Forgot your password?
typodupeerror
Privacy Encryption Security

Merely Cloaking Data May Be Incriminating? 418

Posted by Zonk
from the what's-mine-is-mine dept.
n0g writes "In a recent submission to Bugtraq, Larry Gill of Guidance Software refutes some bug reports for the forensic analysis product EnCase Forensic Edition. The refutation is interesting, but one comment raises an important privacy issue. When talking about users creating loops in NTFS directories to hide data, Gill says, 'The purposeful hiding of data by the subject of an investigation is in itself important evidence and there are many scenarios where intentional data cloaking provides incriminating evidence, even if the perpetrator is successful in cloaking the data itself.' That begs the question: if one cloaks data by encrypting it, exactly what incriminating evidence does that provide? And how important is that evidence compared to the absence of anything else found that was incriminating? Are we no longer allowed to have any secrets, even on our own systems?"
This discussion has been archived. No new comments can be posted.

Merely Cloaking Data May Be Incriminating?

Comments Filter:
  • by fonik (776566) on Friday July 27, 2007 @07:41PM (#20018045)
    What about using a rare file system? If I want to put all of my stuff on ZFS and the FBI can't read it will they ship me off to Gitmo?
    • by fonik (776566) on Friday July 27, 2007 @07:52PM (#20018159)
      Offtopic? I think this is a perfect question to ask. Why is it incriminating simply to have something in a format that investigators might not understand? What if I decide to keep all of my documents in Mandarin instead of English? Is that incriminating?

      Also, The linked article is on local vulnerabilities in two common forensic software packages and doesn't even mention data "cloaking" techniques. If anything is offtopic here, it's the article or the headline.
      • by TapeCutter (624760) on Friday July 27, 2007 @10:58PM (#20019585) Journal
        "I think this is a perfect question to ask."

        I agree, technically speaking all data is "encrypted", it's the strength of the encryption that varies. Are we to assume that if forensics can't understand it then it is automatically incriminating? - That's nothing short of "guilty until proven innocent", under that policy the suspect can be locked away until he gives the investigators the non-existant key to unscramble the random sequence of bits found in the free sectors of his HDD.

        "Also, The linked article...."

        As is the custom on /. I didn't RTFA before shooting my mouth off.
        • Re: (Score:3, Informative)

          by Sancho (17056)
          There's a huge semantic difference between encrypting and encoding. All data is encoded, however encryption implies that there exists a secret which must be known in order to recover the encoded data.

          Now you can get pretty fuzzy in talking about whether or not strange filesystems constitute enough of a secret for them to be called encryption, however encodings such as ASCII, Unicode, Huffman codes, etc. are not encryption by either the popular or the cryptographic definitions.
        • by javaman235 (461502) on Saturday July 28, 2007 @01:14AM (#20020405) Homepage
          technically speaking all data is "encrypted", it's the strength of the encryption that varies.

          Really good point. Any compression system might be viewed as encryption if you don't know how to decompress it.

          I actually had to throw together an encryption system today to store some archival material online. I wrote a one time pad in python where my pad was just a jpeg of a mountain I had lying around. I contend that my ciphertext is art, a picture of a mountain combined with some literature. Who's to say it isn't?

          When it gets to he point where you can blame other people for your inability to understand what they are saying when they weren't speaking to you, the deaf and mentally disabled will rule the world.
    • by Biff Stu (654099)
      No. You don't need to go that far. The very fact that you asked that question is enough for a one-way ticket to Gitmo. Rot in hell, you fucking terrorist!
    • Easy solution (Score:5, Informative)

      by Spy der Mann (805235) <<spydermann.slashdot> <at> <gmail.com>> on Friday July 27, 2007 @09:23PM (#20018911) Homepage Journal
      Just set up a triple truecrypt partition and in the middle one put some cheap porn files. The real stuff goes in the third one.

