Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Encryption Passphrase Protected by the 5th Amendment

CmdrTaco posted more than 6 years ago | from the my-password-is-password dept.

The Courts 537

Takichi writes "A federal judge in Vermont has ruled that prosecutors can't force the defendant to divulge his PGP passphrase. The ruling was given on the basis that the passphrase is protected under the 5th amendment to the United States Constitution (protection against self-incrimination)." The question comes down to, is your password the contents of your brain, or the keys to a safe.

Sorry! There are no comments related to the filter you selected.

First post (0, Offtopic)

cyofee (975070) | more than 6 years ago | (#21709996)

Is the content of my brain.

I was wondering... (1)

Khyber (864651) | more than 6 years ago | (#21710002)

Just how did the judge come to this conclusion? On the summary side of things, it makes sense, but just what circumstances led to this particular notion?

Re:I was wondering... (5, Informative)

explosivejared (1186049) | more than 6 years ago | (#21710052)

Read the article:

If the subpoena is requesting production of the files in drive Z, the foregone conclusion doctrine does not apply. While the government has seen some of the files on drive Z, it has not viewed all or even most of them. While the government may know of the existence and location of the files it has previously viewed, it does not know of the existence of other files on drive Z that may contain incriminating material. By compelling entry of the password the government would be compelling production of all the files on drive Z, both known and unknown.

By giving the government his password, the judge held, that the defendant was incriminating himself by opening up all of his files that weren't pertinent to the investigation. That was my take on it. *I am not a lawyer, but I scored high on critical reading on the SAT's, for what it's worth.

Re:I was wondering... (5, Insightful)

snarkh (118018) | more than 6 years ago | (#21710138)

By giving the government his password, the judge held, that the defendant was incriminating himself by opening up all of his files that weren't pertinent to the investigation.

Quite the opposite. By giving the password the defendant may incriminate himself by opening files containing incriminating (and pertinent) information, but unknown to the government prior to that.

Re:I was wondering... (5, Insightful)

cayenne8 (626475) | more than 6 years ago | (#21710208)

"Quite the opposite. By giving the password the defendant may incriminate himself by opening files containing incriminating (and pertinent) information, but unknown to the government prior to that."

Thank God...FINALLY, a score for US privacy rights...and upholding our Constitutional rights!!!

You just don't see that much any more.....

Re:I was wondering... (0)

solafide (845228) | more than 6 years ago | (#21710386)

How long do you think it'll be before Congress amends the Constitution to force encryption keys to be given up? Or, if the government claims they're trying to rebel, they could suspend it so that some parts of the Constitution are no longer in force.

Re:I was wondering... (3, Informative)

Hijacked Public (999535) | more than 6 years ago | (#21710416)

Probably forever, since Congress can't amend the Constitution.

Re:I was wondering... (1)

heinousjay (683506) | more than 6 years ago | (#21710472)

Don't bring facts into these discussions. I like the fake lawyers giving ridiculous legal opinions almost as much as the paranoid types complaining about how Bush wants to know how many times they head to the comic shop.

Wanna bet? (1, Insightful)

Joce640k (829181) | more than 6 years ago | (#21710530)

Me? I'll bet there are new laws being drawn up as I write this to make witholding a password illegal.

Any takers...?

Re:I was wondering... (1)

explosivejared (1186049) | more than 6 years ago | (#21710218)

I thought that's exactly what I said. He was opening up files that may be incriminating, but otherwise not related to the offense he was being held for and unknown to the government. Sorry if I confused anybody.

Re:I was wondering... (2, Insightful)

Tim C (15259) | more than 6 years ago | (#21710400)

I think you two are talking at cross purposes. The post you're replying to says "(and pertinent)" - ie files that *do* relate to the case.

You're saying "he can't be made to release incriminating files that are nothing to do with the case", while the poster you're replying to is saying "he can't be made to release incriminating files even if they are related to the case".

Re:I was wondering... (2, Informative)

snarkh (118018) | more than 6 years ago | (#21710522)


That's exactly right. As far as I understand, the main concern is that by opening the disk he would potentially give the government access to the incriminating files not seen by the customs agents.

Re:I was wondering... (0)

Anonymous Coward | more than 6 years ago | (#21710156)

you do know the LSAT counts and not the SAT right ?
what the judge actually said was -- the scope of the warrant did not extend to all the files. the basic search warrant doctrine. balancing test.
-IAAL

Re:I was wondering... (0)

Anonymous Coward | more than 6 years ago | (#21710454)

Having taken both and attended law school, it is my opinion that the LSAT has less to do with lawyering than the SAT.

The SAT asks you to determine relationships between words and analogize (well, at least it did when I took it, I understand analogies have been removed since then).

The LSAT asks you to determine how to put 8 people into an apartment building where Jim has to live on the second floor, Claire can't live on the same floor as someone with a cat, and Steve likes really loud music.

Re:I was wondering... (1)

FlopEJoe (784551) | more than 6 years ago | (#21710232)

That's what I thought as well but I just can't get past the search warrant analogy. Investigators entering and searching your house with a warrant will see things not pertinent to the investigation.

Re:I was wondering... (5, Insightful)

Anonymous Coward | more than 6 years ago | (#21710384)

Yes, and it's perfectly legal for those investigators to try to decrypt your files themselves. What they CAN'T do is say, "Tell us where the incriminating evidence in your house is, or we'll put you in jail," or "Give us an itemized list of every single thing in your house so we can decide what is incriminating, or we'll put you in jail." Neither can they say, "Give us your encryption password or we'll put you in jail."

