Slashdot Mirror
Encryption Passphrase Protected by the 5th Amendment
Takichi writes "A federal judge in Vermont has ruled that prosecutors can't force the defendant to divulge his PGP passphrase. The ruling was given on the basis that the passphrase is protected under the 5th amendment to the United States Constitution (protection against self-incrimination)." The question comes down to, is your password the contents of your brain, or the keys to a safe.
Is the content of my brain.
Just how did the judge come to this conclusion? On the summary side of things, it makes sense, but just what circumstances led to this particular notion?
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Terrorists!
It's an epidemic. Mass amnesia. First the politicians got it, now it spreads. Does it even matter if you have to tell them the password or not if you don't know it?
"I forgot."
8==8 Bones 8==8
So.... this tells me two things... first, that the government cannot force you to give up your PGP passphrase.... but possibly more important, the government (currently) cannot break PGP encryptopn.
Hmmm....
Unless you supply the passwords or pass-phrases to anyone under the "law" umbrella, you can and will convicted of any charge thrown at you. Fortunately the police don't abuse this guilty-on-charge law, yet.
so pedophiles will use volume encryption with a strong passphrase and not have to worry...
damn double edged swords
It's a sad sad day in America that the truth of the 5th ammendment and the constitution itself is even called into question in this way. Thanks to the judge who supported the constitution, unfortunately there are laws shredding it up as we read this news.
http://www.govtrack.us/congress/bill.xpd?bill=h110-1955
Welcome to the police state.
Liberty.
If someone is asked to give her passphrase, and she is not under oath (i.e. in a police investigation), it is possible to just lie, right? In the other hand, if the person is under oath (i.e. in court), she cannot lie, but providing such information would constitute self-incriminating testimony, and that would infringe the 5th amendment. Does that make any sense?
I can see the judges point that says that the accused doesn't need to give out his pass phrase because the contents of the encrypted data would send him to jail for sure. On the other hand though, if this precedent stays on the books, a smart criminal will just encrypt the incriminating data and will never be able to be prosecuted based on the computer data (assuming he memorizes a strong password). Does that mean that terrorists will be protected too when they encrypt plans for the next attack on their computer?
Nolo clears things up nicely about self incrimination. While I don't know the accused or support his alleged crime, I do think that the judge is correct in his statement. Kudos to the judge! If the prosecution wishes to discover the contents of an encrypted file then they actually need to jump through the hoops of an investigation. Hell, getting a warrant and just installing a camera over his keyboard would sooner or later reveal the passphrase wouldn't it?
load "$",8,1
On my current setup with Ubuntu 7.10, it is fairly easy to set up TrueCrypt with hidden volumes.
http://www.truecrypt.org/docs/hidden-volume.php
Without any proof of the existence of a hidden volume, there is no way for the government to compel discovery. I don't bother using a hidden volume myself because I'm not concerned with plausible deniability. But without being able to tell me apart from the users that do, a judge won't be able to do anything for the government.
Support microSD: in a post 9/11 world, it is unwise to carry your data on media that you cannot comfortably swallow.
apparently at the airport his laptop was gone through by security/police and the found CPs but when the laptop was powered down the encryption kicked in...? i think its sad someone with CPs is getting away with this, but there was no right to go through his laptop in the first place (at the airport). he should be let off the charges for illegal search.
..this means that people covered by US law can refuse investigators access to their PC, for example if they are under investigation for piracy, but they also have 5Gb of childporn on their PC? Or did i misunderstand completly?
Pure awesomenes
My passphrase is: "field kitty sr53"... " or maybe that was 35, I never remember, the 5 could have been a 7" .. then there is "tulip Sandiwch" ... "or was it sandwich Tulip?, you know I was only playing around with this partition I don't actually store anything on it... Hmm, did I decide to use underscores or hyphens? I think I used underscores because I decided spaces might brak things, or maybe it was underscores, they are on the same key you know... try holding down shift... Maybe I misspelt "sandwich", english is'nt my mother tonge.
