US Judge Rules Defendant Can Be Forced To Decrypt Hard Drive

A Commentor writes "Perhaps to balance the good news with the Supreme Court ruling on GPS, a judge in Colorado has ordered a defendant to decrypt her hard drive. The government doesn't have the capability to break the PGP encryption, and 'the Fifth Amendment is not implicated by requiring production of the unencrypted contents' of the defendant's computer."

Talk or else!

[Zeroedout]

If you don't, you'll have to see a man with a $5 wrench...

Re:Talk or else!

[dmomo]

No. This is the Government. That wrench cost about $2,000.

Re:Talk or else!

You've been reading this again, haven't you!

no 5th?

[MrDoh!]

If there's incriminating evidence, surely this is a perfect example on why the person can't decrypt as it WOULD self incriminate them!

Re:no 5th?

[maxwells_deamon]

Produce the gun that was used in the robbery. Here is the subpoena

Re:no 5th?

What's the problem with this? If the prosecution knows the defendant owns a pistol and is accusing the defendant of robbing a liquor store with a pistol, the prosecution is certainly within its rights to subpoena the defendant to produce the pistol so it can be tested against the three slugs pulled out of the counter clerk.

The defendant can claim the pistol doesn't exist (in which case the prosecution has to be able to prove it does), the defendant can claim it was lost or stolen, or ... etc. There are a ton of ways to prevent turning over the pistol. However, none of these ways invalidate the central fact, which is that the subpoena is valid and enforceable: if the prosecution can demonstrate you have the pistol, the judge will happily put you in jail until you turn it over to the prosecution.

Re:no 5th?

[Greyfox]

You can be held in contempt of court and imprisoned indefinitely until you decide to cooperate. This is often used on journalists who refuse to reveal their sources.

Re:no 5th?

[Dr_Barnowl]

TrueCrypt doesn't have a "burn the data" password, because that would be pointless - firstly, any digital forensics person worth their salt will make a bit-for-bit copy of your data to a separate storage device before working on it, and secondly, you're likely to attract additional criminal charges for attempting to destroy evidence.

What it does have is a "hidden volume" system - it can store a second volume hidden in the freespace tail of the first. Because encrypted data looks random, it's easy enough to peg a volume as being encrypted, but it's virtually impossible to be sure that there isn't a hidden volume in the freespace at the end.

You have two pass phrases ; one for the first volume, where you keep stuff that could be construed private or slightly embarrassing (tax returns and *legal* porn, or photos of your naked wife, etc) to make it believable, and one for a second volume, where you keep your dastardly plan to conquer the world.

You put up a sufficient amount of resistance to giving up your first password to make it look convincing. "None at all" is an option - that way you look like a hopeless amateur cowed by the almighty power of the state. You do not give up the second password, or give any hint that there might be a hidden volume.

Re:no 5th?

[Jane+Q.+Public]

"The 5th amendment does not protect you from being required to provide subpoenaed materials. It just means you dont have to testify or speak..."

Very definitely incorrect. I looked into this when I first read about the second court case mentioned in TFA. The one about the guy at the border who had child pornography on his computer. TFA gives a woefully incomplete account of that case; there is almost no chance that it is anything like this one at all.

The court ruled that he had to provide the password to an encrypted area on his hard drive, because Customs had already seen some child pornography on his computer, in the encrypted portion of the drive. The decryption software was running at the time, so these files were open and 2 Customs agents were able to see them. But somehow the man then managed to turn off the computer so the files could no longer be accessed.

The key thing here is that the court did not want the password in order to perform a SEARCH. It was already known that there was illegal material there. That is a FAR different situation.

In its ruling, the court made this point very clearly: the government normally cannot force someone to provide an encryption password, in order to SEARCH for items or material that are only SUSPECTED to be there. That would constitute a clear violation of the 5th Amendment.

However, in that particular (and really very unusual) case, the government already knew that there was illegal material, and even where it was. And the court wanted that material for the trial. There could be no violation of the 5th Amendment in that particular situation the court ruled, because it amounted to seizing illegal materials that were already known to be there. Therefore it was not a "search" in any reasonable sense of the term, and the defendant was not supplying anything incriminating that was not already known. He was not "testifying against himself" in other words.

Other courts have made this VERY clear: except under very unusual circumstances, rendering your password up to authorities is most definitely "testifying against yourself", and falls under the 5th Amendment. They cannot demand that information in order to search for evidence that might incriminate you.

When I mentioned all this earlier, when this post still hadn't appeared yet, somebody (sjames) replied that this was "sophistry", to use his word, and that if the court really "knew" it was there, they would not have required that it be supplied to the court.