This is so painfully obvious that I'm somewhat concerned that it took so long for a judge to rule in this manner. On the other hand I am relieved it has finally happened.

Re:I was wondering... (3, Insightful)

pboulang (16954) | more than 6 years ago | (#21710520)

Well, maybe because a better analogy is "I have a warrant to search your whole house. You need to give me the key to the locked room in the back." I'm not sure it is "painfully obvious" but this is the correct decision in the end.

Re:I was wondering... (5, Informative)

Anonymous Coward | more than 6 years ago | (#21710390)

Well, there is that whole pesky link in TFA to the decision.

But I'm nice and I found it an interesting read, so I will summarize it. There are a great many of cases involving what and when the government can force someone to turn over documents. Generally, things which don't represent what's in your mind can be forced over. An example would be a key to a lock as compared to a combination lock. The former exists, and is known to exist, and the latter's turnover requires the suspect to devolve information contained within his mind, which would be tantamount to testifying.

In this case, there is some splitting of legal hairs, and my description will be less than sound. While IANAL, I am marrying one ;) This password is similar to a combination lock. However, in this case, the government had already seen some of the files contained within his encrypted drive. There is a question as to whether the government's knowledge of the preexisting files would be enough to force the turnover of the password. The government argued that they would allow the suspect to enter the password without supervision, meaning that the government wouldn't be able to use the entry itself in court. In the past, the government has tried to prosecute someone when they had immunity for turning over documents by arguing that said documents themselves were incriminating,. not just that the suspect kept them. The supreme court found that reasoning to be bull. Someone is protected via the 5th amendment by all fallout of their testimony via immunity.

As I already rambled here, the government argues that they knew of the files, and that they had already seen the files. As such, the defendant needed to turn over the password. Something similar has been done previously, where the government knew that a suspect had a document in his possession,and the court forced its turnover. In this case, however, the judge unacknowledged that the prosecution has seen only a small number of the files on the encrypted drive, and that they were almost certainly incriminating. As such, the judge decided that he couldn't order the defendant to turn over the password as the governmetn would have access to new files it knew nothing about.

So, the lesson here is to just not talk to the police without your lawyer present, and don't fricking enter passwords to your files without a court order.

But but but! (4, Insightful)

skulgnome (1114401) | more than 6 years ago | (#21710020)

Terrorists!

Re:But but but! (5, Funny)

Urger (817972) | more than 6 years ago | (#21710050)

Worse!
Liberals!

Re:But but but! (0, Troll)

LiquidCoooled (634315) | more than 6 years ago | (#21710272)

Even Worse!
Unwashed Hippies!

Re:But but but! (0, Troll)

Daimanta (1140543) | more than 6 years ago | (#21710448)

Even even worse!

Unwashed pinko commie hippies!

Re:But but but! (2, Funny)

BlueParrot (965239) | more than 6 years ago | (#21710486)

Citizens

Oh shit, did I say that out loud?

Forget it. (0)

Anonymous Coward | more than 6 years ago | (#21710022)

It's an epidemic. Mass amnesia. First the politicians got it, now it spreads. Does it even matter if you have to tell them the password or not if you don't know it?

If not anything else... (4, Insightful)

Bones3D_mac (324952) | more than 6 years ago | (#21710032)

"I forgot."

Re:If not anything else... (3, Insightful)

Smallpond (221300) | more than 6 years ago | (#21710098)

That worked for Gonzales. Maybe waterboarding could make you remember, tho.

Re:If not anything else... (4, Funny)

Joe The Dragon (967727) | more than 6 years ago | (#21710274)

don't waterboard me bro.

Re:If not anything else... (3, Interesting)

Znork (31774) | more than 6 years ago | (#21710372)

"That worked for Gonzales. Maybe waterboarding could make you remember, tho."

Hmm, that brings the question, did we waterboard Gonzales? If not, why not?

Re:If not anything else... (3, Insightful)

ubrgeek (679399) | more than 6 years ago | (#21710116)

"You're in contempt of court."

Re:If not anything else... (4, Funny)

Rob the Bold (788862) | more than 6 years ago | (#21710238)

Well excu-u-u-u-use me!

Re:If not anything else... (1)

X0563511 (793323) | more than 6 years ago | (#21710340)

"Still can't remember. Don't you feel like an ass now, judge? Oh, what did you have for dinner 2 years, 1 month, and 65 days ago?"

Re:If not anything else... (1)

cp.tar (871488) | more than 6 years ago | (#21710406)

"Still can't remember. Don't you feel like an ass now, judge? Oh, what did you have for dinner 2 years, 1 month, and 65 days ago?"

Eggs.

Re:If not anything else... (1)

pboulang (16954) | more than 6 years ago | (#21710562)

Lordy, that's like looking at an improper fraction...

Re:If not anything else... (1)

Obyron (615547) | more than 6 years ago | (#21710212)

In my state at least, you may be jailed indefinitely for civil contempt.

Interesting development (5, Interesting)

rickthewizkid (536429) | more than 6 years ago | (#21710036)

So.... this tells me two things... first, that the government cannot force you to give up your PGP passphrase.... but possibly more important, the government (currently) cannot break PGP encryptopn.

Hmmm....

Re:Interesting development (3, Insightful)

mastershake_phd (1050150) | more than 6 years ago | (#21710058)

So.... this tells me two things... first, that the government cannot force you to give up your PGP passphrase.... but possibly more important, the government (currently) cannot break PGP encryptopn.

