Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Merely Cloaking Data May Be Incriminating?

Zonk posted about 7 years ago | from the what's-mine-is-mine dept.

Privacy 418

n0g writes "In a recent submission to Bugtraq, Larry Gill of Guidance Software refutes some bug reports for the forensic analysis product EnCase Forensic Edition. The refutation is interesting, but one comment raises an important privacy issue. When talking about users creating loops in NTFS directories to hide data, Gill says, 'The purposeful hiding of data by the subject of an investigation is in itself important evidence and there are many scenarios where intentional data cloaking provides incriminating evidence, even if the perpetrator is successful in cloaking the data itself.' That begs the question: if one cloaks data by encrypting it, exactly what incriminating evidence does that provide? And how important is that evidence compared to the absence of anything else found that was incriminating? Are we no longer allowed to have any secrets, even on our own systems?"

cancel ×

418 comments

Other types of cloaking... (5, Insightful)

fonik (776566) | about 7 years ago | (#20018045)

What about using a rare file system? If I want to put all of my stuff on ZFS and the FBI can't read it will they ship me off to Gitmo?

Re:Other types of cloaking... (0)

Anonymous Coward | about 7 years ago | (#20018117)

Uhhh. Obviously not...

Re:Other types of cloaking... (1, Informative)

Anonymous Coward | about 7 years ago | (#20018733)

Here is Larry Gill's self-serving post. Sounds like he's saying, "None of these bugs are important, because we don't have any important bugs in our software." Don't we all know people/companies like this, who won't own up to anything? The submitter is making a bit much of the data cloaking comment, if you ask me.

http://www.securityfocus.com/archive/1/474727/30/0 /threaded [securityfocus.com]

Re:Other types of cloaking... (5, Insightful)

fonik (776566) | about 7 years ago | (#20018159)

Offtopic? I think this is a perfect question to ask. Why is it incriminating simply to have something in a format that investigators might not understand? What if I decide to keep all of my documents in Mandarin instead of English? Is that incriminating?

Also, The linked article is on local vulnerabilities in two common forensic software packages and doesn't even mention data "cloaking" techniques. If anything is offtopic here, it's the article or the headline.

Re:Other types of cloaking... (-1, Troll)

Anonymous Coward | about 7 years ago | (#20018247)

Jesus tapdancing christ, are you mods on crack?

Re:Other types of cloaking... (4, Funny)

AuMatar (183847) | about 7 years ago | (#20018275)

No, they're just cloaking the replies.

A real cloaking device?? (1, Funny)

fonik (776566) | about 7 years ago | (#20018439)

And with how quickly my posts are being modded up/down, I could use the polarity change as a new source of clean energy!

Slashdot is truly the breeding ground of new technologies.

Shadow account (1)

benhocking (724439) | about 7 years ago | (#20018769)

You obviously are using a shadow account to mod down your own posts. We knew you were doing something wrong, and now we have the proof!

Re:Other types of cloaking... (1, Insightful)

Anonymous Coward | about 7 years ago | (#20018689)

The linked article does not contain the quote in the summary which forms the basis of this discussion.

Re:Other types of cloaking... (1, Insightful)

Anonymous Coward | about 7 years ago | (#20018783)

So the article is offtopic, then?

Why even ask? (4, Insightful)

nurb432 (527695) | about 7 years ago | (#20018049)

"Are we no longer allowed to have any secrets, even on our own systems?"

Why do you even have to ask? As private citizens we arent allowed to hide anything from the government. Its labeled as obstruction of justice and we get tossed in the can if we dont cough up the keys. Even if we have nothing to hide.

Re:Why even ask? (5, Insightful)

Ice Wewe (936718) | about 7 years ago | (#20018125)

Rock on, Hyde!

I'd just like to point out, that if creating loops in NTFS is incriminating, does having an encrypted file system mean we have something to hide? Or, for that matter, wouldn't DRM be an obstruction, since it prevents access to content? Oh, right, DRM isn't bad, because it has large, multi-national corporations giving large campaign contributions-- err, I mean, supporting it.

Hooray for capitalism!

Re:Why even ask? (1)

jfclavette (961511) | about 7 years ago | (#20018507)

The corporation will provide the keys to government agencies if they request it, so DRM is a non-issue. Nice try.

Re:Why even ask? (5, Insightful)

Evilest Doer (969227) | about 7 years ago | (#20018659)

does having an encrypted file system mean we have something to hide?
Of course you have something to hide. You have your tax returns, financial statements, personal journals, and other private files to hide from malicious hackers and people who might run off with your laptop. If you are in the financial industry, you have other people's private information to hide (or, at least, that's what you should do). The problem is the absurd assumption that, since we are using encryption, we have something illegal to hide.

Re:Why even ask? (2, Insightful)

Anonymous Coward | about 7 years ago | (#20018155)

"Why do you even have to ask? As private citizens we arent allowed to hide anything from the government. Its labeled as obstruction of justice and we get tossed in the can if we dont cough up the keys. Even if we have nothing to hide."

