Federal Magistrate Rules That Fifth Amendment Applies To Encryption Keys

← Back to Stories (view on slashdot.org)

Federal Magistrate Rules That Fifth Amendment Applies To Encryption Keys

Posted by Unknown on Wednesday April 24, 2013 @04:03AM from the but-the-nsa-has-quantum-computers dept.

Virtucon writes "U.S. Magistrate William Callahan Jr. of Wisconsin has ruled in favor of the accused in that he should not have to decrypt his storage device. The U.S. Government had sought to compel Feldman to provide his password to obtain access to the data. Presumably the FBI has had no success in getting the data and had sought to have the judge compel Feldman to provide the decrypted contents of what they had seized. The Judge ruled (PDF): 'This is a close call, but I conclude that Feldman's act of production, which would necessarily require his using a password of some type to decrypt the storage device, would be tantamount to telling the government something it does not already know with "reasonably particularity" — namely, that Feldman has personal access to and control over the encrypted storage devices. Accordingly, in my opinion, Fifth Amendment protection is available to Feldman. Stated another way, ordering Feldman to decrypt the storage devices would be in violation of his Fifth Amendment right against compelled self-incrimination.'" If the government has reasonable suspicion that you have illicit data, they can still compel you to decrypt it.

69 of 322 comments (clear)

Min score:

Reason:

Sort:

Nurz by Anonymous Coward · 2013-04-24 04:07 · Score: 4, Funny

V qba'g xabj, guvf ybbxf yvxr n ernfbanoyl fhfcvpvbhf cbfg gb zr...
Last Sentence by steevven1 · 2013-04-24 04:08 · Score: 5, Insightful

Where did the last sentence in this summary come from? It seems to be completely contradictory to the main content. Elaborate?
1. Re:Last Sentence by TyIzaeL · 2013-04-24 04:13 · Score: 5, Informative
  
  This is a close call, but I conclude that Feldman's act of production, which would necessarily require his using a password of some type to decrypt the storage device, would be tantamount to telling the government something it does not already know with "reasonably particularity"
  I'm guessing this is the trick. The government doesn't know there is evidence on the storage device. It sounds like they are making the argument that compelling a password for discovery purposes is a violation, but providing one to give them what they know you have is not. At least, that's what it seems like they are saying to me.
2. Re:Last Sentence by MDMurphy · 2013-04-24 04:13 · Score: 5, Informative
  
  It came from the linked article that references a rejected appeal in a bank fraud case concerning turning over an encryption key.
3. Re:Last Sentence by Anonymous Coward · 2013-04-24 04:14 · Score: 2, Insightful
  
  I believe the distinction is that in Feldman's case, the act of decryption shows that he had access to and control over the storage devices. This, by itself, would apparently be incriminating.
4. Re:Last Sentence by Anonymous Coward · 2013-04-24 04:24 · Score: 5, Informative
  
  It's a wink-wink that they have to add "possession of child pornography" to the charges also in order to compel the keys.
5. Re:Last Sentence by Yebyen · 2013-04-24 04:29 · Score: 5, Interesting
  
  It reads differently to me. They do not know that he can decrypt the data (he could have destroyed the passphrase, or it was destroyed when left in the hands of an automated system and he was incarcerated), and compelling him to do so would be a) demanding that he prove that he could decrypt them, a "fact" about him that is not already known to be true (and could be incriminating.)
  The last sentence in the summary reads like nonsense to me and does not seem to contribute anything.
  They cannot compel you to do something they don't already know that you have the ability to do, and if it turns out later that they can decrypt the drive without your help, the fact that you were able to decrypt it would be the incriminating part (apparently) as much as whatever they had actually found on the drive. Even if they know there is illicit stuff on the drive (somehow) without having decrypted it, they do not know you have control over it (unless this was proven some other way.)
  It's like those cops that ask, "do you have any illegal drugs on you" -- if you show them, you waived your right to be protected from unreasonable search and seizure. They did not violate it. You did. Has your fifth amendment right been violated? They could have asked the dog, and he would tell them, but putting dogs on you without probable cause is almost certainly illegal search violation. If you are threatened with contempt if you do not decrypt the drive, even when they haven't proven that you even can, it's much the same situation.
  
  --
  Restating the obvious since nineteen aught five.
6. Re:Last Sentence by gnasher719 · 2013-04-24 04:31 · Score: 2
  
  By ordering to decrypt, the accused is compelled to tell the government what they are not already known, that is, the content of the encrypted drive that could be evidence against accused . Hence the 5th Amendment Violation
  Wrong. They have the right to the information on the encrypted drive. What the government doesn't know is whether or not the accused is the one putting the encrypted data there. If he has the key, he is guilty - no need to decrypt the drive! If he doesn't have the key, he is innocent (all slightly exaggerated).
7. Re:Last Sentence by SternisheFan · 2013-04-24 04:32 · Score: 5, Informative
  
  From the linked Wired article:
  Just last year, for example, a federal appeals court rejected an appeal from a bank-fraud defendant who has been ordered to decrypt her laptop so its contents could be used in her criminal case. The issue was later mooted for defendant Romano Fricosu as a co-defendant eventually supplied a password.
  Contrary to the Wisconsin child pornography case, however, the Fricosu matter was distinguishable because the authorities had evidence that her hard drive might contain evidence against her, meaning the court felt her Fifth Amendment rights were not at issue. That’s because the authorities had recorded a jailhouse conversation between her and a co-defendant, in which the laptop’s contents were discussed
8. Re:Last Sentence by hedwards · 2013-04-24 04:43 · Score: 2
  
