Merely Cloaking Data May Be Incriminating? 418
n0g writes "In a recent submission to Bugtraq, Larry Gill of Guidance Software refutes some bug reports for the forensic analysis product EnCase Forensic Edition. The refutation is interesting, but one comment raises an important privacy issue. When talking about users creating loops in NTFS directories to hide data, Gill says, 'The purposeful hiding of data by the subject of an investigation is in itself important evidence and there are many scenarios where intentional data cloaking provides incriminating evidence, even if the perpetrator is successful in cloaking the data itself.' That begs the question: if one cloaks data by encrypting it, exactly what incriminating evidence does that provide? And how important is that evidence compared to the absence of anything else found that was incriminating? Are we no longer allowed to have any secrets, even on our own systems?"
Other types of cloaking... (Score:5, Insightful)
Why even ask? (Score:5, Insightful)
Why do you even have to ask? As private citizens we arent allowed to hide anything from the government. Its labeled as obstruction of justice and we get tossed in the can if we dont cough up the keys. Even if we have nothing to hide.
Re:Why even ask? (Score:5, Insightful)
I'd just like to point out, that if creating loops in NTFS is incriminating, does having an encrypted file system mean we have something to hide? Or, for that matter, wouldn't DRM be an obstruction, since it prevents access to content? Oh, right, DRM isn't bad, because it has large, multi-national corporations giving large campaign contributions-- err, I mean, supporting it.
Hooray for capitalism!
Re:Why even ask? (Score:2, Insightful)
This is why the next presidential election will probably decide the fate of our country. We can continue down the current path of big government (Clinton, Obama, Guiliani, Romney, McCain) or we can elect the ONLY candidate who wants to restore privacy.
Yes, restore privacy and LIMIT the government.
This candidate is Dr. Ron Paul. http://www.ronpaul08.com/ [ronpaul08.com]
And yes Dems, your candidate are in he pockets of special interest. (Example, Clinton Obama taking money from the RIAA) Niether of them are Pro Freedom. While they mihgt be the lesser of two evils; they are still evil!
The Only candidate talking about *restoring* and *respecting* the Constitution and Privacy and Limiting government is Dr. Ron Paul.
Please folks, wake up, the Government is NOT your friend.
Re:Other types of cloaking... (Score:5, Insightful)
Also, The linked article is on local vulnerabilities in two common forensic software packages and doesn't even mention data "cloaking" techniques. If anything is offtopic here, it's the article or the headline.
Ours..? (Score:2, Insightful)
Are they still our systems these days? I could've sworn the EULA said it was just a license I bought...
Good luck... (Score:5, Insightful)
Absent any other damning evidence (other concrete evidence found at the defendant's house, financial records at banks and such pointing straight to the suspect, witness testimony, etc), the prosecutor is pretty much fscked if he thinks a jury (dumb as they may be) is going to buy any counter-argument to even a halfway cogent alibi. Everyone knows that Windows is insecure. Everyone knows someone who got a virus. Everyone knows that identity theft is a Bad Thing(tm).
Sorry, but I somehow don't see how a whole case could hinge on just one bit of evidence: "well, he has an encrypted filesystem, and he keeps invoking the 4th/5th amendments(?) in order to not unlock it, so you must convict..."
Then there's the whole "evidence of absence is not absence of evidence" bit.
Not much left to be useful after all that...
The police mindset (Score:5, Insightful)
And the police expect total control of any given situation. Whenever one does not cooperate with the police, the police no longer is in total control and will take whatever measures are necessary to regain total control.
Adding those two points simply will make that anyone who hides stuff from the police is automatically an ennemy that has to be controlled at once.
As a matter of fact, one cannot never win against the police. In a courtroom, yes, maybe, but not against the police.
So the obvious solution is that everyone should perform maximum obfuscation/encrypting of data, the idea being that one cannot jail a whole country.
What baloney (Score:3, Insightful)
Re:4th Amendment (Score:5, Insightful)
Duh (Score:2, Insightful)
And that, 'Are we no longer allowed to have any secrets, even on our own systems?' line is pretty sensationalist. Thats like declaring that it will soon be illegal to own a safe because a court issued a search warrant of someone's house.
Re:Why even ask? (Score:1, Insightful)
Ron Paul finally gives me hope. Everything should be done, he says, according to the Constitution, and I agree.
