Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Defendant Ordered to Decrypt Laptop Claims She Had Forgotten Password

wiedzmin (1269816) writes | more than 2 years ago

Encryption 5

wiedzmin (1269816) writes "A Colorado woman that was ordered by a federal judge to decrypt her laptop hard-drive for police last month, appears to have forgotten her password. If she does not remember the password by month’s end, as ordered, she could be held in contempt and jailed until she complies. It appears that bad memory is now a federal offense."

Sorry! There are no comments related to the filter you selected.

Punishable by life in prison? (1)

mark_reh (2015546) | more than 2 years ago | (#38948835)

Held in contempt for how long? Can they keep you there forever? What if she actually forgot the password?

I have a way around this problem for future laptop encrypters: The encryption software should be written to automatically change passwords, reencrypt, or securely delete data if the correct password isn't entered at least once in any, say, 24 hour period. That would make it impossible for the person to comply with the order, and keep them out of jail for contempt.

Alternatively, make the password be 1/2 of a two factor security system where an external time source or random text string from a web page is the other factor. If the computer clock doesn't match the external source within a minute or so, or if the web browser isn't open to a specific page when the password is entered, change the password and render the user password worthless. I think that both tricks would be difficult for forensics people to work-around (and would result in accidental loss of data for less disciplined users).

The problem with any such scheme is that you can't prove that you have no way to access the data, so they'll toss you in jail anyway. OTOH, if you're truly worried about your data falling into the wrong hands, sitting in jail until they finally give up might be a much shorter than the time you'd sit in jail if they did get to your data.

Re:Punishable by life in prison? (1)

evanism (600676) | more than 2 years ago | (#38949163)

You can be held for contempt forever. You are in a legal black hole that no lawyer can pull you from.

Re:Punishable by life in prison? (1)

mark_reh (2015546) | more than 2 years ago | (#38949689)

That sucks balls.

Re:Punishable by life in prison? (1)

mattventura (1408229) | more than 2 years ago | (#38949719)

There isn't a practical way to do this. Forensics is going to immediately shut down your computer and pull the drive. Then they will simply make an image of the drive so there is no possible way to ruin the original data.

Re:Punishable by life in prison? (1)

jonwil (467024) | more than 2 years ago | (#38950011)

Many arcade games in the past have used battery backed CPUs and RAM to contain secret encryption keys for the games.
It should be possible to combine similar technology with a GPS chip (also powered by the battery) so that any attempt to move the computer (either powered on or off) will erase the encryption keys. Can easily give it enough wiggle room in the logic to account for the inaccuracies in GPS and a special secret must-use-before-moving method to disable the system if you need to move it to a new location. Link this to a chassis intrusion detection system (i.e. opening the case triggers the system).

Done right, it should mean that unless the people taking the machine (thief, feds etc) know the system exists AND can find a way to disable it before moving the machine, the data contained in the machine will be permanently unreadable.

Imaging the disk wont matter as the key is stored in unreadable memory and will be erased the moment they open the machine to pull the disk.

Even better, tie the GPS setup to some sort of physical damage whereby instead of just erasing the key, it permanently destroys the hardware somehow.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?