  Wrong, the government has the right to break into the data, but not to force somebody to interpret the data for them.
  This would be a bit like if you had a secret crime lair where you kept all the evidence of your misdeeds. The government would have a right to search for it, but if they couldn't find it or couldn't figure out how to open it, they couldn't force you to open it for them or tell them where it is or acknowledge its existence.
  What's more, they couldn't force you to incriminate yourself against other crimes that you might have committed by revealing that evidence to them.
  The only exceptions I've heard about to the protection are cases where LEO already knew what was inside the container and had seen the materials prior to being shut out of it.
9. Re:Last Sentence by janeuner · 2013-04-24 04:44 · Score: 4, Interesting
  
  Incorrect. The government knows that the specified files are (or were) on the storage device at some point. What it lacks is evidence that the defendant is capable of accessing that storage.
10. Re:Last Sentence by IndustrialComplex · 2013-04-24 04:56 · Score: 5, Informative
  
  Not quite right.
  The government is asking for information which would demonstrate that he had the capability to access the information in a device. Such an admission would be useful to the prosecution which must account for the custodial chain of the device and the data within it.
  An example of a situation where you might require this sort of defense:
  1. You buy a computer from Bob on Craigslist. You stick it in your garage to work on later.
  2. Bob is busted for something, and when questioned about the computer, says he sold it to you.
  3. The police arrive at your house, and with a warrant seize the computer from your garage.
  4. It turns out that 'Bob' was selling CP or something similarly illegal. The prosecutor decides that YOU purchased the computer/HDD as part of a purchase of CP from Bob.
  5. You claim that you have no idea what is on the machine, and the prosecutor demands that you provide the encryption key to decrypt the files for search.
  At this point, if you were to provide the encryption keys, it would demonstrate that you DID have the ability to access the files on the computer, this would be providing evidence to the prosecution that you were part of the chain of custody.
  In the case where the person WAS compelled to turn over the encryption key, the prosecution already had evidence that the person already could access the encrypted device/file. Therefore, by turning over the encryption key, the person was not providing any evidence that the prosecution did not already have.
  So if in the example I provide above, you had made a statement that "Hey, Bob sold me a computer, and you wouldn't believe the nasty stuff he had on it in an encrypted file." That would mean that you could not plead the 5th as it would already be a fact that you could access the encrypted file, so providing the keys wouldn't be giving any evidence to the prosecution.
  
  --
  Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
11. Re:Last Sentence by OptimalCynic · 2013-04-24 05:01 · Score: 2
  
  No, compel means force. "Do it, or you'll rot in jail."
12. Re:Last Sentence by Spazmania · 2013-04-24 05:05 · Score: 5, Interesting
  
  No, the trick is this:
  The government hasn't proven that Feldman *has* the encryption key. Compelling him to turn over the encryption key would be compelling him to admit that he has the key. The compelled admission that he has the encryption key is the fifth amendment violation.
  Had Feldman admitted that he had the key or if there was prima facie evidence that he possessed the key, the government could still compel him to provide it.
  
  --
  Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
13. Re:Last Sentence by NatasRevol · 2013-04-24 05:07 · Score: 2
  
  Just curious since I seem to have missed this.
  When did being compelled to decrypt a drive, even if there is known evidence there, skip around the fifth amendment ie avoiding self-incrimination.
  
  --
  There are two types of people in the world: Those who crave closure
14. Re:Last Sentence by Yebyen · 2013-04-24 05:17 · Score: 4, Informative
  
  We have to pass the bill to know what's in it...
  The argument I've heard is that, when information is at rest, it's not considered testimony for the information to be read (but some other form of discovery). Therefore if it can be shown that you're in a position to decrypt the drive, and the drive is admitted in discovery and you refuse to facilitate discovery, you are standing in the way of the discovery and can be held in contempt of court.
  If it has not been shown that the drive can be decrypted with information you have, or could reasonably be expected to have (say, it can be shown by inductive reasoning that the drive contains the log of your activities), or if for example the ownership of the keys or the drive and the encrypted data is in question, it's not reasonable to compel you to decrypt it under penalty of contempt. It hasn't even been shown that it's in your power to facilitate the discovery.
  You can be similarly compelled to provide paper documentation, even if it was sent through the mail. It's not testimony. It's facilitating (or obstructing) discovery.
  
  --
  Restating the obvious since nineteen aught five.
15. Re:Last Sentence by NatasRevol · 2013-04-24 05:21 · Score: 3, Interesting
  
  Interesting, and good to know.
  From a non lawyer point of view, discovery that you provide, about yourself, sounds an awful lot like testimony against yourself.
  
  --
  There are two types of people in the world: Those who crave closure
16. Re:Last Sentence by gorzek · 2013-04-24 05:27 · Score: 5, Informative
  
  Basically, it is a crime to withhold evidence that the government knows you have. But you can't be compelled to provide evidence against yourself that the government doesn't know you have.
  
  --
  Check out my world simulator thingy.
17. Re:Last Sentence by Yebyen · 2013-04-24 05:29 · Score: 2
  
  I agree and I am not a lawyer, however, I can see the argument that discovery is not testimony and I think I have it laid out approximately right. I am the IRS. I am investigating you for tax fraud. It's not illegal search for me to compel your bank statements (and not just because I'm asking the bank, rather than simply asking you to incriminate yourself. If it's known that you keep a ledger of your business dealings that could contain incriminating information, that can be compelled as well. Destroying it or refusing to provide it would be obstruction.)
  
  --
  Restating the obvious since nineteen aught five.
18. Re:Last Sentence by TheCarp · 2013-04-24 05:52 · Score: 5, Insightful
  
  > They could have asked the dog, and he would tell them, but putting dogs on you without probable
  > cause is almost certainly illegal search violation.
  I would argue the dog itself doesn't even constitute a search since they are so unrelaiable IN THIS CASE. There have been some great studies which have shown that dogs are only really useful in cases where their handler has no notion of what he might find or where. So border checkpoints, or random bomb searches, they are great....
  The problem is, that when the handler suspects there may be something to find, the animal almost always "detects" something. A great study recently setup a course to test dogs and handlers. The handlers were told that there were drug and bomb scent samples throughout a church, some of which were marked, some which were not.
  The trick: There were no drug scent samples. ALL of the marked spots were fakes, even some which included some meat for the dog to get him interested in it.
  The result? Lots of "hits". Only a very small minority of search trials found no hits at all, and the highest percentage of hits were not in the places where there was meat for the dog, but where there was a flag for the handler to see:
  https://www.erowid.org/freedom/police/police_article1.shtml
  Its really pretty striking that these are allowed at all. Its not even clear why a judge would issue a warrant for something this unreliable.
  