Hmmm....


Well the government of Vermont can't at least.

Re:Interesting development (4, Insightful)

Tumbleweed (3706) | more than 6 years ago | (#21710252)

>So.... this tells me two things... first, that the government cannot force you to give up your PGP passphrase.... but possibly more important, the government (currently) cannot break PGP encryptopn.

Hmmm....

Well the government of Vermont can't at least.


It was a Federal judge.

It was also probably not worth bothering the NSA with. I wouldn't take this to mean much of anything about how quickly the Feds can crack PGP.

Re:Interesting development (0)

Anonymous Coward | more than 6 years ago | (#21710492)

Well the government of Vermont can't at least.
TFA says those investigating involved a US Customs Agent, a Secret Service Agent, and a Vermont Dept. of Corrections Officer (wtf?!?). I assume transporting child porn to Canada is a federal crime.

I also thought it was funny that the author of the article was so confused:

It's a little unclear what exactly happened, but one likely scenario is that Boucher configured PGP to forget his passphrase, effectively re-encrypting the Z: drive, after a few hours or days had elapsed.
The software is PGPDisk, and it mounts a drive to a chosen drive letter upon entering the passphrase. The drive only remains mounted until you unmount it or log off the Windows user.

And I thought hentai-style animation was still legal in the US:

An officer opened the laptop, accessed the files without a password or passphrase, and allegedly discovered "thousands of images of adult pornography and animation depicting adult and child pornography."
Did that change recently?

Re:Interesting development (1)

GregPK (991973) | more than 6 years ago | (#21710070)

O... the government can break it. It's just that the DOJ doesn't have access to the computers required to do so. Nor does it want to spend the money on buying a multi-billion dollar computer if it doesn't need to. I think this would be a good business for some. Leasing out time on a built supercomputer for breaking passwords. Probably takes 20-30 minutes to boot up and sync. But it'll fly when it does.

Re:Interesting development (4, Insightful)

tomz16 (992375) | more than 6 years ago | (#21710142)

O... the government can break it. It's just that the DOJ doesn't have access to the computers required to do so. Nor does it want to spend the money on buying a multi-billion dollar computer if it doesn't need to.
? What leads you to this conclusion? There's absolutely NOTHING to indicate that strong encryption can be defeated by ANYONE on the planet at this moment.

Re:Interesting development (1)

Threni (635302) | more than 6 years ago | (#21710352)

If someone wanted to know what you've encrypted the might not attack pgp. Rather,they'd install things on your pc, or investigate the people you're emailing. Easier to break in and check out your/their pc, house, car
Etc.

Re:Interesting development (1)

Poromenos1 (830658) | more than 6 years ago | (#21710464)

I agree and am pretty sure that strong encryption can't be broken at the moment, but what the GGP said isn't necessarily true. It might mean that they can't break it, or it might mean that they don't want to be bothered utilizing big (and expensive) means to catch "small fish".

Re:Interesting development (1)

spottedkangaroo (451692) | more than 6 years ago | (#21710560)

If the NSA had a working (but very expensive) quantum computer... would they mention it? Doubtful. They could certainly afford it, even if it cost 1million dollars to run for a couple hours.

Better use of a botnet? (1)

cheros (223479) | more than 6 years ago | (#21710424)

I think you've just created another purpose for a botnet..

It makes for a fine organised crime recipe:

(1) targeted theft
(2) decryption of interesting data with distributed botnet cracking
(3) sale or blackmail?
(4) Profit!

Replace (1) with 'politically motivated arrest'/'espionage'/'anti terror' and (2) with "expensive NSA room heaters" and you have in principle the same mechanism, but "legal"..

BTW, can't see why it would take long to boot up unless you kick the various components sequentially to prevent a power surge. The control node simply keeps updating its distribution list as more and more components come online.

Re:Interesting development (1)

O('_')O_Bush (1162487) | more than 6 years ago | (#21710118)

Or that they are already devoting their resources to breaking something else and don't want to use their resources to break that particular encryption.

Re:Interesting development (0)

Anonymous Coward | more than 6 years ago | (#21710152)

I would assume the NSA could. But this is not a case that would be worth revealing that fact.

If the court had decided to go the other way he could be compelled to give it up, and if he didn't, the judge could simply put him in jail. Not trial, no jury. Simple contempt of court.

I like the ruling on PGP keys, but it's too bad it's a child porn case.

Re:Interesting development (1)

palmem (845119) | more than 6 years ago | (#21710278)

Or maybe that's what they want you to think...

Re:Interesting development (4, Informative)

swillden (191260) | more than 6 years ago | (#21710306)

So.... this tells me two things... first, that the government cannot force you to give up your PGP passphrase.... but possibly more important, the government (currently) cannot break PGP encryptopn.

No, it doesn't tell you the second. If the government has the knowledge required to break the ciphers used by PGP, they would be very unlikely to reveal that for something as unimportant as this court case.

Personally, I strongly doubt that the NSA can break PGP, but this decision doesn't say anything one way or the other about the question.

Re:Interesting development (0)

Anonymous Coward | more than 6 years ago | (#21710366)

Idiot.

To paraphrase what somebody already posted in that blog--the government isn't any more likely to indicate they can break PGP than they were to use Collosus to crack some civilian using enigma in WW-2. It isn't worth using information that would compromise national intelligence programs for a mere criminal case to anyone...

