Slashdot Mirror

← Back to Stories (view on slashdot.org)

Federal Magistrate Rules That Fifth Amendment Applies To Encryption Keys

Posted by Unknown on from the but-the-nsa-has-quantum-computers dept.

Virtucon writes "U.S. Magistrate William Callahan Jr. of Wisconsin has ruled in favor of the accused in that he should not have to decrypt his storage device. The U.S. Government had sought to compel Feldman to provide his password to obtain access to the data. Presumably the FBI has had no success in getting the data and had sought to have the judge compel Feldman to provide the decrypted contents of what they had seized. The Judge ruled (PDF): 'This is a close call, but I conclude that Feldman's act of production, which would necessarily require his using a password of some type to decrypt the storage device, would be tantamount to telling the government something it does not already know with "reasonably particularity" — namely, that Feldman has personal access to and control over the encrypted storage devices. Accordingly, in my opinion, Fifth Amendment protection is available to Feldman. Stated another way, ordering Feldman to decrypt the storage devices would be in violation of his Fifth Amendment right against compelled self-incrimination.'" If the government has reasonable suspicion that you have illicit data, they can still compel you to decrypt it.

38 of 322 comments (clear)

  1. Nurz by Anonymous Coward · · Score: 4, Funny

    V qba'g xabj, guvf ybbxf yvxr n ernfbanoyl fhfcvpvbhf cbfg gb zr...

  2. Last Sentence by steevven1 · · Score: 5, Insightful

    Where did the last sentence in this summary come from? It seems to be completely contradictory to the main content. Elaborate?

    1. Re:Last Sentence by TyIzaeL · · Score: 5, Informative

      This is a close call, but I conclude that Feldman's act of production, which would necessarily require his using a password of some type to decrypt the storage device, would be tantamount to telling the government something it does not already know with "reasonably particularity"

      I'm guessing this is the trick. The government doesn't know there is evidence on the storage device. It sounds like they are making the argument that compelling a password for discovery purposes is a violation, but providing one to give them what they know you have is not. At least, that's what it seems like they are saying to me.

    2. Re:Last Sentence by MDMurphy · · Score: 5, Informative

      It came from the linked article that references a rejected appeal in a bank fraud case concerning turning over an encryption key.

    3. Re:Last Sentence by Anonymous Coward · · Score: 5, Informative

      It's a wink-wink that they have to add "possession of child pornography" to the charges also in order to compel the keys.

    4. Re:Last Sentence by Yebyen · · Score: 5, Interesting

      It reads differently to me. They do not know that he can decrypt the data (he could have destroyed the passphrase, or it was destroyed when left in the hands of an automated system and he was incarcerated), and compelling him to do so would be a) demanding that he prove that he could decrypt them, a "fact" about him that is not already known to be true (and could be incriminating.)

      The last sentence in the summary reads like nonsense to me and does not seem to contribute anything.

      They cannot compel you to do something they don't already know that you have the ability to do, and if it turns out later that they can decrypt the drive without your help, the fact that you were able to decrypt it would be the incriminating part (apparently) as much as whatever they had actually found on the drive. Even if they know there is illicit stuff on the drive (somehow) without having decrypted it, they do not know you have control over it (unless this was proven some other way.)

      It's like those cops that ask, "do you have any illegal drugs on you" -- if you show them, you waived your right to be protected from unreasonable search and seizure. They did not violate it. You did. Has your fifth amendment right been violated? They could have asked the dog, and he would tell them, but putting dogs on you without probable cause is almost certainly illegal search violation. If you are threatened with contempt if you do not decrypt the drive, even when they haven't proven that you even can, it's much the same situation.

      --
      Restating the obvious since nineteen aught five.
    5. Re:Last Sentence by SternisheFan · · Score: 5, Informative
      From the linked Wired article:

      Just last year, for example, a federal appeals court rejected an appeal from a bank-fraud defendant who has been ordered to decrypt her laptop so its contents could be used in her criminal case. The issue was later mooted for defendant Romano Fricosu as a co-defendant eventually supplied a password.