      [ standard truecrypt [ deacoy porn ] [ hidden truecrypt [ deacoy gay porn ] [ doubly-hidden true crypt [ secret spy stuff muahahahaha ] ] ] ]
      • by a_nonamiss (743253) on Friday July 27, 2007 @11:32PM (#20019821)
        Why go to all that trouble? If my understanding of TC is correct, shouldn't you just need a hidden partition within a regular one? I thought the whole thing about the hidden partition is that it can't be mathematically proven to even exist. I mean, if you have empty space in a TC partition, it will be indistinguishable from random data. Some of that random data could feasibly be the super secret stuff you're trying to hide, and without a key, there would be no way to prove it.

        Man, if that's not true, I think many slashdotters will have to rethink how they hide their porn from their wives... Ok, from their mothers.

  • Why even ask? (Score:5, Insightful)

    by nurb432 (527695) on Friday July 27, 2007 @07:41PM (#20018049) Homepage Journal
    "Are we no longer allowed to have any secrets, even on our own systems?"

    Why do you even have to ask? As private citizens we arent allowed to hide anything from the government. Its labeled as obstruction of justice and we get tossed in the can if we dont cough up the keys. Even if we have nothing to hide.
    • Re:Why even ask? (Score:5, Insightful)

      by Ice Wewe (936718) on Friday July 27, 2007 @07:49PM (#20018125)
      Rock on, Hyde!

      I'd just like to point out, that if creating loops in NTFS is incriminating, does having an encrypted file system mean we have something to hide? Or, for that matter, wouldn't DRM be an obstruction, since it prevents access to content? Oh, right, DRM isn't bad, because it has large, multi-national corporations giving large campaign contributions-- err, I mean, supporting it.

      Hooray for capitalism!

      • The corporation will provide the keys to government agencies if they request it, so DRM is a non-issue. Nice try.
      • Re:Why even ask? (Score:5, Insightful)

        by Evilest Doer (969227) on Friday July 27, 2007 @08:46PM (#20018659)

        does having an encrypted file system mean we have something to hide?
        Of course you have something to hide. You have your tax returns, financial statements, personal journals, and other private files to hide from malicious hackers and people who might run off with your laptop. If you are in the financial industry, you have other people's private information to hide (or, at least, that's what you should do). The problem is the absurd assumption that, since we are using encryption, we have something illegal to hide.
        • Re:Why even ask? (Score:5, Insightful)

          by mlts (1038732) on Friday July 27, 2007 @09:18PM (#20018873)
          I use encryption for exactly what the parent poster described. On my laptop, why allow what would be "just" a hardware theft with use of encryption turn into a hardware, data, and possibly identity theft? This is why I use some form of whole disk encryption (BestCrypt Volume encryption, PGP WDE, WinMagic MySecureDoc, etc.)

          There is a definite need for encryption, and more than just the tired (and flawed) logic of "hiding from forensics", or "hiding illegal stuff" that a lot of people state.

          For most companies, physical theft of equipment or media is a valid concern. For example, if someone steals a backup tape that is part of an encrypted backup set (or storage pool, depending on the terminology of the backup system), the company owning the tape can hire some private investigators to quietly hunt down the tape. Without encryption, it can mean serious losses (or prison time)if the info on the tape was any way sensitive, and SOX, HIPAA, or other corporate regulations get violated.
          • Re: (Score:3, Interesting)

            by kestasjk (933987)
            In cases like that you can just give the investigators your key/passphrase, so they can verify your innocence. I think the issue is about cases where the person being asked doesn't surrender the key/passphrase, or says they lost/deleted it.
          • Re: (Score:3, Insightful)

            by mcrbids (148650)

            why allow what would be "just" a hardware theft with use of encryption turn into a hardware, data, and possibly identity theft?

            There's more sense to this than many people might realize. One of my software products tracks personal student information. Because of the potentially sensitive nature of student information, the product uses a file format that's been encrypted with libmcrypt, providing strong encryption. The product is also password-protected, so you can't use it without a program-level login and password as well as appropriate operating-system level permissions.

