Merely Cloaking Data May Be Incriminating?

n0g writes "In a recent submission to Bugtraq, Larry Gill of Guidance Software refutes some bug reports for the forensic analysis product EnCase Forensic Edition. The refutation is interesting, but one comment raises an important privacy issue. When talking about users creating loops in NTFS directories to hide data, Gill says, 'The purposeful hiding of data by the subject of an investigation is in itself important evidence and there are many scenarios where intentional data cloaking provides incriminating evidence, even if the perpetrator is successful in cloaking the data itself.' That begs the question: if one cloaks data by encrypting it, exactly what incriminating evidence does that provide? And how important is that evidence compared to the absence of anything else found that was incriminating? Are we no longer allowed to have any secrets, even on our own systems?"

Begs the question

[evanbd]

No it doesn't. It raises the question. Begging the question [wikipedia.org] is a logical fallacy, much like circular reasoning.

Deniability is what matters

[Somnus]

Encryption itself is only useful for preventing data theft by clandestine means. Authorities with a warrant can threaten you with jail to make you give up the keys, and even less scrupulous forces can beat them out of you. You can destroy the keys, but then you'll really piss them off.

What you need is deniability, as in a steganographic filesystem [wikipedia.org]. No one can ever prove that there is even anything there -- "Oh, I was just playing with it, I can reformat it if you want." Even better, embed data steganographically in standard data formats, like images.

It would be interesting to interpret the protection against self-incrimination [wikipedia.org] to include data storage, i.e. your hard disk is an extension of your consciousness. Of course, this does not accord with the original aim of this right, which was to prevent false testimony/confessions induced by torture -- your hard disk exists apart from your "will."

Re:What kind of sensationalist nonsense is this?

[SanityInAnarchy]

Right. I suspect that this could be used in, for example, subpeona-ing the IM logs of my friends who don't encrypt them, or of, say, Microsoft (for my MSN logs)...

I'm not sure it was meant to imply that the act of cloaking is itself incriminating, but rather that knowing you cloaked your data might tell them where to look. But then, it really was not worded very clearly.

Murder

[Citizen of Earth]

Similarly, if the cops accuse you of murder and you don't tell them where the bodies are, that proves that you are guilty.

Re:Other types of cloaking...

[Anonymous Coward]

Here is Larry Gill's self-serving post. Sounds like he's saying, "None of these bugs are important, because we don't have any important bugs in our software." Don't we all know people/companies like this, who won't own up to anything? The submitter is making a bit much of the data cloaking comment, if you ask me.

http://www.securityfocus.com/archive/1/474727/30/0 /threaded [securityfocus.com]

Re:Another take..

[hibji]

Not yet in the US, but UK has the RIPA act: http://en.wikipedia.org/wiki/Regulation_of_Investi gatory_Powers_Act_2000 [wikipedia.org]

Easy solution

[Spy der Mann]

Just set up a triple truecrypt partition and in the middle one put some cheap porn files. The real stuff goes in the third one.

[ standard truecrypt [ deacoy porn ] [ hidden truecrypt [ deacoy gay porn ] [ doubly-hidden true crypt [ secret spy stuff muahahahaha ] ] ] ]

Re:The Matter of Privacy

[Kpau]

The Constitution is not an "assignment of rights". It is a set of LIMITATIONs on the government and what it may do. The last piece of the Bill of Rights specifically says that the enumeration of specific rights does not make other natural rights vaporize. Besides, the 4th Amendment is basically about privacy even if it doesn't specifically use the word. "Habeus Corpus" is also *assumed* in the Constitution since it references it. They never should have called it the Bill of Rights ..... I guess it was just easier to say than "The Bill of Restrictions on the Government".

Re:It's called a "warrant".

[fyngyrz]

The cops go to a judge and get a warrant based upon whatever evidence they have that a law was broken.

Yeah. Except when the authorities just break down your door, or tap your|everyone's phone, or search your vehicle, or take your property, or freeze your assets, just because that's what they've decided they want to do. Warrant, my ass. Wake up.

that access should require a warrant.

Yes, it should. But it doesn't. So... now what?

But there has to be a warrant.

No. There doesn't. There doesn't have to be a trial, either. Or access to representation. Or even a phone call. You can be tortured. Welcome to the USA. Papers, please.

Re:You Don't Even Have to Actually Cloak Any Data.

