Slashdot Mirror
US Judge Rules Defendant Can Be Forced To Decrypt Hard Drive
A Commentor writes "Perhaps to balance the good news with the Supreme Court ruling on GPS, a judge in Colorado has ordered a defendant to decrypt her hard drive. The government doesn't have the capability to break the PGP encryption, and 'the Fifth Amendment is not implicated by requiring production of the unencrypted contents' of the defendant's computer."
If you don't, you'll have to see a man with a $5 wrench...
If there's incriminating evidence, surely this is a perfect example on why the person can't decrypt as it WOULD self incriminate them!
Waiting for an amusing sig.
"I forgot."
Issuing a warrant to enter a locked home?
Let the metaphor battles begin. I wonder which one convinced the judge that this was a reasonable thing to order.
If there's something in it, that they think related to a case, and can get a judge to approve a warrant, why wouldn't you be expected to produce it? Or do you think you can avoid a blood draw, or a recorded phone call not be used against you?
A confession is one thing. That's new evidence. Evidence you've already produced, now that's another matter.
I find it funny that a quick search on the subject yielded an article from the same site, with the opposite finding.
Article in 2007: Judge: Man can't be forced to divulge encryption passphrase
http://news.cnet.com/8301-13578_3-9834495-38.html
Article in 2012: Judge: Americans can be forced to decrypt their laptops
http://news.cnet.com/8301-31921_3-57364330-281/judge-americans-can-be-forced-to-decrypt-their-laptops/
I'm fine with them breaking your encryption if they have probable cause; however, forcing you to give the password does seem to have a pretty straight-forward logical path to incriminating yourself (Especially if you are guilty and a subsequent search will yield something on the device).
Store the keys on a usb drive and don't memorise them. physically destroy the usb drive when you want the data effectively gone.
Now there's a solid reason to start using Truecrypt's hidden volumes. Like hell I'm going to risk having all my private data added to some poorly-secured government database, let alone have every finance-related username and password placed in the hands of some unaccountable underpaid government goon.
This kills the fifth amendment, and the NDAA killed the first, fourth, and sixth amendments. The second amendment has been dead for decades. I think only the 21st amendment is safe in the entire constitution.
Depends on what is stored on that drive i would say No, and take the contempt of court charges.
If the cipher doesn't require the ciphertext to give you a test for determining whether a given key is the right one, then you can claim that any key (including one you just made up from a thermal noise source) is the "real" key, and the fact that it decrypts to gibberish just means you were storing gibberish on the computer.
You won't be believed, but then at that point -- where the government gets to cross-examine and challenge your purported key -- you're pretty clearly coercing testimony, and much more obviously violating the fifth.
Information theory is life. The rest is just the KL divergence.
First encrypt the naughty data into innocent decoy data with some reversible function/key.
Second... do a normal encryption on the decoy.
I suppose to do the first step would require a key as large as the data itself.
if this would happen to me, it would go down like this: ;)
"This is the USB stick with the encryption key. Which was itself encrypted. The password I know, was only usable to decrypt the encryption key, which would then have then be used to decrypt the hard drive. You can have that password. It is 'hunter2'.
As you can clearly see, the stick is destroyed beyond recoverability, preventing cold forensics Since the moment you came through my door, to be precise.
My computer automatically overwrote its RAM and cache and crashed on removal detection, preventing hot forensics.
In other words: Go fuck yourselves, faggots!"
Of course, then again, I'd not be dumb enough to get caught in the first place.
Since the laws mean nothing in the US anymore. TrueCrypt goes into great detail about making a decoy OS: http://www.truecrypt.org/docs/?s=hidden-operating-system
"You will obey or molten silver will be poured into your ears."
That's a fitting random quote from Slashdot if I ever saw one. Perhaps that's an implied part of "facing the consequences including contempt of court".
rm -rf /
5th amendment protects one against oral testimony against oneself, not self-incrimination or being forced to provide evidence.
"Where is my mind?"
I think it was on one of my shitty usb sticks lol, those things die constantly, I dont even know why i stored it there in the first place lol
Where did you hide the gun?
That is really the same question. Give us information so we can do you over.
Where is the right to remain silent?
What if you type in 1234 and then say "hmmm. It did not work! It did before!" They can't put you under oath if you do not wish. You must avoid swearing a oath for the rest of you life but hey the are so screwed except for the current supreme court not really doing the job.
I remember reading about how it is illegal in the UK not to decrypt the contents of your computer if ordered to do so. Then as now I still think the best solution is a self-destructing key of some sort that deletes itself without user interaction.
Just wondering...
Just make your password be a confession to a crime. Then, reveling it would be a confession to a crime, which is self-incrimination by definition. If they were to offer some kind of immunity deal to induce you to reveal the password, you could have made your confession be to the crime of copyright infringement on the file in question.
Who cares about the 5th amendment.
What about the 4th?
"Sorry your honor, I used a very long password made up of computer-generated, random characters: one that I could not possibly remember. I had it written on a scrap of paper on my desk and would only need to type it in on the infrequent chance that I had to reboot my computer. .... You should ask the detectives to re-search through the evidence they collected as the scrap of paper is likely in what they took."
The people shall be secure in their... effects ...papers...
As a society that hadn't even conceived of electronics, much less computers, I'm quite certain that they would have considered electronic documents to be equivalent to "papers".
Yet another nail in the heart of the US Constitution, and another denial of fundamental rights.
However, if the court issues a subpoena and/or a warrant for the papers, the court is entitled to access them, even if they're on an encrypted device. I'm not sure a simple judicial order from the bench qualifies, but certainly if the judge SIGNS an order he's in the right.
The protection of the constitution is against unreasonable search and seizure, not against justified and documented court inquiries.
I could see how some might wish to treat this as a Fifth Amendment issue, but the documents presumably exist on the hard drive. There is no additional information being demanded of the individual, only that they turn over EXISTING evidence.
I do not fail; I succeed at finding out what does not work.
Remember, kids: if you have to do something illegal, do not write it down. Anywhere. Once you do, it's no longer something contained solely in your mind and nowhere else, and it is probably subject to subpoena, which will be deemed eminently legal. Don't put it in your diary. Don't tell anyone (you'll lose your expectation of privacy). If you must break the law, never ever speak about it. Do it and move on.
"Prosecutors in this case have stressed that they don't actually require the passphrase itself, and today's order appears to permit Fricosu to type it in and unlock the files without anyone looking over her shoulder. They say they want only the decrypted data and are not demanding "the password to the drive, either orally or in written form."
So this quote makes me wonder, what encryption software is out there that can be configured with a "doomsday" passphrase that will automatically begin some sort of secure delete process when entered? Of course with a fancy "decryption in progress" dialog window or something?
I guess if they figure out what you did, you could be charged with destruction of evidence but if that is a lesser sentence than the wire fraud it wouldn't be a bad move.
The court looks refusal to answer a subpoena for information as obstruction. You have the right not to provide incriminating information. You do not have a right not to provide innocuous information which might lead to incriminating information.
This is stupid as a matter of policy. If I'm a criminal, and I want to keep my data a secret, then I just hide it within some other piece of legitimate data. All I have to do is encode my data within the low bits of a video or an audio file, and I'm there. To the police, it looks like an ordinary media file (with perhaps a little noise.) I predict that someone will write a driver within 6 months that mounts that noisy porno film as a filesystem. When it comes to technology, judges might as well be wearing baby bonnets and sucking their thumbs.
I didn't read, I don't know what this person is accused of. In the interest of objectivity, I don't want to know. He/she/it may be deserving of The Chair for all I know, but it's a right which is near and dear to our Previously Glorious Country's very foundation that if you choose to do so, you can refrain from saying or admitting evidence that may OR MAY NOT incriminate you. You are only refusing to give the prosecution potential evidence to incriminate you, and do you think you really understand all of the laws where you live better than your tax-payer funded local prosecutors?? And in Today's America, damn near any admission to police can incriminate you in one way or another. Therefore, pleading the 5th should be the default response to police questioning, it's an exorcise of your rights. It's NOT an admission of guilt, it's an embrace of your Constitutional rights. Police are trained to find a way to get you to say something, anything which is not 100% true, and from there they can tear apart your character in court and win a conviction. I've been there and seen it,as soon as an officer can contradict ANYTHING you say in court, you are finished in the eyes of most judges. The courts do not care, their salary is dependent upon convicting and fining a certain percentage of people. You don't have to be a master criminal, you just have to be a citizen that doesn't understand our modern justice system and it's goals. Not saying anything is not only your right, but it prevents police and prosecutors from turning your words against you. In other words, NEVER talk to police.... be it a statement or password.
No American judge gonna force me to decrypt anything !
I ain't gonna buckle under America's draconian laws
Muchas Gracias, Señor Edward Snowden !
This is actually a legal grey area. You can legally be forced to turn over physical evidence and records *if* the prosecution can convince a judge that there is reasonable evidence that you are in possession of said evidence. *Property* can be seized with due process of law. In this case, it's reasonable to compare the encrypted data (as was mentioned previously) with the contents of a safe. They do have a legal right to seize the contents of the safe, with due process of course.
You cannot be forced to be a witness against yourself. This implies only verbal testimony once you consider that property, freedom, and even your life can be seized as it is written.
Existing case law in a federal court in my home state says otherwise. Off to the SCOTUS we go?
Thank goodness for Truecrypt's ability to handle hidden volumes...
Suspect: "Oh, sure I'll decrypt my hard drive... Oh, so you found nothing except old school assignments, pictures of me with ex girlfriends and some backed up freeware and songs I happen to own...? How fortunate for me? ...No, I don't find it at all suspicious that only 5% of my drive is being used...in fact, please excuse me and I'll tend to that right away...by downloading some public domain ebooks..."
And the "justice" system is thereby owned...
Preface
There are two kinds of cryptography in this world: cryptography that will stop your kid sister reading your files, and cryptography that will stop major governments from reading your files. This book is about the latter.
[...] The lesson here is that it is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics. Encryption is too important to be left solely to the governments.
This book gives you the tools you need to protect your own privacy; cryptography products may be declared illegal, but the information will never be.
I fear that Bruce Schneier was being too optimistic although in another part of the book he asks in passing what would happen to civil liberties in the US if there was a major terrorist attack in New York City. The 2nd edition was copyrighted in 1996. It is still a great book IMO.
We don't see the world as it is, we see it as we are.
-- Anais Nin
'the Fifth Amendment is not implicated by requiring production of the unencrypted contents' of the defendant's computer.
What?!? It's okay to insist I provide you with the unencrypted contents of my encrypted filesystem? What? Why do you suppose I encrypted it in the first place, just for discussion purposes of course, ... Like you never in a month of days have any damned right whatsoever to read it in the first place if it's my private encrypted data?
You people are insane to put up with this !@#$. ... And I wish more people were tossing molotov cocktails into MafiAA offices, *BUT THAT'S JUST ME STATING AN OPINION, NOT ADVOCATING A COURSE OF ACTION, ffs!
"Tongue tied and twisted, just an Earth bound misfit
Horrible place filled with human scum.
If they don't know there is encrypted information they can't ask you to reveal a password.
Hide it. Bury the data in meta data. Bury it in unwritten space on a partition. Then there is always the cloud. Bury your login and password and connection history in the machine somehow and then put the real meat of hte data in the cloud somewhere. Almost impossible for anyone to find it out there.
Finally... there is the science fiction notion of a "data haven"... sort of like a tax shelter for data. Places where you can store information and it can't be summoned without the authorization of the user. Compelling someone to reveal the data again would be problematic because the authorities won't know what the right user name might be... Ideally have more then one... one that has nothing in it and another that has everything.
Legality aside... people will find ways to hide information and keep it secret. So if a password protected partition doesn't work... then they need to come up with another system.
I like security through obscurity... The trick is to always have enough novel ways to hide the data that the authorities don't get expert in your means.
Survival of the weirdest.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Simpler solution: When they ask if it's your laptop, don't answer. Don't shrug, don't nod, don't wave your hand. Just...take a nap until your lawyer gets there.
In short, plead the 5th amendment at the stage where they are asking if you have the key (a question that could be phrased in many ways, so as always it comes back to DON'T TALK TO THE POLICE).
I think what we need is a new encryption system with embedded stenography. We could combine multiple documents into one. You have no idea how many documents are in the binary data you receive. And with every key you can only decode one document from the stream.
This would enable you to have dummy documents or just garbage.
With multiple keys you can always claim you lost some keys... And it does happen, you get the same sinking feelings as when your hard drive crashes.
But the ruling is wrong. This is clearly self incrimination. Your giving testimony and evidence that can and will be used against you.
The key to unencrypt that drive was a 4096 string of random bits. It was on that USB key you found in my microwave. Any other questions?
Has anyone actually read the 5th? If not here is is:
"No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation"
The few words that are relevant here are "nor shall be compelled in any criminal case to be a witness against himself".
A defendant does not have to answer questions about a case but has to allow lawful searches and provide subpoenaed documents in readable form. If those documents or other evidence is in a safe the defendant is required to open the safe. To me that is the same thing as providing a password.
Another point is that the founding fathers never conceived of a situation where evidence could be hidden in plain sight by using a special word. They never took that into account when they wrote the amendment and interpretation has to change to take that issue into account.
What the fuck can they do?? Coercion and torture and denial of liberty isn't going to miraculously spawn useful recall.
Operation Guillotine is in effect.
Doesn't anyone have an encryption algorithm where one key safely decrypts and the other destructively overwrites?
I am quite confident that the police would attempt lock up a murder suspect till they told where they had hidden the gun if they thought they could get away with it.
All "my gun was stolen six months before my friend was shot " would wind up as a life sentance if they had their way.
Keep a particularly nasty Windows virus on a USB stick. When subpoenaed, plug it in.
Probably won't work on my Mac, though...
#DeleteChrome
If she claims she cannot provide the password for whatever reason (or simply because she forgot) there is nothing they can do. Read the article, it even states that someone cannot be punished for something they cannot do.
They would need evidence she HAS the password at all.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Or can he....
I don't recall your honor.
Just have a secret drive not IN the computer, and a place no one would think to look. then when they unplug everything and take your computer, all the stuff you dont want people to see is still safe. "sur I will type in the password mr judge sir"
Is this your computer Mr. Cortex?
I choose to assert my 5th amendment privileges.
Very well. Would you please enter your password to prove this is your computer?
I choose to assert my 5th amendment privileges. I will take no further action to incriminate myself.
Judge: YOU WILL INCRIMINATE YOURSELF OR YOU WILL BE HELD IN CONTEMPT OF COURT!
. . .
^-- ( that's me, Asserting my 5th amendment privileges. )
Protip: If you know your Constitutional rights, you don't have to obey a Lawyer or Judge who tries to violate them.
Simpler solution: When they ask if it's your laptop, don't answer. Don't shrug, don't nod, don't wave your hand. Just...take a nap until your lawyer gets there.
In short, plead the 5th amendment at the stage where they are asking if you have the key (a question that could be phrased in many ways, so as always it comes back to DON'T TALK TO THE POLICE).
Actually, recent case law has established that you have to explicitly state your right to be silent, and have a lawyer present. Otherwise, they are under no obligation to assume that you have enacted your 5th amendment rights.
The first thing you do when a cop sits you down for an interview is say, "I want a lawyer." And that is all that you should say. At that point, they can no longer talk with you until a lawyer is there. If you just shut up, then they can keep talking and asking you questions all day long.
WARNING! This girl exceeds the MAXIMUM SAFE standards established by the FDA for BRATTINESS
The court requested evidence from her (a hard drive).
She provided the evidence.
Now the court wants her to assist the prosecution in making sense of the evidence so that it may be used against her.
"nor shall be compelled in any criminal case to be a witness against himself" should get an amendment.
I propose this:
"A defendant shall not be compelled in any criminal case to be a witness against himself, nor will he be compelled to assist the court in the organization of evidence against himself."
The 4th specifies the cirumstances under which a search may be conducted legally. I don't see anywhere that it guarantees that authorities will find what they think is there. Nor does it specify that the person or persons so violated must assist. I think keeping out of the way should suffice.
