FBI Failed To Break Encryption of Hard Drives

benoliver writes to let us know that the FBI has failed to decrypt files of a Brazilian banker accused of financial crimes by Brazilian law enforcement, after a year of attempts. Five hard drives were seized by federal police at the apartment of banker Daniel Dantas, in Rio de Janeiro, during Operation Satyagraha in July 2008. (The link is to a Google translation of the original article in Portuguese.) The article in English mentions two encryption programs, one Truecrypt and the other unnamed. 256-bit AES was used, and apparently both the Brazilian police and the FBI tried dictionary attacks against it. No Brazilian law exists to force Dantas to produce the password(s).

That's what they *want* you to believe

Just because you're paranoid does NOT mean that no one's out to get you.

And you KNOW the government is out to get you.

Re:Wrong Agency

[DarkDespair5]

No, AES has been independently vetted and attacked by multiple security organizations. The only flaws that have been discovered in the algorithm are minor and inconsequential. The NSA is a double-edged sword - they help with useful security tools such as SELinux as well as their traditional spook espionage. The NSA can't crack AES even with a supercomputer (right now, and only if the user has a decent password and/or 2-factor authentication).

Re:US Laws?

[hedwards]

Not without violating the 5th amendment. If you can get the key via keylogger or malware it's fair game, otherwise they have to willingly provide it or you've got to crack it. But the constitution as it stands, does not allow the authorities to compel a suspect to produce the files.

Re:is waterboarding next to get the info?

[keeboo]

That's not offtopic. If they want the info bad enough, that is what they will do. And nobody will be able to prove a damn thing.

In Brazil, proofs produced by illegal means cannot be used (Federal Constitution, Art. 5, Inc. LVI).

Also, commiting a crime in order to produce proofs is aggravated up to a 1/3 (Decree-Law 2.848, Art. 342, Par. 1).

Re:is waterboarding next to get the info?

[keeboo]

Someone modded the parent "flamebait" but that's an interesting point IMO.

The "problem" in Brazil is that, even if you're willing to do thing in a not-quite-right way, that's seldom viable in practice - specially in high profile cases with lots of expensive lawyers.

Why is that? The current Brazilian Constitution (created in 1988) and several key laws give lots of rights to the accused ones.
That's all nice and stuff, but many people (myself included) believe that they went too far and, basically, criminals are being treated like defenceless babies.
One thing you can hear about the Federal Constitution is that it was created "under the (left-wing) political prisoner syndrome". That is, back in 1988 the politicians wanted to avoid human rights abuses like the ones from the 1960s and 1970s (during the militar government), but (though well intended) they went too far.

The result is that it made criminal prosecution very hard in Brazil.

You know what immunity means, right?

[Sycraft-fu]

Immunity means "Immunity against prosecution." So this is not the sort of thing they can use against someone. They can't say "You are immune from prosecution, now testify about your crimes. Ok, you testified, now we are going to charge you with those crimes." The person was given immunity from prosecution, can't prosecute them for those crimes.

The point of immunity is securing someone's testimony against another party. So lets say you and I had committed some crimes together. However your part was pretty minor, you'd done little things and you weren't the guy planning things. The prosecutors decide I'm the one they really want, you are just a petty crook they don't care about. However, you won't testify against me, not because you are scared of me but because in doing so you'd admit to your own crimes. They say "Ok we'll grant you immunity. Any crimes you testify about committing, you can't be prosecuted for." You then go and testify to all the stuff I've done. I go to jail, you do not.

Immunity isn't some magic way to make the 5th amendment disappear. What it does is protect someone's 5th amendment rights, while allowing them to testify. The 5th amendment says you can't be made to testify against yourself. So, if you are immune from being prosecuted there is no violation of your rights. Your testimony is not being used against you.

For the same reason they can't say "Ahhh! We had our fingers crossed! Deal doesn't count!" In that case your lawyer would argue to have your testimony, and any evidence as a result of it, suppressed. You only testified because you believed it could not be used against you, and there is a written deal to that effect. If they revoke the deal, then that violates your rights. A judge would then suppress the testimony, and all evidence that comes from it (US courts use a "poisoned fruit" idea that evidence that comes from a violation of rights itself cannot be used). Your lawyer then has the court dismiss the case due to lack of evidence.

Re:You know what immunity means, right?

[Sycraft-fu]

No, not so much. For one, any competent defense attorney will ensure that any immunity offer extends to all related crimes. So suppose you rob a convenience store. In the process of the robbery you hold a gun to the clerk, force them to the floor, and tie them up. There are multiple other crimes there, like assault with a deadly weapon. For any immunity offer, your lawyer would demand it for everything. They aren't going to say "Sure immunity on the robbery charge is fine, never mind that testifying about it will get you convicted of other things." Again if they tried to force it, that would be a 5th amendment violation.

Then there's the fact that related crimes must be tried together because of double jeopardy. The state can't get around that by repeatedly charging you with new crimes for the same event. For example suppose you break in to someone's house, kill them, and burn it down. The state cannot charge you with murder 2, then when you are found not guilty, bring you back with a charge of manslaughter 1, then when that fails charge you with arson, and so on. They can charge you with all those things, but they have to bring it all to trial at the same time if ti was all part of the same crime.

Again: Immunity is NOT some end run around the 5th amendment. If it was, judges would just not allow it. On the prosecution side of the isle, it is not about trying to find tricks or technicalities that allow you to violate someone's rights. The courts don't go for that. They very much require that the spirit of the law be obeyed. You can't come up with a convoluted scheme and then try and say well technically we didn't FORCE him to testify against himself. The judge will say "Nope, you violated his 5th amendment rights, it's all out."

What you may be thinking of is deals, which are different. Trials are expensive, so when possible the state would rather not have one. They'd rather get someone to plead guilty. Often what they'll do in that case is drop various charges. So if you agree to plead to robbery, they drop the assault charges and so on. That is perfectly legal. There is no rights violations, you are pleading guilty, and the agreed upon charges are being dropped.

Re:Wrong Agency

[rotide]

Or the obvious, if it was known to be easily breakable, the US Government standard for encryption of Top Secret information would be something other than AES. But no, AES _is_ the standard for Top Secret information encryption.