But anyway, now you know my pass-phrase.
How exactly would they force me to divulge my passphrase? Torture? Put me in jail? What?
From TFA:
An officer opened the laptop, accessed the files without a password or passphrase, and allegedly discovered "thousands of images of adult pornography and animation depicting adult and child pornography."
Like it or not, the "adult pornography" is probably a red herring, so what is this "animation" business? Is that all they have on him? I've seen episodes of South Park that qualify as "animation depicting child pornography". I hope there's more to this case than was explained in TFA. If not, this sounds like a witch hunt.
Clearly they should just use waterboarding until he tells them of his own free will. There's definitely nothing wrong with that.
They have already tried 'password1' haven't they?
http://greenobyl.com/ please.... think of the children!!
IANAL but my law view is this...
The law can convince you to incriminate yourself, and the evidence is admissible. You may confess a crime if you have one to confess. You have to state that it's by your own free will. However during trial if you fee so-moved, you can invoke the 5th amendment to disavow your earlier statements. This may be taken as hostile to the court, if not decided upon by prior consultation.
If other evidence already obtained points to you, the law can search you or your premises by obtaining a warrant from a court. The warrant must specify what is being sought and what will be seized. Unfortunately many search-and-seizure operations overstep their bounds. Computer communications are there for the taking, a wealth of self-incrimination, and the courts have no problem using them.
When you send an email you have no choice whether it is archived somewhere or not. Recent emails are always sitting in incoming and outgoing mail queues. Thus the only way to opt out and get true privacy is to use encryption. Your concerted choice was to keep communication confidential between yourself and your compadre. If the only way the law can incriminate you is to coerce you, the information obtained cannot be used in evidence against you. You must be willing to volunteer it. If you are not willing to volunteer it, then they must find other avenues to bring evidence.
For the moment torture is still illegal, at least once it's brought before our court system. This is why the prisoners at Guantanamo are being held off from our court system for the time-being. All those cases will inevitably need to be tried here, because no upcoming president will be good enough to sign on to a world court, and no military tribunal can just go off and just hang a group of abused, innocent people. So most of those cases will be thrown out for lack of evidence. And most of those prisoners will counter-sue for false imprisonment. And they will sue the People of the United States for committing illegal acts of torture.
Likewise, persons convicted and thrown into US prisons based on confessions obtained through torture are today counter-suing the People and their torturers.
So there is a lot of hope that torture will remain illegal. However, ask yourself, how much pain and discomfort would I endure to protect my secrets? What if I was held in a room and not allowed to go and urinate? Would I enjoy pissing myself? That's not such a torture, is it? Maybe that's perfectly legal. These things do go on, on all kinds of levels, so just realize that if you've got a PGP pass phrase that somebody wants... they may just get it anyway.
-- thinkyhead software and media
> allegedly discovered "thousands of images of adult pornography and animation depicting adult and child pornography."
animation gets you arrested?
I think you've just created another purpose for a botnet..
It makes for a fine organised crime recipe:
(1) targeted theft
(2) decryption of interesting data with distributed botnet cracking
(3) sale or blackmail?
(4) Profit!
Replace (1) with 'politically motivated arrest'/'espionage'/'anti terror' and (2) with "expensive NSA room heaters" and you have in principle the same mechanism, but "legal"..
BTW, can't see why it would take long to boot up unless you kick the various components sequentially to prevent a power surge. The control node simply keeps updating its distribution list as more and more components come online.
Insert
the highest 'court' in the universe.
