Slashdot Mirror
Encryption Debate at Mitnick Trial
A number of people have written about the latest twist in the Mitnick case. Kevin wants to get his data back, but the government is refusing to do so until he gives them the key. Apparently, the government is unable to crack the encryption that he's got on it - you'd think after having the data for five years, they'd be able to brute-force the darn thing. It's a NYT article - free login required.
Seriously now, Kevin has the right not to incriminate himself. This includes not turning over a key. This is all 5th Amendment.. the government is just trying to set a precident here so they can steam-roller it. g'luck, I have a small amount of faith that the supreme court will shoot it down.
Maybe the entertainment industry should have hired this guy to write the next version of DVD playback protection.
You can't handle the truth.
Man, if ever I saw a reason why steganography, this is it.
;-)
I'd like to suggest a solution to this problem. Let's call it the "Redundant Distributed Network Steganographic File System", mostly because it's an acronym that can't be made into a cute name.
Now, the idea is, everyone gives up some disk space, say 0.5gb, which they make acessible on the Internet. In exchange, they get like 0.1gb of space on the RDNSFS. The filesystem LOOKS like noise, but if you have the right key, you can extract a certain amount of data from it. If you have the wrong key, you get fake data.
Now, the big problem is how to allocate space for someone without giving away that they have data out there somewhere....
sigs are a waste of space
If they could decrypt it, would they tell us? They didn't need the data to get Mitnick convicted, so they would have no reason to reveal that they know what the files contain, especially if they are something that isn't terribly valuable to the government (but might be to Kevin). On the other hand, by not admitting to have decrypted the files, they can keep Kevin from getting them back.
Probably most seriously though, is if the government admitted they could crack the encryption, it would not be good for the government. It would encourage more people to use more heavy-duty encryption. It would put more political pressure on the government to further laxen the export rules, which is not something they would like. By not admitting to being able to crack the encryption (assuming for a moment they really can), they give other people a false sense of security. All in all, it would be a loss for the government to make the admission with very little upside for them.
I don't like the concept that we can't give it back to him, because it MIGHT be bad.
If I had a little black box that was confiscated, would the argument that it MIGHT be some kind of weapon be ample reason for the law enforcers to not return my black box. To extend this logic, could they confiscate my bank accounts because I MIGHT do something destructive with the money, or that the money MIGHT be the spoils of my previous crime?
You MIGHT have noticed the gratuitous use of a specific word. It's this little word that worries me a great deal about any precedents that may arise from this event.
The Other Nate
The Other Nate
I am a lawyer, but this is not legal advice.If you need legal advice, see an attorney licensed in your area.
You've turned the presumption of innocence sideways. He was convicted; there is no longer a relevant presumption.
He was convicted for stealing electronic information. It takes a stretch of the imagination to think that there is more than a remote chance that the data does not include the fruits of his crime.
The state does *not* have have to prove a connection to each and every apparent proceed of his criminal enterprise--*especially* when there is a simple way to check.
He *has* been convicted, and it defies logic to suggest that that this data isn't part of his crime. *He* now has the burden of proof, not the government.
This is not an erosion; I believe that this is exactly the outcome you would see from a court staffed by the founding fathers. I'm just about all the way out to the extreme on the rights of individuals in the face of the government (just l like the folks who wrote the Constitution and Bill of Rights), but in this case the law is on the government's side.
I wonder how this translates to another scenario: If Uncle Sam wants to search my house, that would require a search warrant. If I do not open the door, that would require a battering ram. Paranoia aside, a battering ram does not seem to be readily available.
Now let's say they got in my house and found a book written in Esperanto. Being short of Esperanto translators, they ask me to translate it for them. I say "Never!" or "Neniam!" and pleading my 5th Amendment, keep the contents of the book to myself until the government finds an alternative.
At this point, I draw another parallel to the Zapruder film which the government declared as its property (I'd like to do that) in exchange for proper compensation. So it's not out of bounds for the government to claim domain and walk away. Then the question is one of assessing the value. (As discussed in earlier postings).
I'd let the government compensate me for x amount and then have all of my "Free Kevin" supporters sue under the Freedom of Information Act to make its contents public. Although these may be considered court records entitled to a higher degree of protection, this might be a strategy worth considering.
