before, I promise.

What if the passphrase is typed in wrong? (1)

Skapare (16644) | more than 3 years ago | (#36721406)

Some encryption systems are designed so that an SHA512 hash of the passphrase is only used to decrypt a larger 4096 bit key of random bits stored on an obscure sector of the drive. That key (once itself decrypted) is then used to decrypt the various random keys over various drive segments to decrypt the actual data. It can also check to see if the decryption fails. If the decryption fails for N times, where N defaults to 3, but can be configured by the owner to even be one, it will erase the encrypted 4096 bit key stored on that obscure sector by writing over it with random bits. All the data will then be instantly gone.

Re:What if the passphrase is typed in wrong? (1)

BosHaus (629060) | more than 3 years ago | (#36721534)

Yes, but they would take an image of the drive before they let you do that. You would accomplish nothing but give them proof of obstruction of justice (attempting to destroy evidence).

How is that any different? (0)

Anonymous Coward | more than 3 years ago | (#36721408)

"The prosecutor in the case has insisted that the defendant would not be forced to disclose her passphrase, but only to enter the passphrase into a computer to decrypt the drive."

How is that any different? "Oh, we don't expect you to show us the key or let us duplicate it ourselves, but we're legally requiring you to unlock the door so we can search what's contained inside."

If that situation would run afoul of the 5th amendment (and I'm not a lawyer, so I don't know), then so should this. My understanding is, you have a right to refuse to answer questions and to remain silent. If the key constitutes something that you have to communicate (e.g., a numeric codelock for the relevant door or computer encryption), it sounds applicable to me, because you don't have to say *anything*.

xkcd has this covered (2)

tag (22464) | more than 3 years ago | (#36721418)

http://xkcd.com/538/ [xkcd.com] Their mistake was waiting until it got to trial. Now this method is harder to use.

Basing a case on encrypted data... (0)

Anonymous Coward | more than 3 years ago | (#36721432)

...is an incredibly foolish idea in the first place. I encrypt my data on principle, even if there was something to encrypt.
And no, they can't force you to decrypt your laptop. Let them charge you with perjury, obstruction of justice, what-have-you... but never let them get their hands on your data.

DOJ encryption policy (2)

slshwtw (1903272) | more than 3 years ago | (#36721434)

Here's the DOJ's FAQ [justice.gov] on their encryption policy: Basically they are asking developers to create encryption software that has a government backdoor, and for corporations and individuals to use it voluntarily. They seem to think that:

Many criminals will use encryption that permits access by law enforcement, if that is the type of encryption that is commonly used and included in over-the-counter software

Because criminals buy their encryption software at Best Buy...

Warrant's Work? (1)

lymond01 (314120) | more than 3 years ago | (#36721444)

I'm not sure why, with a proper warrant, this shouldn't happen. No, a police officer shouldn't be able to ask you to decrypt without a warrant, same as they can't enter your house without one (except for special circumstances). But if they can convince a judge, then it's due process. TSA is a different deal I expect, given that the whole TSA theater doesn't sit on American soil or some such. Remember kids:

An Enemy Combatant isn't a Prisoner of War.
Dropping bombs with drones is not fighting a war.
Security zones in airports are the fuzziest of fuzzy law areas.

Re:Warrant's Work? (2)

betterunixthanunix (980855) | more than 3 years ago | (#36721616)

I'm not sure why, with a proper warrant, this shouldn't happen.

For the same reason that you cannot get a warrant for someone to tell you the location of a dead body.

This is an easy decision. (1)

crow_t_robot (528562) | more than 3 years ago | (#36721458)

You can either:
1. Get 1 day of jail and a fine for contempt of court.
OR
2. Get 15 years for felony mortgage fraud.

Is this really difficult?

Also, "forgetting" does happen and is more likely to happen to an individual under extreme stress...a psychiatrist can testify on her behalf.

TrueCrypt FTW (3)

brunes69 (86786) | more than 3 years ago | (#36721480)

This is why anyone serious about security uses TrueCrypt or other encryption systems which have plausible deniability built in. If she was using TrueCrypt, she could give them the password they are looking for, without revealing ANYTHING about what is actually on the drive.