Re:Interesting development (1)

GoofyBoy (44399) | more than 6 years ago | (#21710478)

If they can break PGP, then the last thing they want people to know is that they can.
They could using this legal judgment to make it look like they can't.

Re:Interesting development (1)

moretube (1137973) | more than 6 years ago | (#21710496)

Another possibility is that the government can break PGP encryption but chose not to show that in open court. "Let's save that for the Terrorist!"

Re:Interesting development (1)

Adambomb (118938) | more than 6 years ago | (#21710500)

but possibly more important, the government (currently) cannot break PGP encryptopn.
If I could, I wouldn't admit to it either.

More people would keep using that which I could easily bypass that way.

UK is reversed (0)

Anonymous Coward | more than 6 years ago | (#21710072)

Unless you supply the passwords or pass-phrases to anyone under the "law" umbrella, you can and will convicted of any charge thrown at you. Fortunately the police don't abuse this guilty-on-charge law, yet.

and the pedophiles rejoice (0)

Anonymous Coward | more than 6 years ago | (#21710080)

so pedophiles will use volume encryption with a strong passphrase and not have to worry...

damn double edged swords

THINK OF THE CHILDREN (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21710256)

I know I am, I can't fucking stop thinking about those toddlers fucking and sucking each other!!!

Re:and the pedophiles rejoice (3, Insightful)

LiquidCoooled (634315) | more than 6 years ago | (#21710294)

No they don't.
Just like any other serious crime the police should be investigating it correctly and building a case without needing to look around the suspects' house first.

Sad state. (2, Interesting)

7-Vodka (195504) | more than 6 years ago | (#21710084)

It's a sad sad day in America that the truth of the 5th ammendment and the constitution itself is even called into question in this way. Thanks to the judge who supported the constitution, unfortunately there are laws shredding it up as we read this news.

http://www.govtrack.us/congress/bill.xpd?bill=h110-1955 [govtrack.us]

Welcome to the police state.

Re:Sad state. (2, Insightful)

Kelz (611260) | more than 6 years ago | (#21710168)

Cute sentiment, but still a bit off-topic. I find this a good ruling for me personally, though honestly the ruling could have gone either way. What I find intriguing about it is how confused the judicial system seems about how to apply pre-internet laws to crimes. Should a cyber-crime be treated like a robbery? Should encrypted data be treated like a safe holding potential evidence?

Re:Sad state. (1, Flamebait)

explosivejared (1186049) | more than 6 years ago | (#21710192)

No, it's a good day that the fifth amendment is being upheld like this, especially in a child pornography case. The fact that there wasn't an immediate 20-life sentence when the guy said something to the effect of "i may have transferred child pornography." Child porn is despicable, but it's a boogeyman that has been used in numerous countries to get heavy-handed law enforcement policies legislated into being. That movement has been set back by this ruling. On top of that, this ruling bodes well for electronic encryption. I can't see why you would be sad that the 5th amendment was "questioned" like this. Be happy a judge upheld it. Oh that's right... I forgot whining and crying about "teh police state" is so much more important and helpful than supporting people, like this judge in Vermont, that actually stand up for individual liberties. Sorry man, really.

Re:Sad state. (1)

RT Alec (608475) | more than 6 years ago | (#21710270)

I looked through the text of the bill you referenced, but I found nothing in it to suggest "there are laws shredding it up". It looks like it is authorizing a few committees to study the formation of domestic "home-grown" terrorist organizations and cells.

Did I miss something?

Re:Sad state. (1)

7-Vodka (195504) | more than 6 years ago | (#21710442)

http://www.house.gov/paul/congrec/congrec2007/cr120507h.htm

Remarks on Violent Radicalization & Homegrown Terrorism Prevention Act, HR 1955

5 December 2007

Rep. Ron Paul, M.D.

Madame Speaker, I regret that I was unavoidably out of town on October 23, 2007, when a vote was taken on HR 1955, the Violent Radicalization & Homegrown Terrorism Prevention Act. Had I been able to vote, I would have voted against this misguided and dangerous piece of legislation. This legislation focuses the weight of the US government inward toward its own citizens under the guise of protecting us against "violent radicalization."

I would like to note that this legislation was brought to the floor for a vote under suspension of regular order. These so-called "suspension" bills are meant to be non-controversial, thereby negating the need for the more complete and open debate allowed under regular order. It is difficult for me to believe that none of my colleagues in Congress view HR 1955, with its troubling civil liberties implications, as "non-controversial."

There are many causes for concern in HR 1955. The legislation specifically singles out the Internet for "facilitating violent radicalization, ideologically based violence, and the homegrown terrorism process" in the United States. Such language may well be the first step toward US government regulation of what we are allowed to access on the Internet. Are we, for our own good, to be subjected to the kind of governmental control of the Internet that we see in unfree societies? This bill certainly sets us on that course.

This seems to be an unwise and dangerous solution in search of a real problem. Previous acts of ideologically-motivated violence, though rare, have been resolved successfully using law enforcement techniques, existing laws against violence, and our court system. Even if there were a surge of "violent radicalization" -- a claim for which there is no evidence -- there is no reason to believe that our criminal justice system is so flawed and weak as to be incapable of trying and punishing those who perpetrate violent acts.

