Slashdot Mirror
Merely Cloaking Data May Be Incriminating?
n0g writes "In a recent submission to Bugtraq, Larry Gill of Guidance Software refutes some bug reports for the forensic analysis product EnCase Forensic Edition. The refutation is interesting, but one comment raises an important privacy issue. When talking about users creating loops in NTFS directories to hide data, Gill says, 'The purposeful hiding of data by the subject of an investigation is in itself important evidence and there are many scenarios where intentional data cloaking provides incriminating evidence, even if the perpetrator is successful in cloaking the data itself.' That begs the question: if one cloaks data by encrypting it, exactly what incriminating evidence does that provide? And how important is that evidence compared to the absence of anything else found that was incriminating? Are we no longer allowed to have any secrets, even on our own systems?"
What about using a rare file system? If I want to put all of my stuff on ZFS and the FBI can't read it will they ship me off to Gitmo?
"Are we no longer allowed to have any secrets, even on our own systems?"
Why do you even have to ask? As private citizens we arent allowed to hide anything from the government. Its labeled as obstruction of justice and we get tossed in the can if we dont cough up the keys. Even if we have nothing to hide.
---- Booth was a patriot ----
No it doesn't. It raises the question. Begging the question is a logical fallacy, much like circular reasoning.
If you have nothing to hide, then you have nothing to fear!
May the Maths Be with you!
Are they still our systems these days? I could've sworn the EULA said it was just a license I bought...
Absent any other damning evidence (other concrete evidence found at the defendant's house, financial records at banks and such pointing straight to the suspect, witness testimony, etc), the prosecutor is pretty much fscked if he thinks a jury (dumb as they may be) is going to buy any counter-argument to even a halfway cogent alibi. Everyone knows that Windows is insecure. Everyone knows someone who got a virus. Everyone knows that identity theft is a Bad Thing(tm).
Sorry, but I somehow don't see how a whole case could hinge on just one bit of evidence: "well, he has an encrypted filesystem, and he keeps invoking the 4th/5th amendments(?) in order to not unlock it, so you must convict..."
Then there's the whole "evidence of absence is not absence of evidence" bit.
Not much left to be useful after all that...
Quo usque tandem abutere, Nimbus, patientia nostra?
And the police expect total control of any given situation. Whenever one does not cooperate with the police, the police no longer is in total control and will take whatever measures are necessary to regain total control.
Adding those two points simply will make that anyone who hides stuff from the police is automatically an ennemy that has to be controlled at once.
As a matter of fact, one cannot never win against the police. In a courtroom, yes, maybe, but not against the police.
So the obvious solution is that everyone should perform maximum obfuscation/encrypting of data, the idea being that one cannot jail a whole country.
If I encrypt my financial data, and am unable to unlock it for the FBI because I lost the smart card I used to encrypt it, does that make me guilty of . When asked why I didn't delete it, I could say I hoped to one day find the smart card. Does that mean they can ship me off to gitmo?
Of course the difference between this scenario and one where someone merely claims to be unable to decrypt the data is irrelevant.
I thought that we were innocent until proven guilty in this country, not vice versa.
There are plenty of legitimate reasons to encrypt personal data.
Yes, the 4th applies until you are ordered to by a judge. ( you cant just turn down a search warrant when the cop is at the door waving it at you ). Once the judge hands down the order you dont have a choice, unless perhaps you try to plead the 5th, and i still bet that wont apply if you refuse to hand over 'documents' that were authorized to be seized by the warrant..
---- Booth was a patriot ----
The cops go to a judge and get a warrant based upon whatever evidence they have that a law was broken.
They'd have to have access to it already to see that it was encrypted. And that access should require a warrant.
Again, see the word "warrants" there?
Encrypt EVERYTHING to protect yourself from regular criminals.
But if you are accused of a crime, you have to decide whether the encrypted data will help your case or harm it. And if it will harm your case, will it do more or less harm than refusing to decrypt it?
But there has to be a warrant. Focus your complaints on situations where there aren't any warrants.
So, if you're being investigated, and you're hiding data pertinent to the investigation, of course thats criminal. Its just like physical evidence: if you have it, and you're hiding it from the authorities, they're obviously going to throw the book at you.
And that, 'Are we no longer allowed to have any secrets, even on our own systems?' line is pretty sensationalist. Thats like declaring that it will soon be illegal to own a safe because a court issued a search warrant of someone's house.
First off, the linked article doesn't actually contain the quote given in the article summary. But, assuming what the article summary says is accurate...