This is why the next presidential election will probably decide the fate of our country. We can continue down the current path of big government (Clinton, Obama, Guiliani, Romney, McCain) or we can elect the ONLY candidate who wants to restore privacy.
Yes, restore privacy and LIMIT the government.
This candidate is Dr. Ron Paul. http://www.ronpaul08.com/ [ronpaul08.com]

And yes Dems, your candidate are in he pockets of special interest. (Example, Clinton Obama taking money from the RIAA) Niether of them are Pro Freedom. While they mihgt be the lesser of two evils; they are still evil!

The Only candidate talking about *restoring* and *respecting* the Constitution and Privacy and Limiting government is Dr. Ron Paul.

Please folks, wake up, the Government is NOT your friend.

Re:Why even ask? (1, Insightful)

Anonymous Coward | about 7 years ago | (#20018383)

Absolutely. The only way to get this to stop is to get the people on top to realize that the American people won't take this stuff any more, and they're sure not going to get that message if we keep voting the same sorts of politicans in year after year. Republicans, Democrats, it really doesn't matter; it's not as if the Democrats would opt to take away the increased executive powers that have built up over the past few years.
Ron Paul finally gives me hope. Everything should be done, he says, according to the Constitution, and I agree.

What pisses me off the most about all of this is having to post anonymously because political dissent could cost me a security clearance and thus, my career. We're heading into a world where the government can keep tabs on everyone at all times - we really should try to keep power-hungry plutocratic morons from the top positions in government the best we can.

Ron Paul? Yeah Right. (0)

Anonymous Coward | about 7 years ago | (#20018541)

Yeah, let's vote for the guy who believes that cross-burning is free speech* and that there shouldn't be a separation from church and state: [blogspot.com]

"Cross burning could be a crime if they were violating somebody's property rights,'' he said during his campaign. But if you go out on your farm some place and it's on your property and you put two sticks together and you burn it, I am not going to send in the federal police."

"The notion of a rigid separation between church and state has no basis in either the text of the Constitution or the writings of our Founding Fathers. On the contrary, our Founders' political views were strongly informed by their religious beliefs. Certainly the drafters of the Declaration of Independence and the Constitution, both replete with references to God, would be aghast at the federal government's hostility to religion. The establishment clause of the First Amendment was simply intended to forbid the creation of an official state church like the Church of England, not to drive religion out of public life."

Great candidate you have there.

* free speech ends when it's purpose is to terrorize others.

Re:Ron Paul? Yeah Right. (1)

Dramacrat (1052126) | about 7 years ago | (#20018707)

And here I am, believing that it's my right to burn two sticks on my private property! Oh please, spare my simple soul from your gulags.

Re:Why even ask? (1)

Original Replica (908688) | about 7 years ago | (#20018165)

if one cloaks data by encrypting it, exactly what incriminating evidence does that provide?

As private citizens we arent allowed to hide anything from the government.


So I'm guessing innocent until proven guilty doesn't apply to a person's data, just a person. So if any information(data) hidden from government view in incriminating, then does that give "probable cause" to anything not already in plain sight? This would seem to be the death blow to already suffering 4th Amendment- "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

It's called a "warrant". (4, Interesting)

khasim (1285) | about 7 years ago | (#20018267)

So I'm guessing innocent until proven guilty doesn't apply to a person's data, just a person.

The cops go to a judge and get a warrant based upon whatever evidence they have that a law was broken.

So if any information(data) hidden from government view in incriminating, then does that give "probable cause" to anything not already in plain sight?

They'd have to have access to it already to see that it was encrypted. And that access should require a warrant.

This would seem to be the death blow to already suffering 4th Amendment- "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

Again, see the word "warrants" there?

Encrypt EVERYTHING to protect yourself from regular criminals.

But if you are accused of a crime, you have to decide whether the encrypted data will help your case or harm it. And if it will harm your case, will it do more or less harm than refusing to decrypt it?

But there has to be a warrant. Focus your complaints on situations where there aren't any warrants.

Re:Why even ask? (5, Insightful)

sjames (1099) | about 7 years ago | (#20018391)

Yep, there you have it. Police are allowed to look at anything in plain sight but need probable cause to look at anything else. Of course, that means nothing when simply having something not in plain sight is considered probable cause.

Re:Why even ask? (1)

PachmanP (881352) | about 7 years ago | (#20018443)

Well if we follow this path of criminalizing hiding things from the watchers to its logical conclusion of outlawing of blinds and/or requiring large picture windows, I think I'll sell my house next to the fat people before it loses all value and move to southern Cali...

Once you have a warrant. (1)

SanityInAnarchy (655584) | about 7 years ago | (#20018575)

And if you do have that warrant, I am going to read it, and unless it specifically requires you to give up my keys, I am going to tell you to fuck off.