This legislation will set up a new government bureaucracy to monitor and further study the as-yet undemonstrated pressing problem of homegrown terrorism and radicalization. It will no doubt prove to be another bureaucracy that artificially inflates problems so as to guarantee its future existence and funding. But it may do so at great further expense to our civil liberties. What disturbs me most about this legislation is that it leaves the door wide open for the broadest definition of what constitutes "radicalization." Could otherwise non-violent anti-tax, antiwar, or anti-abortion groups fall under the watchful eye of this new government commission? Assurances otherwise in this legislation are unconvincing.

In addition, this legislation will create a Department of Homeland Security-established university-based body to further study radicalization and to "contribute to the establishment of training, written materials, information, analytical assistance and professional resources to aid in combating violent radicalization and homegrown terrorism." I wonder whether this is really a legitimate role for institutes of higher learning in a free society.

Legislation such as this demands heavy-handed governmental action against American citizens where no crime has been committed. It is yet another attack on our Constitutionally-protected civil liberties. It is my sincere hope that we will reject such approaches to security, which will fail at their stated goal at a great cost to our way of life.

Re:Sad state. (0)

Anonymous Coward | more than 6 years ago | (#21710412)

When's the revolution?

IANAL, but... (1)

prxp (1023979) | more than 6 years ago | (#21710106)

If someone is asked to give her passphrase, and she is not under oath (i.e. in a police investigation), it is possible to just lie, right? In the other hand, if the person is under oath (i.e. in court), she cannot lie, but providing such information would constitute self-incriminating testimony, and that would infringe the 5th amendment. Does that make any sense?

Re:IANAL, but... (1)

snl2587 (1177409) | more than 6 years ago | (#21710146)

It is not advisable to lie during a police investigation, under oath or not. AFAIK giving a false statement is a crime in and of itself.

Re:IANAL, but... (1)

Rob the Bold (788862) | more than 6 years ago | (#21710284)

AFAIK giving a false statement is a crime in and of itself.

National security, man. If I give true statements, the terrorists win. Laws are just quaint scribbles on silly pieces of paper in this post 9/11 world.

Re:IANAL, but... (1)

prxp (1023979) | more than 6 years ago | (#21710468)

AFAIK giving a false statement is a crime in and of itself.
Lying is crime? Really?

In certain circumstances... (2, Informative)

ebbomega (410207) | more than 6 years ago | (#21710544)

Lying in an official police statement is the same as lying under oath. Basically you're obstructing justice by lying, therefore perjury.

This ruling is both good and bad... (0, Troll)

elangomatt (784942) | more than 6 years ago | (#21710112)

I can see the judges point that says that the accused doesn't need to give out his pass phrase because the contents of the encrypted data would send him to jail for sure. On the other hand though, if this precedent stays on the books, a smart criminal will just encrypt the incriminating data and will never be able to be prosecuted based on the computer data (assuming he memorizes a strong password). Does that mean that terrorists will be protected too when they encrypt plans for the next attack on their computer?

Re:This ruling is both good and bad... (0)

Anonymous Coward | more than 6 years ago | (#21710204)

Yes, this will "protect terrorists". Although, how you can call a person a terrorist without having proved them a terrorist in a court of law.... Oh, I know. We'll just demand that somebody we suspect of being a terrorist provide us with the information that they are a terrorist. That way, we can skirt around that whole "guilty until proven innocent" thing. Which, as we all know, shouldn't apply to terrorist. Because they're terrorists.

Anyhow, if you've got something to hide, clearly you're guilty. Of something.

Re:This ruling is both good and bad... (3, Insightful)

X0563511 (793323) | more than 6 years ago | (#21710436)

Yes, it will protect them, as it should. They are not terrorists until PROVEN so, not because we suspect them to be - just like you are not necessarily a selfish jerk, even though I suspect you are.

Valuable (1)

fishthegeek (943099) | more than 6 years ago | (#21710174)

Nolo [nolo.com] clears things up nicely about self incrimination. While I don't know the accused or support his alleged crime, I do think that the judge is correct in his statement. Kudos to the judge! If the prosecution wishes to discover the contents of an encrypted file then they actually need to jump through the hoops of an investigation. Hell, getting a warrant and just installing a camera over his keyboard would sooner or later reveal the passphrase wouldn't it?

Re:Valuable (1)

KPU (118762) | more than 6 years ago | (#21710228)

What makes you think the defendant plans on decrypting the drive again? Or for that matter that the government would ever return the encrypted contents to him?

Re:Valuable (1)

fishthegeek (943099) | more than 6 years ago | (#21710260)

I didn't say that he would decrypt the volume after discovery. I did say that if they had investigated using methods that didn't jeopardize access to the content later they would have a viable case. As it stands now the prosecutions case is dead.

Re:Valuable (1)

KPU (118762) | more than 6 years ago | (#21710328)

More to the point, the article states that agents did in fact have access to the unencrypted volume at the border. They just waited too long and PGP timed out.

Current techniques make this irrelevant (1)

ZeroPly (881915) | more than 6 years ago | (#21710176)

On my current setup with Ubuntu 7.10, it is fairly easy to set up TrueCrypt with hidden volumes.

                  http://www.truecrypt.org/docs/hidden-volume.php [truecrypt.org]

Without any proof of the existence of a hidden volume, there is no way for the government to compel discovery. I don't bother using a hidden volume myself because I'm not concerned with plausible deniability. But without being able to tell me apart from the users that do, a judge won't be able to do anything for the government.

Re:Current techniques make this irrelevant (1)

Quarters (18322) | more than 6 years ago | (#21710322)

It's "fairly easy" to setup TrueCrypt on any OS that it supports. There's nothing magical about Ubuntu 7.10 that makes it easier.