      Contrary to the Wisconsin child pornography case, however, the Fricosu matter was distinguishable because the authorities had evidence that her hard drive might contain evidence against her, meaning the court felt her Fifth Amendment rights were not at issue. That’s because the authorities had recorded a jailhouse conversation between her and a co-defendant, in which the laptop’s contents were discussed

    6. Re:Last Sentence by janeuner · · Score: 4, Interesting

      Incorrect. The government knows that the specified files are (or were) on the storage device at some point. What it lacks is evidence that the defendant is capable of accessing that storage.

    7. Re:Last Sentence by IndustrialComplex · · Score: 5, Informative

      Not quite right.

      The government is asking for information which would demonstrate that he had the capability to access the information in a device. Such an admission would be useful to the prosecution which must account for the custodial chain of the device and the data within it.

      An example of a situation where you might require this sort of defense:

      1. You buy a computer from Bob on Craigslist. You stick it in your garage to work on later.
      2. Bob is busted for something, and when questioned about the computer, says he sold it to you.
      3. The police arrive at your house, and with a warrant seize the computer from your garage.
      4. It turns out that 'Bob' was selling CP or something similarly illegal. The prosecutor decides that YOU purchased the computer/HDD as part of a purchase of CP from Bob.
      5. You claim that you have no idea what is on the machine, and the prosecutor demands that you provide the encryption key to decrypt the files for search.

      At this point, if you were to provide the encryption keys, it would demonstrate that you DID have the ability to access the files on the computer, this would be providing evidence to the prosecution that you were part of the chain of custody.

      In the case where the person WAS compelled to turn over the encryption key, the prosecution already had evidence that the person already could access the encrypted device/file. Therefore, by turning over the encryption key, the person was not providing any evidence that the prosecution did not already have.

      So if in the example I provide above, you had made a statement that "Hey, Bob sold me a computer, and you wouldn't believe the nasty stuff he had on it in an encrypted file." That would mean that you could not plead the 5th as it would already be a fact that you could access the encrypted file, so providing the keys wouldn't be giving any evidence to the prosecution.

      --
      Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
    8. Re:Last Sentence by Spazmania · · Score: 5, Interesting

      No, the trick is this:

      The government hasn't proven that Feldman *has* the encryption key. Compelling him to turn over the encryption key would be compelling him to admit that he has the key. The compelled admission that he has the encryption key is the fifth amendment violation.

      Had Feldman admitted that he had the key or if there was prima facie evidence that he possessed the key, the government could still compel him to provide it.

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
    9. Re:Last Sentence by Yebyen · · Score: 4, Informative

      We have to pass the bill to know what's in it...

      The argument I've heard is that, when information is at rest, it's not considered testimony for the information to be read (but some other form of discovery). Therefore if it can be shown that you're in a position to decrypt the drive, and the drive is admitted in discovery and you refuse to facilitate discovery, you are standing in the way of the discovery and can be held in contempt of court.

      If it has not been shown that the drive can be decrypted with information you have, or could reasonably be expected to have (say, it can be shown by inductive reasoning that the drive contains the log of your activities), or if for example the ownership of the keys or the drive and the encrypted data is in question, it's not reasonable to compel you to decrypt it under penalty of contempt. It hasn't even been shown that it's in your power to facilitate the discovery.

      You can be similarly compelled to provide paper documentation, even if it was sent through the mail. It's not testimony. It's facilitating (or obstructing) discovery.

      --
      Restating the obvious since nineteen aught five.
    10. Re:Last Sentence by NatasRevol · · Score: 3, Interesting

      Interesting, and good to know.

      From a non lawyer point of view, discovery that you provide, about yourself, sounds an awful lot like testimony against yourself.

      --
      There are two types of people in the world: Those who crave closure
    11. Re:Last Sentence by gorzek · · Score: 5, Informative

      Basically, it is a crime to withhold evidence that the government knows you have. But you can't be compelled to provide evidence against yourself that the government doesn't know you have.

      --
      Check out my world simulator thingy.
    12. Re:Last Sentence by TheCarp · · Score: 5, Insightful

      > They could have asked the dog, and he would tell them, but putting dogs on you without probable
      > cause is almost certainly illegal search violation.