Encrypt random noise. Lose the keys. (4, Funny)

MikeFM (12491) | about 7 years ago | (#20018725)

I encrypt everything just so if they ever investigate me, for whatever stupid reason they might decide to, they can demand the key and I can refuse. It's the principal of the thing. Why should we give up our privacy? What if I just want to encrpyt files by a random one time key and then erase the key? Maybe that constitutes digital art to me.

I encourage everyone to generate files containing nothing but random noise, encrypt those files, and throw away the key. If everyone does this then they can't tell what is a real encrypted file and what isn't. For good measure email some of these random files back and forth with suspicious subject lines.

Remedial High School English Lesson... (0)

Anonymous Coward | about 7 years ago | (#20018051)

Re:Remedial High School English Lesson... (0)

Anonymous Coward | about 7 years ago | (#20018287)

English is a living language, get over it.

Re:Remedial High School English Lesson... (1)

fredrated (639554) | about 7 years ago | (#20018495)

This form of 'life' is a tumor, kill it. Misuse of language leads to confusion, better that one learn how to use language correctly, but sadly this mostly requires the ability to think.

Re:Remedial High School English Lesson... (1)

Enoxice (993945) | about 7 years ago | (#20018319)

As with every other time it's used on here and someone insists on bringing that up...

did you even read the entry...particularly about the MODERN USAGE?

Re:Remedial High School English Lesson... (0)

Anonymous Coward | about 7 years ago | (#20018425)

You mean the "Contested modern usage" section where it points out that the only people who don't have a problem with it are people who don't think anybody ought to ever tell anyone how not to say something? You're not making a very good case there.

Custom Filesystem (0, Redundant)

Anonymous Coward | about 7 years ago | (#20018067)

And when I use a custom filesystem the FBI doesn't have drivers for, what is that?

Re:Custom Filesystem (1)

deftcoder (1090261) | about 7 years ago | (#20018113)

what is that?
Something a terrorist would do. Seriously.

Re:Custom Filesystem (1)

Klickoris (1104419) | about 7 years ago | (#20018123)

And when I use a custom filesystem the FBI doesn't have drivers for, what is that?

Win.

Begs the question (5, Informative)

evanbd (210358) | about 7 years ago | (#20018135)

No it doesn't. It raises the question. Begging the question [wikipedia.org] is a logical fallacy, much like circular reasoning.

Re:Begs the question (0)

Anonymous Coward | about 7 years ago | (#20018307)

If these people are hiding something, and have encrypted it, this can only mean that they don't want us to find out what they know, and this strengthens our conviction that they are hiding something.


That sounds exactly like Begging the Question to me. I figured eventually some smart-stupid poster would mock a real case of begging the question.

Re:Begs the question (1)

caerwyn (38056) | about 7 years ago | (#20018363)

Except that, were that even the case, that's not the way in which the phrase "begs the question" is used in the summary- the way it's used is, exactly as the GP states, in the sense of raising a question. So the GP's point remains, though I should have guessed some smart-stupid poster would mock a real criticism.

Re:Begs the question (1)

el americano (799629) | about 7 years ago | (#20018601)

If these people are hiding something... they are hiding something.

That's a tautology, not begging the question. Even the actual point of the article, that encryption must mean that you are hiding incriminating evidence, is wrong, but does not beg the question. ... which raises the question: Why would you defend the use of a phrase when you do not know what it means?

Re:Begs the question (1)

avelyn (861334) | about 7 years ago | (#20018411)

Oh thank you! I read "begs the question" used inappropriately so many times a day and it makes me cringe. At this point, however, it almost seems prudent to have two definitions: one philosophical and one common use.

Re:Begs the question (1)

ZombieWomble (893157) | about 7 years ago | (#20018681)

Words and phrases in a language with multiple usages? What madness is this?

Re:Begs the question (1)

fredrated (639554) | about 7 years ago | (#20018527)

By begs the question I think the poster meant 'this question begs to be asked:...'

The answer to the question he begs is, hiding has become incriminating by definition.

Zonk should know better by now. (5, Insightful)

Anonymous Coward | about 7 years ago | (#20018641)

While languages DO evolve over time, simply using a phrase incorrectly is not evolution, even if the mistake is common.

Furthermore, when you start multiplying the meanings that a word or phrase can have, you start reducing its usefulness. When it cannot make a specific idea clear, in contexts where the meaning may be ambiguous one now has to use even more words to get their idea across.

Anyway, this specific mistake has been pointed out many times on slashdot. Zonk really should know better by now.

Re:Begs the question (1)

AnotherBlackHat (265897) | about 7 years ago | (#20018717)

Begging the question is a logical fallacy, much like circular reasoning.


Yes it is, but that doesn't stop it from having other definitions.

Welcome to 1984 (1)

jeffasselin (566598) | about 7 years ago | (#20018141)

Or fascist America, depending on which side of the pond you live.

4th Amendment (1)

dashslotter (1093743) | about 7 years ago | (#20018147)

Doesn't it say that refusing a search can't be used as evidence of guilt? Isn't this the same thing?