Re:Current techniques make this irrelevant (1)

GoofyBoy (44399) | more than 6 years ago | (#21710422)

You have;
1. Truecrypt binaries somewhere
2. A partition that is unformatted.
3. Optional: you are known to be technical enough to find and read a how-to on using Truecrypt to create a hidden partition.

Thats enough to point that you have an encrypted hidden partition.

The good thing about Truecrypt vs. say LUKS is that you can't tell the file container is an encrypted file container. (LUKS scares the crap out of me with its multiple passwords)

Re:Current techniques make this irrelevant (0)

Anonymous Coward | more than 6 years ago | (#21710484)

Read up on truecrypt, dumbass! You can have a 2nd, hidden partition inside of an already truecrypt-encrypted partition, and there's no way to determine that it is there even if you're forced to give up the keys to the containing partition.

OMG CP (2)

TheRealZeus (1172755) | more than 6 years ago | (#21710248)

apparently at the airport his laptop was gone through by security/police and the found CPs but when the laptop was powered down the encryption kicked in...? i think its sad someone with CPs is getting away with this, but there was no right to go through his laptop in the first place (at the airport). he should be let off the charges for illegal search.

So in effect... (1)

pkadd (1203286) | more than 6 years ago | (#21710280)

..this means that people covered by US law can refuse investigators access to their PC, for example if they are under investigation for piracy, but they also have 5Gb of childporn on their PC? Or did i misunderstand completly?

Unenforceable anyway (1)

BlueParrot (965239) | more than 6 years ago | (#21710296)

My passphrase is: "field kitty sr53"... " or maybe that was 35, I never remember, the 5 could have been a 7" .. then there is "tulip Sandiwch" ... "or was it sandwich Tulip?, you know I was only playing around with this partition I don't actually store anything on it... Hmm, did I decide to use underscores or hyphens? I think I used underscores because I decided spaces might brak things, or maybe it was underscores, they are on the same key you know... try holding down shift... Maybe I misspelt "sandwich", english is'nt my mother tonge.

But anyway, now you know my pass-phrase.

Forced? (0)

Anonymous Coward | more than 6 years ago | (#21710324)

How exactly would they force me to divulge my passphrase? Torture? Put me in jail? What?

Re:Forced? (0)

Anonymous Coward | more than 6 years ago | (#21710446)

They can lock you up for an indefinite amount of time

animation?? (1)

loshwomp (468955) | more than 6 years ago | (#21710326)

From TFA:

An officer opened the laptop, accessed the files without a password or passphrase, and allegedly discovered "thousands of images of adult pornography and animation depicting adult and child pornography."

Like it or not, the "adult pornography" is probably a red herring, so what is this "animation" business? Is that all they have on him? I've seen episodes of South Park that qualify as "animation depicting child pornography". I hope there's more to this case than was explained in TFA. If not, this sounds like a witch hunt.

Waterboarding (0)

Anonymous Coward | more than 6 years ago | (#21710360)

Clearly they should just use waterboarding until he tells them of his own free will. There's definitely nothing wrong with that.

Just trying to help... (0)

Anonymous Coward | more than 6 years ago | (#21710374)

They have already tried 'password1' haven't they?

The man's charge.. (1)

stormguard2099 (1177733) | more than 6 years ago | (#21710396)

U.S. Magistrate Judge Jerome Niedermeier ruled that a man charged with transporting child pornography on his laptop across the Canadian border has a Fifth Amendment right not to turn over the passphrase to prosecutors.
I can see the spin on this one getting pretty bad. Privacy advocates are surely going to catch grief for defending a filthy child pornographer (who hasn't even been found guilty yet, I assume). Still, innocent until proven guilty, justice for all, I hope this doesn't deter people from speaking out about the privacy issues in question here.

It is more like a countermeasure (1)

Slur (61510) | more than 6 years ago | (#21710402)

IANAL but my law view is this...

The law can convince you to incriminate yourself, and the evidence is admissible. You may confess a crime if you have one to confess. You have to state that it's by your own free will. However during trial if you fee so-moved, you can invoke the 5th amendment to disavow your earlier statements. This may be taken as hostile to the court, if not decided upon by prior consultation.

If other evidence already obtained points to you, the law can search you or your premises by obtaining a warrant from a court. The warrant must specify what is being sought and what will be seized. Unfortunately many search-and-seizure operations overstep their bounds. Computer communications are there for the taking, a wealth of self-incrimination, and the courts have no problem using them.

When you send an email you have no choice whether it is archived somewhere or not. Recent emails are always sitting in incoming and outgoing mail queues. Thus the only way to opt out and get true privacy is to use encryption. Your concerted choice was to keep communication confidential between yourself and your compadre. If the only way the law can incriminate you is to coerce you, the information obtained cannot be used in evidence against you. You must be willing to volunteer it. If you are not willing to volunteer it, then they must find other avenues to bring evidence.

For the moment torture is still illegal, at least once it's brought before our court system. This is why the prisoners at Guantanamo are being held off from our court system for the time-being. All those cases will inevitably need to be tried here, because no upcoming president will be good enough to sign on to a world court, and no military tribunal can just go off and just hang a group of abused, innocent people. So most of those cases will be thrown out for lack of evidence. And most of those prisoners will counter-sue for false imprisonment. And they will sue the People of the United States for committing illegal acts of torture.

Likewise, persons convicted and thrown into US prisons based on confessions obtained through torture are today counter-suing the People and their torturers.