/.) continues to attempt to shed some light on yOUR foibles;
consider membership in the creators' wwwildly popular planet/population rescue initiative, or, all of yOUR other possible options. to regain yOUR freedom may be more costly than one might imagine.
in the end, the creators will prevail (world without end, etc...), as it has always been. the of gaining yOUR release from the hostage situation may not be what you might think it is. butt of course, most of US don't know, or care what a precarious/fatal situation we're in.
some 'races' we'll wish we lost;
for example; the insidious attempts by the felonious corepirate nazi execrable to block the suns' light, interfering with a requirement (sunlight) for us to stay healthy/alive. it's likely not good for yOUR health/memories 'else they'd be bragging about it?
we're intending for the nazis to give up/fail even further, in attempting to control the 'weather'.
http://video.google.com/videosearch?hl=en&q=video+cloud+spraying
meanwhile, the life0cidal philistines continues on their path of death, debt, & disruption for most of US;
gov. bush denies health care for the little ones
http://www.cnn.com/2007/POLITICS/10/03/bush.veto/index.html
whilst demanding/extorting billions to paint more targets on the bigger kids
http://www.cnn.com/2007/POLITICS/12/12/bush.war.funding/index.html
all is not lost/forgotten/forgiven
whilst (yOUR elected) president al gore (deciding not to wait for the much anticipated 'lonesome al answers yOUR questions' interview here on
http://www.timesonline.co.uk/tol/news/environment/article3046116.ece
still making his views known worldwide, whilst many of US keep yOUR heads firmly lodged up yOUR infactdead.asp(s) hoping (against overwhelming information to the contrary) that the party LIEn scriptdead pr ?firm? fairytail hypenosys scenario will never end.
for each of the creators' innocents harmed in any way, there is a debt that must/will be repaid by you/us, as the perpetrators/minions of unprecedented evile, will not be available after the big flash occurs.
'vote' with (what's left in) yOUR wallet. help bring an end to unprecedented evile's manifestation through yOUR owned felonious corepirate nazi glowbull warmongering execrable.
consult with/trust in yOUR creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?
IANAL, I'm not even American, and it seemed to me that nor shall be compelled in any criminal case to be a witness against himself was quite clear and included that sort of thing, unless you interpret "to be a witness" ridiculously restrictively. And isn't the Bill of Rights supposed to be a collection of general principles rather than specific, restrictive directives?
Ultimately courts could decide that the the key constitutes being a "witness against himself" and entitled to protection.
Or it could decide it is the equivalent of a lock. I know that the police can force a door for a search warrant - and they are trying to force the key to this drive. But according to the article, a defendant can be compelled to reveal a combination to a safe - basically the same thing: an item in memory that allows access to evidence.
Stickier is the issue of additional evidence.
Search warrants must specify what is being searched for. But if I reasonably run across something else, that's fair game. Say that the warrant is for a 60" flat-screen TV. I could reasonably look in the garage, under beds, and such. But I couldn't look in a shoebox, desk drawer or other area too small for the TV. So nearly all search-warrants also specify "indicia of residency". Phone bills, rent/mortgage payments, electric bills and such help prove the residence was used by the suspect. But more insidiously, such documents could be almost anywhere greatly expanding the "reasonable" search to drawers, files, shoeboxes - anywhere someone might keep documents. "I was looking in a shoebox and found a stolen gun and meth." Score! If someone were compelled to reveal their encryption key it's likely that anything revealed by the key would be fair game.
~~~~~~~
"You are not remembered for doing what is expected of you." - Atul Chitnis
Since the article speaks of the disclosure of the pass phrase itself as violating the 5th, then perhaps they should just try some obvious pass phrases: "dig that 15yo a$$" "old enough to bleed..." "i need two tens for a twenty" or the obvious- "i did it"
Blessed with all the brains that God gave a duck's ass, and twice the charisma.
...once it gets to appeals court it will hold up as long as a geek in waterboarding session. Certain kinds of utterances have been determined to be "non-testimonial" and not eligible for Fifth Amendment protection, and encryption keys are IMO almost certain to be found as such by the current Supreme Court, since it isn't the key which is incriminating, but the evidence protected by the key.
I always thought it was a much larger 5th amendment sort of issue, not just a simple 'destruction of evidence' thing as the cops wanted to make it out to be.
Good to see some people in power haven't lost all sense of reality.
---- Booth was a patriot ----
If the passphrase is considered keys to a safe, and you are therefore likely to be forced to divulge it, then you can avoid trouble by using an encryption system, like TrueCrypt, that supports plausible deniability. Inside the encrypted volume, blank space is always filled with random data, which can also be another nested encrypted volume. Without the correct passphrase, nobody can prove that the random bits are anything more than random bits.
Me? I'll bet there are new laws being drawn up as I write this to make witholding a password illegal.
Any takers...?
No sig today...
This case is a very interesting overlap between 4th Amendment "right to privacy" cases and 5th Amendment "right not to self-incriminate" cases. I personally think that if the government can't break the encryption to "prove" what is hidden from them, they have no right to force the owner to do their work for them. People have a right to keep stuff private, and if they've hidden it effectively, then tough shit for the cops.
I acknowledge that child porn is inherently harmful to the children involved, and that laws targeting possession of child porn are therefore valid so far as they aim to protect children by destroying the market for the exploitative and harmful material. And there is no first-amendment protection for child porn. But the cops still can't break into your house without a warrant just because they they think you have pictures of naked kids inside, and they can't wiretap your internet connection without a court order (heh, they can't LEGALLY, even though it's probably going on right now OMGHI2NSA). Those are 4th amendment rights. But the 5th amendment kicks in to say that even with a court order and a valid warrant, the cops in your house can't force you to tell them which floorboard is the loose one with the bloody knife hidden under it. If you refuse to tell them, they have to find it on their own-- and if they can't find it, they can't use it as evidence against you. That's exactly how the 5th amendment is supposed to work.
A police force with the power to compel self-incriminating testimony becomes the enemy of any citizen who wishes to lawfully express dissent with any policy of government. The 5th Amendment is the most powerful safeguard citizens have against confessions extracted via torture finding purchase in US courts.
From the decision itself (lifted from that post at Volokh Conspiracy), bolded emphasis is mine:
Humpty Dumpty was pushed.
Lying in an official police statement is the same as lying under oath. Basically you're obstructing justice by lying, therefore perjury.
Karma: Non-Heinous
This is horrible case law. I get search warrants for the data on the machine. Therefore it should be held under the same rules as getting access to a safe or a house.
Encryption keeps getting easier and easier to use - someday my job wont be possible without good case law forcing defendants to give up encryption keys. The only other option is to step up the use of no-knock search warrants and live acquisition. Problem is... when a daughter accuses her step-dad of molesting her and taking pictures - there is usually a family fight long before law enforcement gets involved. This leaves the subject days to encrypt and clean any evidence he has.
I know that most people think that the police go around taking peoples' machines without any cause but I can tell you from my experiences (and the experiences of everybody else I've run into in this field) we don't go around looking for new cases. We are completely understaffed, under-budgeted, and flooded with horrible crimes. Plus, its not easy to get a search warrant. You need to satisfy probable cause in order for the judge to sign off on your warrant.
You can write your password on a paper then claim it's too long/difficult to remember and the paper was destroyed.
Whether or not they believe you is another story, and you might be in jail until they finally make their minds up.
No sig today...
I always thought the 5th amendment served two main purposes:
1. Prevent the government from compelling individuals to confess (through torture, or other means).
2. Give weight to confessions by ensuring that they were not obtained through torture.
Perhaps it will be illustrative to take the computer out of it, since we tend to get distracted by the technology. To me it seems pretty clear that if someone is arrested carrying a letter that was encoded with a cipher with information that may or may not be relevant to the case, that the person could not be compelled under law to explain how to decrypt the letter, whether to law enforcement or in court. Of course that couldn't stop the officials from attempting to break the cipher. But just because modern encryption is more difficult to crack than a hand cipher, I don't believe that changes the nature of the situation.
For some commentary on this case by a real lawyer who has some idea of what he's talking about, see this Volokh Conspiracy posting. Note, for example, that he points out why this is far from decided, and some interesting complexities in the case because it took place at a border crossing.
Imagine a crypto system that encrypts an entire disk volume (sitting between the file system and the block device). Imagine this crypto system can accept two different keys. When the volume is decrypted with "KEY A", only "SUBSET A" of files are exposed. When decrypted with "KEY B", only "SUBSET B" files are are exposed.
Mount the volume with "KEY A", add a bunch of innocuous files, then unmount.
Mount the volume with "KEY B", then add the files you really want to keep from prying eyes.
If you're pressured to reveal a key, give them "KEY A".
Take it from the mouth of the ex-Attorney General and just about anyone else connected to the Bush administration... when asked to divulge your passphrase, simply say "I don't recall." It works for them, so it should work for everyone else.
People who say "money does not buy happiness" are just people without money trying to make themselves feel better.
Since it's protected under the 5th Amendment, not only can it not ordered disclosed, it can't be commented on by the prosecutor if the defendant refuses to divulge it.
There is no clear and definite answer to what's in an encrypted file. Most importantly, someone may actually have forgotten the key, making it impossible for him to comply. Also, there are some techniques that result in different content for different passwords, meaning that the government can keep claiming that there is more stuff even when the defendant has already produced one password.
So, with a container, at worst, the government can force it open, and then everybody knows. But with encryption, a defendant simply cannot comply in some situations, and there is no way of telling whether an inability to hand over the keys is genuine or just a pretext.
Therefore, the answer is clear: nobody should be forced to hand over encryption keys; it simply doesn't make any sense to have such a requirement.
What if someone actually did forged their long, complicated pass phrase? In that case, prosecutors would be trying to force someone to divulge a passphase that they don't even know.
On several occasions, I have briefly played around with encryption programs and made an extra copy of unimportant stuff and then encrypted it. Since it was usually just for practice, I did not always bother writing the passphrase down on the sheet of paper which lists all my passwords and passphrases. I may have not always got around to deleting those encrypted practice files and they may still exist somewhere on one of my old hard disks or on a USB key or somewhere or in the box of CDs that I have burned. I would have no idea what the password or passphrase was for those old practice encryption files.
I could easily imagine some prosecutor putting me in jail for not being able to come up with a passphrase to some old encrypted practice file. Then eventually, after getting out of jail, perhaps I would eventually find the passphrase on some old scrap of paper and they would discover that it was just an encrypted folder full of dozens of free 80 year old Gutenberg.net ebooks.
A person, such as myself, who has have never actually bothered to use encryption on a routine daily basis, would someone who is most likely to forget their passphrase. Perhaps I should dispose of all my old hard disks or wipe all the data with Darik's Boot and Nuke Of course, if there were indications that someone has recently used their encrypted partition, folders or files recently, that would be different. A recent time stamp on the file or folder would be one such clue.
That would make revealing the key self-incriminating, regardless of whether or not the encrypted files are incriminating.
They will ask me about it and I will say it is for my financial records and cheerfully provide them with the password.
They will open the file and find a few mundane documents.
And then you get questioned under oath as to why the free space on the encrypted disk image is orders of magnitude bigger than the documents inside it. Without actually knowing the password, it is impossible to know it's there. Other than reasonable suspicion based on the ratio of volume size to files on the volume, perhaps?what if you write that password on a piece of paper, and then put it in a safe?
The higher the technology, the sharper that two-edged sword.
Parent is prima facie evidence that the GGP is a troll.
From TFA:
I read that as saying that the child pornography was part of animation - not depictions of real children at all. We all want to crack down on the abuse of children (well, all except those who are doing it I guess), but what child is abused in the production of an animation?
And why go after the consumer? In the recent baseball steroids scandal it has been said many times that the authorities are not interested in prosecuting the users, they want to go after the suppliers. So in this case why go to so much trouble over this guy in the absence of evidence that he has been involved in the production of child pornography or the actual abuse of children? It all sounds like another part of the Moral Panic agenda.