What pisses me off the most about all of this is having to post anonymously because political dissent could cost me a security clearance and thus, my career. We're heading into a world where the government can keep tabs on everyone at all times - we really should try to keep power-hungry plutocratic morons from the top positions in government the best we can.
legal issue but technical commentator (Score:3, Insightful)
The relevance, admissibility, or incriminating character of the mere fact that a defendant hid something (i.e., as separate from the hidden content) is a legal question. In general, the absence of evidence is irrelevant with a few exceptions (obviously it's highly relevant to charges of destroying evidence!). The most important one is that of an absence of regularly kept business records. So, if a business regularly kept records of, say, who entered a building, and an employee were suspected of stealing something from the business, and the records for that night were missing, then perhaps that could be used as evidence against the employee on the theory that the employee had erased the record to cover his or her tracks. The same would be true if the record, rather than being deleted, had been encrypted when the others were unencrypted or encrypted in a different way/with a different key.
This is a very glossed over view of a complicated topic, but on the narrow question of the mere fact of the use of encryption, I would tend to say that would generally not be incriminating. Certainly the prosecution cannot simply point to your TrueCrypt or FileVault encrypted drive and say "look! everything on that computer is encrypted, therefore we can't know what it is, therefore it could be evidence of wrongdoing." That is tremendously weak circumstantial evidence and falls far, far below the reasonable doubt standard.
Note: I am not a lawyer and this is a layman's opinion, not legal advice.
Re:Why even ask? (Score:5, Insightful)
Yep, there you have it. Police are allowed to look at anything in plain sight but need probable cause to look at anything else. Of course, that means nothing when simply having something not in plain sight is considered probable cause.
Encrypt everything, and provide for deniability (Score:3, Insightful)
Anything you *do* want hidden, needs to be done in such a way that there's nothing that indicates that there *is* anything hidden, ala Truecrypt's multiple volumes. "I don't need to *hide* anything, so I'm not using that feature, it's just a good encryption tool"
Encrypt everything (Score:4, Insightful)
Encrypt everything, hide everything. Then they can't point to this-or-that encrypted file and say that that's the one that must contain the incriminating evidence. The fact that most people do indeed only hide stuff when they "know they're doing something wrong" only helps the bastards build their cases.
Zonk should know better by now. (Score:5, Insightful)
Furthermore, when you start multiplying the meanings that a word or phrase can have, you start reducing its usefulness. When it cannot make a specific idea clear, in contexts where the meaning may be ambiguous one now has to use even more words to get their idea across.
Anyway, this specific mistake has been pointed out many times on slashdot. Zonk really should know better by now.
Re:Why even ask? (Score:5, Insightful)
Re:Other types of cloaking... (Score:1, Insightful)
Re:Other types of cloaking... (Score:1, Insightful)
Re:Nothing to hide (Score:3, Insightful)
How did this get to +5? (Score:3, Insightful)
Bitter about something, are we?
Except their partner on the beat. And Dispatch. And the Chief. And...
I don't think they do, realistically. They might want that, but doesn't everyone? I know I'd love to have total control of any given situation.
But realistically, any cop who has been around awhile should have seen the FBI take over an investigation, or a perp slip away because someone was stupid enough to violate their fourth-amendment rights. Or a good friend die in the line of duty.
If, in the course of investigation, they come across someone hiding stuff, it might make them suspicious. It might even automatically make that person a suspect. But "suspect" doesn't mean "enemy", because they have to be willing to accept that they may have the wrong person. (That's not always true, of course -- sometimes they know they've got the right guy, but he's still a "suspect" until he becomes a "defendant".)
Erm... you just refuted your own argument.
I mean, even your grammar disagrees with you here: "one cannot never win against the police." Cannot never. That means it is impossible for someone to never win against the police. Meaning that at least once in your life, you will win against the police.
It's tricky to figure out what you mean by "In a courtroom..." If you're saying that it's possible to win in a courtroom, then you're right. If you're saying it's not possible to win in a courtroom against the police, you're dead wrong. There have been cases where, for example, a cop opened the trunk of some guy's car without a warrant, and there was a dead body in the trunk -- but since it was obtained through an illegal search, it could not be used as evidence. Which means that the guy walked. (Might have been on Law & Order, actually, but there have been real cases like that.)
If you can get away with murder on a technicality, because some policeman (in this case a policewoman, I think) didn't follow procedure exactly, I call that "winning against the police."
Wrong again!
First, everyone will not do this. I think you'll only really get a few zealots (like whatever morons modded you +5 Insightful), but let's pretend for a moment that every technically-minded person followed you.