The relevance, admissibility, or incriminating character of the mere fact that a defendant hid something (i.e., as separate from the hidden content) is a legal question. In general, the absence of evidence is irrelevant with a few exceptions (obviously it's highly relevant to charges of destroying evidence!). The most important one is that of an absence of regularly kept business records. So, if a business regularly kept records of, say, who entered a building, and an employee were suspected of stealing something from the business, and the records for that night were missing, then perhaps that could be used as evidence against the employee on the theory that the employee had erased the record to cover his or her tracks. The same would be true if the record, rather than being deleted, had been encrypted when the others were unencrypted or encrypted in a different way/with a different key.
This is a very glossed over view of a complicated topic, but on the narrow question of the mere fact of the use of encryption, I would tend to say that would generally not be incriminating. Certainly the prosecution cannot simply point to your TrueCrypt or FileVault encrypted drive and say "look! everything on that computer is encrypted, therefore we can't know what it is, therefore it could be evidence of wrongdoing." That is tremendously weak circumstantial evidence and falls far, far below the reasonable doubt standard.
Note: I am not a lawyer and this is a layman's opinion, not legal advice.
This is why you need to encrypt everything as a matter of course: the valid argument is privacy in the face of all the data theft reports coming out nearly daily, you don't know where stuff is stored all the time, so just encrypt everything.
Anything you *do* want hidden, needs to be done in such a way that there's nothing that indicates that there *is* anything hidden, ala Truecrypt's multiple volumes. "I don't need to *hide* anything, so I'm not using that feature, it's just a good encryption tool"
Encryption itself is only useful for preventing data theft by clandestine means. Authorities with a warrant can threaten you with jail to make you give up the keys, and even less scrupulous forces can beat them out of you. You can destroy the keys, but then you'll really piss them off.
What you need is deniability, as in a steganographic filesystem. No one can ever prove that there is even anything there -- "Oh, I was just playing with it, I can reformat it if you want." Even better, embed data steganographically in standard data formats, like images.
It would be interesting to interpret the protection against self-incrimination to include data storage, i.e. your hard disk is an extension of your consciousness. Of course, this does not accord with the original aim of this right, which was to prevent false testimony/confessions induced by torture -- your hard disk exists apart from your "will."
Right. I suspect that this could be used in, for example, subpeona-ing the IM logs of my friends who don't encrypt them, or of, say, Microsoft (for my MSN logs)...
I'm not sure it was meant to imply that the act of cloaking is itself incriminating, but rather that knowing you cloaked your data might tell them where to look. But then, it really was not worded very clearly.
Don't thank God, thank a doctor!
Encrypt everything, hide everything. Then they can't point to this-or-that encrypted file and say that that's the one that must contain the incriminating evidence. The fact that most people do indeed only hide stuff when they "know they're doing something wrong" only helps the bastards build their cases.
Liberty in your lifetime
While languages DO evolve over time, simply using a phrase incorrectly is not evolution, even if the mistake is common.
Furthermore, when you start multiplying the meanings that a word or phrase can have, you start reducing its usefulness. When it cannot make a specific idea clear, in contexts where the meaning may be ambiguous one now has to use even more words to get their idea across.
Anyway, this specific mistake has been pointed out many times on slashdot. Zonk really should know better by now.
Similarly, if the cops accuse you of murder and you don't tell them where the bodies are, that proves that you are guilty.
I encrypt everything just so if they ever investigate me, for whatever stupid reason they might decide to, they can demand the key and I can refuse. It's the principal of the thing. Why should we give up our privacy? What if I just want to encrpyt files by a random one time key and then erase the key? Maybe that constitutes digital art to me.
I encourage everyone to generate files containing nothing but random noise, encrypt those files, and throw away the key. If everyone does this then they can't tell what is a real encrypted file and what isn't. For good measure email some of these random files back and forth with suspicious subject lines.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
The most compelling argument I've heard against your logic is that sometimes you really don't want to obey the law. Laws are not only good, but they come in bad varieties too. Even if you think the laws are good right now, they could change suddenly, and all that invasion of privacy and surveillance that you thought were OK suddenly make it incredibly difficult for you to function as a free man. In fact, the incriminating evidence against you may already have been gathered and is waiting to be used.
Not yet in the US, but UK has the RIPA act: http://en.wikipedia.org/wiki/Regulation_of_Investi gatory_Powers_Act_2000
Bitter about something, are we?
Except their partner on the beat. And Dispatch. And the Chief. And...
I don't think they do, realistically. They might want that, but doesn't everyone? I know I'd love to have total control of any given situation.
But realistically, any cop who has been around awhile should have seen the FBI take over an investigation, or a perp slip away because someone was stupid enough to violate their fourth-amendment rights. Or a good friend die in the line of duty.