            Thus, if one of the users of the system loses their laptop o

            • Re: (Score:3, Interesting)

              by mlts (1038732)
              This is something that I wonder about too. The reason why most people end up using backup systems without encryption is because very few backup programs offer it. For example, bru at best uses encryption between network nodes, but I saw no mention of it using encryption to store the data on the backup media. The only real commercially available solutions that sport encryption are high end solutions like TSM, Networker, or ArcServe, and a relative few Windows based programs like Retrospect and Backup Exec
        • Re:Why even ask? (Score:5, Interesting)

          by irtza (893217) on Friday July 27, 2007 @10:11PM (#20019263) Homepage
          What's significant here is that you are suggesting that there is a reason and that you are treating all data the same in which case it can be said that the data is not really hidden. You merely have a ton of encrypted data. What would be significant and incriminating is selected encryption and "hiding" of data. For example, if all customer information is encrypted, but a select set of customer files for whom you illegally handled funds are kept separately with their own password and login then there is knowledge gained. What is learned is that you took the time and effort to separate those select files from the rest and went to the trouble to make them more difficult to access. It can then be inferred that you had cause independent of all factors other than that these files had evidence of illegal action.
      • by UbuntuDupe (970646) * on Friday July 27, 2007 @09:11PM (#20018833) Journal
        Hey, *I* didn't encrypt my data. I just performed a reversible transformation on it. It's not my fault if you're a fuckin' slowpoke at factoring large prime numbers!
    • Re: (Score:2, Insightful)

      by Anonymous Coward
      "Why do you even have to ask? As private citizens we arent allowed to hide anything from the government. Its labeled as obstruction of justice and we get tossed in the can if we dont cough up the keys. Even if we have nothing to hide."

      This is why the next presidential election will probably decide the fate of our country. We can continue down the current path of big government (Clinton, Obama, Guiliani, Romney, McCain) or we can elect the ONLY candidate who wants to restore privacy.
      Yes, restore privacy and
    • if one cloaks data by encrypting it, exactly what incriminating evidence does that provide?

      As private citizens we arent allowed to hide anything from the government.


      So I'm guessing innocent until proven guilty doesn't apply to a person's data, just a person. So if any information(data) hidden from government view in incriminating, then does that give "probable cause" to anything not already in plain sight? This would seem to be the death blow to already suffering 4th Amendment- "The right of the people t
      • by khasim (1285) <brandioch.conner@gmail.com> on Friday July 27, 2007 @08:03PM (#20018267)

        So I'm guessing innocent until proven guilty doesn't apply to a person's data, just a person.

        The cops go to a judge and get a warrant based upon whatever evidence they have that a law was broken.

        So if any information(data) hidden from government view in incriminating, then does that give "probable cause" to anything not already in plain sight?

        They'd have to have access to it already to see that it was encrypted. And that access should require a warrant.

        This would seem to be the death blow to already suffering 4th Amendment- "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

        Again, see the word "warrants" there?

        Encrypt EVERYTHING to protect yourself from regular criminals.

        But if you are accused of a crime, you have to decide whether the encrypted data will help your case or harm it. And if it will harm your case, will it do more or less harm than refusing to decrypt it?

        But there has to be a warrant. Focus your complaints on situations where there aren't any warrants.
        • by fyngyrz (762201) * on Friday July 27, 2007 @10:11PM (#20019261) Homepage Journal
          The cops go to a judge and get a warrant based upon whatever evidence they have that a law was broken.

          Yeah. Except when the authorities just break down your door, or tap your|everyone's phone, or search your vehicle, or take your property, or freeze your assets, just because that's what they've decided they want to do. Warrant, my ass. Wake up.

          that access should require a warrant.

          Yes, it should. But it doesn't. So... now what?

          But there has to be a warrant.

          No. There doesn't. There doesn't have to be a trial, either. Or access to representation. Or even a phone call. You can be tortured. Welcome to the USA. Papers, please.

      • Re:Why even ask? (Score:5, Insightful)

        by sjames (1099) on Friday July 27, 2007 @08:16PM (#20018391) Homepage

        Yep, there you have it. Police are allowed to look at anything in plain sight but need probable cause to look at anything else. Of course, that means nothing when simply having something not in plain sight is considered probable cause.