Re:4th Amendment (4, Insightful)

nurb432 (527695) | about 7 years ago | (#20018245)

Yes, the 4th applies until you are ordered to by a judge. ( you cant just turn down a search warrant when the cop is at the door waving it at you ). Once the judge hands down the order you dont have a choice, unless perhaps you try to plead the 5th, and i still bet that wont apply if you refuse to hand over 'documents' that were authorized to be seized by the warrant..

Re:4th Amendment (0)

Anonymous Coward | about 7 years ago | (#20018465)

"you cant just turn down a search warrant when the cop is at the door waving it at you"

That depends very much on wether he's at the door of your house or the hatch of your tank. And if it's the former, more fool you.

Re:4th Amendment (1)

MikeFM (12491) | about 7 years ago | (#20018799)

If it's encrypted they can't prove it's a document though. Can they legally require you to have a key? What if I lost or purposely deleted the key? It's no worse than having a collection of safes with missing keys - the govt can do their best to break into each one to see if anything is inside but can they demand you not own a safe with a missing key? There is no way to prove something is lost other than not being able to find it. So if they don't find your keys then they can't prove you have a key at all.

Re:4th Amendment (0)

Anonymous Coward | about 7 years ago | (#20018263)

Doesn't it say that refusing a search can't be used as evidence of guilt? Isn't this the same thing?

No, not at all. This is saying that preforming a search and finding that something is missing or has been removed is evidence.

Note that this is different from not finding something at all. Evidence of an absence not an absence of evidence.

But Comrade... (4, Funny)

ObsessiveMathsFreak (773371) | about 7 years ago | (#20018151)

If you have nothing to hide, then you have nothing to fear!

Re:But Comrade... (1)

Fuzzums (250400) | about 7 years ago | (#20018339)

You mean you're guilty until there is evidence you didn't encrypt any data?

Re:But Comrade... (1)

Tablizer (95088) | about 7 years ago | (#20018489)

If you have nothing to hide, then you have nothing to fear!

But I don't want anybody finding out I have porn of Natalie Portman doing it with a beowulf cluster. It's not illegal, just embarassing. (Then again, the machines have reached sentience, and are under 18.)
         

Re:But Comrade... (0)

Anonymous Coward | about 7 years ago | (#20018693)

If you have nothing to hide, then you have nothing to fear!
Just like the current American mindset to mod you Funny. You can joke about it now, but in the future will their be, In capitalist America jokes?

Uggg! (0)

Anonymous Coward | about 7 years ago | (#20018161)

We can't find out what you're hiding, when you hid it, or even if you did it yourself, so instead we're gonna just assume you're guilty of obstructing the course of justice, imprison you for that, and in our other investigations just pretend that we found some really incriminating stuff there. Idiots.

What kind of sensationalist nonsense is this? (0)

Anonymous Coward | about 7 years ago | (#20018177)

" Are we no longer allowed to have any secrets, even on our own systems?"

What? Why would you even ask this question after reading the quote above? All the provided quote says is that knowing that you tried to hide something is useful to an investigation. If I can figure out what sorts of things you do not want me to see that can be a big hint about what you are trying to hide.

For example, if you are being investigated and are found to have taken extensive precautions to encrypt your instant message logs but not your email then I might suspect that your most important communications used instant messages, even if I cannot recover them.

Re:What kind of sensationalist nonsense is this? (2, Informative)

SanityInAnarchy (655584) | about 7 years ago | (#20018611)

Right. I suspect that this could be used in, for example, subpeona-ing the IM logs of my friends who don't encrypt them, or of, say, Microsoft (for my MSN logs)...

I'm not sure it was meant to imply that the act of cloaking is itself incriminating, but rather that knowing you cloaked your data might tell them where to look. But then, it really was not worded very clearly.

Ours..? (2, Insightful)

ricebowl (999467) | about 7 years ago | (#20018179)

Are we no longer allowed to have any secrets, even on our own systems?

Are they still our systems these days? I could've sworn the EULA said it was just a license I bought...

Good luck... (4, Insightful)

Penguinisto (415985) | about 7 years ago | (#20018181)

If the one and only bit of evidence on hand is the fact that someone uses an encrypted filesystem, good luck getting a conviction in criminal trial, especially if the defendant has a credible (-sounding) reason for doing so (e.g. "I've been bitten by viruses enough to want to protect myself from identity theft and I certainly don't trust a prosecutor that is obviously persecuting me right now, etc")

Absent any other damning evidence (other concrete evidence found at the defendant's house, financial records at banks and such pointing straight to the suspect, witness testimony, etc), the prosecutor is pretty much fscked if he thinks a jury (dumb as they may be) is going to buy any counter-argument to even a halfway cogent alibi. Everyone knows that Windows is insecure. Everyone knows someone who got a virus. Everyone knows that identity theft is a Bad Thing(tm).