If, in the course of investigation, they come across someone hiding stuff, it might make them suspicious. It might even automatically make that person a suspect. But "suspect" doesn't mean "enemy", because they have to be willing to accept that they may have the wrong person. (That's not always true, of course -- sometimes they know they've got the right guy, but he's still a "suspect" until he becomes a "defendant".)
Erm... you just refuted your own argument.
I mean, even your grammar disagrees with you here: "one cannot never win against the police." Cannot never. That means it is impossible for someone to never win against the police. Meaning that at least once in your life, you will win against the police.
It's tricky to figure out what you mean by "In a courtroom..." If you're saying that it's possible to win in a courtroom, then you're right. If you're saying it's not possible to win in a courtroom against the police, you're dead wrong. There have been cases where, for example, a cop opened the trunk of some guy's car without a warrant, and there was a dead body in the trunk -- but since it was obtained through an illegal search, it could not be used as evidence. Which means that the guy walked. (Might have been on Law & Order, actually, but there have been real cases like that.)
If you can get away with murder on a technicality, because some policeman (in this case a policewoman, I think) didn't follow procedure exactly, I call that "winning against the police."
Wrong again!
First, everyone will not do this. I think you'll only really get a few zealots (like whatever morons modded you +5 Insightful), but let's pretend for a moment that every technically-minded person followed you.
Now, I don't care how many that is, but there are overwhelmingly more people who actually feel good about AOL (and Earthlink, etc), spend all day on Myspace, have no clue what an operating system even is, etc etc.
And before you say "one cannot jail a whole class of people", I'll point you to Germany, circa 1942 -- several whole classes of people were not only jailed, they were also enslaved and killed wholesale.
I don't mean to say I expect another Holocaust here. What I am saying is that if you really believe that a truly massive number of people using encryption won't be jailed in this country, then you should also believe that even the small minority who seriously uses encryption today should be safe.
Don't thank God, thank a doctor!
However, in civil procedings the Discovery Process may require you (under pain of contempt) to produce all requested documents. Perhaps including keys if it can be proven you still retain them. Lawyers can argue whether a plaintiff has a right to the keys independant of the documents. Not that they have any right to seize the machine.
A truly maniacal police/DA might seize a machine then start a civil suit. But there are usually ways to stop this.
There is no promise of Privacy in the Constitution, and even if there ever had been, we'd have ground that right down to a bloody stump by now with the growing power of technology on one side and the exploding power of government and big business on the other. It's hard to even say that in a world with accelerating technology and the ability to grow weapons of mass destruction in your own garage or basement, that there isn't some justifiable need for privacy to give way to greater security.
That said, Govenment and big Business have proven beyond any shadow of a doubt that they cannot be trusted to wield the power of absoute intrusion with intelligence, dignity, or even a modicum of good taste. Microsoft is planning to turn your personal computer into their data tap in your home, a private spy on your desk... and what about our government, just today, four men falsely accused of murder in Boston by the FBI (two of whom died in prison and two others who spent 30 year behind bars), just got record making settlements of $102,000,000.00 for malicious prosecution and false imprisonment. Are these really the folks you wants to be watching every atom of your transparent life day in and day out? God help you if it becomes in their political or financial interest to have you made into "Soylent" (pick a color.)
So if we're going to live in a transparent society, where every person is;
- Videod from the time they leave their front door to the time the get back in the evening,
- Having every network packet they send or receive deep scanned for content, ownership, recipients, and legality,
- Running a computer with hardware and software providing virtually total exposure to data collecting agent both benign and malignant,
- And ultimately where every appliance, every room, every space will be filled with intelligent sensors recording every action, preference,
habit, activity, and affiliation that any of us might have,
then we are clearly far overdue for the creation of a new Bill of Rights. We must begin to think about the implications of our technology, and how the clear and unbridled abuse of that power by a loathsome few endangers all of us. If the world is to become transparent, then we must be assured that the eyes that see us, are fair, impartial, and dedicated to the sanctity of our humanity, and our dignity. In short those eyes cannot be human. They can be programmed by humans (who are themselves seen transparently by all), so that the tools that insure our safety, our comfort, ease, and efficiency, aren't used against us by greedy, power hungry, or despotic men. The temptation for misuse is simply too great, we must relenquish the process of watching people to ever smarter machines who have been programmed to act in our best interest. We need to make the breaking of these laws or personal protections prunishable by the most draconian measures. We need to watch the watcher and perhaps even watch those. We need to give people the blessings of infinite information without robbing them of every last shred of their humanity.In the end, this may indeed be the greatest challenge of the twenty first century
Just set up a triple truecrypt partition and in the middle one put some cheap porn files. The real stuff goes in the third one.