    • And if you do have that warrant, I am going to read it, and unless it specifically requires you to give up my keys, I am going to tell you to fuck off.
      • Re: (Score:3, Insightful)

        by redelm (54142)
        AFAIK, warrents do not require positive cooperation. They merely entitle the police to legally and with impunity break anything in the way of their authorized search. In criminal procedings, I do not believe you can be required to disclose keys.

        However, in civil procedings the Discovery Process may require you (under pain of contempt) to produce all requested documents. Perhaps including keys if it can be proven you still retain them. Lawyers can argue whether a plaintiff has a right to the keys indepe

        • Re: (Score:3, Insightful)

          by grahammm (9083) *
          If your documents were written in code on paper and the appropriate files were seized, could you be required or compelled (rather than simply requested) to decode the documents? If not, why should documents stored electronically be treated any differently?
    • by MikeFM (12491) on Friday July 27, 2007 @08:55PM (#20018725) Homepage Journal
      I encrypt everything just so if they ever investigate me, for whatever stupid reason they might decide to, they can demand the key and I can refuse. It's the principal of the thing. Why should we give up our privacy? What if I just want to encrpyt files by a random one time key and then erase the key? Maybe that constitutes digital art to me.

      I encourage everyone to generate files containing nothing but random noise, encrypt those files, and throw away the key. If everyone does this then they can't tell what is a real encrypted file and what isn't. For good measure email some of these random files back and forth with suspicious subject lines.
      • Re: (Score:3, Funny)

        by Maniac-X (825402)
        Ideas for suspicious subject lines: "Someone set up us the bomb, praise allah!" "bomb plan" "Pentagon destruction" etc
  • Begs the question (Score:5, Informative)

    by evanbd (210358) on Friday July 27, 2007 @07:50PM (#20018135)
    No it doesn't. It raises the question. Begging the question [wikipedia.org] is a logical fallacy, much like circular reasoning.
    • by fredrated (639554)
      By begs the question I think the poster meant 'this question begs to be asked:...'

      The answer to the question he begs is, hiding has become incriminating by definition.
    • by Anonymous Coward on Friday July 27, 2007 @08:44PM (#20018641)
      While languages DO evolve over time, simply using a phrase incorrectly is not evolution, even if the mistake is common.

      Furthermore, when you start multiplying the meanings that a word or phrase can have, you start reducing its usefulness. When it cannot make a specific idea clear, in contexts where the meaning may be ambiguous one now has to use even more words to get their idea across.

      Anyway, this specific mistake has been pointed out many times on slashdot. Zonk really should know better by now.

    • Begging the question is a logical fallacy, much like circular reasoning.


      Yes it is, but that doesn't stop it from having other definitions.

      • Begging the question is a logical fallacy, much like circular reasoning.

        Yes it is, but that doesn't stop it from having other definitions.

        This is true, merely being a logical fallacy does not stop the phrase "begging the question" from having other definitions. Not having any other definitions, however, does stop it from having other definitions. Evolving a language over time does not mean "make shit mean whatever you feel like, and pray everyone can figure out what the hell you actually meant."

  • Or fascist America, depending on which side of the pond you live.
  • If you have nothing to hide, then you have nothing to fear!
  • Ours..? (Score:2, Insightful)

    by ricebowl (999467)

    Are we no longer allowed to have any secrets, even on our own systems?

    Are they still our systems these days? I could've sworn the EULA said it was just a license I bought...

  • Good luck... (Score:5, Insightful)

    by Penguinisto (415985) on Friday July 27, 2007 @07:54PM (#20018181) Journal
    If the one and only bit of evidence on hand is the fact that someone uses an encrypted filesystem, good luck getting a conviction in criminal trial, especially if the defendant has a credible (-sounding) reason for doing so (e.g. "I've been bitten by viruses enough to want to protect myself from identity theft and I certainly don't trust a prosecutor that is obviously persecuting me right now, etc")

    Absent any other damning evidence (other concrete evidence found at the defendant's house, financial records at banks and such pointing straight to the suspect, witness testimony, etc), the prosecutor is pretty much fscked if he thinks a jury (dumb as they may be) is going to buy any counter-argument to even a halfway cogent alibi. Everyone knows that Windows is insecure. Everyone knows someone who got a virus. Everyone knows that identity theft is a Bad Thing(tm).

