Slashdot Mirror

← Back to Stories (view on slashdot.org)

Merely Cloaking Data May Be Incriminating?

Posted by Zonk on from the what's-mine-is-mine dept.

n0g writes "In a recent submission to Bugtraq, Larry Gill of Guidance Software refutes some bug reports for the forensic analysis product EnCase Forensic Edition. The refutation is interesting, but one comment raises an important privacy issue. When talking about users creating loops in NTFS directories to hide data, Gill says, 'The purposeful hiding of data by the subject of an investigation is in itself important evidence and there are many scenarios where intentional data cloaking provides incriminating evidence, even if the perpetrator is successful in cloaking the data itself.' That begs the question: if one cloaks data by encrypting it, exactly what incriminating evidence does that provide? And how important is that evidence compared to the absence of anything else found that was incriminating? Are we no longer allowed to have any secrets, even on our own systems?"

1 of 418 comments (clear)

  1. Let me get this straight... by nonsequitor · · Score: 5, Interesting

    If I encrypt my financial data, and am unable to unlock it for the FBI because I lost the smart card I used to encrypt it, does that make me guilty of . When asked why I didn't delete it, I could say I hoped to one day find the smart card. Does that mean they can ship me off to gitmo?

    Of course the difference between this scenario and one where someone merely claims to be unable to decrypt the data is irrelevant.

    I thought that we were innocent until proven guilty in this country, not vice versa.