Slashdot Mirror
DOJ: We Can Force You To Decrypt That Laptop
betterunixthanunix writes "A mortgage-fraud case may have widespread implications for criminals who use cryptography to hide evidence. The US Department of Justice is pushing for the defendant to be forced to decrypt her hard drive, claiming that if they cannot force such decryptions, law enforcement will be unable to gather important evidence. The defendant's lawyer and the Electronic Frontier Foundation have made the claim that forcing such a decryption would be a violation of the defendant's fifth amendment right not to self-incriminate. The prosecutor in the case has insisted that the defendant would not be forced to disclose her passphrase, but only to enter the passphrase into a computer to decrypt the drive."
Here's a presentation discussing the issue of force password disclosures and laptops I gave at DefCon 17: http://www.youtube.com/watch?v=ibQGWXfWc7c
Check the law and make up your own mind.
If it's anything like the movies, a search warrant allows police to search property by any means necessary. So no, they can't force you to open a safe, but they can certainly force the safe open (which, for a safe almost any private citizen can afford, is not terribly challenging.) The thing about encryption is that it isn't so much a "safe", it's more analogous to a private citizen having their own moon on which to store valuables. Getting access to it isn't a matter of will, its a matter of effort (years and years of crunching, even for a massive supercomputer.) As long as the only way to unlock the encryption is in your head, they can't legally force it out.
Do they have to show cause first or is this a new tool in the arsenal of the TSA?
You guys need to get your government departments straight. This is NOT the TSA. The TSA are the ones at Fargo International Airport who x-ray your flip-flops and make sure you're not taking nail clippers onto an airplane. They're not tasked with searching your laptop - They're only tasked with X-raying your laptop and your kid's teddy to make sure there isn't a bomb inside. If they suspect criminal activity they have to call the police.
The US CBP (Customs and Border Protection) *do* have the right to search the contents (i.e. files) of your laptop when you are entering the USA. They can search your laptop, search your luggage and search your person. In the same way they can require you to open a locked box that you might be travelling with, they are require you to open your 'locked' laptop. The courts have backed them up - See: http://news.cnet.com/8301-13578_3-10172866-38.html
So don't get TSA and CBP mixed up - They're different.
[Insert dozens of obligatory Slashdot posts here about TrueCrypt "Plausible Deniability" here.]
Finally, note that this article has nothing to do with airport or border security - It's about a court case.
That pesky constitution is why. For that matter, the supreme court has already ruled on this issue. In the US you cannot be forced to give up a password. The DOJ can bitch all they want, but it's already a settled issue.
"The courts have backed them up ..."
Wrong, in the general sense. The courts can force you to reveal your passwords, only in cases where they can already show that the encrypted data contains something illegal. They do NOT have the right to force you to reveal your password or decrypt your data just so they can find "evidence".
The article you point to in that link failed to emphasize that the customs agents had already seen child pornography that was contained in his encrypted data. Therefore, they already knew that there was illegal material in it.
The courts have NOT supported forcing someone to reveal encrypted data under any other circumstances.