    Sorry, but I somehow don't see how a whole case could hinge on just one bit of evidence: "well, he has an encrypted filesystem, and he keeps invoking the 4th/5th amendments(?) in order to not unlock it, so you must convict..."

    Then there's the whole "evidence of absence is not absence of evidence" bit.

    Not much left to be useful after all that...

    /P

  • The police mindset (Score:5, Insightful)

    by Pig Hogger (10379) <pig.hoggerNO@SPAMgmail.com> on Friday July 27, 2007 @07:54PM (#20018183) Journal
    One has to take account of the police mindset. The police will not trust anyone at all . Period.

    And the police expect total control of any given situation. Whenever one does not cooperate with the police, the police no longer is in total control and will take whatever measures are necessary to regain total control.

    Adding those two points simply will make that anyone who hides stuff from the police is automatically an ennemy that has to be controlled at once.

    As a matter of fact, one cannot never win against the police. In a courtroom, yes, maybe, but not against the police.

    So the obvious solution is that everyone should perform maximum obfuscation/encrypting of data, the idea being that one cannot jail a whole country.

    • Bitter about something, are we?

      The police will not trust anyone at all . Period.

      Except their partner on the beat. And Dispatch. And the Chief. And...

      And the police expect total control of any given situation.

      I don't think they do, realistically. They might want that, but doesn't everyone? I know I'd love to have total control of any given situation.

      But realistically, any cop who has been around awhile should have seen the FBI take over an investigation, or a perp slip away because someone was stupid en

    • by drgonzo59 (747139) on Friday July 27, 2007 @10:27PM (#20019347)
      Great point.


      One has also to keep in mind that policemen are not policemen because they all have PhD's in Quantum Physics and refused tenure-track faculty positions at top universities to go and "serve and protect". To put it more bluntly, many of them are not very bright. And when people with guns who are not very bright lose control, it's not pretty (regardless on which side of the law they are). The trick is then not to only encrypt data but to encrypt it hide it altogether -- yes, steganography. Want to hide your data, then really "hide" it, don't just put it in super secure "safe" but leave the safe right in the middle of the living room. The not-so-bright people with guns have many ways of "persuasion" where they will make you give them the key eventually.

  • Suppose I left a DVD at a friend's house, and neglect to mention to the cops when they raid my house. Later the friend hands it over as part of the investigation. Is it really incriminating that I didn't tell them about it? Does the 5th amendment cover it?
  • by nonsequitor (893813) on Friday July 27, 2007 @07:57PM (#20018209)
    If I encrypt my financial data, and am unable to unlock it for the FBI because I lost the smart card I used to encrypt it, does that make me guilty of . When asked why I didn't delete it, I could say I hoped to one day find the smart card. Does that mean they can ship me off to gitmo?

    Of course the difference between this scenario and one where someone merely claims to be unable to decrypt the data is irrelevant.

    I thought that we were innocent until proven guilty in this country, not vice versa.
  • This is the same as saying, "He took the 5th! He must be guilty!", but that argument doesn't hold water.

    You can't use someone taking the 5th as "incriminating evidence".

    They can't make you testify to your password, if revealing your password incriminates you.

    IANAL.
    • More important is that you don't have that password stored anywhere.
      Also, how can they prove you didn't "forget" it, ala Ollie North?
      -nB
  • What baloney (Score:3, Insightful)

    by JustNiz (692889) on Friday July 27, 2007 @08:00PM (#20018241)
    There are plenty of legitimate reasons to encrypt personal data.
  • Duh (Score:2, Insightful)

    So, if you're being investigated, and you're hiding data pertinent to the investigation, of course thats criminal. Its just like physical evidence: if you have it, and you're hiding it from the authorities, they're obviously going to throw the book at you.

    And that, 'Are we no longer allowed to have any secrets, even on our own systems?' line is pretty sensationalist. Thats like declaring that it will soon be illegal to own a safe because a court issued a search warrant of someone's house.
  • by Grond (15515) on Friday July 27, 2007 @08:15PM (#20018385) Homepage
    First off, the linked article doesn't actually contain the quote given in the article summary. But, assuming what the article summary says is accurate...

