Slashdot Mirror
DOJ: We Can Force You To Decrypt That Laptop
betterunixthanunix writes "A mortgage-fraud case may have widespread implications for criminals who use cryptography to hide evidence. The US Department of Justice is pushing for the defendant to be forced to decrypt her hard drive, claiming that if they cannot force such decryptions, law enforcement will be unable to gather important evidence. The defendant's lawyer and the Electronic Frontier Foundation have made the claim that forcing such a decryption would be a violation of the defendant's fifth amendment right not to self-incriminate. The prosecutor in the case has insisted that the defendant would not be forced to disclose her passphrase, but only to enter the passphrase into a computer to decrypt the drive."
From TFA:
Much of the discussion has been about what analogy comes closest. Prosecutors tend to view PGP passphrases as akin to someone possessing a key to a safe filled with incriminating documents. That person can, in general, be legally compelled to hand over the key. Other examples include the U.S. Supreme Court saying that defendants can be forced to provide fingerprints, blood samples, or voice recordings.
That sounds like a rather spot on analogy. Sounds like precedent is against her. The argument that the passphrase, itself, is the incriminating self-testimony seems really weak, both because the passphrase is not being required, and because the passphrase is not, in the end, what will incriminate her.
IANAL, of course.
Here's a presentation discussing the issue of force password disclosures and laptops I gave at DefCon 17: http://www.youtube.com/watch?v=ibQGWXfWc7c
Check the law and make up your own mind.
I am no lawyer, but the argument that this is a fifth amendment issue seems strong to me.
How is allowing the defendant to keep the password private a meaningful concession? The password has no value if the hard drive has been decrypted.
The prosecutor in the case has insisted that the defendant would not be forced to disclose her passphrase, but only to enter the passphrase into a computer to decrypt the drive."
That would still seem to violate the 5th amendment. The relevant text is bolded below:
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
Anyone of more legal background care to comment?
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
obstruction of justice.
probably that's what they'd say.
but which would you rather 'deal with' - that or the fact that they successfully stole your soul? so to speak. forcing someone to unlock their most private journal is a sign of an evil state.
I am under no obligation to comply with the illegal and unconstitutional wishes of evil leaders or states.
but you may have hit on something: if they raise the anty and sell the idea to the public that they are now 'forced' to unlock their journals, I do expect to see more 'destroy on tamper' seals on things.
tit for tat. hey gov, you really want to fight your own people in this way? re-think that, guys. this is not a fight you want with the geek population. we actually outnumber you!
--
"It is now safe to switch off your computer."
Sadly this is taking a leaf out of the UK's book. I say sadly, sad that we got there first on this sort of nonsense. It's a crime not to reveal passwords when required to do so. It's part of the Regulation of Investigatory Power Act 2000 (look it up!)
If I recall someone demonstrated the stupidity of it by sending an encrypted file to the then home secretary. He was then in possession of a file that he could not possibly decrypt, but it would be a criminal offence for him not to supply the passphrase to decrypt it if required to do so. In other words, a law that he could not possibly obey no matter how much he wanted to.
Despite this demonstration of the stupidity of the act, I believe it still stands.
Sigs are so 1990s. No way would I be seen dead with one.
"The prosecutor in the case has insisted that the defendant would not be forced to disclose her passphrase, but only to enter the passphrase into a computer to decrypt the drive."
I can see that there is a difference between forcing the disclosure of the password and being able to read something that is already decrypted, however I can't see how that wouldn't still be self-incrimination. I assume the police would either bring her to the evidence room and tell her to enter the passphrase, or they would simply demand that she deliver an un-encrypted copy of the drive. Either way they are forcing her to give up evidence that may be used to incriminate. This seems to be a seriously frightening precedent to set.
They would never be able to take someone accused of murder and say, in effect: "look, we KNOW you did it, we just lack all the evidence needed to convict. You are now ordered to show us every place you visited on the day in question, including where the body is hidden."
-d
"Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
Whoever said that you have to arrange your papers and effects in such a way that the government can understand it?
Does this also apply to paper documents?
Are you not allowed to write your thoughts in a coded manner?
Is it also OK to use euphemisms in your diary?
Is it the government's position that you also have to interpret your diary for the prosecution?
I'm not a lawyer, but I play one on the Internet. Blog
sounds like the best course of action is to say you forgot your passphrase. Problem solved.
That's what the 5th Amendment is about ... you don't have to do their work for them.
now we need to go OSS in diesel cars
If it's anything like the movies, a search warrant allows police to search property by any means necessary. So no, they can't force you to open a safe, but they can certainly force the safe open (which, for a safe almost any private citizen can afford, is not terribly challenging.) The thing about encryption is that it isn't so much a "safe", it's more analogous to a private citizen having their own moon on which to store valuables. Getting access to it isn't a matter of will, its a matter of effort (years and years of crunching, even for a massive supercomputer.) As long as the only way to unlock the encryption is in your head, they can't legally force it out.