      I would argue the dog itself doesn't even constitute a search since they are so unrelaiable IN THIS CASE. There have been some great studies which have shown that dogs are only really useful in cases where their handler has no notion of what he might find or where. So border checkpoints, or random bomb searches, they are great....

      The problem is, that when the handler suspects there may be something to find, the animal almost always "detects" something. A great study recently setup a course to test dogs and handlers. The handlers were told that there were drug and bomb scent samples throughout a church, some of which were marked, some which were not.

      The trick: There were no drug scent samples. ALL of the marked spots were fakes, even some which included some meat for the dog to get him interested in it.

      The result? Lots of "hits". Only a very small minority of search trials found no hits at all, and the highest percentage of hits were not in the places where there was meat for the dog, but where there was a flag for the handler to see:

      https://www.erowid.org/freedom/police/police_article1.shtml

      Its really pretty striking that these are allowed at all. Its not even clear why a judge would issue a warrant for something this unreliable.

      --
      "I opened my eyes, and everything went dark again"
    13. Re:Last Sentence by Defenestrar · · Score: 4, Insightful

      Likewise, if there's good reason to believe that you have a different set of books in a safe, or perhaps a murder weapon - you can be compelled to give the combination. By providing the combination you are not confessing to fraud or murder - you already left that evidence; by not providing the combination you are standing in the way of the court to evaluate the evidence.

      The fuzzy line is regarding whether there's reason to search in the first place (which is more of a question regarding the Fourth). Should the simple fact that a computer may have aided the crime be probable cause? Does there have to be evidence showing which computer was utilized (like only allowing the search of one computer behind a router's firewall instead of fishing in all of the computers - and what if there's multiple owners?...).

      I think a really interesting test case would be if a criminal used a confession or otherwise key incriminating evidence as the pass phrase for an encrypted device. If they plead the Fifth, and then were compelled anyway - how much would be ruled inadmissible?

    14. Re:Last Sentence by tattood · · Score: 4, Interesting

      But you can't be compelled to provide evidence against yourself that the government doesn't know you have.

      What if the drive contains the evidence that they know you have, but it also contains other evidence that they do NOT know you have, which one would have precedence? If decrypting the drive will give them access to other evidence that would incriminate you in another crime.

      --
      WTB [sig], PST!!!
    15. Re:Last Sentence by Jane+Q.+Public · · Score: 4, Informative

      "The argument I've heard is that, when information is at rest, it's not considered testimony for the information to be read (but some other form of discovery). Therefore if it can be shown that you're in a position to decrypt the drive, and the drive is admitted in discovery and you refuse to facilitate discovery, you are standing in the way of the discovery and can be held in contempt of court."

      If it has not been shown that the drive can be decrypted with information you have, or could reasonably be expected to have (say, it can be shown by inductive reasoning that the drive contains the log of your activities), or if for example the ownership of the keys or the drive and the encrypted data is in question, it's not reasonable to compel you to decrypt it under penalty of contempt. It hasn't even been shown that it's in your power to facilitate the discovery.

      You can be similarly compelled to provide paper documentation, even if it was sent through the mail. It's not testimony. It's facilitating (or obstructing) discovery.

      This is COMPLETELY off the mark. Here's how it actually works. (I should add that there have been several other cases about this point recently, and none of them ruled that it was "a close call", as this judge seems to think.)

      If the government does not know that there is illegal material, or evidence of illegality, in the encrypted material, it cannot compel you to give up the password because that would be testifying against yourself.

      There are a couple of essential points here: first, it has to be "a product of your mind". Something you know. Not some kind of item that they know exists. For example, in many circumstances you can be compelled to turn over a key to a locked door, because a key is not testimony. (Other matters surrounding a search of a locked room are beyond the scope of this post.)

      The second essential point is that the government has to KNOW there is something illegal in the encrypted data in order to compel you to give them the password. Not "reasonable suspicion" as OP states. It has to be known beyond reasonable doubt. Because -- and this is the big point -- if they already know it's there, then you aren't incriminating yourself... you have already been "incriminated". You aren't admitting to anything because the illegal material is already known to exist. So, since you can't be said to be incriminating yourself, they can compel you to give up the password.