    The relevance, admissibility, or incriminating character of the mere fact that a defendant hid something (i.e., as separate from the hidden content) is a legal question. In general, the absence of evidence is irrelevant with a few exceptions (obviously it's highly relevant to charges of destroying evidence!). The most important one is that of an absence of regularly kept business records. So, if a business regularly kept records of, say, who entered a building, and an employee were suspected of stealing something from the business, and the records for that night were missing, then perhaps that could be used as evidence against the employee on the theory that the employee had erased the record to cover his or her tracks. The same would be true if the record, rather than being deleted, had been encrypted when the others were unencrypted or encrypted in a different way/with a different key.

    This is a very glossed over view of a complicated topic, but on the narrow question of the mere fact of the use of encryption, I would tend to say that would generally not be incriminating. Certainly the prosecution cannot simply point to your TrueCrypt or FileVault encrypted drive and say "look! everything on that computer is encrypted, therefore we can't know what it is, therefore it could be evidence of wrongdoing." That is tremendously weak circumstantial evidence and falls far, far below the reasonable doubt standard.

    Note: I am not a lawyer and this is a layman's opinion, not legal advice.
    • except that most juries are made up of people not smart enough to get out of it and will swallow the "it's encrypted, so he has something to hide, so he's a nasty criminal who needs to be found guilty" argument hook, line & sinker.
      • by Gogo0 (877020)
        You mean that juries are made up of people who wont lie to get out of it and show up willingly?
        Who would want to be in the hands of THOSE people?!
        • no, made up of the people who can't come up with a convincing lie.
          Or made up of well-meaning people out to 'do some good' who will probably convict because a prosecutor tells them to, particularly if he has a police officer to testify - the nasty criminal types belong in jail.
          • Re: (Score:3, Insightful)

            by Sycraft-fu (314770)
            I'm not sure why people have this attitude. It turns out that many people don't actually mind jury duty. I don't. I certainly could come up with a convincing lie, hell I could probably come up with a legit real reason. However there's no need. My employer compensates me for time spent at jury duty and I see no reason not to do it. I'm certainly not one of these "Throw everyone in jail" types you seem to describe, I'm plenty skeptical of the government, I just don't have a reason to try and get out of jury d
  • by vanyel (28049) * on Friday July 27, 2007 @08:19PM (#20018419) Journal
    This is why you need to encrypt everything as a matter of course: the valid argument is privacy in the face of all the data theft reports coming out nearly daily, you don't know where stuff is stored all the time, so just encrypt everything.

    Anything you *do* want hidden, needs to be done in such a way that there's nothing that indicates that there *is* anything hidden, ala Truecrypt's multiple volumes. "I don't need to *hide* anything, so I'm not using that feature, it's just a good encryption tool"
  • by Somnus (46089) on Friday July 27, 2007 @08:20PM (#20018429)
    Encryption itself is only useful for preventing data theft by clandestine means. Authorities with a warrant can threaten you with jail to make you give up the keys, and even less scrupulous forces can beat them out of you. You can destroy the keys, but then you'll really piss them off.

    What you need is deniability, as in a steganographic filesystem [wikipedia.org]. No one can ever prove that there is even anything there -- "Oh, I was just playing with it, I can reformat it if you want." Even better, embed data steganographically in standard data formats, like images.

    It would be interesting to interpret the protection against self-incrimination [wikipedia.org] to include data storage, i.e. your hard disk is an extension of your consciousness. Of course, this does not accord with the original aim of this right, which was to prevent false testimony/confessions induced by torture -- your hard disk exists apart from your "will."
  • If you want to keep a secret, keep it in your head. Writing it down is a mistake. The law against self incrimination only applies to whats in your head, not what you write down. Even in code. Even better than keeping a secret is never letting anyone know you are keeping it.
  • Encrypt everything (Score:4, Insightful)

    by J'raxis (248192) on Friday July 27, 2007 @08:44PM (#20018637) Homepage

    Encrypt everything, hide everything. Then they can't point to this-or-that encrypted file and say that that's the one that must contain the incriminating evidence. The fact that most people do indeed only hide stuff when they "know they're doing something wrong" only helps the bastards build their cases.