You shouldn't need to be forced to clear yourself either.
"I'm sorry, but I don't recall my passphrase. I guess the stress of this case has made me forget it!"
Wow! That actually is my passphrase.
The thing about encryption is that it isn't so much a "safe", it's more analogous to a private citizen having their own moon on which to store valuables.
It is more akin to speaking and writing everything in your own private language, and forcing the police to determine how to translate that language.
Palm trees and 8
How do I prevent them from adding anything to the system after it is in their possession.
If I turn over my key to the encryption I want a method to ensure than anything they use against me was put there by me, not by them afterward.
Can that be done?
After all, if they are willing to force an issue you can be sure some will make sure something is wrong. Its not like the current Administration is concerned about the rights of its citizens, they are making Bush Jr look like a staunch civil liberties advocate
* Winners compare their achievements to their goals, losers compare theirs to that of others.
Do they have to show cause first or is this a new tool in the arsenal of the TSA?
You guys need to get your government departments straight. This is NOT the TSA. The TSA are the ones at Fargo International Airport who x-ray your flip-flops and make sure you're not taking nail clippers onto an airplane. They're not tasked with searching your laptop - They're only tasked with X-raying your laptop and your kid's teddy to make sure there isn't a bomb inside. If they suspect criminal activity they have to call the police.
The US CBP (Customs and Border Protection) *do* have the right to search the contents (i.e. files) of your laptop when you are entering the USA. They can search your laptop, search your luggage and search your person. In the same way they can require you to open a locked box that you might be travelling with, they are require you to open your 'locked' laptop. The courts have backed them up - See: http://news.cnet.com/8301-13578_3-10172866-38.html
So don't get TSA and CBP mixed up - They're different.
[Insert dozens of obligatory Slashdot posts here about TrueCrypt "Plausible Deniability" here.]
Finally, note that this article has nothing to do with airport or border security - It's about a court case.
I hope the defendant doesn't give in. Personally, I'd rather sit in jail on contempt of court charges than go to big boy prison for whatever the state were investigating me for. At least with the contempt of court charges, I run the chance of becoming a cause celeb for standing up for principles, which is way better than being convicted of a crime.
I got into an argument about this very case with my (non-American) girlfriend the other day. She honestly doesn't get the fifth amendment and assumes that anyone who invokes it is basically admitting guilt, which isn't the case. She's from central America. You would think that people down in that part of the world would have some recent memory of unjust laws. Just because something is the law, doesn't make it right, and it is better for all of us that we keep the fifth amendment intact for cases when the law is not just than to violate it just so that someone can get convicted of fraud, murder or anything else.
Actually, NO, they are not allowed the privilege to "not agree".
If you invoke the Fifth in a criminal case, discussion STOPS. On the spot and there is NO further questioning allowed. Regardless of whether it's a State or Federal Court, per the Fourteenth Amendment and the Fifth.
If you invoke the Fourth and can PROVE that they violated that one, Case DIES on the spot. No further discussion, all evidence that stems from the improper warrant action must be discarded and is forever usable. Again, this is regardless of whether it's a State or Federal Court.
Now...what remains is whether this court deems the forcing you to decrypt things is a violation of the Fifth. Personally, I see it as being so. It's making you potentially incriminate yourself- which is PRECISELY what the Amendment was intended to prevent. It's irrelevant what form that self-incrimination takes. If they don't "see" it that way, you can bet your bottom dollar it'll be appealed right up to the Supreme Court because it's just that- a direct violation of the Fifth as much as forcing testimony out of you on the stand or in a police interrogation room.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
That pesky constitution is why. For that matter, the supreme court has already ruled on this issue. In the US you cannot be forced to give up a password. The DOJ can bitch all they want, but it's already a settled issue.
Perhaps the problem is that the graphics they're using to crack the password just aren't fancy enough...
If the masses can keep you down, you're not the Ubermensch.
"The courts have backed them up ..."
Wrong, in the general sense. The courts can force you to reveal your passwords, only in cases where they can already show that the encrypted data contains something illegal. They do NOT have the right to force you to reveal your password or decrypt your data just so they can find "evidence".
The article you point to in that link failed to emphasize that the customs agents had already seen child pornography that was contained in his encrypted data. Therefore, they already knew that there was illegal material in it.
The courts have NOT supported forcing someone to reveal encrypted data under any other circumstances.
The thing about encryption is that it isn't so much a "safe", it's more analogous to a private citizen having their own moon on which to store valuables.
It is more akin to speaking and writing everything in your own private language, and forcing the police to determine how to translate that language.
Actually, it's like putting the evidence far away and making the police fetch it in your car, only they have to hotwire it because you don't give them the keys...
Yeah, I know it sucks, but at least I *tried* to put it automotive terms.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.