Imagine this scenario. Someone scans your HD. They find encryption telltales (like, say, .Net framework, pgp, etc.). They decide you might have encrypted files. They run 'strings' on every file that isn't a known binary file (i.e., .exe, .com, .dll, .bin, .mp3, .jpg, etc). They find a few files that strings doesn't like. Hmm... They might be encrypted. Maybe there are "magic" characters at the beginning of the file that indicate the file was protected by something like pgp.
.Net Framework, which is installed in one form or another on XP, Vista, et al...
Suddenly, you're given a free flight to Kazakhstan [sp], to meet with Borat. Oh, yeah. you've now become a non-entity while they waterboard you to try to get your passphrase out of you.
Like others have said, waterboarding is great for extracting a confession. Or, if you are so hard-core, they decide that they just need to kill you or let you rot in a hole somewhere far, far away.
Or, less sinister, they just pass laws that say, "failure to surrender encryption keys or passphrases is determined by law to be an admission of guilt", just like not submitting to a breathalyzer or blood test is treated as admission of guilt in DUI in some states, which works just fine in a civil or administrative court. And conviction of certain civil or administrative crimes suddenly allows you to be tried later for new criminal laws where the administrative/civil judgments are used as justification to throw you into prison big time.
But, they just might take the easy way out: while investigating certain crimes (child porn, white collar crime, conspiracy, "terrorism", etc.), discovery of encryption products on your computer results in automatic civil seizure and forfeiture of computer hardware.
Well, anyone following instructions on MSDN can easily throw together programs that encrypt files using the encryption facilities in the
Could this mean that if you keep a password in your head it counts as counts of your brain and therefore protected by the constitution, but if you write down your password then it simply counts as some form of keys and therefore not protected? IANAL, but could this be another reason to keep your passwords in your head?
Also, I see so many people assuming that no one on the planet can currently break strong encryption in short time. Well, to break strong encryption efficiently it takes only a breakthrough mathematical algorithm, nothing else. Well, I wouldn't bet that there is no one on the planet who knows a secret algorithm... In fact the public Shor's algorithm could break RSA if one had a big quantum computer. It isn't incomprehensible that one could have found a classical algorithm for fact factorisation and kept it secret or sold it only to a select few three-letter-acronym clients. This proposition, however, is easily testable in the sense that if one was able to do that then we should expect within a reasonable number of years someone else to find the same or a similar solution, since mathematical knowledge is built upon itself and most probably a hypothetical person or organisation in possession of a secret fast factorisation algorithm wouldn't have an immensely superior mathematical base to begin from in the first place. Many times multiple people end up to the same or similar discoveries, very simply because we all begin from the same basic knowledge and have more-or-less similar intelligences (speaking for orders of magnitude), and there are also so many people who research the same questions at the same time. I really wouldn't be surprised if a three-letter acronym shop is already in possession of a smart algorithm that no one else knows about (although I would really be surprised if they could manage to keep it secret for more than 30-40 years, such things aren't easily kept secret).
In fact, Clifford Cocks (who worked for a four-letter acronym shop) had probably found RSA in 1970s, before the RSA guys, and the world only learnt about it in the 90s. Would you bet that no one currently knows a fast algorithm capable of breaking strong encryption in reasonable time?
Hey, if it works for our Esteemed Leaders, it should work for you, right?
that are hard to remember. I lost a bunch of stuff, because I couldn't remeber the passphrase. Now they want me to rot in jail if I happen to forget one that they need from me?
That's mean!
This is so painfully obvious that I'm somewhat concerned that it took so long for a judge to rule in this manner.
Obvious to you and I maybe, but Scalia, Roberts, Alito, and Thomas never met an unreasonable search.
If prosecutors can jail reporters indefinitely until they hand over their sources, how is it that much different for the government to imprison someone for not turning over their encryption keys? The only difference I see is one may incriminate someone else and the other may incriminate you.