Sorry, but I somehow don't see how a whole case could hinge on just one bit of evidence: "well, he has an encrypted filesystem, and he keeps invoking the 4th/5th amendments(?) in order to not unlock it, so you must convict..."

Then there's the whole "evidence of absence is not absence of evidence" bit.

Not much left to be useful after all that...

/P

I agree (2, Interesting)

HitekHobo (1132869) | about 7 years ago | (#20018325)

For many years I've run hard crypto on my workstations (CFS). Beyond that I keep various files individually encrypted and use encrypted email and even remailers on occasion. Even if I were to hand the feds the keys to some of these systems, they'd be stuck wading through a system with several years of cryptic notes to self, experimental code, temporary data and encrypted files I've just plain forgotten to password for because they aren't important. How do I know they won't grab some random fragment of a random file, take it completely out of context and present it as evidence that I was up to no good? Do you really want a prosecutor presenting fragments of your browser cache and forcing you to explain why you were investigating say... the chemical reaction involved in creating bio-diesel 5 years ago? And if he only presents a fragment of that, are you going to know it was bio-diesel or will the jury draw their own conclusions based on the 'meth' in methyl alcohol? So go ahead and run hard crypto and refuse to give out the keys. If it's between the constitution and a prosecutor who is judged on his conviction rate, I'll stand on the 4th and 5th.

Re:I agree (1)

sqrt(2) (786011) | about 7 years ago | (#20018469)

Fragments? You'd get your very own team of FBI cryptographers working to make sure that every piece of recovered data was incriminating!

Re:I agree (1)

Penguinisto (415985) | about 7 years ago | (#20018577)

How do I know they won't grab some random fragment of a random file, take it completely out of context and present it as evidence that I was up to no good?

How do you know they wouldn't try that even without encryption being involved?

/P

Re:Good luck... (0)

Anonymous Coward | about 7 years ago | (#20018557)

ROFLOL... trial? You thought there was going to be a TRIAL???? ROFLMHWPCAO.... Nah man, it's straight to Gitmo w/ ya...

The police mindset (5, Insightful)

Pig Hogger (10379) | about 7 years ago | (#20018183)

One has to take account of the police mindset. The police will not trust anyone at all . Period.

And the police expect total control of any given situation. Whenever one does not cooperate with the police, the police no longer is in total control and will take whatever measures are necessary to regain total control.

Adding those two points simply will make that anyone who hides stuff from the police is automatically an ennemy that has to be controlled at once.

As a matter of fact, one cannot never win against the police. In a courtroom, yes, maybe, but not against the police.

So the obvious solution is that everyone should perform maximum obfuscation/encrypting of data, the idea being that one cannot jail a whole country.

Re:The police mindset (1)

funkatron (912521) | about 7 years ago | (#20018347)

A better solution would be to encourage everyone else to perform maximum obfuscation/encrypting of data, the idea being that you don't end up in the part of the country that gets jailed.

Re:The police mindset (1)

sdguero (1112795) | about 7 years ago | (#20018525)

As a matter of fact, one cannot never win against the police.

Grammar aside, this is just wrong. You can win against the police, just pretend to be on their side. I do it a lot. Be the first person to talk to them and offer up everything you have (or everything you want them to think you have) and put yourself at their mercy. Cops appreciate forthright answers and information (even if it's not entirely correct). They are gullible and easy to manipulate (especially if you are white). Nerds usually just don't have the experience or the ballz to play the big game...

What ifI just don't tell them about it? (1)

ensignyu (417022) | about 7 years ago | (#20018201)

Suppose I left a DVD at a friend's house, and neglect to mention to the cops when they raid my house. Later the friend hands it over as part of the investigation. Is it really incriminating that I didn't tell them about it? Does the 5th amendment cover it?

Re:What ifI just don't tell them about it? (0)

Anonymous Coward | about 7 years ago | (#20018671)

If you "neglect to mention" that's not the same as "purposeful hiding", is it? If they went over and found that he'd placed the DVD inside a hollowed out book after getting a call from you, that would be "purposeful hiding" and would, in fact, seem pretty incriminating to me.

The general Slashdot response to this article rather misses the point. The statement includes three qualifiers--"purposeful hiding", "subject under investigation" and (if those are met) it's still valid only in "some scenarios".

With those in, it's a trivial comment, the digitial equivalent of being suspicious of someone stays at the office late, shredding documents, after they've been subpoenaed. Of course it's incriminating. Is it sufficient to convict of the underlying crime in court, on it's own? No. Does it provide a nice hint to investigators that they're on the right track, and even where to look for other evidence? Definitely.

Let me get this straight... (5, Interesting)

nonsequitor (893813) | about 7 years ago | (#20018209)

If I encrypt my financial data, and am unable to unlock it for the FBI because I lost the smart card I used to encrypt it, does that make me guilty of . When asked why I didn't delete it, I could say I hoped to one day find the smart card. Does that mean they can ship me off to gitmo?