  --
  "I opened my eyes, and everything went dark again"
19. Re:Last Sentence by Defenestrar · 2013-04-24 05:56 · Score: 4, Insightful
  
  Likewise, if there's good reason to believe that you have a different set of books in a safe, or perhaps a murder weapon - you can be compelled to give the combination. By providing the combination you are not confessing to fraud or murder - you already left that evidence; by not providing the combination you are standing in the way of the court to evaluate the evidence.
  The fuzzy line is regarding whether there's reason to search in the first place (which is more of a question regarding the Fourth). Should the simple fact that a computer may have aided the crime be probable cause? Does there have to be evidence showing which computer was utilized (like only allowing the search of one computer behind a router's firewall instead of fishing in all of the computers - and what if there's multiple owners?...).
  I think a really interesting test case would be if a criminal used a confession or otherwise key incriminating evidence as the pass phrase for an encrypted device. If they plead the Fifth, and then were compelled anyway - how much would be ruled inadmissible?
20. Re:Last Sentence by cayenne8 · 2013-04-24 06:02 · Score: 2
  
  Had Feldman admitted that he had the key or if there was prima facie evidence that he possessed the key, the government could still compel him to provide it.
  So, the best thing to do, if any police or govt agency starts to ask you questions, you should immediately NOT talk to them, and lawyer up. Don't give them any information (such as this).
  From what I've been reading and watching, this is especially true if you are indeed, innocent.
  Shut up. Lawyer up.
  
  --
  Light travels faster than sound. This is why some people appear bright until you hear them speak.........
21. Re:Last Sentence by idontgno · 2013-04-24 06:03 · Score: 2
  
  Now, define "know".
  Is it the kind of "know" that torturers use when they say "we know you did it, just admit it and we'll stop waterboarding you"? Not very helpful.
  
  --
  Welcome to the Panopticon. Used to be a prison, now it's your home.
22. Re:Last Sentence by steelfood · 2013-04-24 06:20 · Score: 2
  
  No, I think some of the other people got it right. What all this means is that the 5th amendment applies if law enforcement does not know a priori that some important piece of evidence is encrypted.
  If they have a priori knowledge, they can ask for the keys and it has to be provided. But if they're only asking for the keys to find out if there's evidence, then the 5th amendment applies and it doesn't have to be provided.
  Either way, it's a good idea to not cave during the initial questioning and let the courts determine if the 5th amendment applies to your case or not. Granted, it's probably always a good idea to not cave during the initial questioning...
  
  --
  "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
23. Re:Last Sentence by tattood · 2013-04-24 07:01 · Score: 4, Interesting
  
  But you can't be compelled to provide evidence against yourself that the government doesn't know you have.
  What if the drive contains the evidence that they know you have, but it also contains other evidence that they do NOT know you have, which one would have precedence? If decrypting the drive will give them access to other evidence that would incriminate you in another crime.
  
  --
  WTB [sig], PST!!!
24. Re:Last Sentence by Hatta · 2013-04-24 07:17 · Score: 2
  
  If the government already knows about the evidence, they don't need me to provide it.
  
  --
  Give me Classic Slashdot or give me death!
25. Re:Last Sentence by Jane+Q.+Public · 2013-04-24 07:35 · Score: 4, Informative
  
  "The argument I've heard is that, when information is at rest, it's not considered testimony for the information to be read (but some other form of discovery). Therefore if it can be shown that you're in a position to decrypt the drive, and the drive is admitted in discovery and you refuse to facilitate discovery, you are standing in the way of the discovery and can be held in contempt of court."
  
  If it has not been shown that the drive can be decrypted with information you have, or could reasonably be expected to have (say, it can be shown by inductive reasoning that the drive contains the log of your activities), or if for example the ownership of the keys or the drive and the encrypted data is in question, it's not reasonable to compel you to decrypt it under penalty of contempt. It hasn't even been shown that it's in your power to facilitate the discovery.
  
  You can be similarly compelled to provide paper documentation, even if it was sent through the mail. It's not testimony. It's facilitating (or obstructing) discovery.
  This is COMPLETELY off the mark. Here's how it actually works. (I should add that there have been several other cases about this point recently, and none of them ruled that it was "a close call", as this judge seems to think.)
  
  If the government does not know that there is illegal material, or evidence of illegality, in the encrypted material, it cannot compel you to give up the password because that would be testifying against yourself.
  
  There are a couple of essential points here: first, it has to be "a product of your mind". Something you know. Not some kind of item that they know exists. For example, in many circumstances you can be compelled to turn over a key to a locked door, because a key is not testimony. (Other matters surrounding a search of a locked room are beyond the scope of this post.)
  
  The second essential point is that the government has to KNOW there is something illegal in the encrypted data in order to compel you to give them the password. Not "reasonable suspicion" as OP states. It has to be known beyond reasonable doubt. Because -- and this is the big point -- if they already know it's there, then you aren't incriminating yourself... you have already been "incriminated". You aren't admitting to anything because the illegal material is already known to exist. So, since you can't be said to be incriminating yourself, they can compel you to give up the password.
  
  So let me give you some examples from other recent court cases like this one:
  
  Someone was suspected of fraud but the evidence was all encrypted. The government could not prove the fraud without that evidence, which they had good reason to believe ("reasonable suspicion" as OP described it) that the evidence was in that encrypted data. But because of that, the government could not compel the defendant to give them the password, because there was a real danger he would be incriminating himself, which the 5th Amendment says you can't compel.
  