Of course, the smart thing would be not to mount the encrypted drive when you're not using it. And for the police not to shut the device off until they've secured enough of the data to obtain a conviction. Otherwise it's hearsay. I could claim I saw the plans for a nuclear bomb on your computer. And if we're admitting hearsay then anyone could claim you had anything on your computer. Would that be compelling enough to make you hand over encryption keys to prove there's nothing incriminating on your computer?
Now we're getting into the territory of having an encrypted partition is probable cause. Just like having a pager or cell phone is probable cause for a vehicle search on a traffic stop. Sadly that's true, or used to be.
Makes the paranoid among us utilize hidden volumes. Some people go three or four layers deep. Keep something mildly incriminating in the normal layer and let them think that's the big prize. Try to take the water boarding for 30 or 40 seconds before you give it up to sell it.
When you put safety and security ahead of freedom there's no bottom to the privacy slide.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Welcome to the police state.
Where the koolaid is Blackwater?
What cipher are you using and who wrote it?
A lot of people feel like they can protect their privacy with AES or 3DES or whatnot, but fail to realize that it was either developed by or for the government in question.
The safest way to protect your data with encryption is to develop your own cipher and don't publish how it works. I know the security through obscurity critics will gnaw on me for saying that but it is another layer of security.
If the NSA have cracked AES / TwoFish / 3DES etc, then you'll be damn sure they've found a way to automate the detection of weak keys and cracking.. but if something comes across the wire that doesn't match what they're expecting, additional effort has to go into analyzing and cracking it.
In summary, if you believe using a cipher that your government has adopted for its standard secures you from their prying eyes, you're most likely delusional regardless of the supposed computing power required to brake it.
The road between democracy and tyranny is paved with secrecy in the name of security.
IANALBIPOOS.... So if the customs agent had demanded that he turn on the cell phone and display his call logs, would that have been legal? Cell phones don't have logins (at least my doesn't), so why would data on the phone be any more/less subject to inspection (in comparison to the laptop)?
Does this ruling stop them from getting a court order, installing a keylogger on your system and getting you to give them the key when you add to or read from the encrypted volume?
weft45gvsd'cjascwefgvedfv[jsde0[9rgjh5bdmx s eRWT$Y%^&%^$Rqwedw23WDF34t45^&*Tybdfvsmdnfewf
Oh, the contents of my brain is mostly random noise!
I drink to make other people interesting!
Dear Sir,
the encryption I used is the One-Time Pad. The key is too long to remember, so I have saved it on a harddisk which is located in a bank lock somewhere in a country far far away. However, if you tell me what content you'd like to see, I could immediatley produce a key which decrypts to this content.
Tell those mother fuckers, "Well, if YOU can find out what the password is, then please tell me, because I can't remember it to save my life!"
And that would actually be your passphrase, but those idiots will never figure that one out.
The government is incompetent.
Here's the simple explanation: The 5th Ammendment protects us from "statements" that could incriminate us. A PGP passphrase is not a statement. Therefore, a PGP passphrase is not protected by the 5th Ammendment.
...I think it's ridiculous because even under the UK RIP law etc. you can almost certainly claim mental trauma which has lead you to forget it. I'm sure you are aware of people that get all stressed on on their final exams and forget even basic things. Now you're being compelled to produce it or be thrown in jail, and that's a lot worse. Throw in some nightmares about ending up in jail because you had forgotten the key and your mind went into a "was it dgdssd34234? or dgdssd34284? or maybe ddgssd34234? AAAAAAAAAHH I can't remember!!!!" state and just got yourself completely confused and blanked out. Given the number of people that have trouble remembering their PIN, I think it's more than plausible.
Live today, because you never know what tomorrow brings
Why the hell is a customs agent able to rummage around someone's laptop at a border crossing? To examine the files on a laptop seems a bit over the top even if the guy is acting suspiciously. I could see turning it on to make sure it is functional like they do at airport security. That would ensure the laptop is not being used to hide explosives or drugs. But examining files? I can not imagine anything that would give a customs agent probable cause to snoop through laptop files. That is, not counting stupid pedo tricks...like having nekkid kids as his background picture.