So there is a lot of hope that torture will remain illegal. However, ask yourself, how much pain and discomfort would I endure to protect my secrets? What if I was held in a room and not allowed to go and urinate? Would I enjoy pissing myself? That's not such a torture, is it? Maybe that's perfectly legal. These things do go on, on all kinds of levels, so just realize that if you've got a PGP pass phrase that somebody wants... they may just get it anyway.

Animation is illegal? (1, Informative)

Anonymous Coward | more than 6 years ago | (#21710420)

> allegedly discovered "thousands of images of adult pornography and animation depicting adult and child pornography."

animation gets you arrested?

Re:Animation is illegal? (0)

Anonymous Coward | more than 6 years ago | (#21710556)

Lolicon maybe? I'm not sure if that's illegal in the States; logically I don't think it should be but that's never stopped them before.

children/innocents under creators' protection (0)

Anonymous Coward | more than 6 years ago | (#21710432)

the highest 'court' in the universe.

consider membership in the creators' wwwildly popular planet/population rescue initiative, or, all of yOUR other possible options. to regain yOUR freedom may be more costly than one might imagine.

in the end, the creators will prevail (world without end, etc...), as it has always been. the of gaining yOUR release from the hostage situation may not be what you might think it is. butt of course, most of US don't know, or care what a precarious/fatal situation we're in.

some 'races' we'll wish we lost;

for example; the insidious attempts by the felonious corepirate nazi execrable to block the suns' light, interfering with a requirement (sunlight) for us to stay healthy/alive. it's likely not good for yOUR health/memories 'else they'd be bragging about it?

we're intending for the nazis to give up/fail even further, in attempting to control the 'weather'.

http://video.google.com/videosearch?hl=en&q=video+cloud+spraying [google.com]

meanwhile, the life0cidal philistines continues on their path of death, debt, & disruption for most of US;

gov. bush denies health care for the little ones

http://www.cnn.com/2007/POLITICS/10/03/bush.veto/index.html [cnn.com]

whilst demanding/extorting billions to paint more targets on the bigger kids

http://www.cnn.com/2007/POLITICS/12/12/bush.war.funding/index.html [cnn.com]

all is not lost/forgotten/forgiven

whilst (yOUR elected) president al gore (deciding not to wait for the much anticipated 'lonesome al answers yOUR questions' interview here on /.) continues to attempt to shed some light on yOUR foibles;

http://www.timesonline.co.uk/tol/news/environment/article3046116.ece [timesonline.co.uk]

still making his views known worldwide, whilst many of US keep yOUR heads firmly lodged up yOUR infactdead.asp(s) hoping (against overwhelming information to the contrary) that the party LIEn scriptdead pr ?firm? fairytail hypenosys scenario will never end.

for each of the creators' innocents harmed in any way, there is a debt that must/will be repaid by you/us, as the perpetrators/minions of unprecedented evile, will not be available after the big flash occurs.

'vote' with (what's left in) yOUR wallet. help bring an end to unprecedented evile's manifestation through yOUR owned felonious corepirate nazi glowbull warmongering execrable.

consult with/trust in yOUR creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

Isn't that obvious? The 5th amendment (1)

Nicolas MONNET (4727) | more than 6 years ago | (#21710470)

IANAL, I'm not even American, and it seemed to me that nor shall be compelled in any criminal case to be a witness against himself was quite clear and included that sort of thing, unless you interpret "to be a witness" ridiculously restrictively. And isn't the Bill of Rights supposed to be a collection of general principles rather than specific, restrictive directives?

Could go either way (1)

linuxwrangler (582055) | more than 6 years ago | (#21710480)

Ultimately courts could decide that the the key constitutes being a "witness against himself" and entitled to protection.

Or it could decide it is the equivalent of a lock. I know that the police can force a door for a search warrant - and they are trying to force the key to this drive. But according to the article, a defendant can be compelled to reveal a combination to a safe - basically the same thing: an item in memory that allows access to evidence.

Stickier is the issue of additional evidence.

Search warrants must specify what is being searched for. But if I reasonably run across something else, that's fair game. Say that the warrant is for a 60" flat-screen TV. I could reasonably look in the garage, under beds, and such. But I couldn't look in a shoebox, desk drawer or other area too small for the TV. So nearly all search-warrants also specify "indicia of residency". Phone bills, rent/mortgage payments, electric bills and such help prove the residence was used by the suspect. But more insidiously, such documents could be almost anywhere greatly expanding the "reasonable" search to drawers, files, shoeboxes - anywhere someone might keep documents. "I was looking in a shoebox and found a stolen gun and meth." Score! If someone were compelled to reveal their encryption key it's likely that anything revealed by the key would be fair game.

And the pass phrase is... (1)

f2x (1168695) | more than 6 years ago | (#21710490)

Since the article speaks of the disclosure of the pass phrase itself as violating the 5th, then perhaps they should just try some obvious pass phrases: "dig that 15yo a$$" "old enough to bleed..." "i need two tens for a twenty" or the obvious- "i did it"

A good ruling but... (3, Interesting)

russotto (537200) | more than 6 years ago | (#21710502)

...once it gets to appeals court it will hold up as long as a geek in waterboarding session. Certain kinds of utterances have been determined to be "non-testimonial" and not eligible for Fifth Amendment protection, and encryption keys are IMO almost certain to be found as such by the current Supreme Court, since it isn't the key which is incriminating, but the evidence protected by the key.