      So let me give you some examples from other recent court cases like this one:

      Someone was suspected of fraud but the evidence was all encrypted. The government could not prove the fraud without that evidence, which they had good reason to believe ("reasonable suspicion" as OP described it) that the evidence was in that encrypted data. But because of that, the government could not compel the defendant to give them the password, because there was a real danger he would be incriminating himself, which the 5th Amendment says you can't compel.

      In another case, a man was crossing the border with a laptop. At the time, customs was allowed to search at will. (A Federal court recently ruled that government needs probable cause to search even at borders. But at the time, it was considered kosher.)

      The man's laptop was turned on but asleep. His encryption software was running, so an encrypted volume on his hard drive could be accessed. 2 customs agents saw child pornography in the encrypted part of the drive, before the man somehow managed to turn the computer off. When it was turned back on, of course the encrypted data was no longer accessible.

      In this case, it was ruled that the government could compel him to produce the password, because the government already knew there was illegal material there. He could not be said to be incriminating himself, because they already knew it was illegal. The testimony of 2 customs agent was acceptable "k

    16. Re:Last Sentence by Jane+Q.+Public · · Score: 4, Interesting

      "Likewise, if there's good reason to believe that you have a different set of books in a safe, or perhaps a murder weapon - you can be compelled to give the combination."

      Not even.

      In 5th Amendment cases, "reason to believe" is not good enough. Even probable cause is not good enough. They have to KNOW, already, that there is something illegal in there (and exactly what it is) before they can compel a password or a combination. See my explanation elsewhere in this thread.

      If they don't already know it's there, beyond reasonable doubt, they can't compel you. Because then you would be incriminating yourself.

      However, what they CAN do, if they have probable cause and it's something like a safe, is force it open. (If we assume they physically can. There are few things that can't be forced open given time and money.) If they force it open, there is no 5th Amendment question.

      "I think a really interesting test case would be if a criminal used a confession or otherwise key incriminating evidence as the pass phrase for an encrypted device. If they plead the Fifth, and then were compelled anyway - how much would be ruled inadmissible?"

      Because of what I just explained, that could never happen. If they already know that there is something illegal there, then they can compel you to divulge the password or combination. But if they DON'T already know, they can't compel you to divulge because the act of doing that would be incriminating yourself.

    17. Re:Last Sentence by femtobyte · · Score: 3, Interesting

      Your analysis is off-the-mark for this particular case. According to the judge's writeup linked in the summary, the prosecution in this case actually did have evidence that child porn files were being downloaded to the servers and saved to the encrypted disks. The reason that the defendant was granted 5th Amendment immunity is that the prosecution lacked evidence that he was the only person in control of the computers. Maybe someone else had broken in and set up the encryption without the defendant's knowledge? By turning over the encryption keys, the defendant would prove that he knew the encryption keys, and thus incriminate himself of being responsible for the porn-filled encrypted disks (instead of an unwitting victim of hacking).

    18. Re:Last Sentence by femtobyte · · Score: 3, Informative

      They can, however, use it as probable cause to get a second warrant to collect the new evidence. If police bust into your house with a warrant to search the kitchen for marijuana, and notice you have polaroids of a recent unsolved murder victim taped to the fridge, then they don't have to say "oops, we didn't see that." They can't take the photos or go rooting around the house for other evidence related to the murder on the existing warrant, but they can go back to a judge and request a new warrant (based on probable cause from testimony about seeing the photos) with different scope.

      In the article's court case, the defendant was allowed to refuse to disclose a password not because the contents of the drive could be incriminating, but because disclosing the password itself reveals previously unknown information: that you know the password. If the court already considers it a proven fact that you know a password, and has a warrant for searching the drive, then you don't get 5th-ammendment protection against revealing the password, no matter what incriminating stuff could be on the drive. The 5th Amendment is typically interpreted to only cover the "contents of your head": you can't be required to provide potentially self-incriminating info about were on the night of November 3rd from the contents of your memory. Your appointments calendar in your desk safe, however, is not 5th-ammendment protected, so you might be required to hand over that combination.