Now, I don't care how many that is, but there are overwhelmingly more people who actually feel good about AOL (and Earthlink, etc), spend all day on Myspace, have no clue what an operating system even is, etc etc.
And before you say "one cannot jail a whole class of people", I'll point you to Germany, circa 1942 -- several whole classes of people were not only jailed, they were also enslaved and killed wholesale.
I don't mean to say I expect another Holocaust here. What I am saying is that if you really believe that a truly massive number of people using encryption won't be jailed in this country, then you should also believe that even the small minority who seriously uses encryption today should be safe.
Re:Once you have a warrant. (Score:3, Insightful)
However, in civil procedings the Discovery Process may require you (under pain of contempt) to produce all requested documents. Perhaps including keys if it can be proven you still retain them. Lawyers can argue whether a plaintiff has a right to the keys independant of the documents. Not that they have any right to seize the machine.
A truly maniacal police/DA might seize a machine then start a civil suit. But there are usually ways to stop this.
Re:Why even ask? (Score:5, Insightful)
There is a definite need for encryption, and more than just the tired (and flawed) logic of "hiding from forensics", or "hiding illegal stuff" that a lot of people state.
For most companies, physical theft of equipment or media is a valid concern. For example, if someone steals a backup tape that is part of an encrypted backup set (or storage pool, depending on the terminology of the backup system), the company owning the tape can hire some private investigators to quietly hunt down the tape. Without encryption, it can mean serious losses (or prison time)if the info on the tape was any way sensitive, and SOX, HIPAA, or other corporate regulations get violated.
The Matter of Privacy (Score:5, Insightful)
There is no promise of Privacy in the Constitution, and even if there ever had been, we'd have ground that right down to a bloody stump by now with the growing power of technology on one side and the exploding power of government and big business on the other. It's hard to even say that in a world with accelerating technology and the ability to grow weapons of mass destruction in your own garage or basement, that there isn't some justifiable need for privacy to give way to greater security.
That said, Govenment and big Business have proven beyond any shadow of a doubt that they cannot be trusted to wield the power of absoute intrusion with intelligence, dignity, or even a modicum of good taste. Microsoft is planning to turn your personal computer into their data tap in your home, a private spy on your desk... and what about our government, just today, four men falsely accused of murder in Boston by the FBI (two of whom died in prison and two others who spent 30 year behind bars), just got record making settlements of $102,000,000.00 for malicious prosecution and false imprisonment. Are these really the folks you wants to be watching every atom of your transparent life day in and day out? God help you if it becomes in their political or financial interest to have you made into "Soylent" (pick a color.)
So if we're going to live in a transparent society, where every person is;
In the end, this may indeed be the greatest challenge of the twenty first century
You Don't Even Have to Actually Cloak Any Data... (Score:5, Insightful)
So, according to the morons on that court, even if you haven't actually encrypted any data, the fact that you had the tools to encrypt data was enough to judge criminal intent, sort of like possession of burglary tools. The problem, of course, is that encryption software has legitimate uses.
I wonder if any of those judges had Microsoft Office on their computers - if they did then they possessed encryption software and could be viewed as having criminal intent.
Well it don't matter to 'important people'... (Score:3, Insightful)
Truly though, just because you encrypt something has no basic legal grounds of incrimination, it is just like locking up your house. However just as a subpoena could be issued to force you to open your house to legal officials, a subpoena could also force you to un-encrypt the volume.
Beyond that, they are really grasping at straws or are trying to see the world via the horrors the Bush administration has done to civil protections and liberties.
Of course it's incriminating (Score:2, Insightful)
Re:Other types of cloaking... (Score:1, Insightful)
You are correct, but maybe the language was wrong. More people understand Mandarin Chinese than any other language. Maybe you meant something like Navaho. Oh wait, that was done before.
+1 Insightful from me, but I don't have any mod points.
Re:Nothing to hide (Score:2, Insightful)
Says the Anonymous Coward. How ironic.
Are we allowed? (Score:3, Insightful)
Re:The police mindset (Score:4, Insightful)
One has also to keep in mind that policemen are not policemen because they all have PhD's in Quantum Physics and refused tenure-track faculty positions at top universities to go and "serve and protect". To put it more bluntly, many of them are not very bright. And when people with guns who are not very bright lose control, it's not pretty (regardless on which side of the law they are). The trick is then not to only encrypt data but to encrypt it hide it altogether -- yes, steganography. Want to hide your data, then really "hide" it, don't just put it in super secure "safe" but leave the safe right in the middle of the living room. The not-so-bright people with guns have many ways of "persuasion" where they will make you give them the key eventually.