About time (1)

nurb432 (527695) | more than 6 years ago | (#21710504)

I always thought it was a much larger 5th amendment sort of issue, not just a simple 'destruction of evidence' thing as the cops wanted to make it out to be.

Good to see some people in power haven't lost all sense of reality.

Plausible deniability (5, Interesting)

Diomidis Spinellis (661697) | more than 6 years ago | (#21710518)

If the passphrase is considered keys to a safe, and you are therefore likely to be forced to divulge it, then you can avoid trouble by using an encryption system, like TrueCrypt [truecrypt.org] , that supports plausible deniability [wikipedia.org] . Inside the encrypted volume, blank space is always filled with random data, which can also be another nested encrypted volume. Without the correct passphrase, nobody can prove that the random bits are anything more than random bits.

write up at Volokh, by guys who are lawyers (5, Insightful)

oliphaunt (124016) | more than 6 years ago | (#21710542)

The blog post is here. [volokh.com]

This case is a very interesting overlap between 4th Amendment "right to privacy" cases and 5th Amendment "right not to self-incriminate" cases. I personally think that if the government can't break the encryption to "prove" what is hidden from them, they have no right to force the owner to do their work for them. People have a right to keep stuff private, and if they've hidden it effectively, then tough shit for the cops.

I acknowledge that child porn is inherently harmful to the children involved, and that laws targeting possession of child porn are therefore valid so far as they aim to protect children by destroying the market for the exploitative and harmful material. And there is no first-amendment protection for child porn. But the cops still can't break into your house without a warrant just because they they think you have pictures of naked kids inside, and they can't wiretap your internet connection without a court order (heh, they can't LEGALLY, even though it's probably going on right now OMGHI2NSA). Those are 4th amendment rights. But the 5th amendment kicks in to say that even with a court order and a valid warrant, the cops in your house can't force you to tell them which floorboard is the loose one with the bloody knife hidden under it. If you refuse to tell them, they have to find it on their own-- and if they can't find it, they can't use it as evidence against you. That's exactly how the 5th amendment is supposed to work.

A police force with the power to compel self-incriminating testimony becomes the enemy of any citizen who wishes to lawfully express dissent with any policy of government. The 5th Amendment is the most powerful safeguard citizens have against confessions extracted via torture finding purchase in US courts.

From the decision itself (lifted from that post at Volokh Conspiracy), bolded emphasis is mine:

Entering a password into the computer implicitly communicates facts. By entering the password Boucher would be disclosing the fact that he knows the password and has control over the files on drive Z. The procedure is equivalent to asking Boucher, "Do you know the password to the laptop?" If Boucher does know the password, he would be faced with the forbidden trilemma; incriminate himself, lie under oath, or find himself in contempt of court. Id . at 212.
    The Supreme Court has held some acts of production are unprivileged such as providing fingerprints, blood samples, or voice recordings. Id. at 210. Production of such evidence gives no indication of a person's thoughts or knowledge because it is undeniable that a person possesses his own fingerprints, blood, and voice. Id. at 210-11. Unlike the unprivileged production of such samples, it is not without question that Boucher possesses the password or has access to the files.
    In distinguishing testimonial from non-testimonial acts, the Supreme Court has compared revealing the combination to a wall safe to surrendering the key to a strongbox. See id. at 210, n. 9; see also United States v. Hubbell, 530 U.S. 27, 43 (2000). The combination conveys the contents of one's mind; the key does not and is therefore not testimonial. Doe II, 487 U.S. at 210, n. 9. A password, like a combination, is in the suspect's mind, and is therefore testimonial and beyond the reach of the grand jury subpoena.
    The government has offered to restrict the entering of the password so that no one views or records the password. While this would prevent the government from knowing what the password is, it would not change the testimonial significance of the act of entering the password. Boucher would still be implicitly indicating that he knows the password and that he has access to the files. The contents of Boucher's mind would still be displayed, and therefore the testimonial nature does not change merely because no one else will discover the password.


I think this last sentence is the most significant holding by the court: even forcing him to acknowledge that he HAS the password would violate the suspect's 5th amendment rights not to incriminate himself. The 5th Amendment assumes that the police are the enemy, and it says that you don't have to do the enemy's work for them. And remember, this doesn't change the rules of the game- if they can crack his encryption, they're welcome to use the evidence against him. If he's trafficking in child pornography, his acts are harmful to society at large and he deserves severe punishment. But if the police are unable to prove their accusation beyond a reasonable doubt WITHOUT COERCING SELF-INCRIMINATING EVIDENCE from the accused, then he must be allowed to go free.

Horrible case law (3, Interesting)

Anonymous Coward | more than 6 years ago | (#21710558)

This is horrible case law. I get search warrants for the data on the machine. Therefore it should be held under the same rules as getting access to a safe or a house.

Encryption keeps getting easier and easier to use - someday my job wont be possible without good case law forcing defendants to give up encryption keys. The only other option is to step up the use of no-knock search warrants and live acquisition. Problem is... when a daughter accuses her step-dad of molesting her and taking pictures - there is usually a family fight long before law enforcement gets involved. This leaves the subject days to encrypt and clean any evidence he has.

I know that most people think that the police go around taking peoples' machines without any cause but I can tell you from my experiences (and the experiences of everybody else I've run into in this field) we don't go around looking for new cases. We are completely understaffed, under-budgeted, and flooded with horrible crimes. Plus, its not easy to get a search warrant. You need to satisfy probable cause in order for the judge to sign off on your warrant.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?