The 5th sure looks to me like it prohibits compelled speech. How much case law is there that equates writing with speech?
The Bill of Rights belongs to all of us, not just to a bunch of authoritarian lawyers who constantly tell us that it doesn't really mean what it says.
Shut the fuck up, you stupid crypto-nazi anarchist. Do you even know what this court case is about? This has ZERO to do with copyright infringement. This is about prosecuting people who are running mortgage scams and stealing the houses out from under desperate people.
Aside from your completely moronic statement (dear god, please have the FBI come in and clear out the vermin running amuck in slashdot -- slashdot's moderating system sure as hell isn't working anymore), in my humble opinion, judging by the need for data security as evidenced by many high profile computer breakins, criminalizing encryption, or allowing government to force people to break their own encryption (in light of an increasingly out of control government) would be a mistake.
That said however, in business transactions, a special case should be made that if you have business related material on a laptop you should not only be required to encrypt it -- but be required to disclose it to government investigators, as well.
It actually holds exactly the opposite! http://docs.justia.com/cases/federal/district-courts/michigan/miedce/2:2009mc50872/241276/4/0.pdf?1269990661 "Accordingly, the Court quashes the subpoena requiring Defendant to testify – giving up his password – thereby protecting his invocation of his Fifth Amendment privilege against compelled self-incrimination."
quash (kwahsh), vb.1. To annul or make void; to terminate (quash an indictment) (quash proceedings); 2. To suppress or subdue; to crush (quash a rebellion). [Black's Law Dictionary, 8e]
geek. lawyer.
All this will do is trip off use of PGP that includes a "duress" password.
Using it will scramble the disk beyond ANY recoverability.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
I think what needs to be considered here is this: is it a) the act of decrypting the data that is justified as court ordered; or is b) the encrypted data in it's form considered tampering with evidence?
I guess the analogy for that argument would be: if I had a hammer and destroyed the evidence, would it be up to me to piece it back together, or up to a someone with the skill and knowledge of doing so to do it, and therefore prove me guilty.
I would say this Judge is not in the clear and it will be overruled by an appeals court, on that premise alone that, even if we destroy evidence, we cannot be convicted of the original charge without evidence. And, like an earlier post mocked, "Bring me the gun that was used in the robbery." The government officials, or those employed by them, need to do the hard work at piecing back together that harddrive data.
What if I do not have the password? On my server, there are a few encrypted files that I do not have the keys for. Not that all uncommon in my trade to get your hands onto some files before you have the matching keys...
I cannot provide keys for these files (if I could, they would have been decrypted already), so what am I supposed to do?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Ramona Fricosu indulged in mortgage fraud. Only the banks, the ratings agencies, and Wall Street are allowed to do that.
Orwell: "In a Time of Universal Deceit, telling the Truth is a Revolutionary Act"
The entire point of the fifth amendment is that you cannot be compelled to provide evidence against yourself. The prosecutor may ask you "where's the body", but you do not have to answer; importantly: refusal to answer cannot be taken as proof of guilt. In the end, the prosecutor has to go find the evidence, to bring it at trial. Here, it is really much the same: The prosecutor may ask you "give us all your incriminating files", and you do not have to do so. If you don't, the prosecutor has the task of getting the files without your aid.
The prosecutor in the case whines that, if the defendant isn't required to decrypt her disk, any criminal could just encrypt anything. He is clearly (probably deliberately) missing the point. The entire intent of the fifth amendment is you do not have to help prosecute yourself.
This ruling will almost certainly be overturned on appeal, unless the defendant's lawyers are incompetent. They will probably be able to get support from the EFF.
Enjoy life! This is not a dress rehearsal.
I will gladly type the password if they provide me with the yellow sticky note that I wrote it down on. I have too many passwords to remember, why should this one be any different. Like anyone can actually remember a password.
Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
A quick google search turning up this sexy product. I have a feeling this will become a standard soon enough among the slashdot crowd.
my mom posts on slashdot.
The 5th has only covered verbal testimony.
And how is the defendant to submit this password without speaking or writing/typing?
Physical objects and information related to those objects have never been considered the same thing as verbal testimony.
And if we were talking about smart cards, I could see your point.
He put his boots up on the table and made a face. "The sig," he smirked. "You can waste your life in search of the sig."
The court can order you to provide the keys to a safe containing documents relevant to trial.
Putting the documents on a hard drive and virtualizing the key seems immaterial.
If you don't want the police to be able to see your files, you're going to have to memorize them.
paintball
He needs a remedial course on the fifth amendment, and the people of the United States need to have him impeached, removed from office, and disbarred.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
You'd be compelled to provide the password, and the contents of the drive would be admissible at trial but the actual password itself would not.
paintball
That's what juries are for. What any juror should do in this case is refuse to convict, period. No matter how routinely the government violates the constitution, it is nevertheless the entirety of the legal basis for the government's very existence, and if a judge chooses to ignore it he is no longer exercising a legally granted power from the people.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Warrants have to specify what you're going to search, and anything else you find as a result of searching the specified items/areas is fair game.
So, if there is a warrant to search your hard drive to see if you recently visited websites on how to poison your wife, and they come to your house and find a body in your freezer, the body isn't admissible.
But, if there is a warrant to search your hard drive to see if you recently visited websites on how to poison your wife, and they discover you've been visitting sites full of kiddie porn, well, you're screwed.
paintball
Something I have always wondered: Suppose they do manage to decrypt her disk (or in another case, the disk isn't even encrypted). What prevents them from planting a couple of incriminating files? How could you ever prove it?
There have been too many cases where it seemed, um, convenient for CP to "unexpectedly" turn up on a defendant's computer. To pick a random example out of zillions: "deputies discovered pornographic images of children on Krohl’s personal computer and hard drive during a unrelated investigation". Somehow, this seems to happen a lot. If they are after your marijuana plant, how logical is it to search your computer? "Look what we found! Perhaps you want to plea bargain?"
Want to see how often it happens? Browse through the results of this Google query...
Enjoy life! This is not a dress rehearsal.
Is there a program that allows for dual encryption keys? Possibly one that will decrypt the data and another that will erase the data from the volume or show a blank volume of the same size? That would allow you to hand over a password and then the investigators would see a blank volume.
Protip: If you know your Constitutional rights, you don't have to obey a Lawyer or Judge who tries to violate them.
You are only partly correct. A judge does have authority over you and he can lock you up for contempt for the rest of your life without a trial even if you are in the right.
Disk encryption software already supports hidden volumes. Even if this kind of decision becomes dominant case law, that won't accomplish anything. People will just start deploying volumes with two passphrases, and when ordered to give up the passphrase, giving up the one that decrypts grandma's recipe collection.
Since there's no way to prove that a second volume exists within the blank space of the first one, encryption will win the day.
I made a PHP/MySQL library that prevents SQL injection & makes coding easier!
I never understood that ''incriminating evidence of another crime, they have to obtain a separate warrant to return for that evidence'' this could be entrapment. They get a warrant on some bullshit just to nose around for something else. Which the FBI always does.. This law should be changed, there are countless people who sit in jail because they were thought to have been involved in a crime being investigated, and get hauled in on some petty crap just so the police can try and keep them in custody and pressure them. With new laws that are suppose to target certain crimes the FBI and police can keep you from legal counsel or tie up your attorney, withhold evidence from your attorney and pressure the attorney to suck you into saying something. Obviously they are trying to fake you out, by saying you will get XXX amount of time for what we found. One could argue the idiots in the media have a lot to do with this, police, DA's just want to have someone arrested and charged to get the media of there backs.
Burden of proof in upon the state. The 5th Amendment protects you from having to testify against yourself which would include giving any information like a password or any thoughts in your head. This should be clear cut and the Circuit Ct judge should really rethink his position (as a US judge). The Constitution is the Supreme Law of the Land. The 5th protects us from ourselves, as do our lawyers. Shame on this judge for posing this dilemma.
AHA! I've got it. The key to all of this, so to speak, is to encrypt the disk with a USB key and then use THAT to kill someone with. Then they can't force you to produce the key as doing so would clearly be an incriminating act. So they're stuck, no way out, no way through, no way around. No key, an encrypted disk, and some poor hapless schmuck sacrificed on the altar of data security. As long as he doesn't bleed on the carpet, I'd say you're in like flint! Or maybe Flynt... one or the other.
Or even better, have the poor hapless schmuck come up with the passphrase that's stored on the USB key and THEN kill him. You don't even know what the pass code is if you wanted to tell....
Only way to know if this bullshit is going to stand is to take it up to the SCOTUS.Divulging a passkey means having to break silence resulting in self incrimination.
Say you use a full disk encryption scheme on the machine, they force you to "decrypt" the hard drive, is that logging in once only to bring the agents to a Ctrl+Alt+Del screen? Is that bringing them to a useable desktop of said machine? Is that fully unencrypting the hard drive of the machine? Now, while my knowledge of PC forensics is limited, if the user was forced to enter their password on the machine to get to CTRL+ALT+DEL, than logged in as a user, what would the police do than? I seem to recall best practice is not to work from the origonal drive, but a duplicate of, how does it complicate the chain of custody for the data on the hard drive? How many times is the user required to re-type in their password? Presuming they dont duplicate the hard drive, if its even possible how does the encrypted data on the hard drive play into the chain of custody? If they dident make a copy becuase they could not, whats not to say "they planted it there"?
You mean after 14 years of butt rape you think you'll acquire a taste for it?
The 5th amendment doesn't protect you from self-incriminating action. You can still be forced to open your safe, produce a gun you're known to possess, etc. The 5th amendment only protects you from testifying against yourself.
I think it's reasonable to adopt a less literal interpretation, and view a password as a key, not as testimony, in this context. A password is functionally equivalent to a key to a safe, and the password itself can't be used as evidence against you, which is the case with testimony.
The problem lies in proving that the suspect actually knows the passsword. We can't have a situation where people are held in contempt of court because they forgot their password. If a suspect says they've forgotten it, they have to be given the benefit of the doubt.
Just use a security-solution that will fail if you are under duress. Say it was in place because there are cyber-threats out there. Having a solution that makes data go lost at your whim is really not that stupid. It makes sense. It will put the person before the data. When people ask about the information, just say that the failsafe has been engaged and that it's a deadlock mechanism. You can probably reconstruct some of it from memory, but you're not sure.
I have a solution like this for deleting hard-drives. I just use encryption on the drives. If I want to delete the entire drive I delete the keys. When I do it like this, I don't have to write over the data to delete them. Because they are encrypted and the key is destroyed. A sufficiently good algorithm of encryption is indistinguishable from random noise, anyway.
Companies routinely encrypt and password protect their documents and email systems, yet are required to produce the specific documents contained in such systems, rather than provide passwords to the entire system. I notice the judge has recognised this and doesn't require production of the password itself, but access to the documents protected by the system. Of course having a sooper sekret encrypted volume would have got round this....
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
> ... a judge in Colorado has ordered a defendant to decrypt her hard drive. The government doesn't have the capability to break the PGP encryption ...
There is no logical connection between the two sub-sentences whatsoever. First sentence is corroborated fact, while the second phrase is just wishful thinking by a basement-dweller.
Ad 1. You do not know what the government can do, because you are not the government and if they can break PGP, it is more than TOP SECRET classified info. Therefore you should not write illusorical leads.
Ad 2. A judge in Colorado also does not know if the gov't can break PGP or not, because said judge is 99.99% likely not a card-holding member of the NSA.
Ad 3. Even if NSA can hack PGP in 10 mins, they are not going to divulge that info just to catch petty criminals or even some run-of-the-mill tenorists, who sing praise of the jihad. They keep those hard-crpyto crack math transmutations for themselves, in case WW3 or something equally important happens to USA.
Ad 4. Iran appears to know how to hack RSA, that is how they downed the RQ-170 stealth drone by sending it doctored GPS updates to "poison" the inertial nav. Except mil-spec GPS is RSA-scrambled, so they had to crack that. Iran in this case probably means russian or chinese math, all three are big in math, but probably not ahead of the NSA in the field of numero-kabbalistic wisdom. I don't think PGP is stronger than RSA.
One that reviles the contents, ... once entered destroys the contents ?
... it is ... "BIG RED BUTTON"
:-)
and one
My password, sure
In your next comment you tell the cop he is in trouble for destroying evidence
That isn't what entrapment means. Entrapment is when they entice you into committing a crime that you were not already planning to commit. For example, if the undercover cop offers you money to commit a crime, and you say no, not your thing, but then they talk you into it.
What if you have multiple containers of encrypted data and dont know (nor never knew) the password to the dummy containers?
What? No discussion on how PGP has already been cracked from the normal idiots? Crazy.
How about a system where you need to enter the password within a certain time frame (within xx hours of the last time you entered it). If not then no password will work ever, no matter what you do. Any attempt at power-on will result in the wipe of the system.
No judge can expect you to figure out a technical bypass and there's no password to reveal.
Sure, all data is lost but that would be better than self-incrimination and whatever else could happen if outsiders got access.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
First, why not use the obvious countermeasure here. When you create an encrypted volume, you should enter 2 keys, not just one. One will unlock your drive, another will appear to unlock your drive, but in fact deletes the contents of the disk entirely. Essentially it replaces the on-disk encryption keys (which is what your password in reality unlocks) with keys that are only useful for the second partition. The second partition is then enlarged to extend over the original copy. Several programs provide this ability (granted they're for-pay and not cheap, but nevertheless, your privacy is worth something to you isn't it ?). This trick is known to have worked in China (that must have taken some serious amount of balls).
This is how banks do it (one code unlocks the safe, another, seemingly identical sets of an explosive charge destroying the vault's contents).
As for the extradition, let's hope for UK encryption users that they do that. After all, in the US, the above judge will probably get called back, providing such horribly weak justification. Even if this stands, the reality is : in the UK there is zero doubt : authorities can imprison you for not revealing passwords to them, in the US there is doubt (as the supreme court has not yet ruled on a case like this), with predictions that this judge's decision will not stand.
Very subtle, adding the bit about Bush about this judge. As if it's relevant. Nobody ever points out that democrat-appointed judges blocked the repeal of slavery for decades ... And that's equally relevant to today's democrats as this decision reflects on republicans.
In the UK, it is established legal precedent to imprison people for refusing to reveal keys. (in fact this can be applied to foreignors in the UK)
And of course nobody seems to have read the entire article. May I present a blatant repeat of a few paragraphs that seem to have escaped most people's attention ?
In March 2010, a federal judge in Michigan ruled that Thomas Kirschner, facing charges of receiving child pornography, would not have to give up his password. That's "protecting his invocation of his Fifth Amendment privilege against compelled self-incrimination," the court ruled (PDF).
A year earlier, a Vermont federal judge concluded that Sebastien Boucher, who a border guard claims had child porn on his Alienware laptop, did not have a Fifth Amendment right to keep the files encrypted. Boucher eventually complied and was convicted. the article fails to mention this was not his laptop, but government property. He had signed that he would provide access to a govt administrator. So an obvious detail : you can rely on ecnryption, but don't rely on your employer doing it for you. Also : read contracts BEFORE signing them
The article provides a thoughtful conclusion :
Much of the discussion has been about what analogy comes closest. Prosecutors tend to view PGP passphrases as akin to someone possessing a key to a safe filled with incriminating documents. That person can, in general, be legally compelled to hand over the key. Other examples include the U.S. Supreme Court saying that defendants can be forced to provide fingerprints, blood samples, or voice recordings.
On the other hand are civil libertarians citing other Supreme Court cases that conclude Americans can't be forced to give "compelled testimonial communications" and extending the legal shield of the Fifth Amendment to encryption passphrases. Courts already have ruled that that such protection extends to the contents of a defendant's minds, the argument goes, so why shouldn't a passphrase be shielded as well?
Would having the sw to mount the porn be enough evidence to assume there is porn to be mounted?
Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
First, why not use the obvious countermeasure here. When you create an encrypted volume, you should enter 2 keys, not just one. One will unlock your drive, another will appear to unlock your drive, but in fact deletes the contents of the disk entirely.