It really would be great if they spent all this time and money decrypting only to find that the encrypted gig contained alt.binaries.tickleandspankme pictures from way back when!
sarchasm: The gulf between the author of sarcastic wit and the person who doesn't get it.
The data was encrypted, so their was no way to copy it. Or were you asleep when the DVD CCA explained this? ;-)
This is widely believed but for good or for bad, it is not true. You are entitled to the presumption of innocence in court, i.e. before the judge and jury at your trial. However, the rest of the system is entitled to presume you guilty with reasonable suspicion. That's why the police can get warrants to search, that's why they can arrest you and that's why they can hold you in jail if they think you are harmless but probably will run away.
I think morally and as a courtesy it is nice for the public at large to also give you a presumption of innocence, but it's clear that the only way to run the bureaucracy is pretty much they way that it is run.
I am not familiar with the Mitnick case specifics, but it is quite common for defendants to give up the right not to self incriminate as part of a plea-bargain. If he agreed to cooperate, for example, then I can see both sides of this dispute.
Also, it is interesting: encryption brings up a question that does not exist in meatspace so new law might be required: we don't give burglary tools back to burglars. Encrypted files have this weird property that you can hold them in your hands but not be able to tell what they are. I believe that if the government offers him immunity from any new prosecution, that he may not claim the right not to self incriminate because he would not be. Then it becomes a privacy issue and there really is very little law protecting actual privacy.
Encryption is bad. Don't use encryption.
Thanks,
The US Government
Paranoid ramblings from a paranoid person... but after all, isn't that what the Mitnick case is all about, setting precedents?
All the creatures will die, And all the things will be broken. That's the law of samurai. (Jubai, 1605)
...and then he'd have an advantage, as he would no longer care that they could nuke his data.
Or maybe he did.
--------
"I already have all the latest software."
First off, the standard disclaimer: IANAL. But I can use Google to find and read what Lawyers have already written.
Item 1:
A. Michael Froomkin, Associate Professor, University of Miami School of Law writes in his article "The Metaphor is the Key": Simply putting something into a safe does not, however, ensure that it is beyond the law's reach. It is settled law that a criminal defendant can be forced to surrender the physical key to a physical safe, so long as the act of production is not testimonial.{706} Presumably a similar rule compelling production would apply to a criminal defendant who has written down the combination to a safe on a piece of paper. There appears to be no authority on whether a criminal defendant can be compelled to disclose the combination to a safe that the defendant has prudently refrained from committing to writing, and in Fisher v. United States,{707} the Supreme Court hinted that compelling the disclosure of documents similar to a safe's combination might raise Fifth Amendment problems.{708} Perhaps the combination lock problem does not arise because the police are able to get the information from the manufacturer or are simply able to cut into the safe. These options do not exist when the safe is replaced by the right algorithm. Although brute-force cryptography is a theoretical possibility,{709} neither safe cracking, nor number crunching, nor an appeal to the manufacturer is a practical option when the armor is an advanced cipher. The recently released Federal Guidelines for Searching and Seizing[Page 872]Computers{710} suggest that "[i]n some cases, it might be appropriate to compel a third party who may know the password (or even the suspect) to disclose it by subpoena (with limited immunity, if appropriate)."{711}
(The numbers are footnotes to specific cases)
Item 2:
The Crypto and Self-Incrimination FAQ simply lists (for America... it also covers a few other countries): "The Fifth Amendment of the Bill of Rights reads: "No person (...) shall be compelled in any criminal case to be a witness against himself". The Supreme Court has restricted this to giving evidence "of a testimonial or communicative nature". ". It also lists several cases that apply.
--
Evan --
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
Iam a lawyer, but this isn't legal advice. If you need any, see a lawyer licensed in your jursdiction.
You're close. Let me elaborate (hmm, how could you possibly stop me?)
Speech cannot be coerced, but "attributes" can. You can't be forced to give information, but you can be forced to provide a blood sample, a handwriting sample, or even to repeat a phrase in a lineup (I've never heard of this used for anything other than identification by a witness. I can't back it up, but I believe that that's about as far as it can go).
So here he can be forced to turn over the data, but he can't be forced to communicate the code. However, if perhaps there were sensors on the keyboard to verify identity, he could probably be required to type a *particular* code.