[ standard truecrypt [ deacoy porn ] [ hidden truecrypt [ deacoy gay porn ] [ doubly-hidden true crypt [ secret spy stuff muahahahaha ] ] ] ]
So, according to the morons on that court, even if you haven't actually encrypted any data, the fact that you had the tools to encrypt data was enough to judge criminal intent, sort of like possession of burglary tools. The problem, of course, is that encryption software has legitimate uses.
I wonder if any of those judges had Microsoft Office on their computers - if they did then they possessed encryption software and could be viewed as having criminal intent.
The important people just ask Bush to invoke Executive Privilege, and then they are free to obstruct any and all investigations.
Truly though, just because you encrypt something has no basic legal grounds of incrimination, it is just like locking up your house. However just as a subpoena could be issued to force you to open your house to legal officials, a subpoena could also force you to un-encrypt the volume.
Beyond that, they are really grasping at straws or are trying to see the world via the horrors the Bush administration has done to civil protections and liberties.
You all know the routine.
What?
Look, if you're obeying the law, then you have nothing to hide, and shouldn't hide anything.
Says the Anonymous Coward. How ironic.
fifth sigma, inc.
I was once on the other side of this debate... I was a network administrator at a large High School. One day, a teacher brought a [school] laptop to me for some work, and I saw that he had installed a data erasing tool, the kind that's meant to zero out data after you delete a file in Windows.
This immediately prompted me to look at the system closer, and I found evidence, mostly in the form of thumbnails, that the teacher had been downloading and viewing child porn on the laptop. This was definitely a probable cause for me to investigate the laptop, since we owned it. I often wondered how this would hold up if it were a private laptop, or if the police could use that as an excuse to investigate a computer.
"I think this is a perfect question to ask."
/. I didn't RTFA before shooting my mouth off.
I agree, technically speaking all data is "encrypted", it's the strength of the encryption that varies. Are we to assume that if forensics can't understand it then it is automatically incriminating? - That's nothing short of "guilty until proven innocent", under that policy the suspect can be locked away until he gives the investigators the non-existant key to unscramble the random sequence of bits found in the free sectors of his HDD.
"Also, The linked article...."
As is the custom on
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
It works like this...
The government, being a public institution, has to keep everything it does private. That's why you are not allowed to see their secret files.
But a citizen, being a private individual, has to keep everything they do public. That's why the government must be able to see your secret files.
Got it?
I am anarch of all I survey.
The cross-burning thing, I would say, is the least of the problems with Paul. There's a legitimate argument over protected speech there (not that Paul doesn't have a rich record of being a racist asshole).
But, more importantly, Paul has a long history of aligning himself with neo-fascist, white supremacist and Christian Reconstructionist groups. This man wants a fundamentalist, Taliban-esque theocracy run by white men. None for me, thanks.
Sent from the iPad I found in your car.
I wonder if he realizes that if a person has data to which he holds copyright on his hard disks, and then hides it, Gill's recovery software is then in violation of the DMCA anti-circumvention clause? His software is DMCA Grade-A illegal if anyone stores anything, no matter how trivial, that is his own copyright, is legal, and is deliberately hidden from this program.
Anyone with a legal background want to send this guy a "cease and desist" letter? }:^>
--
Toro
(c) 2007 *all rights reserved*
If your documents were written in code on paper and the appropriate files were seized, could you be required or compelled (rather than simply requested) to decode the documents? If not, why should documents stored electronically be treated any differently?
The point of a hidden partition is that you can't prove it either way, unless you actually unlock it with the key. So, without the key, I could say, "Yes, there's a hidden partition within this conventional TrueCrypt partition, but I'm not giving you the key!" or I could say, "No, there's no hidden partition," and you wouldn't be able to tell either way.
So, then, you *could* presume that there is a hidden partition --but then that would be on the same order as just presuming that I have something to hide just because I'm using TrueCrypt in the first place. If I don't actually have a hidden partition, and you go looking for one, you're going to spend a pretty long time looking. There's nothing more frustrating than looking for something to prove that it doesn't exist (bug-checking programming sessions, anyone?).
As a matter of course, I do set up TrueCrypt volumes at standard sizes that happen to be much bigger than I need --my usual is 680MB so I can burn the whole thing to a CD. I think all my financial files add up to about 100MB within the 680MB TrueCrypt volume. If you want to go looking in the remaining 580MB for some incriminating evidence --hey, knock yourself out.
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]