Problem is that forensics officers take backups. They'd back up the drive first and boot from the backup so whether it destroys the data or not is irrelevant. And if you gave the officers the "self destruct" password that horked the backup then that is further evidence that you are up to no good.
What you need instead is a hidden volume. The idea is you have a normal OS and a hidden OS where your dirty secrets reside. You are prompted for a password at boot time and the password you enter determines which volume is booted into. Tools like Truecrypt support this already.
The problem is the very fact you are using an encryption tool which supports hidden volumes is likely to raise suspicions that you have a hidden volume even if they cannot prove one exists. At the very least you would have to ensure the decoy volume looks plausible, e.g. you use it frequently for your non incriminating activities, scatter around some sensitive looking but non incriminating documents, all to give the impression that is the one and only volume. The more plausible the decoy is, the more plausible your defence is after you hand over the key.
Even then they might catch you out. by building up a list of inconsistencies of activity shown by the computer's event log and other logs on the HDD vs what they can glean from other logs. e.g. if they might know you were on the internet at such and such a time, or downloaded a particular file, or your phone says it was USB synced at the time yet your OS has no knowledge of these events. Enough inconsistencies combined with evidence of using crypto that supports hidden volumes combined with other evidence they have might still be sufficient to find you guilty.
I do not have any recollection of the necessary pass phrase.
You can't handle the truth.
Even that doesn't quite fall into entrapment as I've had it described from legal sources.. If it were a uniformed cop, then it would be entrapment - part of it has to be that you know it's someone in a position of authority (IE: the police) - especially if they tell you it's allowed because, hey, it's the police telling you to smuggle these drugs but then they arrest you for possession as soon as they give you the dope.
People forget passwords so often that statistically she could probably prove she cannot remember. Blame the manufacture for not having a way to retrieve a lost/forgotten password.
Hey, if you're gonna do something illegal enough to warrant that level of paranoia, why not go for the gusto. Create a set of files that contain your data. Use steganography (hell, ADS in NTFS so long as the files are within an archive) to embed said data in other files then torrent the damn things. Just put them in "homemade" porn files.
Everyone that torrents them will be adding to your backups and you don't need to store the files locally after you've seeded once.
There's numerous ways to keep files away from your HDD.
The above assumes guilt.
The innocent need a different system. But, there are no truly innocent people; at least, according to our government.
Presumption of innocence is no longer the dominant paradigm. Encryption denotes guilt.
After all, if you're not guilty of anything, why do you need to hide?
Or:
Faux spam encryption? Use white-space/negative-space as the storage. Computer generate text to create "spam", store in spam folder in email.
Or:
2 passwords. 1st password is normal. 2nd password "during decryption" replaces flagged files with seemingly semi-innocuous ones; porn, etc...
BTW, never underestimate the power of porn. You can cram thousands of images into gz.tars to be later inflated into mock file structures. Many ppl like porn and are "ashamed" by it. Just make sure there's nothing illegal in your "collection".
Now, if you're a movie/music/software infringer, you're going to have a significantly harder time. Hundreds of gigs of data can't easily be hidden or stored elsewhere without leaving a trace. It's not like hiding the bodies. Unless your Dahmer, you're generally not into storage, but you probably DO store those files.
"Helping to keep you two steps ahead of the Thought Police!"
Very subtle, adding the bit about Bush about this judge. As if it's relevant. Nobody ever points out that democrat-appointed judges blocked the repeal of slavery for decades ... And that's equally relevant to today's democrats as this decision reflects on republicans.
Bush was supposed to have appointed judges who were against "judicial activism" and were "for limited government". This decision goes against both those philosophies so the bit about Bush was spot on.
Slavery? Come on, you could have tried a little harder and actually found something that was actually relevant...
You are taking your nerd jerk-off way to far. What next, claiming a MP3 does not contain music data until it is combined with a player, a soundcard, a speaker and a codec?
An encrypted message does not contain the message... really, how lost can you get in your mothers basement if you think that even makes sense. The law just doesn't work as you imagine it in your tiny little mind, no serious cryptographer will agree with you either.
It also shows a remarkable lack of understanding on your part. No HD contains just a plain text file, it will be stored as a series of ones and zeroes, no wait, not evnn that but magnetic variances. An encoding if you like that your computer does everytime you write or read a file... for that matter, a word document isn't plain text either. A PDF sure as hell isn't either...
No understanding of computers or the law. You will go far.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
If I was up to no good I be running my "fill in the blank" off a live CD. If you have five seconds to turn the shit off it gone. No fuss no muss.
What you can see from a lot of the posts, or at least the ones not modded down by libertarian nutjobs is the believe that it is the criminal against the system and our only concern should be for the criminal, not the system.
Yes, it is true, the innocent really have nothing to fear from the system, if the system is honest. If the system wasn't honest, they wouldn't need your password, they would simply state they have found evidence and you would be convicted purely on that statement... that is what happens in countries with a less honest system.
The US 5th is often trotted out but they forget that all such things exist in a careful balance. It is the protection of the individual vs the needs of society and that balance does not swing purely one way.
Encryption has thrown a monkey wrench into the works but hardly a new one. People have always tried to hide data tied to crimes from the police, just that in older days the police could call on people smart enough to break the encryption off criminals, With modern encryption software, any idiot can hide data the police need to perform their task of enforcing the law.
But a lot of losers fantasize about hiding god knows what (what do you really have to hide the police is really intrested in and if it is so innocent why have you let your democracy slide so much?) from the police and believe they can re-interpret the law as they see fit without accepting that law is often more about intent then precise wording. Remember this, the constitution was written by slave owners. All your supposed freedoms based on this document that found it perfectly alright to put a man, woman or child in chains for their entire life merely on the idea that they could be owned for no particular reason.
Do you REALLY think these people who in our day would be in jail for life if not actually executed (gosh I wonder how many of their slaves died due to inhuman treatment) would really rule on your side of wanting to hide data about how you embezzled them from the police?
It is similar to the idea people have of some obscure forgotten law having any value. If you managed to find a law in English history that made it legal for you to kill the queen and claim the throne, don't count on it being valid. It is the standard that no law can go against the intent of the law in general. The whole system doesn't go into a robotic Star Trek lockdown if a contradiction occurs, it is simply routed around by asking "what is the intended result from the perspective of our time" and that is what is the new law and the old one simply gets thrown out and ignored.
That is for instance why rights of passage, no matter how fucking old don't apply to aircraft. You can claim your family owned lands X for thousands of years, get evidence that all the kings regonized this and STILL not be able to ban aircraft from flying over.
The intent of the law is that the police have extreme powers of investigation, long ago, in a different age, some white men wrote laws to prevent other white men from some of the excesses of their time such as torture. Not having to testify against yourself is a protection from torture, NOT a police interview and most certainly not the "right" to hide everything.
Same with protection against unreasonable searches. This was supposed to protect people from random searches looking for anything at all to prosecute people with. It is NOT supposed to allow criminals to hide anything they want behind a door and the police unable to go beyond it.
The reason most lawyers are rather snobbish to the average person is that they know this but have to deal everyday with clients who have constructed some fantasy land of law and order in their head and then the lawyer has to carefully explain to people with average IQ's that the law doesn't work like that.
And a good thing too... because we know what happens when the police can't do their job from the time of royalty or other forms of untouchables that the law can't touch. These are not good times. The p
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Well, the corrupt ones at least. The moment you file a request for information about the business of government, they just say "I forgot". It is a very old standby of the rich and powerful.
Thank god for morons such as you that give them this tool.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
What you need instead is a hidden volume. The idea is you have a normal OS and a hidden OS where your dirty secrets reside. You are prompted for a password at boot time and the password you enter determines which volume is booted into.
What you need instead is two hidden volumes. The idea being that when you decrypt the normal OS with a tool that supports a hidden volume and people find it squeaky clean, they'll tell you "ha ha now tell us the other password" so you have a hidden OS where your porn resides, and a hidden OS where your dirty secrets reside. Ad nauseum depending on how nauseous your dirty secrets are.
If I have been able to see further than others, it is because I bought a pair of binoculars.
"JimmyHoffaIsAtThe20YardLine"
Even then they might catch you out. by building up a list of inconsistencies of activity shown by the computer's event log and other logs on the HDD vs what they can glean from other logs. e.g. if they might know you were on the internet at such and such a time, or downloaded a particular file, or your phone says it was USB synced at the time yet your OS has no knowledge of these events. Enough inconsistencies combined with evidence of using crypto that supports hidden volumes combined with other evidence they have might still be sufficient to find you guilty.
Maybe... But I would submit that their phone likely wouldn't be configured to sync with the "dirty" volume. And, of course, a truly "bad guy" wouldn't be using a smart phone... he'd be using a simple burn phone, dialing all numbers from memory, and calling only other burn phones.
Finally, it seems like a much better idea to use a bootable USB that you encrypt somehow to house your "secret" volume. Boot your machine to the flash drive, when you're not using it hide it somewhere. Done with it? Wipe it, encrypt the blank drive then change the keys and throw it in a river.
Granted, it is slower than booting off your internal SSD/SATA2-3 buuut... you can't always have privacy & convenience.
Who did what now?
Better delete that crypto volume ;-)
-- The Grand Teddy Bear has Spoken: "Windows 8 Source Code Available NOW! more disgusting than your pr..."
Not at all. But it's not enough that they merely offer you the opportunity to commit a crime. They can even be highly suggestive, like pretending to be a promiscuous young teenager. You would have to prove they applied pressure to provoke you into doing something out of character, not just because you lacked the opportunity. Say there's an undercop sitting there smoking a joint, if you accept it it's probably still not entrapment. If you refuse it and he keeps pressuring you into taking a whiff to be part of the gang and then slams the cuffs on you, then you can talk about entrapment. Most people that cry entrapment haven't been nearly as reluctant as the defense requires.
Live today, because you never know what tomorrow brings
Bwa-ha-ha!!! Seriously, most such officers are not competent, while the rest lack the time and equipment to do things like backups. The worst adversary in such a situation is a criminal company engaged in SLAPP, strategic lawsuits against public participationi. Not only will they spend the money to duplicate things, but they will violate the court's orders, refuse to give you back your hard drives, and get away with it.
Think I'm kidding? This is *EXACTLY* what happened to Arnie Lerba when Scientology accused him of publishing their cult secrets on Usenet. They engaged in spam bombing, made false criminal accusaions to obtain anonymous user information from anon.penet.fi which caused the shutdown of the best and most respected Usenet anonymizer in the world, did the worst spam bombing in history (according to their former webmaster, Arnaldo Lerma), and kept being given far too much access to the subpoenaed or seized computer and paper documents of critics they sued.
Do not consider your documents or hard drives safe, even if you're clever about protecting them, because it's become too easy to install keystroke loggers and rootkits. Any hard drive that is in law enforcement or legal opponent hands should be considered compromised and only mounted for data replication, not as an active operating system.
This is as so often the silly debating of the law of little kiddies and the reason lawyers in general are so reluctant to discuss law. First year law teachers hate their job because of the constant attempts by students to re-examine the laws that has already been re-examined for hundreds of years by far greater minds then the average student... like cats.
An execution is written down as a murder. Every executed prisoner in the US is a murder victim. Just that the law has ways of allowing such a thing to happen, in certain circumstances while murder in general is forbidden.
You can see kiddies at work when it comes to the police speeding without lights or sirens. Allowed? YES, regardless of what you think the law says, especially traffic law, IF the police has good reasons to do so and with a high expectation of the police not to endanger others. But if the police on their way to a crime scene feel the need to turn of the siren to avoid alerting the criminals and you jump in front of them on a zebra crossing... don't expect much sympathy from a judge.
It is the INTENT of the law vs the actual wording in a changing world. Jews do it all the time, the Sabbath rules are hard to deal with in a modern world of electricity, batteries and essential technology. Can you use an elevator on the Sabbath? In a skyscaper? With a bad heart? It didn't matter when there were no elevators or when the highest floor could be reached by anyone able to survive for that long. But modern medicine has allowed people to continue to live when they became feeble and created housing so high that even top fit humans would need to take a breather.
What about a fridge? Even if you don't use it, you are using it. Food put in before the Sabbath if kept fresh for you by the labour of someone else at the power company. The laws were written in a time before fridges, how do interpret them?
This is an interesting exercise because you avoid the emotional baggage of the 5th and protection against unreonable searches and can focus on a simpler balance (provided you ain't religious yourself) of the "Intent of the law" and the "written law". On the "need" for their being one day of the week in which the people can reflect (except farmers (livestock) of course who never can take a day off) on their god AND the "need" to deal with the parts of the world that cannot be told to wait for one day.
There are of course many types of labor, especially labor itself (woman giving birth) that have not been part of the sabbath rules for millenia, mid-wiving for instance. Taking care of the dead. Health-care in general. And yet, when thousands of years later the standbye mode is inventented, it has to be discussed how this applies to Jews who want to observe the laws of their fate.
Computer encryption is the same to our general law. The intent of the law is that the police when in possession of a search warrant, can search. I had it happen to me, I lived in small room inside a larger house and a warrant had been issued on the house, so my room was searched. Not very thoroughly, they were looking for a person and the room as said was small, but I was still very upset about it AND unable to do anything about it. Because the law was written with an intent, not a complete checklist for every exception.
And if they had found a dozen children in my room, tortured and killed. Could the police have done anything?
THINK carefully, the answer might surprise you. YES and NO... how can that be? They certainly could have launched an investigation HOWEVER it is highly likely you would walk away from it IF there is no way to find any evidence without having to go through the illegally obtained evidence first.
And that sucks... but if they had seen a blank CD that I had payed the fee for artists on... should they be able to launch an investigation?
No, they can't (and wouldn't for that matter) but why?
Because we INTEND the law to weigh the needs of society vs the needs of the individual. There is no way to write this d
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
It is known that you have a gun, you are accused of killing someone with a gun. Can you be forced to hand over the gun that the police have given evidence for that you own it?
Yes.
If you think anything else, then you are an idiot. You cannot be ordered to hand over the murder weapon but you can be ordered to hand over a weapon that the prosecuter thinks is linked to the case one way or another.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Problem is that forensics officers take backups. They'd back up the drive first and boot from the backup so whether it destroys the data or not is irrelevant. And if you gave the officers the "self destruct" password that horked the backup then that is further evidence that you are up to no good.
A nefarious person could designate a sequence of sectors in various parts of your hard drive as "sectors that will never be read" during the normal course of system operation.
And then patch their hard drive firmware so that if more than 4 of the "off limits" sectors are read, the hard drive will start zero'ing all sectors in the background, and on next power cycle start an ATA Secure erase.
In other words... latent tamper resistant hardware mechanisms implemented such that unauthorized backup attempts result in hardware level self-destruct, so if someone steals the hard drive they can't use it.
Another method of protecting against physical theft of the HDD and passphrase guessing is to utilize online cloud-based services for key distribution.
Instead of the passphrase being used to decrypt the HDD, it gets entered into software, which connects using the internet and makes an API request that results in contacting a number of off-site cloud-based services.
If the passphrase gets entered incorrectly enough times, FAILS to get entered on a certain schedule, or a passphrase with certain characteristics gets entered instead of the correct one, the remote cloud services shut themselves down, and can no longer pass binary data required to derive the HDD decryption keys.
They can also monitor each other and contain an IDS, so if one of them is compromised, it will be ordered to shutdown, and key material required to bootstrap can be incinerated.
e.g. I'm saying the group of all the 'remote cloud security nodes' would form a cooperative group, and for a cloud security node to bootstrap, the other nodes would have to reach an agreement through an election process, and each node would only contain 1/3 or 1/4 of the key material required to reconstruct the HDD decrypt key after presentation of the right passphrase-decoded material from the requestor.
The cloud services can be in disparate geopgrahic locations, even multiple countries, to help reduce the chance of a hacker breaking into a sufficient plurality of those remote providers.
Huh? What would be the purpose of a bank destroying the contents of the vault? I could see maybe a private vault with things you wouldn't want to get out. But the purpose of a bank vault is to either protect the bank's assets or to protect client's assets. If you destroy it, then what's the purpose of protecting it?
