Slashdot Mirror
US Judge Rules Defendant Can Be Forced To Decrypt Hard Drive
A Commentor writes "Perhaps to balance the good news with the Supreme Court ruling on GPS, a judge in Colorado has ordered a defendant to decrypt her hard drive. The government doesn't have the capability to break the PGP encryption, and 'the Fifth Amendment is not implicated by requiring production of the unencrypted contents' of the defendant's computer."
If the cipher doesn't require the ciphertext to give you a test for determining whether a given key is the right one, then you can claim that any key (including one you just made up from a thermal noise source) is the "real" key, and the fact that it decrypts to gibberish just means you were storing gibberish on the computer.
You won't be believed, but then at that point -- where the government gets to cross-examine and challenge your purported key -- you're pretty clearly coercing testimony, and much more obviously violating the fifth.
Information theory is life. The rest is just the KL divergence.
Is this what you're talking about?
Our culture doesn't get smarter, it just finds new ways of being retarded.
"Sorry your honor, I used a very long password made up of computer-generated, random characters: one that I could not possibly remember. I had it written on a scrap of paper on my desk and would only need to type it in on the infrequent chance that I had to reboot my computer. .... You should ask the detectives to re-search through the evidence they collected as the scrap of paper is likely in what they took."
5th amendment protects one against oral testimony against oneself, not self-incrimination or being forced to provide evidence.
The 5th amendment doesn't specify "oral testimony against oneself"
It says:
No person shall be ...compelled in any criminal case to be a witness against himself.
That is fairly broadly worded such that giving a passphrase can certainly be witnessing against oneself as it means providing information (witnessing) against yourself. Not to mention that the passphrase is in your head, so it isn't a physical thing to hand over either.
Which brings us to the 4th amendent which is supposed to keep the government out of our personal effects.
People seem to forget that the amendments to the Constitution do not give us any rights, but rather they limitthe government and how far they" can infringe on our "natural rights."
Using it will scramble the disk beyond ANY recoverability.
And then you've committed the crime of tampering with evidence / destroying evidence. Good luck evading conviction for that.
No, your only hope is to set up a random password whose mnemonic is something the *police* will destroy when they search your premises, as in "Your honor, my password was recorded by the order in which I kept Skittles on my desk but the act of collecting these Skittles destroyed my record of my password. It is irretrievably lost due to the actions of the police. I would help if I were able but my memory is wholly inadequate, and the only record was destroyed by the police."
I can see the fnords!
Yep, definitely seems to be a real problem, like that poor dude that stayed in jail for 14 years because of his ex-wife's word.
How about the USB drive thing? If there's no passphrase, but rather a very long key stored on a USB drive, it should be pretty easy to claim you lost it. Even if they did find the USB drive (amongst a handful of other USB drives), if the key is hidden on there somewhere not obvious, such as in the metadata for a photo or something, they wouldn't find that. And how are they going to prove you don't have the key? Their encryption "experts" should at least be able to verify your claim that a long (i.e. too long for a human to remember) key is needed, and then you tell them, "it was on the bright red USB drive. Didn't you guys find that among my personal effects? No? I have no idea where it could be then, it was on my dresser last time I checked! Maybe one of your evidence guys took it, as it was one of those nice big and expensive 64GB models."
If there's incriminating evidence, surely this is a perfect example on why the person can't decrypt as it WOULD self incriminate them!
A person does not have a right to destroy, withhold, or falsify evidence of their wrongdoing with the intent of stymieing investigators. That's obstruction of justice.
Where it gets tricky, and where the law is still unsettled, is how this privilege of the government to investigate is balanced by a person's right against being forced to testify against themselves. In an ideal world, the accused should not be required to have any part in his trial at all. He should be able to simply say and do nothing, and the government can either prove its case or not. The reason that this is tricky, is that if the accused reveals his password, he actually divulges two distinct facts: 1. the encrypted evidence, and 2. that the accused knew how to decrypt the evidence. #2 should not be underestimated, because that eliminates the need for the prosecutor to prove that the accused had access to the encrypted evidence, knew of the evidence, etc.
In my opinion, which isn't worth the paper it isn't printed on, this should hinge on whether or not it can be shown that the accused knows the password. If it can't be shown, then I don't think it's right to compel the defense to divulge both facts. But if it can be shown (or has already been admitted/learned) that the accused knows the password, then I think the accused must decrypt the files.
A low-tech example of this is in safes. The authorities can make you hand over the key to a safe, but not the combination. If the safe is locked with a combination, they must crack open the safe if they want its contents. Obviously this is less feasible with modern encryption technology.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
Disk encryption software already supports hidden volumes. Even if this kind of decision becomes dominant case law, that won't accomplish anything. People will just start deploying volumes with two passphrases, and when ordered to give up the passphrase, giving up the one that decrypts grandma's recipe collection.
Since there's no way to prove that a second volume exists within the blank space of the first one, encryption will win the day.
I made a PHP/MySQL library that prevents SQL injection & makes coding easier!
I don't think we do. We have a law which makes it an offence to fail to provide the decryption key, which in my opinion is far worse. I use the anecdote of TrueCrypt container with no hidden partition:
"Excellent, thank you for the key to the container. Now, give us the key to the hidden container."
"I didn't use one. There is no hidden partition."
"There is nothing incriminating on the container we can access; Just bank statements and a password file. You must have incriminating evidence in the hidden container."
"I didn't use a hidden partition."
"We'll see who the jury believes."
Finally had enough. Come see us over at https://soylentnews.org/
What you need instead is a hidden volume. The idea is you have a normal OS and a hidden OS where your dirty secrets reside. You are prompted for a password at boot time and the password you enter determines which volume is booted into.
What you need instead is two hidden volumes. The idea being that when you decrypt the normal OS with a tool that supports a hidden volume and people find it squeaky clean, they'll tell you "ha ha now tell us the other password" so you have a hidden OS where your porn resides, and a hidden OS where your dirty secrets reside. Ad nauseum depending on how nauseous your dirty secrets are.
If I have been able to see further than others, it is because I bought a pair of binoculars.