Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encryption Passphrase Protected by the 5th Amendment

Posted by CmdrTaco on from the my-password-is-password dept.

Takichi writes "A federal judge in Vermont has ruled that prosecutors can't force the defendant to divulge his PGP passphrase. The ruling was given on the basis that the passphrase is protected under the 5th amendment to the United States Constitution (protection against self-incrimination)." The question comes down to, is your password the contents of your brain, or the keys to a safe.

12 of 537 comments (clear)

  1. But but but! by skulgnome · · Score: 4, Insightful

    Terrorists!

  2. If not anything else... by Bones3D_mac · · Score: 4, Insightful

    "I forgot."

    --


    8==8 Bones 8==8
  3. Re:I was wondering... by snarkh · · Score: 5, Insightful

    By giving the government his password, the judge held, that the defendant was incriminating himself by opening up all of his files that weren't pertinent to the investigation.

    Quite the opposite. By giving the password the defendant may incriminate himself by opening files containing incriminating (and pertinent) information, but unknown to the government prior to that.

  4. Re:Interesting development by tomz16 · · Score: 4, Insightful

    O... the government can break it. It's just that the DOJ doesn't have access to the computers required to do so. Nor does it want to spend the money on buying a multi-billion dollar computer if it doesn't need to. ? What leads you to this conclusion? There's absolutely NOTHING to indicate that strong encryption can be defeated by ANYONE on the planet at this moment.
  5. Re:I was wondering... by cayenne8 · · Score: 5, Insightful
    "Quite the opposite. By giving the password the defendant may incriminate himself by opening files containing incriminating (and pertinent) information, but unknown to the government prior to that."

    Thank God...FINALLY, a score for US privacy rights...and upholding our Constitutional rights!!!

    You just don't see that much any more.....

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........
  6. Re:Interesting development by Tumbleweed · · Score: 4, Insightful

    >So.... this tells me two things... first, that the government cannot force you to give up your PGP passphrase.... but possibly more important, the government (currently) cannot break PGP encryptopn.

    Hmmm....

    Well the government of Vermont can't at least.

    It was a Federal judge.

    It was also probably not worth bothering the NSA with. I wouldn't take this to mean much of anything about how quickly the Feds can crack PGP.

  7. Re:I was wondering... by Anonymous Coward · · Score: 5, Insightful

    Yes, and it's perfectly legal for those investigators to try to decrypt your files themselves. What they CAN'T do is say, "Tell us where the incriminating evidence in your house is, or we'll put you in jail," or "Give us an itemized list of every single thing in your house so we can decide what is incriminating, or we'll put you in jail." Neither can they say, "Give us your encryption password or we'll put you in jail."

    This is so painfully obvious that I'm somewhat concerned that it took so long for a judge to rule in this manner. On the other hand I am relieved it has finally happened.

  8. write up at Volokh, by guys who are lawyers by oliphaunt · · Score: 5, Insightful
    The blog post is here.

    This case is a very interesting overlap between 4th Amendment "right to privacy" cases and 5th Amendment "right not to self-incriminate" cases. I personally think that if the government can't break the encryption to "prove" what is hidden from them, they have no right to force the owner to do their work for them. People have a right to keep stuff private, and if they've hidden it effectively, then tough shit for the cops.

    I acknowledge that child porn is inherently harmful to the children involved, and that laws targeting possession of child porn are therefore valid so far as they aim to protect children by destroying the market for the exploitative and harmful material. And there is no first-amendment protection for child porn. But the cops still can't break into your house without a warrant just because they they think you have pictures of naked kids inside, and they can't wiretap your internet connection without a court order (heh, they can't LEGALLY, even though it's probably going on right now OMGHI2NSA). Those are 4th amendment rights. But the 5th amendment kicks in to say that even with a court order and a valid warrant, the cops in your house can't force you to tell them which floorboard is the loose one with the bloody knife hidden under it. If you refuse to tell them, they have to find it on their own-- and if they can't find it, they can't use it as evidence against you. That's exactly how the 5th amendment is supposed to work.

    A police force with the power to compel self-incriminating testimony becomes the enemy of any citizen who wishes to lawfully express dissent with any policy of government. The 5th Amendment is the most powerful safeguard citizens have against confessions extracted via torture finding purchase in US courts.

    From the decision itself (lifted from that post at Volokh Conspiracy), bolded emphasis is mine:

    Entering a password into the computer implicitly communicates facts. By entering the password Boucher would be disclosing the fact that he knows the password and has control over the files on drive Z. The procedure is equivalent to asking Boucher, "Do you know the password to the laptop?" If Boucher does know the password, he would be faced with the forbidden trilemma; incriminate himself, lie under oath, or find himself in contempt of court. Id . at 212.
    The Supreme Court has held some acts of production are unprivileged such as providing fingerprints, blood samples, or voice recordings. Id. at 210. Production of such evidence gives no indication of a person's thoughts or knowledge because it is undeniable that a person possesses his own fingerprints, blood, and voice. Id. at 210-11. Unlike the unprivileged production of such samples, it is not without question that Boucher possesses the password or has access to the files.
    In distinguishing testimonial from non-testimonial acts, the Supreme Court has compared revealing the combination to a wall safe to surrendering the key to a strongbox. See id. at 210, n. 9; see also United States v. Hubbell, 530 U.S. 27, 43 (2000). The combination conveys the contents of one's mind; the key does not and is therefore not testimonial. Doe II, 487 U.S. at 210, n. 9. A password, like a combination, is in the suspect's mind, and is therefore testimonial and beyond the reach of the grand jury subpoena.
    The government has offered to restrict the entering of the password so that no one views or records the password. While this would prevent the government from knowing what the password is, it would not change the testimonial significance of the act of entering the password. Boucher would still be implicitly indicating that he knows the password and that he has access to the files. The contents of Boucher's mind would still be displayed, and therefore the testimonial nature does not change merely because no one else will disc

    --




    Humpty Dumpty was pushed.
  9. The spirit of the 5th amendment by Orestesx · · Score: 5, Insightful

    I always thought the 5th amendment served two main purposes:

    1. Prevent the government from compelling individuals to confess (through torture, or other means).
    2. Give weight to confessions by ensuring that they were not obtained through torture.

    Perhaps it will be illustrative to take the computer out of it, since we tend to get distracted by the technology. To me it seems pretty clear that if someone is arrested carrying a letter that was encoded with a cipher with information that may or may not be relevant to the case, that the person could not be compelled under law to explain how to decrypt the letter, whether to law enforcement or in court. Of course that couldn't stop the officials from attempting to break the cipher. But just because modern encryption is more difficult to crack than a hand cipher, I don't believe that changes the nature of the situation.

  10. Re:Interesting development by tomz16 · · Score: 4, Insightful

    Statements such as these are often made by paranoid conspiracy nuts and dutifully repeated by people that have no absolutely no clue about how science works. There are some things money just can't buy today... A quantum computer entails decades worth of research in physics, chemistry, materials research, etc. etc. It's not really a task possible by a secret group of people working separately from the main academic community.

    If there is anything that you should have learned from reading all of those articles about quantum computing, is that it's friggin HARD. Any quantum device complicated enough to even be remotely useful in breaking encryption is many decades away. This is because it will take centuries of man hours and armies of graduate students in multiple fields to crack this nut. There still need to be tens of thousands of PhD's written on related topics before you can even dream of starting construction.

    In order to have a secret working quantum computer, the US government would have had to have been actively working on the technology since long before traditional silicon computing took hold... hell, long before the idea of quantum computing for decryption even tickled our imaginations. They would have had to independently train a clandestine army of engineers and physicists that far outclassed our brightest minds in academia. These people would have had to replicate ALL of our modern advances decades earlier (which, btw. is not apparent from any other military technology). The resources required for a project like this are simply staggaring, and I estimate that the financial costs would have EASILY been in the trillions of dollars.

    We certainly do spend enormous amounts of capital on military R&D in the USA, and there are many important technologies where the military is years ahead of commercial efforts. However from numerous projects that have bee declassified over the years, this advantage usually only involves the effective weaponization / improvement of currently existing/proven technologies. The military is only ahead in the little details of practical implementations, and not the fundamental scientific principles. In short, claiming the existence of some secret quantum computer is akin to claiming the US military had Joint Strike Fighters before the Wright brothers even made their first flight.

  11. Re:I was wondering... by jthill · · Score: 4, Insightful

    I can't understand the USians saying that it's OK for the law to block a criminal investigation

    You advocate punishing people for not confessing a crime?

    Get a grip.

    --
    As always, all IMO. Insert "I think" everywhere grammatically possible.
  12. Re:Interesting development by TheRaven64 · · Score: 4, Insightful
    Do you have even a basic understanding of maths? There are 2^2048 possible 2048-bit keys. If you split it between 2 computers, each has to do 2^2047. If you split it between 256 (2^8) then each has to do 2^2040. Split it between 1024 (2^10)? Each is still doing 2^2038. Maybe you've got over four billion computers. In that case, you only need to do around 2^2006 on each one.

    In case you still have no concept of how big this number is, there are estimated to be around 10^80 atoms in the universe, which is around 2^266. That means that each of your four billion computers is having try 2^1740 keys for every atom in the universe.

    To put it another way: Let's assume each of your four billion computers is a few orders of magnitude faster than anything I know of and can try four billion keys a second, giving you a total of around 2^64 keys tried per second. This means you can do around 2^76 per day. At this rate (and don't forget that we are assuming that you have almost as many computers that are orders of magnitude faster than anything real as there are people in the world) it will take you 2^1972 days to do an exhaustive search (although on average it will only take you 2^1971 days to find the key). For those following at home, that's around 2^1962 years. For reference, the universe is approximately 13.7 billion years old, which is a shade under 2^34 years.

    In summary, if every atom in the universe was a computer that ran orders of magnitude faster than anything we can build today, and it ran for the life of the universe to date, you would not be able to crack a single 2048-bit message. If, however, you have a quantum computer, then you might be able to.

    --
    I am TheRaven on Soylent News