Of course the difference between this scenario and one where someone merely claims to be unable to decrypt the data is irrelevant.

I thought that we were innocent until proven guilty in this country, not vice versa.

Re:Let me get this straight... (1)

nonsequitor (893813) | about 7 years ago | (#20018249)

Sorry, didn't realize plain text filtered out triangle brackets, that should have read "insert crime here."

(Yes, I know I should have previewed it, but I only preview when using html)

Another take.. (1)

raehl (609729) | about 7 years ago | (#20018751)

If I encrypt something and memorize the key, can the government compel me to tell them what the key is, or can I refuse to answer the question based on the 5th amendment?

Nothing to hide (0, Troll)

Anonymous Coward | about 7 years ago | (#20018225)

Look, if you're obeying the law, then you have nothing to hide, and shouldn't hide anything. It's that simple, and I don't understand why people have an issue with it.

That, at least, is the sentiment expressed to me from new immigrants to the US from other countries that are not so free. I'm not xenophobic, but sometimes I do fear for the fundamentals of the US when people who do not grow up here say "we have too much freedom" and "we should be required to carry identity cards (papers)."

Re:Nothing to hide (2, Insightful)

vga_init (589198) | about 7 years ago | (#20018789)

The most compelling argument I've heard against your logic is that sometimes you really don't want to obey the law. Laws are not only good, but they come in bad varieties too. Even if you think the laws are good right now, they could change suddenly, and all that invasion of privacy and surveillance that you thought were OK suddenly make it incredibly difficult for you to function as a free man. In fact, the incriminating evidence against you may already have been gathered and is waiting to be used.

There are too many laws.... (1)

cheekyboy (598084) | about 7 years ago | (#20018797)

If all the laws cover 7000 pages, how can a cop that barely has the qualifications of a mcdonalds burger dude remember all 7000 pages
especially if the lawsyers themselves cannot know it all.

Face it, if they dont like you, they just arrest you, its easier, they dont have to think at all.

Enough innocent people have been burned by cops with psychopathic brains.

Just look at those cops in NY who say, "you cannot film me thats againts the law" but they know there is no law saying that, they
just like to scare people.

5th Amendment (1)

HaeMaker (221642) | about 7 years ago | (#20018231)

This is the same as saying, "He took the 5th! He must be guilty!", but that argument doesn't hold water.

You can't use someone taking the 5th as "incriminating evidence".

They can't make you testify to your password, if revealing your password incriminates you.

IANAL.

Re:5th Amendment (1)

Andrew Tanenbaum (896883) | about 7 years ago | (#20018655)

But it is true that pleading the 5th means you're guilty, but it just means that the American adversarial system has to continue and prove that you're guilty independently.

Re:5th Amendment (1)

ricree (969643) | about 7 years ago | (#20018815)

It doesn't even remotely mean that. This attitude is exactly the sort of thing that encourages the "if you have nothing to hide" mindset.

http://www.trussel.com/hf/fifth.htm/ [trussel.com]
Why the Fifth Amendment by Howard Fast

Re:5th Amendment (1)

networkBoy (774728) | about 7 years ago | (#20018771)

More important is that you don't have that password stored anywhere.
Also, how can they prove you didn't "forget" it, ala Ollie North?
-nB

What baloney (2, Insightful)

JustNiz (692889) | about 7 years ago | (#20018241)

There are plenty of legitimate reasons to encrypt personal data.

bs .... (0)

Anonymous Coward | about 7 years ago | (#20018273)

this is so bollocks, i use a serpent-twofish-aes algorithm to conceal my personal info in the event my machine is ever compromised, and even having nothing to hide you can bet i wouldnt give the police the keyfile ... id fight it tooth and nail in court and when i win id launch a civil suit :)

If obscurity == felony (0)

Anonymous Coward | about 7 years ago | (#20018283)

I will arrest the whole govenment for all their illegal activity. I mean, if they won't show me classified documents, that's evidence that they have illegal writing on them, right?

hell yeah I'm posting this as anonymous coward!

Duh (2, Insightful)

ChromeAeonium (1026952) | about 7 years ago | (#20018303)

So, if you're being investigated, and you're hiding data pertinent to the investigation, of course thats criminal. Its just like physical evidence: if you have it, and you're hiding it from the authorities, they're obviously going to throw the book at you.

And that, 'Are we no longer allowed to have any secrets, even on our own systems?' line is pretty sensationalist. Thats like declaring that it will soon be illegal to own a safe because a court issued a search warrant of someone's house.

Re:Duh (0)

Anonymous Coward | about 7 years ago | (#20018427)

Ah, those who mod overrated. Is there anyone stupider, who can mod like a coward (no metamod) yet don't have the brains to post a reply. Whoever modded this, I laugh at your inability to respond.

legal issue but technical commentator (2, Insightful)

Grond (15515) | about 7 years ago | (#20018385)

First off, the linked article doesn't actually contain the quote given in the article summary. But, assuming what the article summary says is accurate...