I commend you on your post. It doesn't stray from the fact that once someone physically has your device, it leaves few options to the former owner to remove incriminating evidence no matter the tool used. Eventually, you loose because the deck was never shuffled in your favor.
However, I would like to suggest an alternative. As naive as it may sound, why not just do less illegal stuff? That way when they do take your hard drive, you really don't have anything to get you into trouble. Better yet, if you are so inclined to do illegal stuff, why not just do all that illegal stuff on a different computer that's not located somewhere where you might spend 70%+ of your time.
I think really, if you want to do more illegal stuff on your computer, it may behoove some to take a mafia style approach to computers. Have a front, a fence, and some goons that move more of the illegal action away from you as a person and more towards plausible deniability. For goodness sake, at least if you are going to have a bunch of incriminating evidence deny that you can actually get access to it and that you've gone insane as well, just for good measure.
They might. If for example I had a registered firearm, knew I was a murder suspect and threw it away I could be charged with spoliation.
The police can't assume I know where the hidden gun from the murder is, but proving I did in fact hide a gun they were likely to be interested in....
It's the basic fundamental problem with intelligent people and crimes. They see what they have that they're not showing and what they're hiding. They fail to account for what they aren't showing with what they're showing.
For example, let's say you're using DNSCrypt to hide your DNS traffic on a port other than UDP 53 in response to a hypothetically passed SOPA. So what does this show? That shows nothing and that's the problem. They don't see your DNS traffic or what sites you're requesting addresses for. That nothing means that you're willfully skirting around using DNS servers that are known to be compliant with SOPA and that would warrant some closer scrutiny at what you're doing.
"Lack of speed can be overcome. In the worst case by patience." --Znork
Yep you would be good for the USB key. You could plead the 5th all day long. Of course using that same logic the prosecutor could give you immunity for the murder and they would still be free to demand the key :)
Nobody ever points out that democrat-appointed judges blocked the repeal of slavery for decades
And fucktards like you forget that the Dixiecrat judges left the Democrat Party in the 1960s and were welcomed into the modern racist GOP with open arms.
Saying that "Republicans" today are what they were over 50 years ago is a plain lie.
They took the drive... who knows if they dropped the thing on the floor or it got magnetized after that and something went corrupt on it... they'd never believe you were really giving them the right password.
A single hidden volume is good enough, maybe better than multiples (I'm not sure there is software which supports more than 2 volumes total, you get into trouble with volumes potentially overwriting each other's contents since they each have to not know about the others). A single hidden volume creates plausible deniability, because the default configuration is no hidden volume.
Now here's the problem with secondary volumes. In order for it to be plausible, you need to keep the red herring volume up to date. It needs to have files with recent timestamps on it and so forth. If they look in there and all the files are out of date and haven't been modified in 6+ months, it's not credible and threatens the plausibility of the denial. It works poorly for whole-disk encryption unless you're very good about doing most of your work in the primary volume, and only booting into the secret volume for short periods of nefarious activity.
It's possible to mount both volumes at once, and just be careful about sticking all the evidence on the secondary volume, but in most modern OS's, there'll be problematic artifacts indicating the secondary volume exists in the form of "Recent Files" lists in applications or in the OS level. You'll also have to worry about program caches being written out to the primary volume and being recoverable from free space on the drive; so as part of shut-down you'll need a script which writes random data to the empty space and knows how to destroy the internal cache files of all your applications - even ones you don't use for nefarious purposes since a cache file may not be zeroed out when it's allocated (thus capturing sensitive data). Basically keeping both mounted at the same time is a sure fire way to accidentally leave behind some evidence on the "safe" drive.
The only safe way to do this is to dual-boot sensitive and non-sensitive volumes. Boot into the sensitive volume only for secret activities, and otherwise be booted up on the non-sensitive volume for everything else. You can see why maintaining multiple red herrings is problematic, and since the plausibility of the denial does not significantly increase, while the chances of leaving behind some indicators of a tertiary volume increases significantly, you're better off with a single hidden volume. As a final note, if you do maintain two red herring volumes, your secondary volume needs to have a reason you'd keep it secret. If there's nothing sensitive on there, it's too obvious of a distraction; you might as well label the volume "red herring."
Slay a dragon... over lunch!
Entrapment confuses me. Isn't a female officer posing as a prostitute technically entrapment? Or is it OK so long as the john solicits her and not the other way around?
Also, story: A friend of a friend drives one of those tricked out street racing cars. Apparently, one night, an unmarked car pulled up next to him, revved the engine, and did all the things to suggest he wanted to race. As they sped off (the unmarked car clearly also accelerating harshly, to indicate participation in a race situation) the unmarked car, upon reaching a certain speed level with the other car, threw its siren/lights on. Apparently it was an undercover car, tricking people into racing him, and then arresting them. Isn't this entrapment? The friend's friend would not have driven in such a way had he not been enticed by the cop..
The system needing your passphrase is only needed in a fair legal system where they can't just create evidence...
So, what is an innocent pleb like "us" going to have to appeal? You give your passphrase, no evidence is found since you are innocent and so you go free... so either you are so insane you would appeal an innocent verdict against yourself OR you are not innocent.
Which one is it?
Read the real world news, in dictatorships they don't bother with searches, they create fake evidence. Keys are only needed in courts that want evidence to be legit.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
As naive as it may sound, why not just do less illegal stuff?
Who says they are doing illegal stuff? The government's alleging it, but in the ordinary course of events, the 5th Amendment is supposed to protect us against being required to give evidence against ourselves. We are supposed to be presumed innocent until proven guilty in a court of law.
And yet, the cops can get away with feeding people information, planting information, and pulling every dirty trick they can come up with to try to get a conviction, innocent or not. The US history books are replete with innocent people railroaded by a corrupt system. The evidence in the Troy Davis case, where police intimidated and coached witnesses and doctored evidence, shows that an innocent man was put to death just recently by the corrupt system.
I'm not advocating doing illegal stuff, but I am suggesting that you probably want to keep your affairs under wraps anyways, even if fully legal. The moment you start waiving one of your rights, courts start ruling you also waived others.
What's needed us some sort of time lock. If the correct pass phrase hasn't been entered in the last 30 days, then it is automatically changed to something random. That way, you really don't know what the password is.
And unless you think I'm joking, consider the case of a police officer coming round to your house because he wants to "ask you some questions." Maybe he claims it's about a neighbor's domestic disturbance. Maybe there was a noise complaint that your dog was barking too loud late at night. Could be any number of things. You let him inside to "talk." Courts in some jurisdictions have ruled that by opening the door and letting him pass the threshold, you just consented to him searching your house for anything he might find suspicious.
Or say you get pulled over by one of the famous Texas "you got a taillight out bud *nightstickcrashbreaknoise*" Badged Highwaymen. You get out of your car but leave it unlocked, or do you lock it and hold on to the keys? In the first case, some courts have ruled that by leaving it unlocked you consented to it being searched!
The point again is: once you start waiving your rights, you wind up giving up others. And it keeps going and going and going. You think you're "cooperating with the police" and that they will like you and not charge you with anything and treat you nice because of it? Bullshit - the police are the initial arm of "evidence gathering" for prosecutors, a set of conscienceless, amoral assholes who see all citizens as nothing more than a potential conviction notch in their belts.
Plausible deny-ability has protects people of greater crimes than your average court case. in America the intent is only to reach reasonable doubt which is much easier to do without any actual evidence of wrongdoing no mater how suspicious the circumstantial evidence looks.
Officer: "Hm, this looks like an innocent partition. Wait, what's this? You are using TrueCrypt? What is the other passphrase for your hidden partition?"
Later, in court
Defense: "Your honor, my client provided the decryption password as requested, can he go free now? There is no evidence in this case."
Prosecutor: "He's using TrueCrypt! There is a second password that would reveal the incriminating evidence, and we are subpoenaing him for it! And we want to tack obstruction of justice onto the charges!"
Judge: "OK, reveal your other decryption password! Let's see it!"
The only reason you are not being beaten up throughout the process is that the law protects you from that sort of thing. If you were in, say, Saudi Arabia trying to pull this"deniable encryption" stunt, you might be tortured until you give up the suspected second password.
In general, attempts to hide things in plain sight are guaranteed to make your life harder. Steganography means having steganography tools lying around. Deniable encryption means having deniable encryption tools lying around. This is why we need legal protections like the 5th amendment, and why we need them to actually apply -- the fact that a computer is involved should not render the constitution meaningless.
Palm trees and 8
Pay no attention to the Koch behind the curtain...
She could always just say she forgot the password....and that she almost never goes on that drive....
technically, what could they do?, give her a jail sentence for being absent minded?
Problem is that forensics officers take backups. They'd back up the drive first and boot from the backup so whether it destroys the data or not is irrelevant. And if you gave the officers the "self destruct" password that horked the backup then that is further evidence that you are up to no good.
In addition to that, the functionality the GP mentions is impossible in the same sense that working DRM is. If the drive is wiped when a bad key is entered, that action is maliciously taken by the decryption driver or some other piece of software involved, it's not something that can happen as a natural result of attempting to read the drive with a bad key. It will only work if the police are using the same software tainted with what is, to them, essentially malware code.
"When information is power, privacy is freedom" - Jah-Wren Ryel
There was an article on /. a couple years back which stated they could identify hidden volumes pretty accuratedly via crytoplogical analysis. Hidden volumes buy nothing unless its against people who don't deal with cryptography on a regular basis.
What would be the purpose of a bank destroying the contents of the vault?
Insurance companies can be funny that way.
Seven puppies were harmed during the making of this post.
If I am on a jury and you refused to enter your password, why should I refuse to convict you? I and most people are NOT in favor of letting criminals go off just because they found a loophole. In fact, you using a loophole that pretty much says "I did it" by using the loophole is a surefire way to get the jury to rule guilty.
What makes some people on slashdot in these discussions so delusional that they think normal people on jury duty want to fight the system to get criminals off?
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Geez gods, these discussions always have posts like this. What are you supposed to do? Hire a lawyer who will argue your case. If you are accussed of killing someone in your car and blood is found in your car then you tell your lawyer how the blood came to be there if not from the murder and your lawyer will present this as evidence on your behalf.
Justice is not a binary machine, in free countries it allows a counter argument. You can then present your case, provide evidence for it and most legal cases work out alright. Yes, there are exceptions but the idea that you will go to jail for not known the key to your password file is just silly. Your lawyer would have to be amazingly bad for this to happen. Not realisitic unless you get your legal advice on Slashdot.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
However, I would like to suggest an alternative. As naive as it may sound, why not just do less illegal stuff?
More laws will be passed until you are doing illegal things. The problem with giving the police so much power is that it enables the passage and enforcement of even more laws. Eventually it gets to the point where nobody can live their life without being a criminal.
This is why we have a bill of rights -- to prevent the government from making so many things illegal that laws become irrelevant and anyone can be detained by the government at any time. Unfortunately, people forgot this a long time ago, and so today we have so many laws that even the government has lost track of how many are on the books. When even courts are ignoring the importance of the constitution, you know we are in trouble.
Palm trees and 8
Yeah, the idea of "Open | Blow Up" codes seems silly.
Wouldn't "Open with Time Delay | Open with Time Delay and Trigger Silent Alarm" codes make more sense?
Trolling is a art,
From TFA:
Prosecutors in this case have stressed that they don't actually require the passphrase itself, and today's order appears to permit Fricosu to type it in and unlock the files without anyone looking over her shoulder. They say they want only the decrypted data and are not demanding "the password to the drive, either orally or in written form."
That is so clearly self-incrimination. Clearly and focused self-incrimination. Hand over the evidence that incriminates you.
now we need to go OSS in diesel cars
What you actually want is encryption software with plausible deniability features like TrueCrypt or BestCrypt. I really don't understand why more people don't know about these technologies.
30 years in prison or a Contempt of Court charge? I know which one I'd be picking.
There is a war going on for your mind.
Very subtle, adding the bit about Bush about this judge. As if it's relevant. Nobody ever points out that democrat-appointed judges blocked the repeal of slavery for decades ... And that's equally relevant to today's democrats as this decision reflects on republicans.
I respectfully disagree. The Republican party of the Bush era is still quite similar to the Republican party of today. However, the Democratic party of the 19th century is similar to the Democratic party of today in name only. If you really want to go back in time, the two parties were once one - the Democratic-Republican party.
However, I would like to suggest an alternative. As naive as it may sound, why not just do less illegal stuff?
No. It is important that governments around the world realize that the laws has to follow the public morale, not the other way around. As soon as there is a difference between what is illegal and what is immoral it is no longer a good idea to follow laws.
What is moral should always go before what is legal and if the government doesn't do whatever it can to make sure that laws follows this then society is better off if you ignore the laws and instead do what is right.
A single hidden volume creates plausible deniability, because the default configuration is no hidden volume.
Except that you still have an encryption system on your hard drive that supports deniable encryption. Governments respond to deniable encryption by attacking its users until people are too terrified to use it, lest it become so commonplace that evidence gathering and prosecution become impossible. The US government is no different; if they can present even the slightest indication that you were using a hidden partition, that will be enough in court: "Here we see ISP logs that show Mr. So-and-so was connected to an email server at 6:45am on the date in question; yet on the logs obtained from the decrypted partition, we see that the computer had not even booted up until 8:00am."
Deniable encryption is like steganography: the warden problem kills you. You cannot hide that you have the capability of using deniable encryption, and judges are not going to let that sort of argument fly (and in some countries, you will be tortured until you produce the evidence or until you cannot speak).
Palm trees and 8
So why not just do less illegal stuff?
Wouldn't it just be better to use a VM in the hidden volume? Then the only traces you'd have to worry about would be from your VM program.
Then they can't force you to produce the key as doing so would clearly be an incriminating act.
That would be evidence, which they can subpoena, not testimony.
Also, it's "in like Flynn", not in like flint.
It's official. Most of you are morons.
That is the true level of the idiocy of these laws.
The point is to scare people away from encryption. Get a few good examples of people winding up in prison because they used WDE, and nobody will use WDE. Governments hate the idea of citizens being able to use strong encryption. They want to be able to read everything and anything they can get their hands on.
Palm trees and 8
The problem there is that this would count as destruction of evidence, which is a separate and rather serious offense.
As a final note, if you do maintain two red herring volumes, your secondary volume needs to have a reason you'd keep it secret. If there's nothing sensitive on there, it's too obvious of a distraction; you might as well label the volume "red herring."
Stuff the red-herring volume full of granny porn. Great for 2 reasons. 1) It provides a perfectly logical explanation as to why the volume was encrypted. and 2) You completely avoid the possibility of successfully hiding whatever you wanted to encrypt, only to get nabbed because one of the models in your decoy porn stash only *looked* over 18.
If you are ever required to provide the encryption key, make sure to give the agent your best "creeper stare" while they're examining the contents. Especially if the agent is over 60.
Redundancy is good And also good.
This is too complicated. It's a lot easier to just not be taken alive by the dirty rat coppers in the first place.
However he is orderer to to decrypt it..manually.
The entire point of having a constitution is to put limits on what the government can and can not do, which also means that defendants have rights.
There are also a whole range of things that are legal but you still might not want people seeing or potentially getting out there. Juicy evidence has a way of making it out of the station, or at least becoming wank fodder for officers.
There is also the issue of fishing expeditions when they just want to troll through someone's personal files in the hopes of finding something that can be twisted into a charge. A surprising number of legal activities can become illegal when a prosecutor really wants to get you, which if they have already invested in your case, they will often put that energy in since it is politically embarrassing to admit you were wrong.
Actually, everyone who is allowed to touch evidentiary hard drives is that competent. Field cops are trained that they need to simply pull the plug on a computer and deliver it whole to a forensics lab (though this is changing a bit) -- you might call in an expert for a really serious case. The first thing the lab does is duplicate the drives.
Seriously, what you idiots link to has been linked to hundreds of times. It's not funny anymore. It's certainly not clever. It was funny and clever when it was drawn.
^^ THIS
This is precisely how law enforcement operates. Prosecutors have a direct link between conviction rate and success(promotions, future jobs, etc). This creates a huge conflict of interest, and results in the type of behavior described.