But as you and others are suggesting, the fifth amendment only applies to him surrendering the code--it has nothing to do with getting back the data, which would be a fourth amendment issue.
I think it's entirely possible the reason the data hasn't been able to be decrypted is that it is in fact garbage. In Mitnick's book (with Jon Littman), _The Fugitive Game_, they describe how Mitnick's partner encrypted garbage several times, just to irritate the law enforcement officers who seize the boxes.
None of this would happen if people assumed that some things are not government's business. Instead, the assumption is that everything is.
Got a beef? Plug a name into the Bizarre Rumour Generator!
First, IANAL.
5th Amendment doesn't keep people from being required to provide a blood sample for DNA and I'm pretty sure it doesn't keep them from being required to turn over keys to a safe if the court issues a warrant.
Perhaps encrypted files could be thought of as a safe. If law enforcement can convince a judge that the encrypted file(s) probably contain evidence of a crime (files from a cracked system) or are criminal themselves (encrypted kiddie porn), they'll get a warrant for Mitnik to provide the key. If he doesn't comply he could be jailed for contempt.
If you're thinking, "yeah but with a safe they could just jackhammer it open," think of it as a boobytrapped safe. The court could require someone to disable the boobytraps.
How is *that* relevant -- suppose they confiscated a physical device from you which they were unable to understand -- would you be forced to explain it before it was returned to you?
For all we know your honor, this mysterious cylindrical object could be a weapon -- it makes an ominous vibrating noise when powered up!
Shut up, be happy. The conveniences you demanded are now mandatory. -- Jello Biafra
Excuse me, but can't they just copy the freakin' data!? Give Kevin his data back, and brute force it later. If there's anything dangerous in there, they'll know about it later. It's been a lot of years and most of the computers he hacked are gone.
How much of a chance is there of being some sort of dangerous data? Credit card lists? Incriminating files? They might have legal grounds to keep the original (evidence in a criminal case), but it can very easily be argued he can have a copy because the original evidence is not modified in any way.
Of course, this gets silly quickly - there could be off-shore datahubs that existed just to hold copies of people's private, encrypted data, such that if Big Brother ever came knocking, you knew that your data was out there for you to retrieve, even if you could not get the physical drive storing your data...
Then laws would get passed, continuing the "whack-a-mole," that would make this activity illegal. Then another method to keep your data and not let Big Brother have it would be made. And then that would become illegal. Repeat ad nauseum.
(My views, not my company's. I'm guessing you knew that.)
Online wrestling as a trading card game? WWF With Authority.
If this were a case of say, a bomber, and the government had confiscated his chemical fertilizer, which he may have obtained legally, and may only intend to use for farming, would the government be required to return it?
If yes, then there is no reason by which Mitnick's data can be held.
If no, the government could keep it under "reasonable suspicion" or "danger to the public", then the government should have the right to withhold the data.
"You can't get something for nothing." - my grandfather, on the stock market and Reaganomics.
All I want to know is where I can get my hands on the software he used to encrypt his files! If he encrypted this 5 years ago - and it's still strong then I gotta get my hands on this.
Anyone know what program he used? was it PGP? was PGP even around 5 years ago?
Joseph Elwell.
According to the blithering nonsense from both the judge and the persicution, if the files were "readable" there would not be a problem.
Thus, if one "hides" their encrypted information, using strgonagraphy,in a file or series of files, and those files appear to be readable, the government would have no reason to hold the files.
Be that as it may, I believe the government has no right to keep property just because they do not know what it is. The burden is on the sholders of the state to prove that the information is some sort of contraband. This is just another example of the government giving individual rights a wink before cracking the whip to show who is master.
BTW, "plans for taking down a system" should be covered under "free speech".
Eve Fairbanks says I drive a hybrid!LOL
The judge added that if Mitnick would "tell the government how to read" the files, then the government would turn over the files in decrypted form.
Mitnick's lawyers immediately objected to this condition on the grounds that it would force him to waive his Fifth Amendment right against self-incrimination to obtain evidence he needed and that he had a legal right to see. The judge rejected this point and repeated her ruling.
It seems that the right not to incriminate yourself is solely testimony based from what I have read. So your writings can be used to incriminate you in a court of law...even if they are private (i.e. a journal). It seems the government is treating the files like property (i.e. it can be searched/seized) instead of testiomony.