The relevance, admissibility, or incriminating character of the mere fact that a defendant hid something (i.e., as separate from the hidden content) is a legal question. In general, the absence of evidence is irrelevant with a few exceptions (obviously it's highly relevant to charges of destroying evidence!). The most important one is that of an absence of regularly kept business records. So, if a business regularly kept records of, say, who entered a building, and an employee were suspected of stealing something from the business, and the records for that night were missing, then perhaps that could be used as evidence against the employee on the theory that the employee had erased the record to cover his or her tracks. The same would be true if the record, rather than being deleted, had been encrypted when the others were unencrypted or encrypted in a different way/with a different key.

This is a very glossed over view of a complicated topic, but on the narrow question of the mere fact of the use of encryption, I would tend to say that would generally not be incriminating. Certainly the prosecution cannot simply point to your TrueCrypt or FileVault encrypted drive and say "look! everything on that computer is encrypted, therefore we can't know what it is, therefore it could be evidence of wrongdoing." That is tremendously weak circumstantial evidence and falls far, far below the reasonable doubt standard.

Note: I am not a lawyer and this is a layman's opinion, not legal advice.

Re:legal issue but technical commentator (0)

Anonymous Coward | about 7 years ago | (#20018511)

First off, the linked article doesn't actually contain the quote given in the article summary.
Go away Grond. We don't like your kind here.

Re:legal issue but technical commentator (1)

Anonymous Cowpat (788193) | about 7 years ago | (#20018593)

except that most juries are made up of people not smart enough to get out of it and will swallow the "it's encrypted, so he has something to hide, so he's a nasty criminal who needs to be found guilty" argument hook, line & sinker.

Re:legal issue but technical commentator (1)

Gogo0 (877020) | about 7 years ago | (#20018753)

You mean that juries are made up of people who wont lie to get out of it and show up willingly?
Who would want to be in the hands of THOSE people?!

Re:legal issue but technical commentator (1)

Anonymous Cowpat (788193) | about 7 years ago | (#20018803)

no, made up of the people who can't come up with a convincing lie.
Or made up of well-meaning people out to 'do some good' who will probably convict because a prosecutor tells them to, particularly if he has a police officer to testify - the nasty criminal types belong in jail.

3 words (0, Troll)

noz (253073) | about 7 years ago | (#20018413)

Trust your govenment.

Encrypt everything, and provide for deniability (2, Insightful)

vanyel (28049) | about 7 years ago | (#20018419)

This is why you need to encrypt everything as a matter of course: the valid argument is privacy in the face of all the data theft reports coming out nearly daily, you don't know where stuff is stored all the time, so just encrypt everything.

Anything you *do* want hidden, needs to be done in such a way that there's nothing that indicates that there *is* anything hidden, ala Truecrypt's multiple volumes. "I don't need to *hide* anything, so I'm not using that feature, it's just a good encryption tool"

Deniability is what matters (4, Informative)

Somnus (46089) | about 7 years ago | (#20018429)

Encryption itself is only useful for preventing data theft by clandestine means. Authorities with a warrant can threaten you with jail to make you give up the keys, and even less scrupulous forces can beat them out of you. You can destroy the keys, but then you'll really piss them off.

What you need is deniability, as in a steganographic filesystem [wikipedia.org] . No one can ever prove that there is even anything there -- "Oh, I was just playing with it, I can reformat it if you want." Even better, embed data steganographically in standard data formats, like images.

It would be interesting to interpret the protection against self-incrimination [wikipedia.org] to include data storage, i.e. your hard disk is an extension of your consciousness. Of course, this does not accord with the original aim of this right, which was to prevent false testimony/confessions induced by torture -- your hard disk exists apart from your "will."

Damn...... (0)

Anonymous Coward | about 7 years ago | (#20018491)

Man.. you think they'll have a problem w/ the tattoo of the US Constitution I have on my ass in the Caesar cipher?

Not the same thing? (1)

SoapBox17 (1020345) | about 7 years ago | (#20018591)

IANAL but the article seems to be talking about purposefully cloaking the data in a way that still allows it to be eventually uncovered. So it would seem to be that you can get in trouble for hiding "evidence" if they figure out that you hid it and recover it. If you're using good encryption then they can't even FIND the data, let alone recover it to show that you were hiding evidence.

Like most /. stories, the submitter seems to be making up a situation that doesn't have much basis in reality or in the original submitted article.

Keeping a secret (1)

Wise Dragon (71071) | about 7 years ago | (#20018623)

If you want to keep a secret, keep it in your head. Writing it down is a mistake. The law against self incrimination only applies to whats in your head, not what you write down. Even in code. Even better than keeping a secret is never letting anyone know you are keeping it.

