Slashdot Mirror

← Back to Stories (view on slashdot.org)

Defendant Ordered To Decrypt Laptop Claims She Had Forgotten Password

Posted by Unknown on from the war-on-alzheimer's-patients dept.

wiedzmin writes "A Colorado woman that was ordered by a federal judge to decrypt her laptop hard-drive for police last month, appears to have forgotten her password. If she does not remember the password by month's end, as ordered, she could be held in contempt and jailed until she complies. It appears that bad memory is now a federal offense." The article clarifies that her lawyer stated she may have forgotten the password; they haven't offered that as a defense in court yet.

12 of 1,009 comments (clear)

  1. What if... by bgibby9 · · Score: 4, Interesting

    she honestly can't remember the password. How the hell are they going to rule on that???

    --
    http://www.gibby.net.au
    1. Re:What if... by AmiMoJo · · Score: 5, Interesting

      In the UK it works like this: If the prosecution can show that you probably know the password then you can go to jail for up to two years for refusing to give it. The burden of proof appears to be lower than the usual "beyond reasonable doubt" that is normally required, and evidence can be highly circumstantial. For example if you decrypted the data the day before you get arrested they could say you must know it, even if you happened to wipe the key or change the password or just genuinely forgot since. Justice is slow in the UK so it could easily be 6+ months before you are even asked.

      The stupidest part is that going to jail for two years and having the conviction expire (so you no longer have to declare it when applying for a job) after a few more years is infinitely preferable to, say, going down for 20 years on terrorism or being put on the Sex Offenders Register for life. It seems almost like a conciliation prize for the police when they have failed to gather any other evidence and would otherwise have to let the suspect go.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:What if... by GryMor · · Score: 5, Interesting

      I don't remember any of my passwords. They are muscle memory. If I don't use them, in a week or two they are gone.

      Now consider that they took the laptop away from her, preventing her from using it...

      --
      Realities just a bunch of bits.
  2. Stare Decisis IANAL by gd2shoe · · Score: 5, Interesting

    Let me ask this (and display my ignorance): If I had a safe and a judge ordered it opened, and I claimed I'd lost the key, would I be held in contempt? Or would it just be forced open? Would this ever see the courtroom at all? Can lawful seizure require active participation of the accused?

    If I claim to no longer be in possession of a piece of evidence, and don't know were it is, could I be held in contempt? Couldn't I plead the fifth? "You want to convict me? You go find it."

    I'm trying to figure out the stare decisis on this topic (equal and consistent application of the law). It just seems so darn inconsistent.

    --
    I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
    1. Re:Stare Decisis IANAL by betterunixthanunix · · Score: 4, Interesting

      Encryption creates perfect safes

      No it does not. This is a situation where metaphors must absolutely be avoided to protect our rights. Encrypting a document is not the same thing as putting a document in a safe; encrypting a document is encoding it so that the secret key is required for decoding. By demanding the secret key from the defendant, the prosecution is demanding that the defendant tell them how the document should be interpreted. Indeed, one only needs to examine one of the most basic security definitions -- ciphertext indistinguishability -- to see why this is the case (the prosecution cannot show that the ciphertext is an encoding of an incriminating document and not an exonerating document if the cipher meets the indistinguishability definition).

      What we are seeing is new technology being used as a justification for undoing our civil rights.

      --
      Palm trees and 8
  3. Re:Inside my HD there are two very important files by Taco+Cowboy · · Score: 4, Interesting

    Well I'm glad that you released your brilliant plan on a public forum where said law enforcement agents surely wouldn't look.

    The more people set up honey-pots in their HD the more time law enforcement agents are going to waste, only to realize that they ain't gonna get anything useful

    It's a "civil disobedience" way - and since it's our HD, we can put any type of files on our HD, right?

    --
    Muchas Gracias, Señor Edward Snowden !
  4. Re:5th Amendment doesn't apply by sjames · · Score: 4, Interesting

    Yes, but due process includes requiring that the evidence subpoenaed exists and is under the control of the recipient. People forget things all the time. Just ask any helldesk person how frequently people forget passwords, even in cases where they have been duly informed that irrevocable data loss will result. If you've forgotten it, it is not under your control.

    There exists no way to prove or disprove a claim that a person does not currently remember something. Even the most advanced (and unproven, non-admissible) technology only claims to be able to say if a person is familiar with something they are actually presented with during the test. Even then we can't say WHY it seems familiar. Given that stress and fear are great blockers of recall, it's quite believable.

    I have no idea if the defendant REALLY can't remember the password or not. The only person who could possibly know for sure is the defendant.

  5. Re:By default.. by spintriae · · Score: 5, Interesting

    The concept of innocent until proven guilty is widely misunderstood. It is the obligation of the jury to presume innocence. Nobody else. Not the prosecution. Not the police. Not the accuser. If it were their obligation, nobody would be charged with anything ever.

  6. Artificially 'age' your secret container. by Tanuki64 · · Score: 4, Interesting

    Currently I don't have something, which really need encryption. However, should it ever be necessary I'd modify after each use the timestamps so it looks like the container was last accessed years ago. Within sensible limits, of course. It would be much more believable to have forgotten a password, when the last access was several month ago than when the timestamps says it was accessed last week or even yesterday.

  7. Re:Inside my HD there are two very important files by lucidlyTwisted · · Score: 4, Interesting

    This wouldn't fly in the UK (under Part III of the Regulation of Investigatory Powers Act (RIPA)).
    You forgot? Tough.
    You used some honey-pot ruse like this? Tough.
    Either you give the key/passphrase to decrypt the file when requested or go to jail. End of discussion.

    Sounds like the USA is trying to bring in similar measures via precedent.

  8. Re:How many Amendments are left ? by FictionPimp · · Score: 4, Interesting

    You also assume that the police will always be on the side of the government. I don't care who pays me, I'm not killing my grandma!

  9. Re:Inside my HD there are two very important files by BetterSense · · Score: 4, Interesting

    Actually you are wrong, in an (apparently) legally-important way.

    In all of these cases that I have seen, the court always stresses that they are NOT asking for the passphrase. They always make this very clear. They always stress that they are NOT compelling the accused to provide their passphrase, but that they are compelling the accused to provide an (allegedly existent) unencrypted copy of the (alleged) ciphertext on the hard drive.

    I don't understand the legal ramifications of asking for the passkey versus asking for the (alleged) unencrypted data, but IANAL. Maybe they think that the passkey encrypts other data besides the data they are interested in, and so asking for the passkey is a stricter requirement than asking for the plain text. I dunno.