If this would fall under the guidelines for warrents.
As I recall, atleast years back, if a warrent was issued for your home to search for say drugs and they come in and find no drugs but a ton of fully automatic guns they can not charge you at the time for possesion of illegal firearms as it was not stated in the warrent.
Perhaps if you have an encrypted drive you could say, get a warrent for the exact information you seek and then I will unlock the drive. At this point they are searching for X and if they find Y (where Y is the untold cache of lolicon you have ) then this can not be used to bring extra charges against you.
I think this was a key point in the Sony vs Geohot case when they wanted to search his drive. I think they came to the agreement that sony would use a 3rd party to do the search for any and all information relevent to the case but if anything else was found outside the guidelines of the search then it was kept confidential and could not be used against him.
It would be interesting to get a case like this to the Supreme Court, although the outcome migh scare me if it went the wrong way. :(
IPleadTheFifth
or
IWontRevealMyPasswordToYou
the Fifth Amendment is not implicated by requiring production of the unencrypted contents' of the defendant's computer.
That's why my password is "I agree to indemnify Loyal Opposition and hold him blameless."
~Loyal
I aim to misbehave.
I understand you are trying to make an argument "suggesting that you probably want to keep your affairs under wraps anyways, even if fully legal."
What you have actually made a great argument for is to be as transparent as possible and don't break the law.
...will be that some liberal activist judge will soon decide that he can now order you to plea guilty to any crime just because he feels like it. If you don't plea, then he gets to enter the guilty plea for you. After all, this will make the legal system much more efficient and cost effective.
That is somebody who is in a priveledged class that cannot testify against you.
you don't need more laws passed; every day every one of us breaks at least 3 laws (probably more).
its on purpose, too. we have so many laws, any 'citizen' can be grabbed for no valid reason.
its not about 'be good'. even if you are 'good' the gov can still fark with you.
it was never about 'being good'. it was ALWAYS about keeping people in fear.
why are you even asking this? isn't this pretty well known? if not, then learn it now!
you are KEPT in fear for a reason. think about it.
--
"It is now safe to switch off your computer."
Pay no attention to the Koch behind the curtain...
At least the Koch brothers aren't former unapologetic Nazi collaborators and haven't played a key role in 6 past and ongoing international financial/currency collapses and 8 regime collapses like the Liberal/Progressive Democrat contributor George Soros who funds and/or controls dozens of groups on the left.
Soros: http://keywiki.org/index.php/George_Soros
Soros' Organizations: http://www.discoverthenetworks.org/viewSubCategory.asp?id=589
This Koch brothers hysteria is nothing but those on the left attempting to find someone...anyone...on the right that's anywhere near the "rich evil genius" equal of the left's George Soros. In terms of harm done and general evilness, Soros makes Bernie Madoff look like a piker. The Koch brothers don't even show up on the radar at Soros' level of evil.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
As naive as it may sound, why not just do less illegal stuff?
Who says they are doing illegal stuff? The government's alleging it, but in the ordinary course of events, the 5th Amendment is supposed to protect us against being required to give evidence against ourselves. We are supposed to be presumed innocent until proven guilty in a court of law.
Call me naive, but I fail to see the problem with warranted searches. The 5th Amendment doesn't protect us from discovery. You can't physically prevent an officer with a warrant from searching your house. If you have a safe, and the police have a warrant, you *must* give them the key or face obstruction of justice. I fail to see the problem with that, or with being required to give the key to your virtual safe.
multifariam.net -- yet another nerd blog
Who says they are doing illegal stuff?
Well I was speaking more in general terms as opposed to specifically about this case.
the 5th Amendment is supposed to protect us against being required to give evidence against ourselves.
Well if I remember correctly FTA, the judge did say indeed that they cannot force the person in question if they forgot their password. However, allegations that are well founded are the foundation for search warrants. The fifth amendment does not protect us from our actions that tell others that we are up to no good. If I look half asleep and I am driving all over the place, it's not unfounded to allege that I might very well be drunk. That may not be the case, but the only way to know is to gain more insight on the matter. For all the officer knows, I might be narcoleptic.
We are supposed to be presumed innocent until proven guilty in a court of law.
Yes as far as the court system goes, you are innocent until proven guilty as opposed to the burden of proof being on you to prove innocence. However, the line pretty much ends there at the court room doors. To say that newspapers cannot espouse how "guilty as sin" you are, would be to deny them their first amendment right to tell everyone that "you are guilty as sin." Police on the other hand straddle that fine line and they get a lot of flak for it, which I will admit they deserve a lot of the flak that they receive. They have to presume that you are guilty because they have a job to put people who are indeed engaging in illegal activities behind bars, at some point someone has to play devil's advocate, that burden usually falls onto the police and the district attorney. When you look at any depiction of Justice, you will see a scale. That whole analogy is based on the notion that there are those that will present evidence opposing and in favor of your innocence.
feeding people information, planting information, and pulling every dirty trick they can come up with to try to get a conviction, innocent or not.
Don't get me wrong. There comes a point when there are those that over step their boundaries. It is our job as the public to push back on that. Freedom is not something that just idly happens. We have a constitution but none of those will apply unless a person chooses to make them apply, if you walk into a court room and say nothing, exactly what verdict do you think will be returned? Also, the system's not perfect, I think anyone who feels that it is needs help. Innocent people are wrongfully convicted, but that conviction won't be overturned by just sitting there.
I'm not advocating doing illegal stuff, but I am suggesting that you probably want to keep your affairs under wraps anyways, even if fully legal.
That's good that you are not advocating that, I think we need less cheerleaders for crime, but that's just my take on the matter. I digress, you should keep your affairs under wraps. It's not anybody's business what you say or do. However, you must actively pursue your innocence when accused of guilt in a court of law. Indifference is usually seen as unwillingness to follow procedure and in turn law. At least to most judges and juries I've ever witnessed. Remember that the handing out of a verdict is within the hands of ordinary people. One would do well to remember that not only do you need to appeal to their intellect, but to their emotional state of mind. Indifference turns people off faster than a clerk can type.
Again, I won't say the system is perfect. It's pretty sad when something like the Troy Davis case happens, but we only know that it did happen because people pushed for truth, not staying content with the status quo. So I will reiterate, a person's freedom is directly tied to the amount of fight that they have to have a continuation of that freedom. Keep your stuff under wraps e
This is in Federal court .. civil contempt charges are limited to 18mos.
Give them the wrong password. Let them type it enough times to lock themselves out completely. If they get mad, tell them they must have mistyped it. Or, better yet, use encryption software that shows a completely different filesystem if you use a certain different password. They can't exactly prove you purposefully gave the wrong password.
In Soviet Russia, dot slashes YOU!
The problem is, encryption is not the same as a physical lock, and it has to be considered as a distinct entity.
If you give the cops a key to open your safe, and they find your papers written in code, do you have to help them decipher the content? I don't think you have any obligation to help them with it.
The issue with maintaining two volumes is that each will report lower capacities than the total drive capacity reported through the BIOS or via the label on the drive. This is a dead giveaway that another volume is present. Back in the days of FAT filesystems there was a way to change the volume to misreport the total drive capacity, however if any disk repair tools were used, it would find and offer to fix the "error". It would also fail miserably if files were written beyond the actual capacity of the drive. I'm not sure if NTFS, ext3/4 or other filesystems support this feature or not. I suppose one could try a few approaches to mitigate the problem:
- Carefully change the hard drive label to a lower capacity that matches the non-sensitive volume;
- Password protect the BIOS, assuming that doesn't receive a court order to be opened as well; or try the following:
Use a hard drive larger than 137GB on a system with a BIOS that does not support drives larger than 137GB, install Windows XP (with no service packs!) to the lower 137GB as your non-sensitive volume, then create an encrypted Linux partition above the 137GB barrier as your sensitive volume using a Linux boot disk or CD with a 2.4.19 or newer kernel. Then to the BIOS it appears you have a 137GB hard drive, as well as Windows XP. But when you insert a Linux boot disk or CD and tell it to use the root partition above 137GB, you are set. The only issue here is that the partition map may indicate another partition is above the 137GB barrier, or it could crash when loaded. You would also need to conceal your Linux boot CD. I've never tried this exact approach before but I think it may work. If it doesn't, try reversing the Linux and Windows installation steps.
Is patching (or probably more accurately) custom hard disk firmware likely the answer here?
Firmware that expects some kind of handshake within N minutes of initial operation and if it fails to get that handshake it immediately begins an erase operation?
The handshake process could be controlled by password protected/encrypted software on the hard disk -- perhaps disguised as a pop-up for video settings.
Removal of the drive for cloning or examination will result in the drive doing an erase sequence before any data can be retrieved; leaving it in the host system without performing the handshake (ie, they just demand your username/password to log in) results in the drive self-erasing as well.
Someone who deals with high security for the military should have some ideas on this -- its exactly the kind of thing they would use to keep data from captured equipment from being stolen.
There is no real distinction between the two prominent parties in the US today. Both support racist policies, interventionist wars, police-state tactics and corporatism. The real division is between the political class (which includes the CEO club) and everybody else.
"Somebody has to do something. It's just incredibly pathetic it has to be us."
--- Jerry Garcia
"is further evidence that you are up to no good."
NO NO NO NO N FUCKING O!
Why is it that people think the 5th is for criminals. Why / How is it that the argument for rights/privacy somehow means guilt?
This is THE worst statement / belief.
KNOW what the hell your talking about.
http://www.youtube.com/watch?feature=player_embedded&v=6wXkI4t7nuc
B-|
A friend will come and bail you out of jail, a true friend will be sitting next to you saying, "damn that was fun!"
This is wrong. Allowing an officer into your house allows only items in plain sight to be used as evidence. They cannot open drawers, doors, cabinets, or containers without a warrant.
"We are now descending into level 5, child porn and snuff films. Please put on your hazmat suit and goggles before entering level 6..."
- For the complete works of Shakespeare: cat
It's a Federal District Court decision. On issues this big, decisions don't mean much until they're at the circuit level, and they aren't at all settled until either you've got multiple circuits ruling on it and the Supreme Court's not interested, or the Supreme Court weighs in on it.
Other district court judges have ruled the other way.
It's okay as long as the john solicits her. Entrapment covers crimes that the person would not have committed if not for enticement by the police.
"What you need instead is a hidden volume."
What you need is a government that supports your rights instead of violating and removing them.
FTFY.
blindly antisocialist = antisocial
Now here's the problem with secondary volumes. In order for it to be plausible, you need to keep the red herring volume up to date. It needs to have files with recent timestamps on it and so forth. If they look in there and all the files are out of date and haven't been modified in 6+ months, it's not credible and threatens the plausibility of the denial.
... so you have a hidden OS where your porn resides ...
This will always be recent.
A link for the search challenged.
The last statement is pure gold:
"Although never charged with a crime, H. Beatty Chadwick spent fourteen years of his life in prison."
So, the government hasn't got the technical means to decrypt a PGP volume. Assuming that's right, then if they guy simply stays quiet and endures the inevitable abuse he'll suffer at the hands of the government, the most they can pin on him is whatever is circumstantially proven by the other evidence and perhaps disobedience. A good lawyer will probably save him quite some discomfort too.
It's up to him to know whether that's worse or not to what he'd be facing if he decrypted the disk.
"Fine, your honor, you win. The password is a long, complicated mess of random gibberish that I wrote on a small piece of yellow paper and kept under the monitor stand. What, you say, you cannot find it? You tore my place apart, but you lost the keys to my life? You're joking, right?"
What's wrong with cops lying to or misleading suspects? It's a valid tactic used in more than just the US. Besides, at the end of the day, it doesn't matter what the cops think, it's up to the courts. Where most people end up getting shafted is where they get the idiot public-defender.
I'm not saying innocent people haven't been railroaded, many have, but reality doesn't permit police (especially in crime-ridden cities) to be knights in shining armor. Crime is an ugly thing, why would trying to solve it be much prettier?
I wish the Supreme Court would take this (or one like it) up. Seems like the lower courts have some disagreement on whether they can do this. I mean, did they have a warrant to check the documents on her computer? If they did, than she shouldn't be able to keep them locked out of it anymore than should could (legally) if they had a warrant for her house and she encased it in reinforced concrete. If they have the warrant though, it'd probably be less dangerous (precedent-wise) to just find a way to crack it themselves.
You're right. 50 years ago, the GOP exploited black people and today, it's the Democrats who do so through social programs and politics that discourage them from success.
Gamingmuseum.com: Give your 3D accelerator a rest.
One of today's problems is that everything you do and think is illegal. Laws are written constantly that remove our rights. In my state 600 new laws were passed, and the only ones I know about were printed on the 3rd page of the newspaper on Jan 1. Even then, it wasn't the full text, just a summary. Many of the laws are not enforced until Justice wants to make sure you don't get away. Then everything gets thrown at you. Remember Al Capone, who, even though he did so many wrong things to society, was finally nailed for tax evasion.
If the prosecution does not have enough evidence to successfully charge and convince a jury of your crimes, he does not get to play "double or nothing" / engage in a "fishing trip" to find more evidence at the cost of the defendant at some later point in the courtroom.
A single litmus test here can be applied -> does the communication of the pass-phrase used in the encryption of his hard drive use his mouth (oral) or his hands (written)? Could the evidence obtained therein be considered a detriment to his defense? Then yes, it follows, through logic, that it qualifies as testifying / incriminating himself.
Personally, I wouldn't let anyone near my hard drives, under threat of violence or otherwise. The number of trade secrets, pending patent applications, and private software I employ would be destroyed by a LEO / Agent getting anywhere near it -> that's my bread and butter they'd be f*cking with there. I don't care if you're a Supreme Court Justice or the Commander in Chief of an overpowered military, I'd take a bullet (multiple bullets, actually) to keep my livelihood afloat. And yes, viewing a trade secret destroys it, and no amount of "economic compensation" from some pathetic shill for the state with a misplaced sense of justice will EVER fix that. I can say this with confidence, as anyone who has been tracking the various eminent domain cases over these past few years has a distinct understanding that "market price" in government parlance means "fire-sale price" so far as the rest of the world is concerned.
It's up there with swiping a hard drive with the Coca-Cola trade secret on the hard drive: I don't care how important it is to your sense of investigation, or how much you will gladly lie to the judge about how it doesn't violate this or that / our forensic software doesn't let us see that kind of stuff / we're "professionals" and would never tell / leak any of that data to someone else (which, given today's press + camera phones, has proven you're anything but), once you cross that line, I will dedicate the rest of my existence to tearing you apart.
But then, we're reliant on the current set of judges, for whom computers (with one or two notable exceptions) are something of a mystery, and probably have never created / stored anything of value on them. It's the common joke about why cellphones have keyboards, but don't allow you to print anything -> because nothing you will ever do on them will ever be worth printing.
I am John Hurt.
Only way to know if this bullshit is going to stand is to take it up to the SCOTUS.
SCOTUS is comprised of judges. The same judges that get off on power trips by being able to jail you indefinitely on a whim (a.k.a civil contempt)
Bullshit - the police are the initial arm of "evidence gathering" for prosecutors, a set of conscienceless, amoral assholes who see all citizens as nothing more than a potential conviction notch in their belts.
That is a gross over-generalization. As someone who has known many police officers personally, I can honestly say that not one of them would ever consider doing something like the things you just described. They were each made of the highest moral fiber and held themselves to the highest ethical standards, oftentimes going well beyond their duties in helping the people they encountered while on the job.
Do the sorts of officers you describe exist? Absolutely! Should people take the precautions you encourage? Certainly! But to suggest that all officers are like that is hyperbole at its worst, and it unjustly maligns the good officers who make up a large percentage of the police forces out there.
Coincidentally, I'm currently living in Texas and have a police officer friend here as well.
If you have a safe, and the police have a warrant, you *must* give them the key or face obstruction of justice.
What, do they add an additional charge if they have to kick down your door? If true it's an abuse the law. Doors and safes can easily be forced open. Warrants give permission to the government to do something, they shouldn't require citizens to do police work.
Ok, you are claiming that an hungarian jew, which was 15 at the end of World War II, was a Nazi collaborateur?
Somehow I feel less enclined to even read or check your other statements.
Wouldn't it look better to just leave the primary volume unencrypted and then have an encrypted hidden volume?
If they don't think to look for it then they won't ask?
As I understand it, an encrypted volume still appears on the disk. If you have the encrypted volume in a separate partition, that's easy enough to find -- "oh, hey, what's all this data over here, then?" If you have the encrypted volume stored within the same partition as the unencrypted volume, then it shows up as a file in the unencrypted filesystem -- "oh, hey, what's all this data over here, then?"
The only way to have a hidden volume that you can plausibly hide is to hide it inside another encrypted volume. Properly configured, this obscures even the existence of the volume you want to hide.
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
You're right. When dealing with the police, everyone needs to follow some very simple rules: be calm and polite, never touch a cop, refuse search requests: "I understand you're just doing your job, but I don't consent to searches". If detained or arrested say only: "I choose to remain silent and I want to speak to a lawyer." If the police knock on your door without a warrant (they'll demand entry if they have a warrant), then either don't open it, or step outside and close the door behind you. If the police order you to turn off and exit the vehicle, lock the doors when you get out. A good trick is to turn off the ignition immediately so the cop doesn't think you're going to bolt, but leave the electrics on, then open the car door, then with the door ajar, close the windows. Then take the key all the way out of the ignition, exit the vehicle, and lock the doors.
It has long been established that when the court orders a search (for example, as part of an ongoing investigation), the defendant must cooperate, and that this does not run afoul of the Fifth Amendment. As long as due process is followed in obtaining the necessary warrants, I fail to see any difference between compelling the defendant to provide the key to one's hard drive versus, for example, the key to one's house. Put it under the same legal safeguards as any other search.
It doesn't need a fucking amendment. What it NEEDS is the courts to stop trying to interpret only the letter of the law and not the spirit. The 5th amendment is very clear, you don't have to assist the prosecution in prosecuting you. The spirit of the law is extremely clear, what the courts and prosecutors are trying to do is wiggle around the spirit with fancy language such as telling her she can enter the password in privacy. If it doesn't violate the constitution it shouldn't matter WHERE she does it.
No courts have ever held the shit you just made up. HTH.
If I look half asleep and I am driving all over the place, it's not unfounded to allege that I might very well be drunk.
It's a fucking long stretch from that to "if you use a password protected space, you must be doing something illegal that needs to be searched for." For all the judge knows, hubby password protected that space so that the kids don't see the juicy little home sex videos mommy and daddy made, or the records of him webchatting with the online girlfriend his wife doesn't know about. Neither of which are illegal.
Again, I am saying, why not just do less illegal stuff, to begin with?
And as pointed out by others on this thread, and in the video linked earlier titled "Don't Talk to Cops" by both a lawyer and a police detective, the problem is that US law is so byzantine that you could be violating the law this minute and not even realize it. It's not a question of "why not do less illegal stuff", it's a question of how do you protect yourself?
What you can see from a lot of the posts, or at least the ones not modded down by libertarian nutjobs is the believe that it is the criminal against the system and our only concern should be for the criminal, not the system.
People who equate the accused with "criminals" are the nutjobs. Just sayin...
My password is "I forget".
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
First, why not use the obvious countermeasure here. When you create an encrypted volume, you should enter 2 keys, not just one. One will unlock your drive, another will appear to unlock your drive, but in fact deletes the contents of the disk entirely. Essentially it replaces the on-disk encryption keys (which is what your password in reality unlocks) with keys that are only useful for the second partition. The second partition is then enlarged to extend over the original copy. Several programs provide this ability (granted they're for-pay and not cheap, but nevertheless, your privacy is worth something to you isn't it ?). This trick is known to have worked in China (that must have taken some serious amount of balls).
Actually, TrueCrypt offers just this sort of encrypted, hidden volume for free. You create two volumes with two keys, one nested inside the other. One key decrypts only the outer volume and it appears innocuous. There is, in theory, no way to tell there is even a hidden inner volume. The second key decrypts and mounts only the inner volume. Again, in theory, there's no way to even know of the existence of the hidden volume. Whether or not it would hold up to rigorous cryptanalysis remains to be seen, but TrueCrypt seems to be pretty respected in the encryption community and I use it quite a bit.
You're giving the police far too much credit. I work with various police departments and don't think that any of them could do that sort of in-depth analysis. If you're worried about someone actually competent (NSA or some such) accusing you of naughtiness you needn't even bother trying to hide anything. If they want you they'll just drop some kiddie porn in your IE cache and destroy your life if they can't find anything real.
"Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
What do you think the baggie of marijuana in the back hatch of any american police car is for?
If they have to break down your door, that'll get tagged as their "evidence that the suspects were trying to flush evidence" used to blackmail you into pleading guilty in exchange for dropping one or more of the made-up charges used to lengthen the sentence.
My uncle spent 5 years in a prosecutor's office before being threatened with disbarment if he went public with what he knew, so he moved away from the corrupt police state of Tex-ASS and became a defense attorney. The police and public prosecutors pulled shit like this ALL THE TIME. They'd regularly have black and latino kids hauled in, threaten them with prosecution for possession no matter if it was true or not because there was a bagged joint in the locker room tagged "taken from pocket of Roshawn James, date, time, location" that said it was his. They get the kid crying, begging for his mommy, never tell him he can have a lawyer, THEN they offer the "sweetener" to not prosecute him if he turns evidence on the kid they really want to mess with. Oh and all the forged evidence and lies and interrogation bullcrap? Since they never intend to prosecute HIM, they never have to give him his lawyer or his 5th amendment rights, he's just "a possible witness."
A month later, that same joint is in a new baggie with a new kid's name on it and they're pulling the same crap. Prosecute the cops for doing it? Where's your "evidence", it's his word against multiple prosecutors and the Assholes In Blue who swear up and down they're honorable public servants who would nevar, evar, evar do such a thing...
What's wrong with cops lying to or misleading suspects?
Aside from the fact that it is KNOWN to make innocent people plead guilty? Aside from the fact that it makes the already dirty cops look that much closer to using forged evidence?
It's a valid tactic...
And if you had this thing called a "conscience" you'd realize it should NOT be valid. Period.
I'm not saying innocent people haven't been railroaded, many have, but reality doesn't permit police (especially in crime-ridden cities) to be knights in shining armor. Crime is an ugly thing, why would trying to solve it be much prettier?
Every time I hear someone like you I want to throw up. What was it our justice system used to be about? Didn't Thomas Jefferson say he would rather a dozen guilty men go free than see one innocent man convicted? When did we abandon our principles?
First, why not use the obvious countermeasure here. When you create an encrypted volume, you should enter 2 keys, not just one. One will unlock your drive, another will appear to unlock your drive, but in fact deletes the contents of the disk entirely.
Problem is that forensics officers take backups. They'd back up the drive first and boot from the backup so whether it destroys the data or not is irrelevant. And if you gave the officers the "self destruct" password that horked the backup then that is further evidence that you are up to no good.
What you need instead is a hidden volume. The idea is you have a normal OS and a hidden OS where your dirty secrets reside. You are prompted for a password at boot time and the password you enter determines which volume is booted into. Tools like Truecrypt support this already.
The problem is the very fact you are using an encryption tool which supports hidden volumes is likely to raise suspicions that you have a hidden volume even if they cannot prove one exists. At the very least you would have to ensure the decoy volume looks plausible, e.g. you use it frequently for your non incriminating activities, scatter around some sensitive looking but non incriminating documents, all to give the impression that is the one and only volume. The more plausible the decoy is, the more plausible your defence is after you hand over the key.
Even then they might catch you out. by building up a list of inconsistencies of activity shown by the computer's event log and other logs on the HDD vs what they can glean from other logs. e.g. if they might know you were on the internet at such and such a time, or downloaded a particular file, or your phone says it was USB synced at the time yet your OS has no knowledge of these events. Enough inconsistencies combined with evidence of using crypto that supports hidden volumes combined with other evidence they have might still be sufficient to find you guilty.
You could spend all your time trying to make sure time stamps match up or you could use something like TimeStomp and change all the dates to some future time. Then instead of using your HD I would just use a bootable ISO (runs in RAM) like backtrack 5 and store all my files off site using Gspace. Tie that with a strong antenna that would allow you access to any wireless access point in a 1 mile radius they are screwed when trying to track you. Even if they do find you by Gods grace they cant prove anything since nothing is stored on your computer once its turned off. They could spend hundreds of hours searching your HD and all they'll find is junk... The burden is on them to prove you did something wrong. Yes things my look suspicious but that isn't proof.
This is wrong. Allowing an officer into your house allows only items in plain sight to be used as evidence. They cannot open drawers, doors, cabinets, or containers without a warrant.
Partly wrong. "Searches incident to a lawful arrest" comes to mind (see Maryland v Buie here). If you let the police in your house and they decide you're doing something illegal and decide to arrest you, by right they are now allowed to search your immediate surroundings for both evidence and threats to their person. Don't believe me there? Look it up. The police get to determine what they think is lawful behavior on the fly, so they really have whatever avenue they wish to pursue, should they decide to be obnoxious about it. Can they search your whole house, rummage through all of your drawers, and go through your files? Probably not. But don't count on it. Most cops are not big on word of law. They do what they think is right at the time, and let the courts sort out the legality of it.
There is no federal gun registration in the US at all. Any registration is a state matter. Many states do not require registration of any kind. When a gun is lost, stolen, or sold, you are under no obligation to report it to anyone. Most people would report a stolen gun to get insurance and with the hope it would be recovered (they all have serial numbers so it is a realistic possibility).
The government actually has rather little ability to track a gun. Presuming the serial number is left intact (it is a crime to remove them but of course criminals don't care) the authorities can contact the manufacturer and find out which federally licensed firearm dealer it was sold to. They can then contact that dealer and find out who they sold it to (dealers are required to keep records of all sales). However after that, it is all up in the air. If a private individual sells a firearm, they are not required to keep any records at all.
Same deal with a lost firearm. There is no duty to report it. Many people would, I certainly would, but many wouldn't for whatever reason and it is fully legal.
Shut the fuck up, you stupid crypto-nazi anarchist. Do you even know what this court case is about?
Er, actually no. This is /.; we're not expected to read TFAs, silly. Besides, what's that got to do with anything?
Crypto-nazi anarchist?!? No again, I think (whatever that is).
This has ZERO to do with copyright infringement.
Yeah, sorry, that was just me venting about current events (SOPA/PIPA coming to Canada).
Aside from your completely moronic statement ... in my humble opinion, judging by the need for data security as evidenced by many high profile computer breakins, criminalizing encryption, or allowing government to force people to break their own encryption ... would be a mistake.
?!?!?!? Uhhh, back at ya? :-)
That said however, in business transactions, a special case should be made that if you have business related material on a laptop you should not only be required to encrypt it -- but be required to disclose it to government investigators, as well.
Why? So, you don't approve of your having a constitutional right to privacy and the right to not self-incriminate yourself? Good to know, thanks. And, the FBI has copies of your private keys and your passphrase? It'd save time, not require a judge to hear your case, and might even go towards clearing you if you're actually innocent.
Expedite justice! Forward your private keys and passphrase to the DoJ today!
WTF is a crypto-nazi anarchist?!?
"Tongue tied and twisted, just an Earth bound misfit
Judge it has been so long since I had to use my password to log in I cannot remember what it is.
For your really sensitive (questionably legal or outright illegal) stuff, put an encrypted volume under your encrypted OS partition. Agree on an arrangement with a friend, preferably from another country, to hold the key to that encrypted volume. Make the key a long enough (e.g. 4096 bit randomly generated) that is impossible to remember and requires him to provide it to you to unlock the volume. If dealing with authorities, the friend can simply refuse to provide the key and there's nothing you can do to make the unencrypted data available or that authorities can do to force the (foreign) person to provide it. The friend cannot access your data without you first unlocking the OS volume so it is protected from him as well. Not really convenient, but it would seem to be a way to stymie authorities.
Because destroying evidence is absolutely the *best* way to clear your name in court...
+1 Disagree
Wouldn't they be able to see that the volume size isn't the same as the size of the disk and ask where the rest of the space is? Also, albeit circumstantial: any logs in the "clean" OS will likely show that you've rarely used it. If they tracked you down and have other reasons to think you used your computer recently and can't see anything in the logs that they see showing that you were logged in they would have a pretty good idea that something is fishy.
Ok, you are claiming that an hungarian jew, which was 15 at the end of World War II, was a Nazi collaborateur?
Somehow I feel less enclined to even read or check your other statements.
How about George's own words?
http://www.youtube.com/watch?v=RZ2U6Rl98PM
Oops. Maybe you'd better check some of your other uninformed assumptions after you "check my other statements". Just sayin'
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
First, why not use the obvious countermeasure here. When you create an encrypted volume, you should enter 2 keys, not just one. blah blah blah blah blah...
Do you know how ridiculously easy it is to defeat that silly little booby trap countermeasure of yours?
Perform platter level duplication of the drive into an image, and then use a controlled, virtualized decrypt process. Anyone performing a hostile decryption is may very well consider your solution, especially anyone who reads these sorts of things on Slashdot.
I sincerely doubt that it's impossible for a professional data recovery service to remove all power from the drive, dis-assemble the chassis (voiding the warranty), and removing stock, factory vendor parts from the mix.
Maybe the old double spicy password technique will catch some podunk Police Departments off guard, but large cities, and federal forensics teams might wisely side-step this idea.
They do what they feel like doing at the time, and let the courts sort out the legality of it.
FTFY. Also, keep in mind that in most jurisdictions, the cops are buddy-buddy with the judges and the prosecutors, which leads to a "I'm sure they had good reason" mentality when their actions are challenged and a "fuck you I'm taking the word of the cop" mentality when a witness or defendant's statement contradicts the cop's statement.
Doesn't the UK already have no privacy when it comes to encryption keys?
AJ Henderson
I don't care about mod points on this issue. But apropos to your comments:
* You have 5th Amendment rights. To remain silent, to not self-incriminate. When stopped and asked anything by law enforcement stay silent. Without forethought this is hard, as you don't want to be appear rude, nor seem to invite excessive scrutiny for being anomalously silent. The alternative is to become a plaything as non sequiturs _and_ yells strike you in their trawling for crime. Alternatively you may ask, "Why are you detaining me?" (Thus forcing their hand.) Then remain silent, _no matter what else_ is asked! You cannot be punished for remaining silent, you cannot be berated for remaining silent, you cannot give _entree_ to maneuvering to law enforcement by remaining silent. Law enforcement fishes, lies, yells and berates as part of the M.O. of their work. When innocently going about your righteous life and this occurs to you once, twice, say !enough! Short circuit. Don't play the game. Throw a monkey wrench.
* When law enforcement says "you are free to go," go!
Don't stop to answer, By the way, do you a gun with you?
By the way, do you have children photography in your phone? laptop? Ipad?
By the way, do you have MP3s in your e-devices?
By the way, do you travel outside the US?
By the way, do you speak another language as your first tongue?
etc. Go! Stay silent. Follow their original directions---free to go. They're fishing. Fine, think it can't happen to you, but once you feel your ire rise at the deluge of tangential, irrelevant to you questions and you become irritated, or angry, or late, or offended, or arrested for protesting at normal voice for the silly encounter to a Rambo type with payback in his/her heart remember these words.
Except that doesn't work. The first step of any decent forensics approach would be a bit for bit mirror of the data on the drive followed by decrypting the copy. It would be readily apparent if the drive was substantially altered by the decryption and the ruse would be seen through. It would also fail to actually delete anything as the original would still be intact.
AJ Henderson
Good morning, Mister Phelps...
Free Martian Whores!
Just remember that police officers go by vampire rules.
What happens if you keep notes via simple pen/paper using a code. Can a judge force you to tell the prosecutor what your code is?
Unix is user friendly, it's just selective about who its friends are.
I mainly take issue with cops lying to suspects about their RIGHTS.
The 5th Amendment doesn't protect us from discovery
Yes, but it does provide the ground work for one's right to remain silent. Which, this judge is ordering someone to waive. Not only that but he is ordering him to waive it in a way that "could" incriminate himself which is in direct violation of the 5th amendment. Not to mention, one can simply say "I don't recall" and it cannot be proven otherwise.
As naive as it may sound, why not just do less illegal stuff?
Where's the fun in that? People do illegal stuff for a reason, whether for lulz or profit, or simply not agreeing that activity should be illegal in the first place. "Illegal" is not necessarily and always "wrong" morally or ethically.
Back to the topic, I think the best solution to this criminal's conundrum is to crack into some utterly unrelated "sheeple's" computer and do your "nefarious activities" there. They'll never notice it happening. You can even add in all the other crypto-methods mentioned here if you're hyper-paranoid, but on an utterly unrelated computer. As long as you're careful to use an anonymizing proxy to get there, there'll be no trace of you going there or of you doing anything there. I wish the LEOs luck sorting that out.
And may I say to all you creeps out there, stay away from my Mom's computer, damnit. I'm watching you.
"Tongue tied and twisted, just an Earth bound misfit
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
The specific law that forces you to hand over keys is called Key Disclosure Law.
The rules for various countries are posted on wikipedia https://en.wikipedia.org/wiki/Key_disclosure_law; however,
when I look under #Canada, I see:
Canada implements key disclosure by broad interpretation of "existing interception, search and seizure and assistance procedures";[8] in a 1998 statement, Cabinet Minister John Manley explained, "warrants and assistance orders also apply to situations where encryption is encountered — to obtain the decrypted material or decryption keys."[9]
I haven't heard of any cases where someone was actually forced to hand over their keys, so I'm not sure if this is actually enforceable or not...
Kindof seems like Canada might be lacking in this specific area...
So does anyone know if this is actually enforceable?
However, I would like to suggest an alternative. As naive as it may sound, why not just do less illegal stuff? That way when they do take your hard drive, you really don't have anything to get you into trouble. Better yet, if you are so inclined to do illegal stuff, why not just do all that illegal stuff on a different computer that's not located somewhere where you might spend 70%+ of your time
You seem to be thinking of an honest government. Think instead of the Inquisition: "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." The government won't be assessing your activities fairly - they've already decided you're guilty (maybe because you annoyed the wrong person), and they're looking for everything they can use aganst you.
If the stuff you're accused of wasn't illegal when you did it, you're still boned. If any reasonable person would agree that your activities stayed on the legal side of the line, but a judge with a burning passion to convict you can creatively interpret the law, you're boned. If no reasonable person would expect the activity to be illegal, but yet it is and you just didn't know - totally boned.
It's only if you're delibrately, knowingly breaking the the law that you'll take wise precautions. If instead you're just politically active, or doing somehting that society disapproves of but isn't actually illegal (yet), it would be great to have a technological solution "just in case".
Socialism: a lie told by totalitarians and believed by fools.
She should of just used DBAN and a DOD secure erase program like you said.... that would pretty much do it don't you think?
From the article:
"The Fifth Amendment says that nobody may be "compelled in any criminal case to be a witness against himself," which has become known as the right to avoid self-incrimination."
Seems to me that decrypting a hard drive with information that might incriminate you would be a violation of that 5th Amendment right....
This also bothers me quite a bit, they can't even get their stories straight:
"In March 2010, a federal judge in Michigan ruled that Thomas Kirschner, facing charges of receiving child pornography, would not have to give up his password. That's "protecting his invocation of his Fifth Amendment privilege against compelled self-incrimination," the court ruled."
"A year earlier, a Vermont federal judge concluded that Sebastien Boucher, who a border guard claims had child porn on his Alienware laptop, did not have a Fifth Amendment right to keep the files encrypted. Boucher eventually complied and was convicted."
Oh and I don't believe in them hiding behind the fact that they aren't requiring the password, the result is the same, the hard drive is decrypted and any evidence there could incriminate themselves. Asking her to just type in the password is the same thing as getting the password from her.
Not strictly. You can retain your privacy if you're willing to stay in jail forever instead.
The issue with maintaining two volumes is that each will report lower capacities than the total drive capacity reported through the BIOS or via the label on the drive
This is not how secret volumes work. For one thing, both volumes look like randomized data since everything is encrypted. You can only examine them if you have the decryption key. With the decryption key, both volumes will report their size as the entire allocated space. The primary volume writes data start->end, while the secondary (secret) volume writes end<-start.
For example if you encrypted a 20GB physical drive, both volumes report that they are 20GB. Indeed if you write 20GB of data to either volume, you will OVERWRITE the alternate volume. It's up to you to know how much data you have on each volume and be careful not to write enough data so that the sum of both volumes exceeds the total volume size. You can mount both volumes at the same time, and the encryption software will reject writes to either volume which would overwrite data on the alternate volume.
Slay a dragon... over lunch!
The police are getting better. Digital forensics is a new field for police work though, so there are plenty of departments without much experience. It doesn't really take much training though for them to understand that when it comes to encrypted drives, you can have two passwords, one which unlocks a dummy drive, and one which unlocks the real data, and that the easiest way to detect that is seeing if the data you unlocked has anything recent in it. It's probably not the cops you have to worry about on this front, but the prosecutors. If you're in front of a judge who is compelling disclosure, then a prosecutor is involved. They are more likely to understand the situation, or more likely to contract with someone who does.
I would not be surprised if the digital forensics software they use for a lot of this stuff now doesn't have an indicator for that built in. "Red flag: the data on this drive appears to be most recently accessed on or before X date. If this precedes the date the drive was collected, this is probably dummy data." or "Red flag: the data on this drive appears to have been most recently accessed in the future - this is probably a forgery" (to compensate for future dating data to make it look more recently used). System logs, browser cache, and lots of temp files written by various programs can each give away the actual date of most recent use.
Slay a dragon... over lunch!
Listen yourself! What he was actually saying that the experience of constant change, of constant danger was for some strange reason making this experience the happiest time of his life, because he as a 14 year old never assumed someone was out to get him.
(For you I'll even do a transcript of the snippet:
"It was actually probably the happiest time of my life, this year of the German occupation. For me, it was a very positive experience. It's a strange thing, because, you see, this incredible something around you, and in fact, you were in considerable danger yourself. But you are 14 years old, and you don't believe that it can actually touch you. You have a belief in yourself, a belief in your father. It's a very happy making, exilarating experience.")
I was right from the beginning. You either felt for a smear campaign, or you are part of the smear campaign.
you must be doing something illegal that needs to be searched for.
And as you pointed out, how does one exactly know when you are doing something illegal. One can play chicken and egg with the question all day. However, as someone else has pointed out, if you have something in a safe and a search warrant has included a safe to be searched, then you need to hand over the keys or face obstruction of justice.
US law isn't byzantine in that it is, "characterized by a devious and usually surreptitious manner of operation." US law is complex, and not everyone understands it. You ask,
it's a question of how do you protect yourself?
and I have replied in a round about fashion but I'll make it more direct. US law is not made for you to understand completely. I want to underscore that "completely" part. Obviously the basics of law are understandable. We know murder is illegal, slavery is illegal, stealing is illegal, and so forth. However, the more distinct pieces of law are not always known or understood. For that you need a lawyer that can protect you. It is that lawyer that will understand the consequences for obstruction justice and weigh in on whatever dirty secret you might be hiding on your encrypted hard drive is worth the time you will serve for withholding information.
If it is mommy and daddy's sex tapes the lawyer can have the judge and DA view the video in private and the whole thing be dismissed. If it is because of a secret girlfriend, again, viewed in private and dismissed. Never on the record and disclosure of that by the DA could have him in jail. Again, if it is nothing illegal most lawyers will ask to have the evidence reviewed by judge and prosecution and then promptly sealed. Flat out refusal when a judge has ordered it is just straight up obstruction. Unless, of course, the person just simply forgot the password. However, you will never know that unless you speak to an attorney.
You are under the impression that somehow you can protect yourself and that assumption will get you burnt every time. You cannot protect yourself because most people's knowledge of the law is very limited. Just like (using the Slashdot time honored car analogy,) I don't try to fix my own car because I have no idea how all the pieces work. I can change my oil, because I have enough general knowledge to do just that. I can change my own air filter. However, if something goes wrong with the transmission, I take it to someone who has better insight on the matter.
However, the more concerning issue that rises from all of this is the general Google-pedia mentality that has become more and more rampant today. A lot of people are under the impression that they do not need professionals because, "oh I can just learn everything I need to know from teh Intertubes!" It's like paper MCSEs but with specific domains of discipline. As pointed out in the youtube video that you so kindly provide a link to, do not talk to cops and get a lawyer. As pointed out early on in the video, it is impossible for you to know every single law, and as #1 on his top ten (or eight) list, there isn't anything you can say to get out of being arrested. Don't be stupid and think you can somehow "protect" yourself.
So two points, one, specifically talking about this case, if a judge orders you to unlock something, safe, encrypted hard drive, safety deposit box, network system, or anything else that uses a method to keep something else from public knowledge. You cannot find a defense in the fifth amendment, period. You can ask a lawyer why that is, but absolutely none would recommend you continue to keep it a secret unless it implicates you on the crime in question. Yes, that is one of the first questions lawyers ask their clients starting out,
Two, generally speaking, there is a sense of gratification in crime. Sometimes that is unknowable like the fish example that is presented in the video. You take the
Where's the fun in that?
Well the idea was to just do what makes you happy but I'm quickly finding out that my choice of words may not have had that effect.
Vampires and police have that same thing in common. They can't come in your house unless you invite them.
In that case, I'm terribly sorry Your Honor. But I've forgotten the passphrase.
You seem to be thinking of an honest government.
Not really. However you do seem to be on the same line as I was getting at. However one thing...
it would be great to have a technological solution "just in case".
I totally disagree with this whole notion that computers will save us somehow. That's MPAA/RIAA thinking. Computers won't save squat because the laws aren't made by computers, they are made by people. So unless you find some method to have computers stack the deck of law/judge in your favor, I would seriously recommend that you pass on relying on computers to save your butt.
The Troy Davis case is perhaps not the best case to point out seeing as it is pretty conclusive given the evidence that wasn't tampered with and the outright contradicting stories of his sister and mother that he was at the scene of the crime. The evidence manufactured by the cops was manufactured to close the case, not to implicate him. Thus, calling him innocent is quite the stretch. Wrongly convicted, sure. Travesty of justice, agreed. But not innocent.
I'll get right on that...oh hell, I can't remember my passphraze! Damn it all. I'm ALWAYS doing this. Sorry.
Because if it were a physical object, it would be the same.
Since it's in your mind, fuck off.
It's idiots like you that cause this slippery slope.
But if you have papers which are written in apparent gibberish, they can't force you to give them the code to translate that gibberish into content that makes sense
Read the 5th amendment carefully: "nor shall be compelled in any criminal case to be a witness against himself". It does NOT say "nor shall be compelled to do anything that might incriminate himself."
You cannot be compelled to testify in your own trial. You cannot be compelled to utter a single word that will ever appear in evidence or trial.
You CAN be compelled to do a lot of other things, however, that somebody else can use to act as a witness against you, and this is a well-settled area of law. You must, upon the exercise of appropriate due process, provide fingerprints, blood, DNA, urine, your presence in a lineup, etc. All those things can be incriminating, yet they are also not the subject of any serious 5th-amendment questions.
This also includes, upon presentation of a valid warrant, unimpeded access to your property. You must open doors, unlock safes, and yes, provide unencrypted access to your hard drive. (There are, of course several important exceptions to the rule, including communication with your lawyer and doctor. But you cannot claim blanket protection on your entire office/safe/computer because a portion of its contents might be privileged.) What good would a search warrant for your house be if you could refuse to admit the police? You don't have to give the police the combination/encryption key, but you ARE required to use it upon valid demand.
You can, of course, still refuse to use the decryption key. You can even claim you forgot it. But such a claim WILL be held against you at trial, and it's quite possible you will be found guilty of Obstruction of Justice and/or Contempt of Court.
Planting drugs is obviously bad and illegal. Is planting an (encrypted) volume (usb-key) containing nothing but public domain materials in the UK wrong and illegal? Even if police get caught doing it, not a thing would happen to them, unlike with drugs or porn. It looks terrifyingly easily to decide you don't like someone and then destroy their life if you're a UK police officer.
http://www.schneier.com/blog/archives/2005/06/write_down_your.html
I've often wondered about truecrypt and similar schemes - if you have a hidden volume, and if a forensic investigator did a low level analysis of the volume, wouldn't they see a size mismatch? E.g. an unexplained "hole" in the truecrypt volume the size of your hidden volume, which isn't being managed by the VFAT/NTFS/Whatever filesystem? So, your partition is, say, 1 TB, but the true crypt volume is only, say, 600GB, with 400GB mysteriously "unused" by the filesystem, or something along those lines?
One big difference, if you give the Pigs a chance they'll force their way in and lie to the judge later claiming you consented to letting them in.
You cannot be compelled to testify. This means you are not required to utter a single word that will ever be heard in court. Not to the police, not to a judge, not to the jury, not to your lawyer, nobody.
You CAN be compelled to do a LOT of things that will enable somebody else to testify against you. After proper due process you can be compelled to:
- Provide fingerprints
- Provide blood
- Provide DNA
- Provide Urine
- Provide a hair sample
- Participate in a lineup
- Provide a voice sample
- Have a photograph taken
- Provide a breath sample
- and... upon presentation of a valid warrant, provide unimpeded access to your property. This means you must open safes, unlock doors, and yes, unencrypt hard drives.
Your tattoo analogy fails. Explaining something would indeed be testimony. But unencrypting a hard drive is not an explanation; it's similar to using a combination to a safe, a key to a lock, etc.
You don't have to actually reveal the combination/decryption key, but you CAN be required to use it yourself to provide access to the property listed on the warrant. To not do so is obstruction of justice (or contempt), and once they convict you, they CAN use that fact against you in court.
Now, if some of the contents of your hard drive contain privileged information (i.e. communication with your doctor, lawyer, or spouse) that information cannot be used against you. But unless you can convincingly argue the drive contains nothing BUT privileged info, you still have to turn it over (and the privileged files cannot be given to the police or used as evidence; your lawyer supervises the sorting process.)
I have a serious problem with this. What is the court going to do if anyone refuses to give the encryption key? It is up to the prosecutors and cops to build a case. If you won't give them your decryption key, then they'll have to build a case without that evidence (or find a way to break the encryption).
It's not a defendant's job to help the police build a case against them. I don't think any defendant should ever be legally compelled to cooperate with the police. The police should be able to prove them guilty beyond a reasonable doubt with no cooperation. If they can't, you shouldn't be able to throw someone in jail when you've failed to prove a crime, by inventing another crime of not cooperating with the police. In other words, turning someone who's not a criminal into a criminal.
Trust no one....Tell no one....
Simple elegant solution.
Enjoy!
CAPTCHA: unlocks [ how apt! :D ]
Illegal stuff is what a lot of normal people do. If all the bad laws they make in congress were actually enforceable our country would be worse than North Korea.
Is that so hard for encryption software vendors to implement few more "valid" passwords ???
If wrong "valid" password is entered, system "decrypts" and runs just clean Windows or Linux distribution with less valuable "personal" data, like favorite personal song names database or some cooking recipes or whatever...
It's just an idea...
Why should we compare encryption to a physical safe? Electronic records are very different then paper records in a safe:
* They're exponentially larger and more detailed.
* Digital logs are constantly created, by many different devices, unlike any other technology.
* They record activity unknown by the user. (e.g. a browser fetching an undisplayed image)
* They record activity poorly understood by the user. (e.g. Deleting an email doesn't erase it from the disk)
* They're easily faked. Digital copies can't be examined like a letter head or signature on paper.
* They record activities as if witnessed by an observer, rather then recorded after the fact by an observer. (Paper records are created by people for their own reasons, digital records don't share those motivations.)
New laws for new technology is the norm. The question is whether people will "be secure in their persons, houses, papers, and effects" or we'll all live in panopticons in the future.
tomorrow who's gonna fuss
Maybe for a civil trial, but for criminal the gov needs to prove "beyond a reasonable doubt" that there is a second volume you are keeping hidden. Which way that would fall in a group of my peers is an open question.
Cheap storage VM.
shhhh...
Cheap storage VM.
Gitmo is still there. You really think they would admit they send citizens there.
I can honestly say that not one of them would ever consider doing something like the things you just described to someone they know or respect.
fixed that for you.
Cheap storage VM.
.
Obviously, Macs are excluded.
Say the government executes a lawful wiretap, but finds the conversation to be encrypted. The Defendant talks about a “package” and about a “mark”, or even “the stuff”.
Say it’s a foregone conclusion that these words were chosen deliberately to obfuscate the real nature of the items being discussed. And say it’s obvious that the Defendant knew what he meant by those terms. And there’s no question the recording is of the Defendant.
Can a Court compel the Defendant to provide the “key”? Say that “package” means “shipment of illegal drugs” or that “mark” means “person who needs to be killed”? Say they offer production immunity — they won’t say they got this information from the Defendant, they’ll just read the “key” to the jury and admit it into evidence. They’ll have their expert witnesses say that’s what the conversation means.
When I was a wet-behind-the-ears kid, I used to think like you. I've been around long enough to recognize that laws have multiplied enough to make even the most law abiding person a criminal. Every year, more laws make more activities illegal. Thought crimes are prosecuted under cyber bullying, hate crime, bias crime, conspiracy and other laws. I had a good friend who was prosecuted for exposing himself for urinating in public while drunk. He committed suicide rather than face sex crime charges when he was witnessed by a bystander.
When they come for you, will you still be eager to help them make a case?
No, you didn't, and it's insulting to suggest that you did. What part of "highest moral fiber" and "highest ethical standards" was ambiguous? The officers I know are the types of people who apply the rules equally to all, not just the people that are pleasant, respectable, or known to them. If you had fixed something I said in relation to the bad officers that we all know are out there, I'd have been fine, but you're maligning my friends here, and people who I know wouldn't act like you seem to think.
fricos (romanian) = coward
http://dictionare.com/phpdic/roen40.php?field0=fricosul
Good luck for any judge who asks me for a password. My response will be that I have 50+ passwords just for work, and I don't remember that particular one. The laptop you seized six months or a year ago? Well, I can guess but so can you sir. If I was facing serious charges, I'd just weigh the penalties vs. contempt charge while my attorney appeals.
If a court orders you to help them, yes you do have to help them decipher the content. You can plead the 5th but you can then be questioned about how that assistance is self incrimination and the judge gets to determine if he agrees.
what if you have a key escrow program that is set to automatically destroy the key without intervention? While in the can:
Me: Officer, I need my smartphone right away.
Prison Guard: LOL
Me: I have software that will wipe out my precious data if I don't log in for 7 days in a row. It's been 6 days and 20 hours.
Prison Guard: Tough Shit
Me: The judge might want some of this info!!!
Prison Guard: Do I look like I was born yesterday? Shut up and let me watch tv or you are gonna have a bad night.
Listen yourself! What he was actually saying that the experience of constant change, of constant danger was for some strange reason making this experience the happiest time of his life, because he as a 14 year old never assumed someone was out to get him.
What you fail to note is what Soros was actually doing during this time. He changed his name and went to work with the Nazis confiscating land from Jews. That he considered this time during which he helped Nazis confiscate land from Jews "the happiest time of his life" is downright chilling and should set off major alarm bells in any rational human.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Please explain how a 14 year old is able to confiscate anything! He was not even able to sign any legal binding contract, how should he be able to "confiscate" anything?
That's purely bullshit. Whoever told you that was pulling you a leg.
What your buddies think of themselves, and what they'd actually do, are two different things.
If your buddies are of as "high moral fiber" and have "highest ethical standards", they should have turned whistleblower long ago on most of the other cops in their precinct. And they should be speaking out against police departments who try to arrest and indict people merely for recording police misconduct in public places.
Of course, I have yet to hear of many cops turning in other cops, I have yet to hear of ANY cops speaking up for the right of the public to record police officers who are engaging in brutality or even are just in a public place acting as public servants, and the most reviled group in any police department or larger police organization is always Internal Affairs, who generally are staffed with the most incompetent boobs that the chief can find anyways.
I too have an officer friend who is very ethical and I trust him. I know any officers I trust. I have heard officers tell stories where something obviously wrong is going on and they step in and say something without any records or arrests. This happens when the person doing it is another officer.
With other people it is like a game. I will pull people over because the lights on their license plate is burned out. I found this gun, in the back seat of a car, it is legal and could be legally claimed by anyone in the car. However, since no one wants to claim it, I will check it in as "lost" property. People get nervous when cops question them. Many police are mostly honest, but they also mostly protect each other, in any situation.
Cheap storage VM.
FWIW, I agree with the "Flamebait" mod.
I'm not sure I'd take anything I wrote back, though.
"Tongue tied and twisted, just an Earth bound misfit
How do you persuade all attackers to run the code that deletes the contents? If you can make them run software of your choosing, then you probably also have the power to make them not want to peek at your data in the first place. Reminds me of a ST:TNG episode where someone's solution to a problem is "just change the gravitational constant of the universe."
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I didn't realize you were talking about steganographic encrypted volumes until your last post... please pardon my misunderstanding. I have not set up volumes in the manner you have described, so this is the first I have heard about the start->end and end->start writing technique. Is that handled at the OS level or using the encryption driver?
The weird thing about OTP (keys as large as the data itself) is that the Fifth Amendment really would unambiguously apply and not be controversial. If the purpose of the 5th is to keep innocent tortured people from making up confessions to please their tormentors, then they would make up OTP keys to produce whatever plaintext was desired. Any person accused of any crime could (with sufficient coercion) be "shown" to be guilty.
And similarly, actually-guilty accused people could make up OTP keys providing fake evidence which shows no wrongdoing.
OTP really solves the problem..
What is needed is a truly magical cryptosystem, where one unit of ciphertext can be decrypted with two different reasonably short keys to produce two different plaintexts of equal length to the ciphertext. I hope someone invents it, because privacy issues aside, I think it would have great applications in data compression. ;-)
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I'll me propose an actual API that could be used for this. First of all the master key is encrypted with two layers of encryption. First it is encrypted using RSA, next it is encrypted again using the password. The RSA encryption step needs a bit of extra work to make the encryption indistinguishable from a sequence of random bits. By default an RSA encryption doesn't look exactly like random bits. The point is that the RSA encryption is from an interval [0;n[, where n is the product of two large primes. Since n is not a power of two, not all possible combinations of the bits will result in a value in that interval. But after performing an RSA encryption you can just add a random multiple of n to the value, and that essentially solves that part. Once you have made that minor step between encrypting using RSA and encrypting using password, it will be such that no matter which password you try, you cannot know if that password was correct until you have done the RSA decryption as well. The RSA secret key is on the server, the RSA public key is stored in clear on the encrypted disk.
Decryption happens using this protocol:
The HMAC key is completely unrelated to the actual encryption key. The server knows the RSA secret key and the HMAC key. All the server will ever know was that a request was made and if the validity of the request was subsequently proven to be valid. The server learns nothing about the key material. As a matter of fact, a completely valid session of this protocol could be produced using only the key material on the server.
Do you care about the security of your wireless mouse?
You'd have to use the decoy OS a lot. I'd say the decoy OS should be your defacto login so it gets a lot of activity. The hidden OS would be the one you use rarely since the less you use it, the less evidence you inadvertently leave around.
For having many hidden volumes, you're looking for something like Rubberhose or PhonebookFS (both dead). I don't believe there is any maintained software that can do this.
>if you have something in a safe and a search warrant has included a safe to be searched, then you need to hand over the keys or face obstruction of justice.
Yes, but if you've written some notes in a super-secret code that only you can decipher, you cannot be compelled to do so. How is encryption any different?
-- Give me ambiguity or give me something else!
It seems to me that your best bet is to not use secondary volumes. With how small external flash storage, it seems logical to me to put your encrypted data on a memory card which can be easily hidden. That way you don't have to worry about hiding encrypted partitions on your main computer because there aren't any that have to be hidden. One possibility would be to get a card reader for your PC, configure your PC to boot off of it, and use that for any nefarious activities. When you're done, remove the card and hide it well (preferably somewhere where it could be plausibly lost - You say you found it under the clothes dryer? I was wondering what happened to that. Unreadable? Oh that's a bummer.). Of course, they might figure still figure out something was up.
Another possibility is to buy a 16GB card, replace the sticker with one you peeled off a 4GB card, put a 4GB FAT32 partition on the card then used the remaining 12 GB for your hidden partition. Buy a whole bunch of memory cards for your camera, and mix it in. Even if they did check the memory cards carefully enough to find the discrepancy, you could claim that you bought it pre-formatted and had no idea that it was actually larger than it was labeled.
Another thing I've always wonder is if they manage to nab a hoarder, how carefully do they inspect all the "junk"? Are they really going to carefully comb over a dozen decade-old computers that may or may even be bootable, or that pile of hard drives that may or may not even work. How easy would be to overlook an old 10GB drive with one 2GB MS-DOS partition and the rest unpartitioned?
How is encryption any different?
Main difference, a computer is involved.
Take two sheets of paper and sit them side by side. Write a message on one sheet of paper and then on the other, without the aid of a computer, write the same message in Triple-DES. Not impossible, but not likely. The court understands the difference between written word, physical safe, and encrypted data. All have different sets of standards for judgement. Therefore, your example that you give would be handled differently by a court than encrypted data on a computer, so the comparison is moot.
A judge cannot rule you to unscramble your message. However, there has been instances where the unknown hurt the defense of the person. For an example, if a US citizen sent another country encoded messages, and once caught, refused to decode the message. In turn the government would not be able to determine the damage. Thus the penalty would be very grave. However, in this case the government already has enough evidence to convict.
I also want you to note that I used key as opposed to combination. A judge can order a person to hand over keys, but a combination lock safe not so. The reason being is that it requires the person to verbally or in title (writing it down on a sheet of paper) give the combination, which in turn is protected from the 5th amendment. The main difference is that a key is physical and a combination is mental. However, the judge did not order the person to give their password, the judge order the person to hand over the decrypted contents. Again, the contents are not kept in the mind, they are kept in the computer. The judge cites that judges in the past have indeed ordered people with combination lock safes to provide the contents or find themselves in contempt. If they cannot remember the combination or are not physically able to do so, is another story. It is this, "we are not asking you to tell us something in your mind, but you must hand over something that physically exists" idea that the judge is using in this case.
Again, the person in question is walking a very narrow line. If the government find any thread that shows cause for alarm, then the judge can quickly escalate the situation by showing that unknown or untold damage has been done. In that case, the defendant is pretty much at end-game. The idea is to show that damage has been done but the full extent can never be determined, since the contents of the drive were never decoded.
There have been other cases where damage could never been readily seen. Much like when an officer is invited into your home but never gets a glimpse of the massive amount of heroin you have hiding in your oven. The officer could have opened the oven and seen it, but in doing so, has conducted an illegal search. Likewise, there have been cases where people have been accused of using a computer to commit a crime, but because no visible damage could be found, they cannot prove anything about the crime. Again, the government has reason to believe that the person in the article has committed bank fraud. Enough evidence that they have started a grand jury hearing for discovery.
However, the whole issue is really needing an official high court ruling.
I'll leave you with this thought. If someone kidnaps a child and stuffs them in trunk, do they have a legal right to plea the fifth when an officer orders them to open the trunk? Likewise, if doctor notes on a botch operation are encrypted on a drive, do you believe that the doctor can plea the fifth?
Sure, physical security offers plenty of advantages over electronic security. But using both is even better. Defense in depth. A physically hidden device can be discovered with no involvement on your part, while an encrypted device with a sufficiently strong key cannot reasonably be accessed without your involvement even if discovered.
The way hidden volumes work, you don't have to try to pretend the card is a different size than it is. Digital forensics won't be fooled by that (they probably won't even look at size on the sticker, the first thing they do is image the device, creating a byte-for-byte copy of the data across the entire space without regard for partitions or other volume information). Hidden volumes occupy the same space as primary volumes. You can have a 16GB drive which consumes all 16GB of space for the primary volume. The hidden volume will occupy some subset of that space, usually writing from the end of the device toward the start of the device, and it can also be 16GB. Of course you can't write 32GB of data to this, if the sum of your primary and hidden volume exceed 16GB, writes will start destroying data on the alternate volume. But without the encryption key, that hidden volume just looks like randomized data in the primary volume's space (it's not possible to distinguish otherwise with any publicly known technique).
Slay a dragon... over lunch!
I wonder if you could say you forgot the password then after being held in contempt of court, plead the 8th amendment and claim that it is "cruel and unusual punishment" in that you have been given an order by the judge of which you cannot possibly comply.
For instance if seized emails were sent from the home, they will demand to have access to the computer they were sent from.
If she claims those emails were sent from a different computer, they will take that computer and soon come to find out the emails were indeed not sent from that machine. They will then demand access to the real computer.
Now we are back to "I forgot the password."
Right. The last email we have implicating you was from last week. Your forgot the password in that short of time? Simply not credible.
This is of course contrived, but I bet the chain of evidence is there pointing to that laptop.
When we started caring more about the next CoD, WoW, Jersey Shore, Toddlers and Tiaras, ad nauseum...
It's possible to mount both volumes at once, and just be careful about sticking all the evidence on the secondary volume, but in most modern OS's, there'll be problematic artifacts indicating the secondary volume exists in the form of "Recent Files" lists in applications or in the OS level. You'll also have to worry about program caches being written out to the primary volume and being recoverable from free space on the drive; so as part of shut-down you'll need a script which writes random data to the empty space and knows how to destroy the internal cache files of all your applications - even ones you don't use for nefarious purposes since a cache file may not be zeroed out when it's allocated (thus capturing sensitive data). Basically keeping both mounted at the same time is a sure fire way to accidentally leave behind some evidence on the "safe" drive.
One thing that you could do is store a virtual machine inside the encrypted partition with a particular name. Keep an (almost) identical virtual machine inside the secret encrypted partition. Then, on your real machine, the kind of stuff that gets logged is that you opened the virtual machine named foo. But, not all the names of the secret word documents, the hacker tools or whatever.
In the outer encrypted volume (the one you will give up to police, you should keep your tax returns, and pictures of yourself naked and/or making a duck face. Perhaps even something showing you trying to pose sexy but failing (preferably an epic fail). Make some of the pictures obvious that you are naked, but not really show anything. These should play well with a jury. "Wouldn't you want to hide these pictures so that no one would see them?" your lawyer will later ask at your trial as he displays them on a projector. Of course, there will also be the proper level of dramatic buildup before hand. Asking the judge to clear the court room. Asking him to seal these pictures so that they are not made public. etc.
> First, why not use the obvious countermeasure here. When you
> create an encrypted volume, you should enter 2 keys, not
> justone. One will unlock your drive, another will appear to unlock
> your drive, but in fact deletes the contents of the disk entirely.
That would have to be built into the device. I can't take a normal device and make the above happen. For any normal hard drive or other storage mechanism, I would expect that the forensics people already know to read the raw data off of the device onto their own device (backing it up at the same time), and then they can operate on it using whatever program they want. There would be no way to force their program to delete the data or modify it in any way regardless of the decryption key you gave them. The program would produce exactly one of two results given any decryption key: successful decryption (you gave them the correct key), or unsuccessful decytpion (you gave them the wrong key).
The best you could do would be to have a form of ecryption that could somehow produce two different, meaningful sets of decrypted results given two different decryption keys. AFAIK there is no such cryptographic system in existence. It would be an incredible feat to be able to encrypt two sets of plaintext to the same ciphertext for which the original independent plaintexts could be recovered using two different decryption keys.
That being said, it would be a pretty awesome cryptography scheme that could do this from the perspective of allowing a user perfect secrecy with their data.
No.
If you put in both decoy and non-decoy passwords, it can see the bitmap to know where the non-decoy data is and avoid overwriting it.
If you put in only the decoy password, the non-decoy data is considered free space and available to override. (Obviously, this is something you do only under duress).