Re:Keeping a secret (0)

Anonymous Coward | about 7 years ago | (#20018759)

OK. What if my password (which I store in my head) contains self incriminating information? Such us:

"I lied on my FBI application"

Encrypt everything (3, Insightful)

J'raxis (248192) | about 7 years ago | (#20018637)

Encrypt everything, hide everything. Then they can't point to this-or-that encrypted file and say that that's the one that must contain the incriminating evidence. The fact that most people do indeed only hide stuff when they "know they're doing something wrong" only helps the bastards build their cases.

Recent trend in computer virii might help... (1)

Kazoo the Clown (644526) | about 7 years ago | (#20018645)

You could claim it wasn't your doing, you were a victim of Ransomware [slashdot.org] ...

Begging the question. (0)

Anonymous Coward | about 7 years ago | (#20018669)

The article states, "That begs the question."

Sorry, it does not "beg the question." Begging the question is a type of logical
fallacy. The term is not synonymous with "raise the question."

Get a clue. Get a life.

Murder (2, Informative)

Citizen of Earth (569446) | about 7 years ago | (#20018673)

Similarly, if the cops accuse you of murder and you don't tell them where the bodies are, that proves that you are guilty.

Slashdot is 2 steps from the DailyKos (0)

Anonymous Coward | about 7 years ago | (#20018711)

Really what the hell has happened to Slashdot over the last few years?

(Now this isn't flamebait, a troll, or off-topic [because the quality of the story is always on-topic]. You may not like what I have to say, but it is heart-felt and contains more truth than you may want to face up to. [Yeah, Truth to Power, that is it.])

Slashdot used to be a good technology related website. "News for Nerds" Now, it is conspiracy theory central.
It is obviously the editors fault. I eagerly await their book review of "The Protocols of the Elders of Zion".
If your grip on reality is that tenuous, go over to Kos to find out how Tillman was OBVIOUSLY killed because he was about to meet Noam Chomsky [dailykos.com] .

I know, I know. Controversy equals pages hits equals advertising dollars. But at some point you get too out there and drive the punters away. Like I am about to. Save the flamebait stories for the Windows/Linux flamewars.

I had to block the Politics stories because that isn't what I want out of the technology site.
I had to block the Science section because it because Creationist Central (meanwhile the San Diego school system is setting up Muslim prayer rooms and gender separation [go.com] , but that is OK).
And then, Your Rights On-Line is quickly becoming Politics under a different heading. Yeah, until they put the comma in there it really shouldn't be "Your Rights, ... On-Line". This story barely passed the "subject matter" test, but many other stories in this section fail even that test.
Yeah, I have tried to do my bit by meta-modding things as "unfair" as often as possible. But, the flood of immaturity and politically based mods in overwhelming.
I am really running out of sections that are free of the conspiracy theories, GroupHate, and the Daily Hate (really wish the people screaming about 1984 would have read the book). I think we are down to "Games", "Development", and "AskSlashdot". But at least "Games" and "AskSlashdot" have their own issue, which are currently tolerable but threaten to go off the rails.

Even then some bullshit conspiracy theory like this should have been blocked by the editors. Have we totally infantilized the entire world? If you can't separate one brick in a wall of evidence and circumstantial evidence (versus corroborating evidence) from a Vast Right Wing Consipricy, you need to go back to your parents and ask why they didn't teach you to be an adult. When I was a child I got angry because the telephone didn't give me a pre-paid envelope to pay my bill. As an adult I have a better expectation of how the world works and what it does not owe me. No jury will convict on the basis of an encrypted disk alone. When the IRS comes after you for unpaid taxes, you don't have to tell them where all your records are, but if you don't they have the right to come up with a guess and submit that guess to the jury. Same thing here. The prosecution gets to make a guess as to the contents of the encrypted disk. The jury may or may not buy their guess.
Plus the story itself is long on rant and short on any type of facts. That is OK in a post, but I expect better from the editors. The whole story is a troll.

I guess I'll end this with a question, what sites are out there that are what Slashdot used to be (circa 1998-ish)?

spoliation of evidence (0)

Anonymous Coward | about 7 years ago | (#20018765)

There is a concept in the law called spoliation of evidence which may apply in such situations. Evidence may be presented to the jury in many jurisdictions that evidence was intentionally destroyed by the defendent. If it is proved beyond a doubt that evidence was destroyed, the judge can issue an instruction to the jury that they may, using a permissive inference infer that the evidence or data that was destroyed was harmful to the defendant. The instruction is permissive, in that, the jury doesn't have to find that the evidence destroyed was harmful, but the spoliation instruction is often a very powerful tool for prosecutors to use. It reminds the jury that evidence was destroyed and allows them to infer that that evidence was harmful to the defense in making determinations as to whether the defendant is guilty beyond a reasonable doubt to all elements of the crime they are charged with.

What about a physical safe? (1)

jonwil (467024) | about 7 years ago | (#20018785)

If you have a physical safe in your house, are you legally required to open it if the cops ask you to? If you don't, can the cops use that as evidence against you?

The right way for law enforcement to treat encrypted data on a disk is to treat it the same as a combination safe (with the password being like the combination to the safe)
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...