  In another case, a man was crossing the border with a laptop. At the time, customs was allowed to search at will. (A Federal court recently ruled that government needs probable cause to search even at borders. But at the time, it was considered kosher.)
  
  The man's laptop was turned on but asleep. His encryption software was running, so an encrypted volume on his hard drive could be accessed. 2 customs agents saw child pornography in the encrypted part of the drive, before the man somehow managed to turn the computer off. When it was turned back on, of course the encrypted data was no longer accessible.
  
  In this case, it was ruled that the government could compel him to produce the password, because the government already knew there was illegal material there. He could not be said to be incriminating himself, because they already knew it was illegal. The testimony of 2 customs agent was acceptable "k
26. Re:Last Sentence by TheCarp · 2013-04-24 07:40 · Score: 2
  
  > how it can even be doubted when and if the dog does uncover something substantive in a search.
  Oh I didn't address this.... never forget there are multiple parts to a trial. If the use of a dog is considered improper, and not something which gives probable cause. Look at the study there, only a small fraction of searches found nothing, even though none of the searches had anything to find.
  That is how its doubted. Its not about whether or not there were drugs, its about whether the method to detect them is reliable. In this case, its not reliable and is expected to get false positives at a high rate. Where is the probable cause there?
  So showing this should....SHOULD (not saying that any court has ruled this way...yet) be enough reason to toss out any evidence found from the subsequent search. Assuming that is all the evidence (like you didn't then confess), then that is all decided before the jury even gets shown the evidence.
  This is, of course, what is supposed to prevent the police from doing things like that... because it invalidates evidence. Imagine if they found the bodies of 6 kids in your trunk but then could find no other evidence pointing to you in their murders? That evidence gets tossed out if the search is invalidated.... nobody wants to be the cop who fucked that up.
  On the other hand, most people confess easily and talk before ever getting a lawyer....so it seldom comes into play.
  
  --
  "I opened my eyes, and everything went dark again"
27. Re:Last Sentence by Jane+Q.+Public · 2013-04-24 07:48 · Score: 4, Interesting
  
  "Likewise, if there's good reason to believe that you have a different set of books in a safe, or perhaps a murder weapon - you can be compelled to give the combination."
  Not even.
  
  In 5th Amendment cases, "reason to believe" is not good enough. Even probable cause is not good enough. They have to KNOW, already, that there is something illegal in there (and exactly what it is) before they can compel a password or a combination. See my explanation elsewhere in this thread.
  
  If they don't already know it's there, beyond reasonable doubt, they can't compel you. Because then you would be incriminating yourself.
  
  However, what they CAN do, if they have probable cause and it's something like a safe, is force it open. (If we assume they physically can. There are few things that can't be forced open given time and money.) If they force it open, there is no 5th Amendment question.
  
  "I think a really interesting test case would be if a criminal used a confession or otherwise key incriminating evidence as the pass phrase for an encrypted device. If they plead the Fifth, and then were compelled anyway - how much would be ruled inadmissible?"
  Because of what I just explained, that could never happen. If they already know that there is something illegal there, then they can compel you to divulge the password or combination. But if they DON'T already know, they can't compel you to divulge because the act of doing that would be incriminating yourself.
28. Re:Last Sentence by femtobyte · 2013-04-24 07:57 · Score: 3, Interesting
  
  Your analysis is off-the-mark for this particular case. According to the judge's writeup linked in the summary, the prosecution in this case actually did have evidence that child porn files were being downloaded to the servers and saved to the encrypted disks. The reason that the defendant was granted 5th Amendment immunity is that the prosecution lacked evidence that he was the only person in control of the computers. Maybe someone else had broken in and set up the encryption without the defendant's knowledge? By turning over the encryption keys, the defendant would prove that he knew the encryption keys, and thus incriminate himself of being responsible for the porn-filled encrypted disks (instead of an unwitting victim of hacking).
29. Re:Last Sentence by TheoMurpse · 2013-04-24 08:03 · Score: 2
  
  It's not really that. It's that you have a right not to be forced to incriminate yourself, and if you are forced to turn over encryption keys to something, you are admitting that the media is yours. If there's something illegal on the drive, this would be self-incrimination (admitting "this illegal stuff is mine").
  I remember this being a hot issue when I took Evidence in law school years ago. Of course, it being law school, we really didn't talk about anything useful. ;)
30. Re:Last Sentence by dcollins · 2013-04-24 08:49 · Score: 2
  
  That's nice, but in February the Supreme Court explicitly ruled about dog searches, "tough shit, the searches are legally admissible, we believe cops more than we believe you".
  http://reason.com/blog/2013/02/19/scotus-approves-search-warrants-issued-b
  
  --
  We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
31. Re:Last Sentence by Yebyen · 2013-04-24 08:53 · Score: 2
  
  I think that in this case the condition is that the judge does not see compelling evidence that the data and keys belong to the defendant. That way he cannot be seen as obstructing discovery, since "anyone" could be the owner of that data, and there's onus on the prosecution to prove that defendant is the keeper. It's not that he's refusing to help. It's that we have no proof that he is in any position to help.
  If I misread the summary and comments (haha articles) then feel free to correct me. If it was a bank ledger, you could not claim to the IRS it was confidential data protected by fifth amendment rights, and thus excluded from discovery. It's these encryption keys that you put in the way, and if you don't produce them, and there's compelling evidence that it should be in your power (or that if it's not, then you must have destroyed the keys to prevent access, at the time knowing that it was admissible evidence you were destroying), then you will be held in contempt of court.
  
