Slashdot Mirror
Defendant Ordered To Decrypt Laptop Claims She Had Forgotten Password
wiedzmin writes "A Colorado woman that was ordered by a federal judge to decrypt her laptop hard-drive for police last month, appears to have forgotten her password. If she does not remember the password by month's end, as ordered, she could be held in contempt and jailed until she complies. It appears that bad memory is now a federal offense."
The article clarifies that her lawyer stated she may have forgotten the password; they haven't offered that as a defense in court yet.
trivial workaround
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
If it works in a congressional hearing investigating potential ethics violations of the Attorney General, why not in a court of law?
How can this woman be charged with contempt? Is there precedent in law to ignore the Fifth Amendment?
No person shall... be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
I often can't remember my password after a week away from the office on holiday. (And we have quite lax policies regarding passwords, no time, lenght or content limits, so I have a fairly easy one I've been using for months....) I might be hard pressed to remember a password after a month, under dures.s
Encrypting seems to be indicative of guilt or the need to hide something. The presumption of innocence suddenly does not seem to apply.
You mean for the corporation people or the people people?
The fifth amendment is perfectly clear, and he's violated it.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
wish the myth of changing passwords regularly would die.
So you could end up being detained forever or until you decrypt this file - which you can't - that doesn't even contain anything. Brilliant!
The prison industry would be proud.
A search warrant does not require participation of the defendant. Neither would them cracking the encryption. It crossed the line into a constitutional violation when you begin to threaten people for not aiding their own prosecution: such as requiring someone to disclose the location of incriminating documents, or giving up passwords to encryption keys.
This is little different than demanding that someone accused of a murder disclose the location of the body, or be held in contempt of court: you cannot win either way. Therefore, it is unconstitutional, not a "legitimate legal process." Even were it considered such by the legal system - which it is not - it would still be unconstitutional and a violation of civil rights in need of correction.
You might consider it reasonable, but I think the fact it is possible to easily forget something like a password makes it unreasonable even if there were any sound arguments for violating the 5th.
Great Intellect...
If this stands it means that anyone can be detained indefinitely without trial. All they have to say is "We believe this file is encrypted using stenography, give us the password" and since saying you don't know equals contempt of court tada! Instant disappearing person. Hell with most geeks they wouldn't even have to go that far, how many of you have truecrypt on some disc somewhere? all they'd have to say is "The defendant has truecrypt in his possession and we believe he has a hidden volume, give us the password' and tada! Bye bye geek. don't say it couldn't happen because it wasn't too long ago most of us would have never believed the USA would have free speech zones and rendition taxis either.
Kinda sad that after we spent all those years supposedly fighting the USSR because of freedom the wall falls only for us to slowly but surely become like the USSR.
ACs don't waste your time replying, your posts are never seen by me.
I was the only person to know the password to my old computer's login - no longer have any idea what it was. I figure I will just reformat it or bypass the login if I have a need to use it.
However, if it was encrypted, I would currently have a legal timebomb sitting on my desk. This is not right and is clearly unconstitutional. Dressing up the matter does not change that.
Great Intellect...
So in the unlikely (?) event that the FBI want to search your hard drive, you've encrypted a non-sensitive file with a key you don't know because...you like prison food? Communal showering? Room mates named Tiny?
In short, your defence when the judge is threatening to find you in contempt will be 'What can I say, your honor? I'm a retard.'
I apologize if I'm being slow, but I'm stuck on how the note saying, "I derived my password from material I once got from these 10 sources" is the same as producing the passphrase demanded in a court order.
I mean, otherwise wouldn't the defendant in the article here say, "I know it was 120 characters selected at random from War and Peace", and call it a day? Because I'm getting the sense that an answer like that wouldn't cut it.
The password is R4ndumbG1bb3r1s# - but I stored the keyfile on megaupload.
My attitude is that you're clearly nuts.
You're either a troll or an idiot. 'Legally speaking' the judge can hold you in civil contempt if they believe you know the password and refuse to disclose it. Given that there is no point encrypting a file using the method you describe they're unlikely to believe you're telling the truth, and as you can't PROVE (for future reference it isn't proof) you don't know it you're pretty well fucked. Just because you created a file with 'instructions' doesn't mean that the judge is going to believe that is actually how you created the password.