However, that in itself is sophistry. Apparently he was forgetting several things: (1) As long as the court is not violating the 5th amendment (and in THAT rare case it was not), it can order the material to be presented for pretty much any damned reason it pleases. I did not say it was "needed" by the court to obtain a conviction; I simply stated that it was ordered to be given up. (2) Considering that the court already had consistent and concurring testimony from 2 Customs agents, if they had committed perjury it would have been ridiculously easy to very that without much compromising the defendant's privacy, and any further intrusion could be immediately ended. So there was little danger to the defendant's rights. And most importantly, (3) I wasn't asking sjames to take my word for it; he can look up the damned court decision himself on Google, just like I did, and read about it for himself.

Re:no 5th?

[DarkOx]

Providing an encryption key is the state effectively asking you to help them interpret evidence. Suppose they grab your appointment book.

The next thing you know you are in court and the prosecution is demanding you explain how all the entries for yoga class, and dinner with Sarah, are really codes for drug deliveries and pickups?

Really its pretty simple, they have data and they want YOU to explain how to transform it into evidence you have committed a crime. Its CLEARLY UNCONSTITUTIONAL.

Why we need plausible deniability encryption...

[faedle]

"I forgot."

Re:Why we need plausible deniability encryption...

[vell0cet]

"I do not recall" works really well for politicians. Why couldn't it work here?

Re:Why we need plausible deniability encryption...

[qeveren]

Nono, that defense is reserved for important people, don't be silly!

Some disagreements in recent history

[byrnespd]

I find it funny that a quick search on the subject yielded an article from the same site, with the opposite finding.

Article in 2007: Judge: Man can't be forced to divulge encryption passphrase
http://news.cnet.com/8301-13578_3-9834495-38.html

Article in 2012: Judge: Americans can be forced to decrypt their laptops
http://news.cnet.com/8301-31921_3-57364330-281/judge-americans-can-be-forced-to-decrypt-their-laptops/

I'm fine with them breaking your encryption if they have probable cause; however, forcing you to give the password does seem to have a pretty straight-forward logical path to incriminating yourself (Especially if you are guilty and a subsequent search will yield something on the device).

Re:Some disagreements in recent history

[bondsbw]

That's why my password is "I~Did-It". Then it actually would be self-incrimination to reveal the password.

Re:Some disagreements in recent history

Your password is too weak. Use passphrases, they're easier to remember and harder to hack.

Here's a few for example:
"My Hard Drive is full 0f stolen card data"
"I fed the body to neighbour's pigs"
"Me, with the candlestick, in the library"

Re:Some disagreements in recent history

[snowgirl]

The antitrust case [wikipedia.org] against Microsoft, for instance, was based largely on email correspondence that could well have been encrypted before the court ordered them disclosed -- and if such protection actually existed, would have certainly been encrypted if only to trigger that legal protection.

In fact, there are emails there that say, "Ooo, this might be getting murky, let's CC a lawyer, then it's protected by attorney-client privilege!" They didn't understand that you can't just invoke attorney-client privilege by including a lawyer in the conversation, you have to be actively seeking legal advice for your actions to gain privilege.

In the same way, priest-confessor privilege is only protected as long as you're seeking penitence. If you confess a crime to a priest with no intent to seek spiritual absolution (say, in the lunch line), then the priest is perfectly allowed to divulge and even be forced to divulge your confession.

Re:Some disagreements in recent history

[metacell]

"Me, with the candlestick, in the library"

I don't think that's illegal yet.

Oh. You meant hitting someone with the candlestick.

Re:Pesky constitution

[Idbar]

Is the 21 the one that talks about wealthy not expected to be convicted and the government should bail them out? Excuse my ignorance, I'm not from the US.

Re:Pesky constitution

[snowgirl]

the NDAA killed the first, fourth, and sixth amendments.

The NDAA provision is a statutory law, it CANNOT overrule any amendment. If they are in conflict, then the NDAA loses.

And after that, WTF? How did it kill the first amendment? Did it establish a relgion? Prohibit the free exercise of religion? Abridge the freedom of speech, or press? Or our right to peacefully assemble? Or did it eliminate our ability to petition the government for a redress of our grievances?

The second amendment has been dead for decades.

WTF? The Supreme court just recently ruled that the District of Columbia, and later a state jurisdiction as well are unable to effect regulation of gun ownership in a way that prohibits the ownership of a gun by the general citizenship. No less, the ruling also enforced that regulation of gun ownership cannot require that the gun be dismantled, or otherwise stored in a non-functional state.

And before anyone brings up the dissenting opinions in those cases, even the dissenting opinions stated that the 2nd amendment CLEARLY applies to all citizens, and not just to militia forces.

I think only the 21st amendment is safe in the entire constitution.

Your apocalyptic rhetoric is unnecessary hyperbole.

Re:depending

[introp]

You realize that you can be held indefinitely on contempt charges? As in, for the rest of your life or until you comply? There's no violation of your rights in that case because you are considered to hold the keys to your own cell, as it were.

Simple: don't know your password

[crimoid]

"Sorry your honor, I used a very long password made up of computer-generated, random characters: one that I could not possibly remember. I had it written on a scrap of paper on my desk and would only need to type it in on the infrequent chance that I had to reboot my computer. .... You should ask the detectives to re-search through the evidence they collected as the scrap of paper is likely in what they took."

Re:Am glad that I ain't American !!

Yes, it's a good thing you live in England!

Re:Am glad that I ain't American !!

[metacell]

England already has laws that force suspects to decrypt their hard drives... but maybe you were ironically referring to that?

Re:Opening under duress

[bughunter]

Using it will scramble the disk beyond ANY recoverability.

And then you've committed the crime of tampering with evidence / destroying evidence. Good luck evading conviction for that.

No, your only hope is to set up a random password whose mnemonic is something the *police* will destroy when they search your premises, as in "Your honor, my password was recorded by the order in which I kept Skittles on my desk but the act of collecting these Skittles destroyed my record of my password. It is irretrievably lost due to the actions of the police. I would help if I were able but my memory is wholly inadequate, and the only record was destroyed by the police."

Re:This has come up before

[SecurityTheatre]

In the UK, it is illegal to "fail to provide" they key when asked. Therefore, it is, in fact, illegal to forget the password, illegal to lose the password and illegal to have never known the password in the first place, to an encrypted volume in your possession.

Yes, seriously.

Let's hope he gets extradited, he'll be better off

First, why not use the obvious countermeasure here. When you create an encrypted volume, you should enter 2 keys, not just one. One will unlock your drive, another will appear to unlock your drive, but in fact deletes the contents of the disk entirely. Essentially it replaces the on-disk encryption keys (which is what your password in reality unlocks) with keys that are only useful for the second partition. The second partition is then enlarged to extend over the original copy. Several programs provide this ability (granted they're for-pay and not cheap, but nevertheless, your privacy is worth something to you isn't it ?). This trick is known to have worked in China (that must have taken some serious amount of balls).

This is how banks do it (one code unlocks the safe, another, seemingly identical sets of an explosive charge destroying the vault's contents).

As for the extradition, let's hope for UK encryption users that they do that. After all, in the US, the above judge will probably get called back, providing such horribly weak justification. Even if this stands, the reality is : in the UK there is zero doubt : authorities can imprison you for not revealing passwords to them, in the US there is doubt (as the supreme court has not yet ruled on a case like this), with predictions that this judge's decision will not stand.

Very subtle, adding the bit about Bush about this judge. As if it's relevant. Nobody ever points out that democrat-appointed judges blocked the repeal of slavery for decades ... And that's equally relevant to today's democrats as this decision reflects on republicans.

In the UK, it is established legal precedent to imprison people for refusing to reveal keys. (in fact this can be applied to foreignors in the UK)

And of course nobody seems to have read the entire article. May I present a blatant repeat of a few paragraphs that seem to have escaped most people's attention ?

In March 2010, a federal judge in Michigan ruled that Thomas Kirschner, facing charges of receiving child pornography, would not have to give up his password. That's "protecting his invocation of his Fifth Amendment privilege against compelled self-incrimination," the court ruled (PDF).

A year earlier, a Vermont federal judge concluded that Sebastien Boucher, who a border guard claims had child porn on his Alienware laptop, did not have a Fifth Amendment right to keep the files encrypted. Boucher eventually complied and was convicted. the article fails to mention this was not his laptop, but government property. He had signed that he would provide access to a govt administrator. So an obvious detail : you can rely on ecnryption, but don't rely on your employer doing it for you. Also : read contracts BEFORE signing them

The article provides a thoughtful conclusion :

Much of the discussion has been about what analogy comes closest. Prosecutors tend to view PGP passphrases as akin to someone possessing a key to a safe filled with incriminating documents. That person can, in general, be legally compelled to hand over the key. Other examples include the U.S. Supreme Court saying that defendants can be forced to provide fingerprints, blood samples, or voice recordings.

On the other hand are civil libertarians citing other Supreme Court cases that conclude Americans can't be forced to give "compelled testimonial communications" and extending the legal shield of the Fifth Amendment to encryption passphrases. Courts already have ruled that that such protection extends to the contents of a defendant's minds, the argument goes, so why shouldn't a passphrase be shielded as well?