  --
  Restating the obvious since nineteen aught five.
32. Re:Last Sentence by femtobyte · 2013-04-24 09:01 · Score: 3, Informative
  
  They can, however, use it as probable cause to get a second warrant to collect the new evidence. If police bust into your house with a warrant to search the kitchen for marijuana, and notice you have polaroids of a recent unsolved murder victim taped to the fridge, then they don't have to say "oops, we didn't see that." They can't take the photos or go rooting around the house for other evidence related to the murder on the existing warrant, but they can go back to a judge and request a new warrant (based on probable cause from testimony about seeing the photos) with different scope.
  In the article's court case, the defendant was allowed to refuse to disclose a password not because the contents of the drive could be incriminating, but because disclosing the password itself reveals previously unknown information: that you know the password. If the court already considers it a proven fact that you know a password, and has a warrant for searching the drive, then you don't get 5th-ammendment protection against revealing the password, no matter what incriminating stuff could be on the drive. The 5th Amendment is typically interpreted to only cover the "contents of your head": you can't be required to provide potentially self-incriminating info about were on the night of November 3rd from the contents of your memory. Your appointments calendar in your desk safe, however, is not 5th-ammendment protected, so you might be required to hand over that combination.
33. Re:Last Sentence by femtobyte · 2013-04-24 11:46 · Score: 2
  
  The same reasoning applies with those: in the first case, the guy would have been incriminating himself (admitting to the court that he was a criminal) by letting the court access those files.
  It's a subtle distinction (law gets subtle!), but "incriminating yourself by letting the court access files" is not the same as "incriminating yourself by showing you can access files." The latter has been ruled to fall under 5th Amendment protections. The former is still a legally open question (the courts might not agree to consider it "incriminating yourself," and instead consider it "handing over a safe key to cooperate with evidence gathering").
  Assuming your first case is this one (referenced in the the Wikipedia on 5th Amendment), it's important to note that, as in the article case, one of the important factors in not requiring a password be handed over was that "Neither do they know that Doe is capable of accessing the files." There may be instances where the court will require a password to be handed over to decrypt a not-known-to-be-incriminating file --- so far as I know, the courts haven't entirely ruled that out. Specifically, if the court "knows" (according to sufficient standards of evidence) that someone does have a password for a disk potentially containing (incriminating) evidence, then they may be able to demand the password --- again, this is a case yet to be hashed out (so far as I know) in court.
34. Re:Last Sentence by JakeBurn · 2013-04-24 12:00 · Score: 3, Informative
  
  In the USA at least, if the police have a legal reason to enter your home, (even including you allowing them in through the front door for any reason), they can then seize anything they can see that is also known to be illegal from any vantage point they have that is legal. Standing outside your window and looking in is not a legal vantage point, but you opening the front door would create one at the entryway just as the warrant makes your entire kitchen one. If they respond to a noise complaint, which doesn't even require a warrant, then see a bag of weed on the table when you open the door, they absolutely can enter your home, seize the drugs and arrest you. Its called Plain View Doctrine and its irrelevant to the warrant in as far as the photo in your post is concerned. It definitely could result in a more inclusive warrant being issued to search for more evidence concerning the murder, but that still wouldn't negate the fact that the original warrant would allow them to seize the photo on the fridge, a gun with the serial number filed off or anything else illegal that is in plain view, or in any place they expected to find the marijuana they came for in your kitchen.
35. Re:Last Sentence by femtobyte · 2013-04-24 12:09 · Score: 3, Informative
  
  I was careful in my example with a photo, because a photo isn't something illegal. Maybe you were hanging out with the victim before they got killed by someone else? A bag of weed or a gun with the serial filed off are indeed illegal things, that the cops can seize "from plain view." A photo is (usually) a perfectly legal thing, that police probably can't seize without a specific warrant. However, they've likely got probable cause to detain you on the spot and assure you can't destroy the photos/evidence while they're requesting a new warrant.
Obligatory XKCD by emddudley · 2013-04-24 04:14 · Score: 5, Funny

XKCD 538: A crypto nerd's imagination vs. what would actually happen
Forgive my ignorance... by fuzzyfuzzyfungus · 2013-04-24 04:16 · Score: 5, Interesting

Does the 5th amendment right to avoid self-incrimination apply only to the particular charges being brough in a given case, or does it cover any statement that could be incriminating, even if it were in a different proceeding, or if the record from Case A were to be used as evidence in Case B?
Say, in the case of an encrypted HDD, it's reasonably plausible that a broad spectrum of the suspect's electronic activities will be there. Common software tends to be a bit 'leaky' in terms of recording what it does(temp files, caches, search indexes, etc.) and most people don't have entirely separate computers for each flavor of crime they are engaged in.
If somebody were being charged for one crime that probably left evidence on the HDD(kiddie porn, say); would the fact that they know that there is evidence of CC-skimming(but, unlike the kiddie porn, the feds have no circumstantial evidence or other grounds for belief) justify a 5th-amendment refusal to decrypt the volume? Would the other potentially-incriminating stuff be irrelevant because it isn't among the charges(even if the court record could be used as evidence to bring future charges)? Would the suspect be compelled to divulge the key; but the prosecution only have access to material relevant to the charges being filed, with some 3rd party forensics person 'firewalling' to exclude all irrelevant material?
Re:England by click2005 · 2013-04-24 04:18 · Score: 3, Insightful

Yeah sometimes we pass silly laws in the UK and other times they do in the States. Its like trying to figure out which pile of shit has the least offensive smell.

--
I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
Mountain out of a molehill by DNS-and-BIND · 2013-04-24 04:18 · Score: 5, Interesting

This is all a big brouhaha over nothing. The Fifth Amendment has a remaining lifespan measured in years, not decades. There was already a call to give up on the Constitution, naming the document "downright evil". Now we have Bloomberg saying that the Boston bombing will have to change the way we 'interpret' the Constitution. No, I'm not kidding, the Mayor of New York City really said these words:

"The people who are worried about privacy have a legitimate worry," Mr. Bloomberg said during a press conference in Midtown. "But we live in a complex world where you're going to have to have a level of security greater than you did back in the olden days, if you will. And our laws and our interpretation of the Constitution, I think, have to change. Look, we live in a very dangerous world. We know there are people who want to take away our freedoms. What we cant do is let the protection get in the way of us enjoying our freedoms. You still want to let people practice their religion, no matter what that religion is. And I think one of the great dangers here is going and categorizing anybody from one religion as a terrorist. That's not true ... That would let the terrorists win. That's what they want us to do."
Encryption keys? It's arguing about the wrong topic. These silly arguments about the Fifth Amendment will soon be about as relevant to our lives as the Austro-Hungarian Empire.