And when the filesystem history of your PC shows logs of you inserting that serial-numbered USB key into your PC last week, and using filesystem encryption tools to access it? And sure, you can combat that, but there's always another way to get caught out that you might not have considered. Hell, they can probably tell you the last time you touched the device itself, or inserted it, and into what computer you inserted it by various bog-standard forensic evidence (scratches on the USB connector, fingerprints, etc.).
You don't even know if they haven't been *watching* you insert that USB key by that point (and if they've raided you, there's a good chance they *have* been watching first). They won't tell you that until AFTER you've already denied ever knowing where it was. You've just stamped "guilty" on your own head by being a smartarse.
You can be a smartarse if you really want to, but nothing in the world is clever enough to stop "reasonable doubt" when you play games like that, especially if you're that confrontational. All that will do is make them WANT to put you away rather than plant doubt in their heads.
After a police raid, they'll just have all your possessions. Sure, it'll take a while to catalogue them all but they will. They actually have to. Not only that, they'll know the serial number of every one and maybe even the purchase origin. While you're sitting in an interview room being a smartarse, they're sending out court orders based on your PC and ISP evidence and forensically recording your Slashdot comments (and the above, in the wrong context, could be enough to convict you even in ten years time if that DOES happen!).
You missed the whole point of the article - the US, and the UK, have laws that if they even THINK you really have the key and haven't forgotten it, they'll throw you in a cell until you remember. Be as smart-arse as you like but people have already been convicted and jailed over it because of "reasonable doubt" that they weren't innocent. The law is there, it's written, it's enforceable (whether it's SENSIBLE is another matter and one that takes decades to argue in court) and if they suspect for a moment that you're being a smartarse, they'll use it.
This is how the law works. If you're stopped by a policeman in the UK, he'll pay you zero attention if you're polite, genuine, "I know, officer, I was speeding. It's a fair cop." about it. Start being pricky towards them for no reason and they'll have you for your tyre wear, the rear light, the slightly-covered number plate, look up your insurance, your license, run a check on your name, look through the car for anything you shouldn't have, etc.
It has to be said that it's not an unsuccessful method of law enforcement and anyone with brain enough to be respectful and polite and co-operative will "get away" with things that the idiots who's taking their badge number and threatening them won't. The same applies from the police up to the courts. Hire a good lawyer, be co-operative and polite, play by the rules and you'll get the best result. Be pricky about it and they'll do what they can to dig deeper and inconvenience you.
I can think of ways you could reasonably consider to have good reason to have lots of encrypted USB sticks about that you don't know the passwords too. But being the smartarse will end up with you in jail, whether you "did" anything or not. You can argue about it as much as you like but if the judge takes a dislike to your attitude or methods, they'll put you away at least until your successful appeal.
What do you do? You provide all the information you have and be as co-operative as possible. Why? The laws on that are worded so that co-operation is the better of the two options so that you're *forced* to co-operate or go to jail.
You can argue about self-incrimination, free-speech, etc. afterwards - when the judge KNOWS that you've been 100% co-operative. You can still have evidence stricken, ask for a mis-trial, appeal, etc. but you've been co-ope
Your premise is ridiculous, as the court can reasonably assume that you intended to use said encrypted file, and thus pointing to random password generators for the password doesn't cut it because *you* need the password set to use it. Your solution doesn't accomplish anything other than looking stupid here and probably getting your arse handed to you by a judge.
If you are willing to take the legal ramifications for your "honeypot", then go for it, but don't expect a judge to accept your claim as true and leave you alone.
The HD belongs to me. I paid for the HD with my own money. I have the right to store any file in my HD
Many have fallen foul of storing indecent images on their drives. Having the right to store any file is not quite correct.
Science advances one funeral at a time- Max Planck
B. By providing a plain-text-file with a clear description of where I got the parts of the passwords from, I am, legally speaking, not withholding anything.
Producing information on how you derived the original password to encrypt the file is not the same as producing the password. The judge is asking you for the password, not for how you derived the password - by playing stupid games like that you are likely to end up in jail for contempt pretty quickly.
You are, quite simply, an idiot.
2 .... But they can't prove either that you didn't forget it. Fuck it was a long password and the Masked grunts startled it out of my Head. Justice works based on PROOF not on beliefs. No proof No crime.
Not any more. You prove your innocence or you are a goddam dirty terrorist.
The judge doesn't ask you information on how you constructed your passkey, he's asking for the passkey itself.
I don't think judges are particularly fond of riddles as answers.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Their assumption may be worth shit, but "contempt of court" has no upper limit on how long you can be held for.
https://en.wikipedia.org/wiki/H._Beatty_Chadwick
Feel like spending the next 1.5 decades in prison, just to wave your dick at the court? Your call man.
In any conflict of such an magnitude, where the US military is outnumbered, things like logistics, troop movements and proper command structure will play a MUCH more important role than what guns the each side has. You can't really argue that a rag-tag militia can compete with a trained army in these aspects.
Now, guerilla warfare is a completelly different matter, of course.
the one fact you did not raise.
In any armed uprising in the United States your bound to have many of those military and police on the side of those resisting the government. Having been in the military and know friends still in it, there is America and there is the Government. You serve the later versus foreign enemies, your serve the former at all times.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
Nineteen hijackers and a couple of middle-aged rich kids with daddy issues managed to drag hundreds of thousands of highly-trained military personnel and a couple trillions dollars into a ten-year conflict that killed thousands of people, sent one country back to the stone age, destabilized another, and undermined the basic constitutional underpinnings of the most powerful country on Earth. And it still isn't even clear who "won." I don't think you can predict these sort of things based purely on the number of things or people on each side.
Actually, I wrote my thesis on life experience.
You can argue about self-incrimination, free-speech, etc. afterwards - when the judge KNOWS that you've been 100% co-operative. You can still have evidence stricken, ask for a mis-trial, appeal, etc. but you've been co-operative and had nothing to hide so when they *DO* find a USB stick that you've never seen before and are demanded to decrypt it, you are much more likely to make them think "Damn, he gave us all the others, even when it incriminated him - maybe he really *doesn't* know this one?".
As long as you've been read your rights, pretty much anything short of a confession at gunpoint is forever. You'll never manage to "undo" anything you've said to the police or in court and everything that tumbled out because you gave them access to everything you know and have will be fully legally admissible. Your whole argument revolves around your belief that they'll actually think you innocent, and not just "well we couldn't convict him on what we wanted, but we can slam him with everything we got".
If they for some fucked up reason think you're involved in terrorism or kiddie porn or organized crime or whatever, do you think that suspicion will go away because you "give" them petty software piracy and having a joint? No, you just handed them enough rope to hang yourself with. That said, yes being a smart ass and trying for a game of wits with the police is a very bad idea, as is getting rude and obnoxious. Politely decline any search without a warrant and that you would not like to answer questions without a lawyer present. Most people just make a bigger mess of everything trying to "prove their innocence" as you seem to suggest.
Live today, because you never know what tomorrow brings
You mean like the insurgents in Iraq who have killed about 5,000 US troops despite being out-gunned, out-numbered and not having the same training as our soldiers? You forget that many of the civilians in that "rag-tag militia" are also US military veterans and have the same training and even more combat exposure than many active duty soldiers. Many of our veterans have a hell of a lot more practical combat skills and experience than our police; the average infantry veteran is easily at the same level as a SWAT officer. In an open fighting, the police would get their asses kicked two ways to Sunday and back by armed veterans who meant business.
They don't need to "win." The US military isn't going to simply destroy its own entire nation to "win." There only needs to be enough resistance to force the government to significantly change policies, and that would be relatively easy given the level of armament in private hands.
What do you do? You provide all the information you have and be as co-operative as possible. Why? The laws on that are worded so that co-operation is the better of the two options so that you're *forced* to co-operate or go to jail.
I agree that you should be polite and co-operate with the letter of the law, but it's also important to reveal as little information as possible. Even innocuous information can be twisted against you. A prosecutor won't think "Well, this guy was so co-operative and revealed potentially incriminating information he didn't have to, so he's probably innocent." The prosecutor'll think "This information the suspect gave me might convince the jury to convict him." It's a prosecutor's job to prosecute if there's chance of a guilty verdict, and he/she won't mention to the jury you were such a nice guy and revealed something you didn't need to.
Your response gives me a chilling effect.
If I want to fill a HDD with random data then I should be able to. It doesn't mean I am a criminal. Nor should it mean that a judge can lock me away for decades.
I have pondered this problem for some time.
Let's say you have a couple of HDD filled with random data, and several large files which are random data, and quite a few medium and small files which are.. random data.
Add to this that if these are truecrypt volumes, then they all have hidden volumes, but not all have files in them, and some will be literally random data.. not encrypted volumes at all.
What can they do? Force you to decrypt hard drives full of random data files which may or may not be valid encrypted volumes?
Force you to decrypt each and every single file which appears in some way to be an encrypted container - regardless if it is actually an encrypted container or not?
If this is the case, then you may as well encrypt and offsite store everything important or have a method for complete concealment so they can't see the files at all. Rubberhose file system or similar perhaps..
Meanwhile, anyone stupid enough to steal my files (thieves, police, or otherwise) can spend all the time they like trying to break into what appears to be encrypted files. If they are lucky, perhaps they will find a file which actually may possibly be an encrypted container and for which may actually have legitimate files in it. I wouldn't count on it though.
The $5 wrench can't work when the files have no key.
Yes, my head will hurt. Price you pay for sticking up for your rights.
If they want to break into my files then they can dedicate the processing time required to do so. Otherwise, the data is private; bugger off.
If they can't get in then it's not my problem. I am willing to 'rot in jail' to prove this point... even if the only outcome is that you can go on living your life without this hassle.
You have a sick, twisted mind. Please subscribe me to your newsletter.
You need to read up on contempt. The whole point here is that if the judge thinks the woman is lying about forgetting the password (no proof involved) she can be indefinitely detained for contempt of court. No conviction by jury of your peers, no sentence, just you sitting in a cell until the judge is satisfied you're not lying. Making a file that looks like it's hiding something is not going to help you argue your case, since it's not reasonable behaviour for most people and is inherently suspicious. You'd better hope you do have a way to decrypt that file, because after a few years in a cell you might realise your point is not being made and you need a way out.
Isn't it just way simpler to divide the nation into 2 ideological factions and raise enmity between them to avoid a unified front against organized forces?
oh wait...
"Science can amuse and fascinate us all, but it is engineering that changes the world. " - Asimov.
And for every one killed, depending on what statistic you read, it can be anywhere form 20 to 300 dead Iraqi.
You are the only one I have ever met who seems to think that Iraq won the war, I think it is you who might have been under a rock for the last 10 years.
Troll is not a replacement for I disagree.
The outcome of that scenario depends on how many of the common citizenry are willing to die.
40 million suicidal maniacs with guns trumps the 5 million trough-feeding welfare recipients that comprise our armed forces and constabulary.
They don't need to "win." The US military isn't going to simply destroy its own entire nation to "win." There only needs to be enough resistance to force the government to significantly change policies, and that would be relatively easy given the level of armament in private hands.
Also understand that the US military is made up of volunteer civilians. Sure, some in the US military will be willing to fire on US citizens, but I seriously doubt that number will be more than half. While I don't expect a lot of grunts shooting their officers, I would expect an awful lot to not return from guard duty.
There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
'Legally speaking' the judge can hold you in civil contempt if they believe you know the password and refuse to disclose it.
Exactly. Judges have almost no oversight in their ability to use civil contempt. If he doesn't like you, he can throw you in jail for as long as he likes and you have no recourse.
This is a problem, whether we're talking about encryption or baggy pants in court. Jugdes have way too much power. Civil contempt is an end run around our constitutional protections and should be abolished.
Give me Classic Slashdot or give me death!
Yes, but will you kill my grandma?