  • You could claim it wasn't your doing, you were a victim of Ransomware [slashdot.org]...

  • Murder (Score:3, Informative)

    by Citizen of Earth (569446) on Friday July 27, 2007 @08:48PM (#20018673)

    Similarly, if the cops accuse you of murder and you don't tell them where the bodies are, that proves that you are guilty.

  • If you have a physical safe in your house, are you legally required to open it if the cops ask you to? If you don't, can the cops use that as evidence against you?

    The right way for law enforcement to treat encrypted data on a disk is to treat it the same as a combination safe (with the password being like the combination to the safe)
  • That begs the question:

    No it doesn't. See "Begs the question" [wikipedia.org].

    if one cloaks data by encrypting it, exactly what incriminating evidence does that provide?

    In the absence of any other evidence, none.

    And how important is that evidence compared to the absence of anything else found that was incriminating?

    If there is no other evidence then the fact of encryption is not evidence.
    But then, if there is no other evidence it is not likely (not impossible, but unlikely) that they would be looking at your

  • With TrueCrypt you can create a hidden volume within an encrypted volume with separate passwords. If pressured you give up the password for the outer volume where you put something mildly important so they...whoever they is in that scenario...think they got something.

    What's really a shame is that anyone in the US has to even think in those terms. Sad world we have made.

  • Apparently an encrypted copy of my tax files makes me a suspect?

    I can't see any judge believing that it's a bad idea to apply security to personal financial data.
  • by Genda (560240) <marietNO@SPAMgot.net> on Friday July 27, 2007 @09:19PM (#20018879) Journal

    There is no promise of Privacy in the Constitution, and even if there ever had been, we'd have ground that right down to a bloody stump by now with the growing power of technology on one side and the exploding power of government and big business on the other. It's hard to even say that in a world with accelerating technology and the ability to grow weapons of mass destruction in your own garage or basement, that there isn't some justifiable need for privacy to give way to greater security.

    That said, Govenment and big Business have proven beyond any shadow of a doubt that they cannot be trusted to wield the power of absoute intrusion with intelligence, dignity, or even a modicum of good taste. Microsoft is planning to turn your personal computer into their data tap in your home, a private spy on your desk... and what about our government, just today, four men falsely accused of murder in Boston by the FBI (two of whom died in prison and two others who spent 30 year behind bars), just got record making settlements of $102,000,000.00 for malicious prosecution and false imprisonment. Are these really the folks you wants to be watching every atom of your transparent life day in and day out? God help you if it becomes in their political or financial interest to have you made into "Soylent" (pick a color.)

    So if we're going to live in a transparent society, where every person is;

    • Videod from the time they leave their front door to the time the get back in the evening,
    • Having every network packet they send or receive deep scanned for content, ownership, recipients, and legality,
    • Running a computer with hardware and software providing virtually total exposure to data collecting agent both benign and malignant,
    • And ultimately where every appliance, every room, every space will be filled with intelligent sensors recording every action, preference, habit, activity, and affiliation that any of us might have,
    then we are clearly far overdue for the creation of a new Bill of Rights. We must begin to think about the implications of our technology, and how the clear and unbridled abuse of that power by a loathsome few endangers all of us. If the world is to become transparent, then we must be assured that the eyes that see us, are fair, impartial, and dedicated to the sanctity of our humanity, and our dignity. In short those eyes cannot be human. They can be programmed by humans (who are themselves seen transparently by all), so that the tools that insure our safety, our comfort, ease, and efficiency, aren't used against us by greedy, power hungry, or despotic men. The temptation for misuse is simply too great, we must relenquish the process of watching people to ever smarter machines who have been programmed to act in our best interest. We need to make the breaking of these laws or personal protections prunishable by the most draconian measures. We need to watch the watcher and perhaps even watch those. We need to give people the blessings of infinite information without robbing them of every last shred of their humanity.

