Slashdot Mirror

← Back to Stories (view on slashdot.org)

Merely Cloaking Data May Be Incriminating?

Posted by Zonk on from the what's-mine-is-mine dept.

n0g writes "In a recent submission to Bugtraq, Larry Gill of Guidance Software refutes some bug reports for the forensic analysis product EnCase Forensic Edition. The refutation is interesting, but one comment raises an important privacy issue. When talking about users creating loops in NTFS directories to hide data, Gill says, 'The purposeful hiding of data by the subject of an investigation is in itself important evidence and there are many scenarios where intentional data cloaking provides incriminating evidence, even if the perpetrator is successful in cloaking the data itself.' That begs the question: if one cloaks data by encrypting it, exactly what incriminating evidence does that provide? And how important is that evidence compared to the absence of anything else found that was incriminating? Are we no longer allowed to have any secrets, even on our own systems?"

6 of 418 comments (clear)

  1. Begs the question by evanbd · · Score: 5, Informative

    No it doesn't. It raises the question. Begging the question is a logical fallacy, much like circular reasoning.

  2. Deniability is what matters by Somnus · · Score: 4, Informative

    Encryption itself is only useful for preventing data theft by clandestine means. Authorities with a warrant can threaten you with jail to make you give up the keys, and even less scrupulous forces can beat them out of you. You can destroy the keys, but then you'll really piss them off.

    What you need is deniability, as in a steganographic filesystem. No one can ever prove that there is even anything there -- "Oh, I was just playing with it, I can reformat it if you want." Even better, embed data steganographically in standard data formats, like images.

    It would be interesting to interpret the protection against self-incrimination to include data storage, i.e. your hard disk is an extension of your consciousness. Of course, this does not accord with the original aim of this right, which was to prevent false testimony/confessions induced by torture -- your hard disk exists apart from your "will."

  3. Easy solution by Spy+der+Mann · · Score: 5, Informative

    Just set up a triple truecrypt partition and in the middle one put some cheap porn files. The real stuff goes in the third one.

    [ standard truecrypt [ deacoy porn ] [ hidden truecrypt [ deacoy gay porn ] [ doubly-hidden true crypt [ secret spy stuff muahahahaha ] ] ] ]

  4. Re:The Matter of Privacy by Kpau · · Score: 3, Informative

    The Constitution is not an "assignment of rights". It is a set of LIMITATIONs on the government and what it may do. The last piece of the Bill of Rights specifically says that the enumeration of specific rights does not make other natural rights vaporize. Besides, the 4th Amendment is basically about privacy even if it doesn't specifically use the word. "Habeus Corpus" is also *assumed* in the Constitution since it references it. They never should have called it the Bill of Rights ..... I guess it was just easier to say than "The Bill of Restrictions on the Government".

  5. Re:It's called a "warrant". by fyngyrz · · Score: 4, Informative
    The cops go to a judge and get a warrant based upon whatever evidence they have that a law was broken.

    Yeah. Except when the authorities just break down your door, or tap your|everyone's phone, or search your vehicle, or take your property, or freeze your assets, just because that's what they've decided they want to do. Warrant, my ass. Wake up.

    that access should require a warrant.

    Yes, it should. But it doesn't. So... now what?

    But there has to be a warrant.

    No. There doesn't. There doesn't have to be a trial, either. Or access to representation. Or even a phone call. You can be tortured. Welcome to the USA. Papers, please.

    --
    I've fallen off your lawn, and I can't get up.
  6. Re:Guilty until proven innocent by dhasenan · · Score: 4, Informative

    These people are selling products and services to prosecutors. Defense attorneys only need to be aware of flaws in forensics software and practices that can result in false positives.

    Pleading the fifth in front of a jury when you're the defendant is tantamount to an admission of guilt. But there was an encryption/steganography system called Rubberhose ( http://iq.org/~proff/rubberhose.org/ ) that allowed you to create an arbitrary number of encrypted volumes in one disk segment, where each volume took up a random sequence of blocks. You could have four or five encrypted volumes, one of which contained the incriminating material and the rest of which contained plausibly embarrassing and private material. Then you can comply; nobody can prove that you haven't decrypted everything, since the entire disk segment is filled with random-seeming data.

    TrueCrypt does almost as well as Rubberhose, and it's maintained. It allows you to create nested encrypted volumes, but defaults to two volumes deep, and I'm not sure whether it supports any more than that.