Re:TrueCrypt FTW (2)

BosHaus (629060) | more than 3 years ago | (#36721594)

One counter to plausible deniability from their perspective could be this though: For instance with full disk encryption, they can look at your router/dhcp/etc logs and see that physical computer has been on the network. When you enter in your plausible deniability password you end up booting an OS that hasn't been booted in 4 months. I think they'll call bullshit.

What is the law on physical vaults? (0)

Anonymous Coward | more than 3 years ago | (#36721502)

I don't know the law at all, so I'll just ask a logical progression of questions. Maybe a lawyer could respond.

If you have a physical vault with a key, can you be required to surrender the key?

If the vault instead used a keypad, can you be required to surrender the passcode or open the vault?

Assuming you can be forced to open physical vaults as just stated, it seems a simple logical step that you can also be required to decrypt a digital vault.

We like to complain that "over the internet" or "on a computer" does not make for a valid patent claim around here. So I would also think that storing documents in a vault "on a computer" also doesn't deserve any extra special protection under the 5th amendment.

True plausible deniability (2)

madhatter256 (443326) | more than 3 years ago | (#36721508)

I read an article to truly protect you from self incrimination, because regardless of who you are, you will be "forced" to give up your pass phrase or "willingly" decrypt the HDD. With this set up, you can 'willingly' give up your passphrase but for the 'dummy' partition and they won't be able to tell that there is a hidden partition because the space available will only show that of the dummy encrypted partition, not the whole HDD. Unless, of course, they take out the HDD and see the capacity, but you can go further and print out a fake a HDD label with a size similar to that of the dummy encrypted partition... This article is a great how-to on truly protecting yourself.

http://www.makeuseof.com/tag/create-hidden-partition-truecrypt-7/ [makeuseof.com]

You can enter my house but not my hard drive? (0)

Anonymous Coward | more than 3 years ago | (#36721510)

How is this different from an warrant issued to search someones house? I can't plead the 5th because my house contains incriminating evidence and stop them from entering, this seems no different. If my house is actually an impenetrable fortress that only I can open, could I simply deny them entry? Handing over the keys is not an incriminating act and doesn't seem to be protected, and if it is many a hacker will be jumping for joy.

How is this different from searching a home? (1)

emuls (1926384) | more than 3 years ago | (#36721526)

How is this any different than acquiring a warrant to search someone's home? People are worried about this being abused? Fine, require a warrant to search someone's laptop.

Wow, clueless (1)

Chas (5144) | more than 3 years ago | (#36721552)

The prosecutor in the case has insisted that the defendant would not be forced to disclose her passphrase, but only to enter the passphrase into a computer to decrypt the drive.

That's STILL self-incrimination! Talk about disingenuous!

An idea (0)

Anonymous Coward | more than 3 years ago | (#36721646)

I have an idea, for every law found to be unconstitutional, we fire the person that proposed it and all the people that arranged for it to become law, for forever ban them from taking a dime of tax payer money, ever again, maybe then we can have the freedom to not have our rights chipped away by an over eager state that wants to violate them. Then, we can say, go ahead baby, make my day. We can call the new law, the make my day law.

Have some fun with passwords (1)

Bob the Super Hamste (1152367) | more than 3 years ago | (#36721650)

We all know about hidden volumes in true crypt so why not have some fun with passwords. If they are going to force you to give up passwords why not have some fun and let them know how you feel. Have the main volume contain info that one would logically like to keep secure like tax info and a hidden volume containing what ever super secrete info you are trying to keep form authorities. I would suggest using passwords like the following for the main volume. Warning these may be offensive:
  1. FuckOff
  2. FuckYou
  3. DieInAFire
  4. GoFuckYourself
  5. IHearYouMolestChildren

Combination (0)

Anonymous Coward | more than 3 years ago | (#36721658)

I think the best analogy would be to a safe with a combination lock. Can they compel you to disclose the combination? Can they compel you to unlock it without disclosing the combination? What if you claim to have forgotten the combination?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>