[Anonymous Coward]

It appears you just read the headline and nothing else. The article doesn't elaborate much on the consideration, except to note that an appeals court ruled its inclusion as evidence was "somewhat relevant". The article does say:
"...Rather, Levie's conviction was based on the in-person testimony of the girl who said she was paid to pose nude, coupled with the history of searches for "Lolitas" in Levie's Web browser." It seems to be me he would have been convicted regardless of the PGP's presence on his hard drive.
You can find the complete appeals court ruling at http://www.lawlibrary.state.mn.us/archive/ctappub/ 0505/opa040381-0503.htm [state.mn.us]

Re:Good luck...

[jamstar7]

There eventually is one, if you're a US citizen. The longer the wait, the bigger the lawsuit payout.

Unless of course you're declared an Enemy Combatant, in which case, hi-ho, hi-ho, it's off to Gitmo you go!

Re:Why even ask?

[Anonymous Coward]

As most people know, law enforcement must have your permission to search your vehicle without a warrant. And to get a warrant, they need probable cause. But, unless it's been superceded recently, it's settled law (by a US Court of Appeals, I believe) that refusal to grant permission for a search does not constitute probable cause for a warrant.

That's ok, they'll come up with something else. Seriously, the best "probable cause" I've heard after not getting consent to search is "you were driving suspiciously." If that works, then anything goes.

Re:Ron Paul? Yeah Right.

[wordsnyc]

The cross-burning thing, I would say, is the least of the problems with Paul. There's a legitimate argument over protected speech there (not that Paul doesn't have a rich record of being a racist asshole).

But, more importantly, Paul has a long history of aligning himself with neo-fascist, white supremacist and Christian Reconstructionist groups. This man wants a fundamentalist, Taliban-esque theocracy run by white men. None for me, thanks.

Re:Guilty until proven innocent

[Sancho]

There's a huge semantic difference between encrypting and encoding. All data is encoded, however encryption implies that there exists a secret which must be known in order to recover the encoded data.

Now you can get pretty fuzzy in talking about whether or not strange filesystems constitute enough of a secret for them to be called encryption, however encodings such as ASCII, Unicode, Huffman codes, etc. are not encryption by either the popular or the cryptographic definitions.

Re:The Matter of Privacy

[Torodung]

There is no promise of Privacy in the Constitution

Incorrect. There is no explicit promise of privacy.

However, if you take the ninth amendment, and salt with a liberal (pun intended) helping of Supreme Court rulings, starting with Griswold v. Connecticut [wikipedia.org] in 1965, you'll find that it is pretty much established law forty-two years later. It is a 9th amendment unenumerated right, but supposedly also supported by the "Due Process" section of the 14th amendment. I don't really understand how Justice Harlan's "substantive due process" rationale actually works, but it has been relied upon in decades of precedent and ruling after ruling, most notably Roe v. Wade, so it's basically legal fact at this point.

The scope is selective, however. Largely, privacy rights fall under the categories of "what you do in your bedroom," "what medical treatment you choose," and "what you do with your money." That's certainly enough of a basis to hold off a police state, however, and can always be amended to add new protected subject matter and activity without writing a new Bill of Rights. It's only going to expand at this point.

So, good news, you have a "right to privacy." It's established law and it's considered to be guaranteed by the 9th and 14th amendments. For instance, privacy law is the foundation of the various medical privacy acts. Someone just has to wake up the folks in Washington who don't understand that "common law" is, in fact, actual law.

The real problem, as you so aptly illustrated, is that we are voluntarily surrendering it with our own technology choices. Your "Brave New World" future portrait hits the nail on the head. The true blow to privacy is when we agree to use and implement such technologies, or allow them, through apathy and complacency, to become the only way to conduct our lives.

--
Toro

Re:Guilty until proven innocent

[dhasenan]

These people are selling products and services to prosecutors. Defense attorneys only need to be aware of flaws in forensics software and practices that can result in false positives.

Pleading the fifth in front of a jury when you're the defendant is tantamount to an admission of guilt. But there was an encryption/steganography system called Rubberhose ( http://iq.org/~proff/rubberhose.org/ [iq.org] ) that allowed you to create an arbitrary number of encrypted volumes in one disk segment, where each volume took up a random sequence of blocks. You could have four or five encrypted volumes, one of which contained the incriminating material and the rest of which contained plausibly embarrassing and private material. Then you can comply; nobody can prove that you haven't decrypted everything, since the entire disk segment is filled with random-seeming data.

TrueCrypt does almost as well as Rubberhose, and it's maintained. It allows you to create nested encrypted volumes, but defaults to two volumes deep, and I'm not sure whether it supports any more than that.

Re:Why even ask?

[BalanceOfJudgement]

realize that the American people won't take this stuff any more,

And upon what do you base this assertion? The American people have shown time and time again that they'll accept any injustice, no matter how grave, so long as their bread and circuses aren't endangered.