--
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
1. Re:Mountain out of a molehill by Umuri · 2013-04-24 04:30 · Score: 2
  
  Did you even read the quote you posted?
  
  "The people who are worried about privacy have a legitimate worry," Mr. Bloomberg said during a press conference in Midtown. "But we live in a complex world where you're going to have to have a level of security greater than you did back in the olden days, if you will. And our laws and our interpretation of the Constitution, I think, have to change. Look, we live in a very dangerous world. We know there are people who want to take away our freedoms. What we cant do is let the protection get in the way of us enjoying our freedoms. You still want to let people practice their religion, no matter what that religion is. And I think one of the great dangers here is going and categorizing anybody from one religion as a terrorist. That's not true ... That would let the terrorists win. That's what they want us to do."
  Emphasis mine. That quote states that our interpretation will change to PROTECT our freedoms against the fear-mongering people trying to increase security at the cost of it. I'm all for lambasting people for taking away one of the few documents that got this country on the right track, but at least pick quotes that backup the statement you're trying to make...
  
  --
  You never realize how much manually made unmanaged "linked" lists suck, till you have src.link.link.link.link...
2. Re:Mountain out of a molehill by Archangel+Michael · 2013-04-24 04:38 · Score: 5, Insightful
  
  We just had a demonstration that most people are willing to live under Marshal Law, have their houses searched, in a violation of the 4th Amendment. We have the federal government actively campaigning for the abolition of the 2nd. People being sued for speaking their mind (1st Amendment), and so on. So what is to protect us from government taking the 5th away? Not to mention that the Federal Government has consistently violated the 9th and 10th.
  IF we the people had any balls, we would be dragging President, most (if not all) of Congress into court and charged with treason. Problem is, who is able to arrest the President of the USA for Treason? Who is willing? Obama, GWB, Clinton ..... all are guilty. But stick a (D) or (R) after their name, and all of a sudden 1/2 the people will "like" what they are doing, say "It isn't that bad".
  No, it isn't "That bad". It is worse.
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
3. Re:Mountain out of a molehill by CanHasDIY · 2013-04-24 04:41 · Score: 4, Insightful
  
  Hard to believe those are the words of mayor "You can't have a big soda, or smoke until you're 21, because I'm the government agent and I say so" Bloomberg...
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
4. Re:Mountain out of a molehill by Nidi62 · 2013-04-24 04:46 · Score: 4, Informative
  
  I love how the person who said the part you highlighted is the same person who banned the sale of sugary drinks over a certain size in restaurants as well as enacted the greatest restrictions on the 2nd Amendment, and wants to hide cigarettes in convenience stores among other things. Someone needs to teach him what the word "hypocrite" means.
  
  --
  The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
5. Re:Mountain out of a molehill by Anonymous Coward · 2013-04-24 05:13 · Score: 3, Insightful
  
  If they're willing to have their houses searched, then it is not a violation of the 4th amendment to search their houses. You can give permission to the police to search your house.
  Yeah, "permission." They were showing up at houses with teams of something like six heavily armored SWAT members, banging on the doors, aiming automatic rifles at the home owners, and then asking to be "allowed" to look at home.
  Want to say no? That's OK, they're backed by literal tanks and even more armed SWAT people, aiming through the windows at anyone they can see from their tank.
  So, yeah, they were "consensual" searches. In the same way a mugging victim "consents" to having his wallet stolen in exchange for not being shot to death.
  And all this ignores the social pressure to "consent." You're "helping" them catch a terrorist who isn't actually in that part of town! Do you want to refuse and "help the terrorists?" Do you?
  This was armed thuggery, pure and simple. The people of Boston should be ashamed of their police and ashamed of their behavior.
6. Re:Mountain out of a molehill by moeinvt · 2013-04-24 05:27 · Score: 3, Insightful
  
  Yes, we live in a dangerous world where people like Michael Bloomberg want to take away our freedoms.
  No "terrorist" can ever take away our freedoms. Only governments are capable of using enough force against us to accomplish that.
It has to do with foregone knowledge by Okian+Warrior · 2013-04-24 04:30 · Score: 4, Informative

It's a subtle point described in the judges decision.
If the government has knowledge of particular documents, they can force you to present them. This includes forcing you to open your safe or decrypting your hard drive.
If the government has no knowledge of the contents of the hard drive, no information from other sources that indicate that you have specific documents it wants, then it can't force you to decrypt your hard drive.
The judge's position was that since the government had no indication of whatever documents are on the hard drive, producing them tied the defendant to the documents - providing evidence of control and ownership. Since that evidence (control and ownership) was not available to the government beforehand, it would be compelled testimony.
I think this is also reasonable in light of the fourth amendment. If the government doesn't have knowledge of specific documents, it can't go "rummaging around" on your disk looking for things.
1. Re:It has to do with foregone knowledge by Hatta · 2013-04-24 08:04 · Score: 2
  
  If the government has knowledge of particular documents, they can force you to present them. This includes forcing you to open your safe or decrypting your hard drive.
  If the government already knows something, it doesn't need me to do anything. It can use the information that it already knows. If the government doesn't know something, and that something is incriminating, then forcing me to reveal that something violates my 5th amendment protection against being forced to bear witness against myself.
  
  --
  Give me Classic Slashdot or give me death!
How did he encrypt it? by hawguy · 2013-04-24 04:32 · Score: 5, Interesting

What encryption algorithm did he use that's FBI-proof?
1. Re:How did he encrypt it? by PhxBlue · 2013-04-24 04:49 · Score: 2
  
  ROT-13.
  