Re:Am glad that I ain't American !!

[L4t3r4lu5]

I don't think we do. We have a law which makes it an offence to fail to provide the decryption key, which in my opinion is far worse. I use the anecdote of TrueCrypt container with no hidden partition:

"Excellent, thank you for the key to the container. Now, give us the key to the hidden container."
"I didn't use one. There is no hidden partition."
"There is nothing incriminating on the container we can access; Just bank statements and a password file. You must have incriminating evidence in the hidden container."
"I didn't use a hidden partition."
"We'll see who the jury believes."

Re:Let's hope he gets extradited, he'll be better

[DrXym]

First, why not use the obvious countermeasure here. When you create an encrypted volume, you should enter 2 keys, not just one. One will unlock your drive, another will appear to unlock your drive, but in fact deletes the contents of the disk entirely.

Problem is that forensics officers take backups. They'd back up the drive first and boot from the backup so whether it destroys the data or not is irrelevant. And if you gave the officers the "self destruct" password that horked the backup then that is further evidence that you are up to no good.

What you need instead is a hidden volume. The idea is you have a normal OS and a hidden OS where your dirty secrets reside. You are prompted for a password at boot time and the password you enter determines which volume is booted into. Tools like Truecrypt support this already.

The problem is the very fact you are using an encryption tool which supports hidden volumes is likely to raise suspicions that you have a hidden volume even if they cannot prove one exists. At the very least you would have to ensure the decoy volume looks plausible, e.g. you use it frequently for your non incriminating activities, scatter around some sensitive looking but non incriminating documents, all to give the impression that is the one and only volume. The more plausible the decoy is, the more plausible your defence is after you hand over the key.

Even then they might catch you out. by building up a list of inconsistencies of activity shown by the computer's event log and other logs on the HDD vs what they can glean from other logs. e.g. if they might know you were on the internet at such and such a time, or downloaded a particular file, or your phone says it was USB synced at the time yet your OS has no knowledge of these events. Enough inconsistencies combined with evidence of using crypto that supports hidden volumes combined with other evidence they have might still be sufficient to find you guilty.

Re:Let's hope he gets extradited, he'll be better

[Qzukk]

What you need instead is a hidden volume. The idea is you have a normal OS and a hidden OS where your dirty secrets reside. You are prompted for a password at boot time and the password you enter determines which volume is booted into.

What you need instead is two hidden volumes. The idea being that when you decrypt the normal OS with a tool that supports a hidden volume and people find it squeaky clean, they'll tell you "ha ha now tell us the other password" so you have a hidden OS where your porn resides, and a hidden OS where your dirty secrets reside. Ad nauseum depending on how nauseous your dirty secrets are.

Re:Let's hope he gets extradited, he'll be better

[Moryath]

As naive as it may sound, why not just do less illegal stuff?

Who says they are doing illegal stuff? The government's alleging it, but in the ordinary course of events, the 5th Amendment is supposed to protect us against being required to give evidence against ourselves. We are supposed to be presumed innocent until proven guilty in a court of law.

And yet, the cops can get away with feeding people information, planting information, and pulling every dirty trick they can come up with to try to get a conviction, innocent or not. The US history books are replete with innocent people railroaded by a corrupt system. The evidence in the Troy Davis case, where police intimidated and coached witnesses and doctored evidence, shows that an innocent man was put to death just recently by the corrupt system.

I'm not advocating doing illegal stuff, but I am suggesting that you probably want to keep your affairs under wraps anyways, even if fully legal. The moment you start waiving one of your rights, courts start ruling you also waived others.

Re:Let's hope he gets extradited, he'll be better

[Moryath]

And unless you think I'm joking, consider the case of a police officer coming round to your house because he wants to "ask you some questions." Maybe he claims it's about a neighbor's domestic disturbance. Maybe there was a noise complaint that your dog was barking too loud late at night. Could be any number of things. You let him inside to "talk." Courts in some jurisdictions have ruled that by opening the door and letting him pass the threshold, you just consented to him searching your house for anything he might find suspicious.

Or say you get pulled over by one of the famous Texas "you got a taillight out bud *nightstickcrashbreaknoise*" Badged Highwaymen. You get out of your car but leave it unlocked, or do you lock it and hold on to the keys? In the first case, some courts have ruled that by leaving it unlocked you consented to it being searched!

The point again is: once you start waiving your rights, you wind up giving up others. And it keeps going and going and going. You think you're "cooperating with the police" and that they will like you and not charge you with anything and treat you nice because of it? Bullshit - the police are the initial arm of "evidence gathering" for prosecutors, a set of conscienceless, amoral assholes who see all citizens as nothing more than a potential conviction notch in their belts.