    19. Re:Last Sentence by JakeBurn · · Score: 3, Informative

      In the USA at least, if the police have a legal reason to enter your home, (even including you allowing them in through the front door for any reason), they can then seize anything they can see that is also known to be illegal from any vantage point they have that is legal. Standing outside your window and looking in is not a legal vantage point, but you opening the front door would create one at the entryway just as the warrant makes your entire kitchen one. If they respond to a noise complaint, which doesn't even require a warrant, then see a bag of weed on the table when you open the door, they absolutely can enter your home, seize the drugs and arrest you. Its called Plain View Doctrine and its irrelevant to the warrant in as far as the photo in your post is concerned. It definitely could result in a more inclusive warrant being issued to search for more evidence concerning the murder, but that still wouldn't negate the fact that the original warrant would allow them to seize the photo on the fridge, a gun with the serial number filed off or anything else illegal that is in plain view, or in any place they expected to find the marijuana they came for in your kitchen.

    20. Re:Last Sentence by femtobyte · · Score: 3, Informative

      I was careful in my example with a photo, because a photo isn't something illegal. Maybe you were hanging out with the victim before they got killed by someone else? A bag of weed or a gun with the serial filed off are indeed illegal things, that the cops can seize "from plain view." A photo is (usually) a perfectly legal thing, that police probably can't seize without a specific warrant. However, they've likely got probable cause to detain you on the spot and assure you can't destroy the photos/evidence while they're requesting a new warrant.

  3. Obligatory XKCD by emddudley · · Score: 5, Funny

    XKCD 538: A crypto nerd's imagination vs. what would actually happen

  4. Forgive my ignorance... by fuzzyfuzzyfungus · · Score: 5, Interesting

    Does the 5th amendment right to avoid self-incrimination apply only to the particular charges being brough in a given case, or does it cover any statement that could be incriminating, even if it were in a different proceeding, or if the record from Case A were to be used as evidence in Case B?

    Say, in the case of an encrypted HDD, it's reasonably plausible that a broad spectrum of the suspect's electronic activities will be there. Common software tends to be a bit 'leaky' in terms of recording what it does(temp files, caches, search indexes, etc.) and most people don't have entirely separate computers for each flavor of crime they are engaged in.

    If somebody were being charged for one crime that probably left evidence on the HDD(kiddie porn, say); would the fact that they know that there is evidence of CC-skimming(but, unlike the kiddie porn, the feds have no circumstantial evidence or other grounds for belief) justify a 5th-amendment refusal to decrypt the volume? Would the other potentially-incriminating stuff be irrelevant because it isn't among the charges(even if the court record could be used as evidence to bring future charges)? Would the suspect be compelled to divulge the key; but the prosecution only have access to material relevant to the charges being filed, with some 3rd party forensics person 'firewalling' to exclude all irrelevant material?

  5. Re:England by click2005 · · Score: 3, Insightful

    Yeah sometimes we pass silly laws in the UK and other times they do in the States. Its like trying to figure out which pile of shit has the least offensive smell.

    --
    I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
  6. Mountain out of a molehill by DNS-and-BIND · · Score: 5, Interesting
    This is all a big brouhaha over nothing. The Fifth Amendment has a remaining lifespan measured in years, not decades. There was already a call to give up on the Constitution, naming the document "downright evil". Now we have Bloomberg saying that the Boston bombing will have to change the way we 'interpret' the Constitution. No, I'm not kidding, the Mayor of New York City really said these words:

    "The people who are worried about privacy have a legitimate worry," Mr. Bloomberg said during a press conference in Midtown. "But we live in a complex world where you're going to have to have a level of security greater than you did back in the olden days, if you will. And our laws and our interpretation of the Constitution, I think, have to change. Look, we live in a very dangerous world. We know there are people who want to take away our freedoms. What we cant do is let the protection get in the way of us enjoying our freedoms. You still want to let people practice their religion, no matter what that religion is. And I think one of the great dangers here is going and categorizing anybody from one religion as a terrorist. That's not true ... That would let the terrorists win. That's what they want us to do."

    Encryption keys? It's arguing about the wrong topic. These silly arguments about the Fifth Amendment will soon be about as relevant to our lives as the Austro-Hungarian Empire.

    --
    Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    1. Re:Mountain out of a molehill by Archangel+Michael · · Score: 5, Insightful

      We just had a demonstration that most people are willing to live under Marshal Law, have their houses searched, in a violation of the 4th Amendment. We have the federal government actively campaigning for the abolition of the 2nd. People being sued for speaking their mind (1st Amendment), and so on. So what is to protect us from government taking the 5th away? Not to mention that the Federal Government has consistently violated the 9th and 10th.

      IF we the people had any balls, we would be dragging President, most (if not all) of Congress into court and charged with treason. Problem is, who is able to arrest the President of the USA for Treason? Who is willing? Obama, GWB, Clinton ..... all are guilty. But stick a (D) or (R) after their name, and all of a sudden 1/2 the people will "like" what they are doing, say "It isn't that bad".

      No, it isn't "That bad". It is worse.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    2. Re:Mountain out of a molehill by CanHasDIY · · Score: 4, Insightful

      Hard to believe those are the words of mayor "You can't have a big soda, or smoke until you're 21, because I'm the government agent and I say so" Bloomberg...

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    3. Re:Mountain out of a molehill by Nidi62 · · Score: 4, Informative

      I love how the person who said the part you highlighted is the same person who banned the sale of sugary drinks over a certain size in restaurants as well as enacted the greatest restrictions on the 2nd Amendment, and wants to hide cigarettes in convenience stores among other things. Someone needs to teach him what the word "hypocrite" means.

      --
      The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
    4. Re:Mountain out of a molehill by Anonymous Coward · · Score: 3, Insightful

      If they're willing to have their houses searched, then it is not a violation of the 4th amendment to search their houses. You can give permission to the police to search your house.

      Yeah, "permission." They were showing up at houses with teams of something like six heavily armored SWAT members, banging on the doors, aiming automatic rifles at the home owners, and then asking to be "allowed" to look at home.

      Want to say no? That's OK, they're backed by literal tanks and even more armed SWAT people, aiming through the windows at anyone they can see from their tank.

      So, yeah, they were "consensual" searches. In the same way a mugging victim "consents" to having his wallet stolen in exchange for not being shot to death.

      And all this ignores the social pressure to "consent." You're "helping" them catch a terrorist who isn't actually in that part of town! Do you want to refuse and "help the terrorists?" Do you?

      This was armed thuggery, pure and simple. The people of Boston should be ashamed of their police and ashamed of their behavior.

    5. Re:Mountain out of a molehill by moeinvt · · Score: 3, Insightful

      Yes, we live in a dangerous world where people like Michael Bloomberg want to take away our freedoms.

      No "terrorist" can ever take away our freedoms. Only governments are capable of using enough force against us to accomplish that.

  7. It has to do with foregone knowledge by Okian+Warrior · · Score: 4, Informative

    It's a subtle point described in the judges decision.

    If the government has knowledge of particular documents, they can force you to present them. This includes forcing you to open your safe or decrypting your hard drive.

    If the government has no knowledge of the contents of the hard drive, no information from other sources that indicate that you have specific documents it wants, then it can't force you to decrypt your hard drive.

    The judge's position was that since the government had no indication of whatever documents are on the hard drive, producing them tied the defendant to the documents - providing evidence of control and ownership. Since that evidence (control and ownership) was not available to the government beforehand, it would be compelled testimony.

    I think this is also reasonable in light of the fourth amendment. If the government doesn't have knowledge of specific documents, it can't go "rummaging around" on your disk looking for things.

  8. How did he encrypt it? by hawguy · · Score: 5, Interesting

    What encryption algorithm did he use that's FBI-proof?

    1. Re:How did he encrypt it? by hawguy · · Score: 4, Insightful

      Yeah!
      We crimin... drug... pirat... SECURITY EXPERTS want to know!

      I think you mean "citizens".

      There are lots of legitimate reasons a citizen may want to save information that they don't want even the US government to read. Just because I keep a diary doesn't mean I think some FBI agent should be privy to what I've written just because they suspect that I may have committed a crime.

  9. Oblig xkcd is wrong yet again by Anonymous Coward · · Score: 3, Insightful

    Bzzt. In this real life example, when the guys with the $5 wrench came along, the victim called his lawyer who brought in a judge who wields a $100 wrench.

    And it all happened (he beat the $5 wrench guys) because he encrypted. If he hadn't encrypted, he might not have ever known he was under attack (well, ok, in this particular example he actually did; most of the time you don't), wouldn't have been confronted with the $5 wrench, and wouldn't have have had the recourse of getting the judge to come in with his $100 wrench.

    Encrypt. More of than not, it results in you defeating your adversary. That's true whether the adversary is your government, someone else's government, a common thief, Google, whoever bought your refurbished drive after you RMAed it, or whoever.

    You're stupid and knowingly negligently careless if you don't encrypt anything important. We're all going to point and you and laugh at the non-random misfortune that you consciously chose to experience.

    Examples of what's important are: your shopping list, where you're having dinner tonight, mundane thoughts such as "yes, I'll have another beer" and nearly anything else. Anything you say can be used against you, and I'm not quoting Miranda; I'm quoting reality itself.

  10. Re:What is the method / software used by ewieling · · Score: 3, Interesting

    Truecrypt.

    The FBI has admitted defeat in attempts to break the open source encryption used to secure hard drives seized by Brazilian police during a 2008 investigation. <URL:http://news.techworld.com/security/3228701/>

    --
    I really shouldn't have used someone else's email address for this account.
  11. So, sort of like a car? by uncqual · · Score: 5, Interesting

    So, it's rather like if the police found a special car with very strong windows and combination locks. They have strong evidence that it's got a lot of heroin in it and want to get inside it to search it and have a warrant to do so but can't get it open.

    They think, but don't have much evidence to support that belief, that you had unrestricted access to the car interior and therefore have the combination and can open the door for them.

    What this ruling says is that they can't compel you to product the combination because then you would be being forced to reveal that you did, in fact, have the combination and, hence, access to the inside of the vehicle which would be incriminating given the contents of the car.

    If, however, they found a surveillance video that showed you opening the door of the car using the combination you could then be compelled to provide the combination as that would not reveal, for the first time, that you actually had access to the interior of the car.

    Is that correct?

    --
    Why is there an "insightful" mod and why isn't it "-1"? If I wanted insight, I wouldn't be reading /.
  12. Lessons by Anonymous Coward · · Score: 4, Interesting

    Things I learned from reading the ruling:

    1. As usual, keep your mouth shut. The guy merely admitted that he lived alone in his current residence for 15 years before he got smart and lawyer-ed up, and that fact makes an appearance in the ruling. It doesn't hurt much and they would have figured it out anyway, but it definitely didn't help.

    2. Use whole-disk encryption and encrypt everything. All evidence against him mentioned in the ruling was obtained from unencrypted drives and were what should have been private bits and metadata that leaked or never making it to the encrypted drive, especially log files. They have highly incriminating file-names, drive letters, peer-to-peer download logs, basically a ton of metadata. While this ruling almost certainly doesn't cover all the evidence against him, it's not clear the FBI would have anything at all if it weren't for the two drives that they found unencrypted. Although they must have had something else to go after him in the first place.

    3. IMO he really dodged a bullet at least in this narrow instance. Crudely speaking, Judge says it isn't reasonable to conclude that both the files in question necessarily exist and that the defendant had access to them (it sounds like the real problem is the latter). This when they have file-names, log files, and the disks in question were taken from his residence where he has lived alone for 15 years, and while he certainly hasn't admitted the disks were his, I don't see an active claim to the contrary either (which I'd likely support but he needs to say it). I'm very pro-encryption and am generally not happy with the court compelling encryption keys, but this is one of the weakest cases for not doing so that I could think of, and is probably why the FBI decided to go for it and now potentially lost big if this it the burden or proof they are stuck with to prove ownership or control of data on a disk.