SELECT * FROM User WHERE Clue > 0
0 rows returned
I must say that the use of 8 asterisks (********) has never failed to amuse me. Sure, it's the first thing a brute force attack would try, but it does appeal to my sense of humour.
Insert
The problem with equations like that is that they make dangerous assumptions about the quality of the cipher in the first place. All you need is one flaw in the algorithm and you're history in a much shorter time - and it's not like that hasn't happened yet.
You're also limiting your attack vector to pure linear brute force. The article itself already alluded to using language analysis to create a prioritised subset for analysis.
Insert
Of course, if there were indications that someone has recently used their encrypted partition, folders or files recently, that would be different. A recent time stamp on the file or folder would be one such clue.
Note to self; disconnect the network cable, reboot into bios, change bios date 10 years, write encrypted file from live CD, reconnect network cable, reboot.
The truth shall set you free!
The solution is to make your password so complex that you can't remember it fully under duress or distress. I'll leave it to someone to devise a technique.
Know your pads. One time pad: good for cryptography. Two timing pad: where to take your mistress.
However, a person who can get physical control of your machine, say to boot from a CD and use it to image your drive across the network and establish a baseline, then create another image later, could see what parts of the drive are changing, and thereby impute that the unallocated space in that drive was used by a hidden volume. There isn't much that can be done about that, other than providing a mechanism for those encrypted volumes without inner hidden volumes to randomly pick sectors to scramble, thereby producing a reasonable explanation for why the unused space is changing.
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
...they'll never take me alive.
This is simply incorrect, from http://www.archives.gov/national-archives-experience/charters/constitution_transcript.html
Article. V.
The Congress, whenever two thirds of both Houses shall deem it necessary, shall propose Amendments to this Constitution, or, on the Application of the Legislatures of two thirds of the several States, shall call a Convention for proposing Amendments, which, in either Case, shall be valid to all Intents and Purposes, as Part of this Constitution, when ratified by the Legislatures of three fourths of the several States, or by Conventions in three fourths thereof, as the one or the other Mode of Ratification may be proposed by the Congress; Provided that no Amendment which may be made prior to the Year One thousand eight hundred and eight shall in any Manner affect the first and fourth Clauses in the Ninth Section of the first Article; and that no State, without its Consent, shall be deprived of its equal Suffrage in the Senate.
How the hell did the parent post get a +5 informative of all things?!
The answer is of course simple. Make your passphrase a quote from a movie. That way, telling the officers would be a prohibited public performance, i.e. it would be a crime to tell them. Then plead the no-self-incrimination law. :) After all, we don't want to make the MPAA unhappy right?
I remember sitting my final examinations at University. Maths exams. The kind where you cannot understand the questions.
After one particularly distressing humilation I went to the cash machine to get some money to buy beer and drown my sorrows. Zilch, nil, zero: not my account total, my memory of my PIN. My mind was a blank. I guessed three times and the ATM ate my card.
Would the threat of imprisonment for contemp of court have helped me remember?
The original parent poster was correct, +5. People implied that the Congress could change the constitution. Only the states can change the constitution. Congress can ask the states for an amendment. Its conceptually pretty simple. The Constitution is a Federal Goverment, but it is also a treaty among the states, enacted and amended by the consent of the states.
This is my sig.
the search warrant grants the court access to whatever is named in the warrant
the defendant may be held in contempt until he complies
The problem is that they have the machine, and they have access to every bit of data on the machine. Look at it another way. Let's say you're an accountant for a mob boss, but you used some kind of code for drug deals in the secret accounting books. The police might be able to force you to unlock the safe, but can they force you to explain what '100p for Santa's snow' means in your code? Maybe it's $100,000 for cocaine. Do you have to explain it to them?
Aren't jugs the issue here?