  --
  !#@%*)anks for hanging up the phone, dear.
2. Re:How did he encrypt it? by Virtucon · 2013-04-24 04:53 · Score: 2
  
  Well, AES-256 is readily available but I guess only the Feds and the accused know what was used.
  Anything that is worth it's salt (pun intended) will cause grief for any person trying to decrypt the data. There's lots of tools out there, just go look at a few.
  I would recommend looking at TrueCrypt http://www.truecrypt.org/ and OpenPGP http://www.openpgp.org/ first.
  
  --
  Harrison's Postulate - "For every action there is an equal and opposite criticism"
3. Re:How did he encrypt it? by hawguy · 2013-04-24 05:11 · Score: 4, Insightful
  
  Yeah!
  We crimin... drug... pirat... SECURITY EXPERTS want to know!
  I think you mean "citizens".
  There are lots of legitimate reasons a citizen may want to save information that they don't want even the US government to read. Just because I keep a diary doesn't mean I think some FBI agent should be privy to what I've written just because they suspect that I may have committed a crime.
Oblig xkcd is wrong yet again by Anonymous Coward · 2013-04-24 04:42 · Score: 3, Insightful

Bzzt. In this real life example, when the guys with the $5 wrench came along, the victim called his lawyer who brought in a judge who wields a $100 wrench.
And it all happened (he beat the $5 wrench guys) because he encrypted. If he hadn't encrypted, he might not have ever known he was under attack (well, ok, in this particular example he actually did; most of the time you don't), wouldn't have been confronted with the $5 wrench, and wouldn't have have had the recourse of getting the judge to come in with his $100 wrench.
Encrypt. More of than not, it results in you defeating your adversary. That's true whether the adversary is your government, someone else's government, a common thief, Google, whoever bought your refurbished drive after you RMAed it, or whoever.
You're stupid and knowingly negligently careless if you don't encrypt anything important. We're all going to point and you and laugh at the non-random misfortune that you consciously chose to experience.
Examples of what's important are: your shopping list, where you're having dinner tonight, mundane thoughts such as "yes, I'll have another beer" and nearly anything else. Anything you say can be used against you, and I'm not quoting Miranda; I'm quoting reality itself.
1. Re:Oblig xkcd is wrong yet again by NotSanguine · 2013-04-24 05:25 · Score: 2
  
  Examples of what's important are: your shopping list, where you're having dinner tonight, mundane thoughts such as "yes, I'll have another beer" and nearly anything else. Anything you say can be used against you, and I'm not quoting Miranda; I'm quoting reality itself.
  This is so very true. See Here for details.
  
  --
  No, no, you're not thinking; you're just being logical. --Niels Bohr
Re:Dafuq is "Feldman"? by hedwards · 2013-04-24 04:46 · Score: 2

$22k a year? I'd be willing to not edit the submissions for a fraction of that.
Re:England by camperdave · 2013-04-24 04:46 · Score: 2

From what I understand, it doesn't even have to be your key. If someone slipped an encrypted flash drive into your pocket, you could be sent away for refusing to divulge the encryption key - even though you have no possible clue what it might be.

--
When our name is on the back of your car, we're behind you all the way!
Victimless crimes? by Okian+Warrior · 2013-04-24 04:50 · Score: 2

I sometimes wonder at all the victimless crimes we seem to have.
In this case federal prosecutors not only don't have a victim, they don't have evidence of a crime. The only way to convict the defendant is to get the evidence from him.
I think the constitution was made specifically to protect us from these sorts of "investigations of suspicion"; specifically, the founding fathers recognized that many activities may seem suspicious from the outside and in certain contexts, but that the government can't simply come in and rummage around for reasons to arrest someone.
This is especially salient in today's world, where innumerable crimes go unaddressed even though there are real victims, and investigating and prosecuting would be trivial. Spam, phishing fraud, identity theft, stolen laptops where the laptop tells the owner where it is, robocalling - all crimes where an average citizen has to beg the government to intercede... to no avail.
Having "suspicious activity" but no evidence should be a clear signal to the authorities. Drop the case, or do something to get real evidence. This general "he's done something wrong, we only need the tools to do our job" thing has to stop.
Do your job by protecting real victims.
I can't remember... by Anonymous Coward · 2013-04-24 04:55 · Score: 2, Interesting

Politicians, police, and heads of major bodies are trained to answer "I can't remember" to questions where a refusal to answer is not permitted.
By Law, in the USA, the statement "I cannot remember" can NEVER be categorised as lying (without a freely offered self-confession of this fact). Understand that the USA is one of the obscene nations where lying to law enforcement goons is a serious criminal offence in itself, whereas the same law enforcement goons have full State authority to use lies as a tool of investigation and interrogation. The reason every lawyer in the USA states that you must NEVER talk to law enforcement goons without a lawyer present is because of these facts. Innocent people can be lawfully converted into criminals in the USA, simply by how they respond to a manipulative and dishonest line of questioning.
Even in the UK, lying to law enforcement goons is not a criminal offence in and of itself (at worst, you can be charged with wasting police time- but there the lie has to be one that suggests false details about a crime that cause unnecessary and useless investigation).
All nations can 'force' a person to reveal a password under some legal principle or other, if the circumstances are right. 'Force' means, of course, that a refusal to comply is a crime. "I cannot remember the password" will work for any elite individual who actually exists above the law (like senior 'banksters' in the USA). It will not work for an ordinary target of law enforcement.
Good lawyers always offer cynical advice. How often have you read stories of famous Americans refusing to be breathalysed at the scene of a DUI incident. The lawyer has trained these clients that the penalty for refusal is FAR lower than the penalty for being found DUI. Forced decryption follows the same logic. For political targets, the USA uses the obscene system of 'contempt' and sequential re-incarceration- effective turning the penalty for the offence into one of life in prison.
The argument about "reasonable suspicion" is an interesting one. It does, however, smack of turning 'presumed innocent' into 'presumed guilty'. Should the command to force decryption be accompanied with a promise that only the expected incriminating digital evidence be used against the individual, and that other illicit digital content that may be found with no relationship to the current case should be ignored, if it proves that the expected material is NOT present within the digital 'safe'?
In other words, if law enforcement goons are wrong about you with their current claims, should you be forced to incriminate yourself over an unrelated 'crime'? After all, if you reward law enforcement goons for engaging in 'fishing expeditions', clearly this tactic will only grow.
Re:What is the method / software used by ewieling · 2013-04-24 04:56 · Score: 3, Interesting

Truecrypt.