Guilty until proven innocent (Score:5, Insightful)
I agree, technically speaking all data is "encrypted", it's the strength of the encryption that varies. Are we to assume that if forensics can't understand it then it is automatically incriminating? - That's nothing short of "guilty until proven innocent", under that policy the suspect can be locked away until he gives the investigators the non-existant key to unscramble the random sequence of bits found in the free sectors of his HDD.
"Also, The linked article...."
As is the custom on
Re:legal issue but technical commentator (Score:3, Insightful)
Re:Why even ask? (Score:3, Insightful)
Thus, if one of the users of the system loses their laptop or it gets stolen, that fact does not, in and of itself, connote any particular breach of information security - and this is a fact that we clearly make during our sales pitch. And this pitch works, too!
Encryption is not a bad thing, any more than a hammer is. Use it where it's wise to do so, and fight it where it hurts. (EG: DRM)
Honestly - why does ANYONE use backup systems that aren't encrypted?
Re:Guilty until proven innocent (Score:5, Insightful)
Really good point. Any compression system might be viewed as encryption if you don't know how to decompress it.
I actually had to throw together an encryption system today to store some archival material online. I wrote a one time pad in python where my pad was just a jpeg of a mountain I had lying around. I contend that my ciphertext is art, a picture of a mountain combined with some literature. Who's to say it isn't?
When it gets to he point where you can blame other people for your inability to understand what they are saying when they weren't speaking to you, the deaf and mentally disabled will rule the world.
Re:4th Amendment (Score:1, Insightful)
The fifth amendment no longer means shit. They will say it applies only to testimony given in court. Tough shit if you have to pre-incriminate yourself by handing over material listed in the (clearly unconstitutional) warrant. Hold back anything and they have you for obstructing justice and/or contempt of court.
Shit, don't any of you remember the guy who just got out of jail a couple of months ago on a contempt charge because he simply refused an FBI demand to turn over all video he'd taken of an altercation in Oakland, CA where a police car got torched? Fuck, all he did was withhold material they demanded for an illegal purpose.
Surely you know that any cop who understands his job knows where to find the ex-cop judge who will order a colonoscopy on you if the shit cop asks for it. Under the Parrot Act, all the cop has to say is "investigation related to terrorism". After that magic phrase is uttered, the judge cannot refuse to sign the warrant and may not even take any action to determine the validity of the charge.
THE TERRORISTS HAVE ALREADY WON.
Just the amount of dollars spent on security theater since 9/11 is, all by itself, the greatest ROI in history for the paltry couple of million expended on the attacks.
The rest -- the destruction of our civil liberties and the wiping of Bush's asshole with the Constitution -- is pure gravy.
Re:Once you have a warrant. (Score:3, Insightful)
Re:It's called a "warrant". (Score:2, Insightful)
Re:Guilty until proven innocent (Score:3, Insightful)
Re:Zonk should know better by now. (Score:1, Insightful)
For someone who is arguing for the logician's use of the phrase, this reasoning does not make a good deal of sense. If a phrase can be used in more than one way, it is applicable in more settings and therefore more useful -- especially in this case, where it's obvious which meaning the speaker is using. In the common usage, the speaker will immediately tell you which question is begging to be asked, while in logician's usage, they will not.
And in this case, you do not need to use more words to get the basic idea across. "That begs the question" has the same number of words as "that raises the question", and they have roughly the same meaning, except that the former emphasizes the obviousness of the question given the situation. Likewise, "That begs the question" has the same number of words as "that is circular reasoning", and it has the same logical meaning, but then you don't get the same smug satisfaction for having used it.
Despite your desire to the contrary, mistaken usage is one of the common ways languages change over time. For example: calling something "awful" used to be something of a compliment, since it meant "awe-full" or "filling with awe" -- what we today would call "awe-inspiring". But the meaning changed over time, probably because it was used in the phrase "awful and terrible" ("awe- and terror-inspiring"), and "awful" picked up the negative qualities of "terrible" because people had not seen the word before in other contexts.
In the case of "begs the question", neither phrase makes a good deal of sense on its own. Other words need to be inserted to fully explain the meaning: "That [situation] begs the question [to be asked]: