Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Judge Rules Defendant Can Be Forced To Decrypt Hard Drive

Posted by Soulskill on from the it's-not-incriminating-yourself-it's-just-pushing-buttons dept.

A Commentor writes "Perhaps to balance the good news with the Supreme Court ruling on GPS, a judge in Colorado has ordered a defendant to decrypt her hard drive. The government doesn't have the capability to break the PGP encryption, and 'the Fifth Amendment is not implicated by requiring production of the unencrypted contents' of the defendant's computer."

12 of 1,047 comments (clear)

  1. no 5th? by MrDoh! · · Score: 5, Insightful

    If there's incriminating evidence, surely this is a perfect example on why the person can't decrypt as it WOULD self incriminate them!

    --
    Waiting for an amusing sig.
    1. Re:no 5th? by maxwells_deamon · · Score: 5, Insightful

      Produce the gun that was used in the robbery. Here is the subpoena

    2. Re:no 5th? by Dr_Barnowl · · Score: 5, Insightful

      TrueCrypt doesn't have a "burn the data" password, because that would be pointless - firstly, any digital forensics person worth their salt will make a bit-for-bit copy of your data to a separate storage device before working on it, and secondly, you're likely to attract additional criminal charges for attempting to destroy evidence.

      What it does have is a "hidden volume" system - it can store a second volume hidden in the freespace tail of the first. Because encrypted data looks random, it's easy enough to peg a volume as being encrypted, but it's virtually impossible to be sure that there isn't a hidden volume in the freespace at the end.

      You have two pass phrases ; one for the first volume, where you keep stuff that could be construed private or slightly embarrassing (tax returns and *legal* porn, or photos of your naked wife, etc) to make it believable, and one for a second volume, where you keep your dastardly plan to conquer the world.

      You put up a sufficient amount of resistance to giving up your first password to make it look convincing. "None at all" is an option - that way you look like a hopeless amateur cowed by the almighty power of the state. You do not give up the second password, or give any hint that there might be a hidden volume.

    3. Re:no 5th? by DarkOx · · Score: 5, Insightful

      Providing an encryption key is the state effectively asking you to help them interpret evidence. Suppose they grab your appointment book.

      The next thing you know you are in court and the prosecution is demanding you explain how all the entries for yoga class, and dinner with Sarah, are really codes for drug deliveries and pickups?

      Really its pretty simple, they have data and they want YOU to explain how to transform it into evidence you have committed a crime. Its CLEARLY UNCONSTITUTIONAL.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  2. Re:Pesky constitution by snowgirl · · Score: 5, Insightful

    the NDAA killed the first, fourth, and sixth amendments.

    The NDAA provision is a statutory law, it CANNOT overrule any amendment. If they are in conflict, then the NDAA loses.

    And after that, WTF? How did it kill the first amendment? Did it establish a relgion? Prohibit the free exercise of religion? Abridge the freedom of speech, or press? Or our right to peacefully assemble? Or did it eliminate our ability to petition the government for a redress of our grievances?

    The second amendment has been dead for decades.

    WTF? The Supreme court just recently ruled that the District of Columbia, and later a state jurisdiction as well are unable to effect regulation of gun ownership in a way that prohibits the ownership of a gun by the general citizenship. No less, the ruling also enforced that regulation of gun ownership cannot require that the gun be dismantled, or otherwise stored in a non-functional state.

    And before anyone brings up the dissenting opinions in those cases, even the dissenting opinions stated that the 2nd amendment CLEARLY applies to all citizens, and not just to militia forces.

    I think only the 21st amendment is safe in the entire constitution.

    Your apocalyptic rhetoric is unnecessary hyperbole.

    --
    WARNING! This girl exceeds the MAXIMUM SAFE standards established by the FDA for BRATTINESS
  3. Re:depending by introp · · Score: 5, Insightful

    You realize that you can be held indefinitely on contempt charges? As in, for the rest of your life or until you comply? There's no violation of your rights in that case because you are considered to hold the keys to your own cell, as it were.

  4. Re:Why we need plausible deniability encryption... by vell0cet · · Score: 5, Insightful

    "I do not recall" works really well for politicians. Why couldn't it work here?

  5. Re:This has come up before by SecurityTheatre · · Score: 5, Insightful

    In the UK, it is illegal to "fail to provide" they key when asked. Therefore, it is, in fact, illegal to forget the password, illegal to lose the password and illegal to have never known the password in the first place, to an encrypted volume in your possession.

    Yes, seriously.

  6. Let's hope he gets extradited, he'll be better off by Anonymous Coward · · Score: 5, Insightful

    First, why not use the obvious countermeasure here. When you create an encrypted volume, you should enter 2 keys, not just one. One will unlock your drive, another will appear to unlock your drive, but in fact deletes the contents of the disk entirely. Essentially it replaces the on-disk encryption keys (which is what your password in reality unlocks) with keys that are only useful for the second partition. The second partition is then enlarged to extend over the original copy. Several programs provide this ability (granted they're for-pay and not cheap, but nevertheless, your privacy is worth something to you isn't it ?). This trick is known to have worked in China (that must have taken some serious amount of balls).

    This is how banks do it (one code unlocks the safe, another, seemingly identical sets of an explosive charge destroying the vault's contents).

    As for the extradition, let's hope for UK encryption users that they do that. After all, in the US, the above judge will probably get called back, providing such horribly weak justification. Even if this stands, the reality is : in the UK there is zero doubt : authorities can imprison you for not revealing passwords to them, in the US there is doubt (as the supreme court has not yet ruled on a case like this), with predictions that this judge's decision will not stand.

    Very subtle, adding the bit about Bush about this judge. As if it's relevant. Nobody ever points out that democrat-appointed judges blocked the repeal of slavery for decades ... And that's equally relevant to today's democrats as this decision reflects on republicans.

    In the UK, it is established legal precedent to imprison people for refusing to reveal keys. (in fact this can be applied to foreignors in the UK)

    And of course nobody seems to have read the entire article. May I present a blatant repeat of a few paragraphs that seem to have escaped most people's attention ?

    In March 2010, a federal judge in Michigan ruled that Thomas Kirschner, facing charges of receiving child pornography, would not have to give up his password. That's "protecting his invocation of his Fifth Amendment privilege against compelled self-incrimination," the court ruled (PDF).

    A year earlier, a Vermont federal judge concluded that Sebastien Boucher, who a border guard claims had child porn on his Alienware laptop, did not have a Fifth Amendment right to keep the files encrypted. Boucher eventually complied and was convicted. the article fails to mention this was not his laptop, but government property. He had signed that he would provide access to a govt administrator. So an obvious detail : you can rely on ecnryption, but don't rely on your employer doing it for you. Also : read contracts BEFORE signing them

    The article provides a thoughtful conclusion :

    Much of the discussion has been about what analogy comes closest. Prosecutors tend to view PGP passphrases as akin to someone possessing a key to a safe filled with incriminating documents. That person can, in general, be legally compelled to hand over the key. Other examples include the U.S. Supreme Court saying that defendants can be forced to provide fingerprints, blood samples, or voice recordings.

    On the other hand are civil libertarians citing other Supreme Court cases that conclude Americans can't be forced to give "compelled testimonial communications" and extending the legal shield of the Fifth Amendment to encryption passphrases. Courts already have ruled that that such protection extends to the contents of a defendant's minds, the argument goes, so why shouldn't a passphrase be shielded as well?

  7. Re:Let's hope he gets extradited, he'll be better by DrXym · · Score: 5, Insightful

    First, why not use the obvious countermeasure here. When you create an encrypted volume, you should enter 2 keys, not just one. One will unlock your drive, another will appear to unlock your drive, but in fact deletes the contents of the disk entirely.

    Problem is that forensics officers take backups. They'd back up the drive first and boot from the backup so whether it destroys the data or not is irrelevant. And if you gave the officers the "self destruct" password that horked the backup then that is further evidence that you are up to no good.

    What you need instead is a hidden volume. The idea is you have a normal OS and a hidden OS where your dirty secrets reside. You are prompted for a password at boot time and the password you enter determines which volume is booted into. Tools like Truecrypt support this already.

    The problem is the very fact you are using an encryption tool which supports hidden volumes is likely to raise suspicions that you have a hidden volume even if they cannot prove one exists. At the very least you would have to ensure the decoy volume looks plausible, e.g. you use it frequently for your non incriminating activities, scatter around some sensitive looking but non incriminating documents, all to give the impression that is the one and only volume. The more plausible the decoy is, the more plausible your defence is after you hand over the key.

    Even then they might catch you out. by building up a list of inconsistencies of activity shown by the computer's event log and other logs on the HDD vs what they can glean from other logs. e.g. if they might know you were on the internet at such and such a time, or downloaded a particular file, or your phone says it was USB synced at the time yet your OS has no knowledge of these events. Enough inconsistencies combined with evidence of using crypto that supports hidden volumes combined with other evidence they have might still be sufficient to find you guilty.

  8. Re:Let's hope he gets extradited, he'll be better by Moryath · · Score: 5, Insightful

    As naive as it may sound, why not just do less illegal stuff?

    Who says they are doing illegal stuff? The government's alleging it, but in the ordinary course of events, the 5th Amendment is supposed to protect us against being required to give evidence against ourselves. We are supposed to be presumed innocent until proven guilty in a court of law.

    And yet, the cops can get away with feeding people information, planting information, and pulling every dirty trick they can come up with to try to get a conviction, innocent or not. The US history books are replete with innocent people railroaded by a corrupt system. The evidence in the Troy Davis case, where police intimidated and coached witnesses and doctored evidence, shows that an innocent man was put to death just recently by the corrupt system.

    I'm not advocating doing illegal stuff, but I am suggesting that you probably want to keep your affairs under wraps anyways, even if fully legal. The moment you start waiving one of your rights, courts start ruling you also waived others.

  9. Re:Let's hope he gets extradited, he'll be better by Moryath · · Score: 5, Insightful

    And unless you think I'm joking, consider the case of a police officer coming round to your house because he wants to "ask you some questions." Maybe he claims it's about a neighbor's domestic disturbance. Maybe there was a noise complaint that your dog was barking too loud late at night. Could be any number of things. You let him inside to "talk." Courts in some jurisdictions have ruled that by opening the door and letting him pass the threshold, you just consented to him searching your house for anything he might find suspicious.

    Or say you get pulled over by one of the famous Texas "you got a taillight out bud *nightstickcrashbreaknoise*" Badged Highwaymen. You get out of your car but leave it unlocked, or do you lock it and hold on to the keys? In the first case, some courts have ruled that by leaving it unlocked you consented to it being searched!

    The point again is: once you start waiving your rights, you wind up giving up others. And it keeps going and going and going. You think you're "cooperating with the police" and that they will like you and not charge you with anything and treat you nice because of it? Bullshit - the police are the initial arm of "evidence gathering" for prosecutors, a set of conscienceless, amoral assholes who see all citizens as nothing more than a potential conviction notch in their belts.