The FBI has admitted defeat in attempts to break the open source encryption used to secure hard drives seized by Brazilian police during a 2008 investigation. <URL:http://news.techworld.com/security/3228701/>

--
I really shouldn't have used someone else's email address for this account.
Re:what happens if it's cracked ? by HungryHobo · 2013-04-24 05:19 · Score: 2

If they can crack it they're totally free to use it.
imagine that there's a body buried someone in kansas. they can't force you to tell them where it is so that they can go collect evidence against you from it.
But if they find it themselves they're free to use it.
for encryption the search space is a mathematical one but otherwise it's similar.
of course if the NSA or some such can crack it there's no way that they'll admit it for something as trivial as a conviction for some petty criminal because then everyone would know it had been cracked and would use a different form of encryption and the NSA would have to do all the work of cracking that new one.
Re:what happens if it's cracked ? by kwerle · 2013-04-24 05:36 · Score: 2

I'm sure the FBI / NSA has some supercomputers that could crack his computer in very short orde.
Then you simply watch too much television.
So, sort of like a car? by uncqual · 2013-04-24 05:54 · Score: 5, Interesting

So, it's rather like if the police found a special car with very strong windows and combination locks. They have strong evidence that it's got a lot of heroin in it and want to get inside it to search it and have a warrant to do so but can't get it open.
They think, but don't have much evidence to support that belief, that you had unrestricted access to the car interior and therefore have the combination and can open the door for them.
What this ruling says is that they can't compel you to product the combination because then you would be being forced to reveal that you did, in fact, have the combination and, hence, access to the inside of the vehicle which would be incriminating given the contents of the car.
If, however, they found a surveillance video that showed you opening the door of the car using the combination you could then be compelled to provide the combination as that would not reveal, for the first time, that you actually had access to the interior of the car.
Is that correct?

--
Why is there an "insightful" mod and why isn't it "-1"? If I wanted insight, I wouldn't be reading /.
1. Re:So, sort of like a car? by GameboyRMH · 2013-04-24 07:12 · Score: 2
  
  So the important thing to take away from this is that if law enforcement questions you at all about an encrypted drive, you don't just deny them the key, you remain silent about it.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
2. Re:So, sort of like a car? by Hatta · 2013-04-24 07:58 · Score: 2
  
  That's some pretty involved mental gymnastics they came up with to work around the fifth amendment. In reality, it's much simpler. Any information a suspect provides is testimony. If that information increases the chance of the suspect being found guilty, then it is incriminating testimony. No one can justly be forced to provide incriminating testimony.
  
  --
  Give me Classic Slashdot or give me death!
Re:what happens if it's cracked ? by Zero__Kelvin · 2013-04-24 05:56 · Score: 2, Insightful

"I'm sure the FBI / NSA has some supercomputers that could crack his computer in very short order."
That is because you don't understand encryption.

--
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Lessons by Anonymous Coward · 2013-04-24 06:00 · Score: 4, Interesting

Things I learned from reading the ruling:
1. As usual, keep your mouth shut. The guy merely admitted that he lived alone in his current residence for 15 years before he got smart and lawyer-ed up, and that fact makes an appearance in the ruling. It doesn't hurt much and they would have figured it out anyway, but it definitely didn't help.
2. Use whole-disk encryption and encrypt everything. All evidence against him mentioned in the ruling was obtained from unencrypted drives and were what should have been private bits and metadata that leaked or never making it to the encrypted drive, especially log files. They have highly incriminating file-names, drive letters, peer-to-peer download logs, basically a ton of metadata. While this ruling almost certainly doesn't cover all the evidence against him, it's not clear the FBI would have anything at all if it weren't for the two drives that they found unencrypted. Although they must have had something else to go after him in the first place.
3. IMO he really dodged a bullet at least in this narrow instance. Crudely speaking, Judge says it isn't reasonable to conclude that both the files in question necessarily exist and that the defendant had access to them (it sounds like the real problem is the latter). This when they have file-names, log files, and the disks in question were taken from his residence where he has lived alone for 15 years, and while he certainly hasn't admitted the disks were his, I don't see an active claim to the contrary either (which I'd likely support but he needs to say it). I'm very pro-encryption and am generally not happy with the court compelling encryption keys, but this is one of the weakest cases for not doing so that I could think of, and is probably why the FBI decided to go for it and now potentially lost big if this it the burden or proof they are stuck with to prove ownership or control of data on a disk.
I can't hand over the key by Opportunist · 2013-04-24 06:14 · Score: 2

I have files on my Hard Drive that are encrypted, with the key being stored on a USB dongle. Unfortunately, that dongle went missing.
So I now sit on a lot of files that I can't access and couldn't turn the key over (but hey, if you find the dongle in your search, be my guest), but I know the moment I delete them I find that darn dongle...

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Re:What is the method / software used by pipatron · 2013-04-24 07:49 · Score: 2

Pretty much anything open source. If you're not allowed to see the source (skype, hardware disk encryption, proprietary encryption, windows built-in encryption) you can bet that FBI has a master key.
Doesn't mean it's safe just because it's open source, but broken or bogus encryption solutions which are open source are quickly found out.

--
c++; /* this makes c bigger but returns the old value */