Slashdot Mirror
Merely Cloaking Data May Be Incriminating?
n0g writes "In a recent submission to Bugtraq, Larry Gill of Guidance Software refutes some bug reports for the forensic analysis product EnCase Forensic Edition. The refutation is interesting, but one comment raises an important privacy issue. When talking about users creating loops in NTFS directories to hide data, Gill says, 'The purposeful hiding of data by the subject of an investigation is in itself important evidence and there are many scenarios where intentional data cloaking provides incriminating evidence, even if the perpetrator is successful in cloaking the data itself.' That begs the question: if one cloaks data by encrypting it, exactly what incriminating evidence does that provide? And how important is that evidence compared to the absence of anything else found that was incriminating? Are we no longer allowed to have any secrets, even on our own systems?"
What about using a rare file system? If I want to put all of my stuff on ZFS and the FBI can't read it will they ship me off to Gitmo?
I'd just like to point out, that if creating loops in NTFS is incriminating, does having an encrypted file system mean we have something to hide? Or, for that matter, wouldn't DRM be an obstruction, since it prevents access to content? Oh, right, DRM isn't bad, because it has large, multi-national corporations giving large campaign contributions-- err, I mean, supporting it.
Hooray for capitalism!
No it doesn't. It raises the question. Begging the question is a logical fallacy, much like circular reasoning.
And the police expect total control of any given situation. Whenever one does not cooperate with the police, the police no longer is in total control and will take whatever measures are necessary to regain total control.
Adding those two points simply will make that anyone who hides stuff from the police is automatically an ennemy that has to be controlled at once.
As a matter of fact, one cannot never win against the police. In a courtroom, yes, maybe, but not against the police.
So the obvious solution is that everyone should perform maximum obfuscation/encrypting of data, the idea being that one cannot jail a whole country.
If I encrypt my financial data, and am unable to unlock it for the FBI because I lost the smart card I used to encrypt it, does that make me guilty of . When asked why I didn't delete it, I could say I hoped to one day find the smart card. Does that mean they can ship me off to gitmo?
Of course the difference between this scenario and one where someone merely claims to be unable to decrypt the data is irrelevant.
I thought that we were innocent until proven guilty in this country, not vice versa.
Yep, there you have it. Police are allowed to look at anything in plain sight but need probable cause to look at anything else. Of course, that means nothing when simply having something not in plain sight is considered probable cause.
While languages DO evolve over time, simply using a phrase incorrectly is not evolution, even if the mistake is common.
Furthermore, when you start multiplying the meanings that a word or phrase can have, you start reducing its usefulness. When it cannot make a specific idea clear, in contexts where the meaning may be ambiguous one now has to use even more words to get their idea across.
Anyway, this specific mistake has been pointed out many times on slashdot. Zonk really should know better by now.
I feel like death on a soda cracker.
Hey, *I* didn't encrypt my data. I just performed a reversible transformation on it. It's not my fault if you're a fuckin' slowpoke at factoring large prime numbers!
Apology to Ubuntu forum.
I use encryption for exactly what the parent poster described. On my laptop, why allow what would be "just" a hardware theft with use of encryption turn into a hardware, data, and possibly identity theft? This is why I use some form of whole disk encryption (BestCrypt Volume encryption, PGP WDE, WinMagic MySecureDoc, etc.)
There is a definite need for encryption, and more than just the tired (and flawed) logic of "hiding from forensics", or "hiding illegal stuff" that a lot of people state.
For most companies, physical theft of equipment or media is a valid concern. For example, if someone steals a backup tape that is part of an encrypted backup set (or storage pool, depending on the terminology of the backup system), the company owning the tape can hire some private investigators to quietly hunt down the tape. Without encryption, it can mean serious losses (or prison time)if the info on the tape was any way sensitive, and SOX, HIPAA, or other corporate regulations get violated.
Just set up a triple truecrypt partition and in the middle one put some cheap porn files. The real stuff goes in the third one.
[ standard truecrypt [ deacoy porn ] [ hidden truecrypt [ deacoy gay porn ] [ doubly-hidden true crypt [ secret spy stuff muahahahaha ] ] ] ]
So, according to the morons on that court, even if you haven't actually encrypted any data, the fact that you had the tools to encrypt data was enough to judge criminal intent, sort of like possession of burglary tools. The problem, of course, is that encryption software has legitimate uses.
I wonder if any of those judges had Microsoft Office on their computers - if they did then they possessed encryption software and could be viewed as having criminal intent.
"I think this is a perfect question to ask."
/. I didn't RTFA before shooting my mouth off.
I agree, technically speaking all data is "encrypted", it's the strength of the encryption that varies. Are we to assume that if forensics can't understand it then it is automatically incriminating? - That's nothing short of "guilty until proven innocent", under that policy the suspect can be locked away until he gives the investigators the non-existant key to unscramble the random sequence of bits found in the free sectors of his HDD.
"Also, The linked article...."
As is the custom on
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.