    In the end, this may indeed be the greatest challenge of the twenty first century

    • by Dunbal (464142)
      There is no promise of Privacy in the Constitution, and even if there ever had been

      See in most countries, you have the intrinsic right to EVERYTHING, and laws and constitutions set limits on those rights. Laws do not GRANT permission to citizens, they take permissions away. Laws ONLY grant specific permissions and rights to public servants and the government.

      If there's no mention of privacy, YOU HAVE IT BY DEFAULT. At least that's the way it should be. And that's
    • by Kpau (621891) on Friday July 27, 2007 @09:42PM (#20019033)
      The Constitution is not an "assignment of rights". It is a set of LIMITATIONs on the government and what it may do. The last piece of the Bill of Rights specifically says that the enumeration of specific rights does not make other natural rights vaporize. Besides, the 4th Amendment is basically about privacy even if it doesn't specifically use the word. "Habeus Corpus" is also *assumed* in the Constitution since it references it. They never should have called it the Bill of Rights ..... I guess it was just easier to say than "The Bill of Restrictions on the Government".
    • Re: (Score:3, Informative)

      by Torodung (31985)

      There is no promise of Privacy in the Constitution

      Incorrect. There is no explicit promise of privacy.

      However, if you take the ninth amendment, and salt with a liberal (pun intended) helping of Supreme Court rulings, starting with Griswold v. Connecticut [wikipedia.org] in 1965, you'll find that it is pretty much established law forty-two years later. It is a 9th amendment unenumerated right, but supposedly also supported by the "Due Process" section of the 14th amendment. I don't really understand how Justice Harlan's "substantive due process" rationale actually works, b

  • by SwashbucklingCowboy (727629) on Friday July 27, 2007 @09:45PM (#20019071)
    From http://news.com.com/Minnesota+court+takes+dim+view +of+encryption/2100-1030_3-5718978.html [com.com]

    A Minnesota appeals court has ruled that the presence of encryption software on a computer may be viewed as evidence of criminal intent.

    So, according to the morons on that court, even if you haven't actually encrypted any data, the fact that you had the tools to encrypt data was enough to judge criminal intent, sort of like possession of burglary tools. The problem, of course, is that encryption software has legitimate uses.

    I wonder if any of those judges had Microsoft Office on their computers - if they did then they possessed encryption software and could be viewed as having criminal intent.

  • by TheNetAvenger (624455) on Friday July 27, 2007 @09:46PM (#20019077)
    The important people just ask Bush to invoke Executive Privilege, and then they are free to obstruct any and all investigations.

    Truly though, just because you encrypt something has no basic legal grounds of incrimination, it is just like locking up your house. However just as a subpoena could be issued to force you to open your house to legal officials, a subpoena could also force you to un-encrypt the volume.

    Beyond that, they are really grasping at straws or are trying to see the world via the horrors the Bush administration has done to civil protections and liberties.
  • Are we allowed? (Score:3, Insightful)

    by philovivero (321158) on Friday July 27, 2007 @10:26PM (#20019345) Homepage Journal

    Are we no longer allowed to have any secrets, even on our own systems?
    In a fascist police state, you are not allowed to have privacy or secrets. I thought we'd agreed the (lack of) utility of a fascist police state after World War II, but apparently we've all changed our minds.
  • by ignavus (213578) on Saturday July 28, 2007 @12:09AM (#20020057)
    It works like this...

    The government, being a public institution, has to keep everything it does private. That's why you are not allowed to see their secret files.

    But a citizen, being a private individual, has to keep everything they do public. That's why the government must be able to see your secret files.

    Got it?
  • by Torodung (31985) on Saturday July 28, 2007 @05:07AM (#20021357) Journal

    intentional data cloaking provides incriminating evidence, even if the perpetrator is successful in cloaking the data itself.
    That sounds very much like the DMCA prohibition against DRM circumvention methods, with one very important difference: your data is yours, and what you do with it is your business. In the DMCA, circumvention utilities are suspect because they can only be used to take the locks off someone else's data. In this case, Mr. Gill is arguing that you aren't allowed to circumvent his software, and doing so is suspect, if not criminal.

    I wonder if he realizes that if a person has data to which he holds copyright on his hard disks, and then hides it, Gill's recovery software is then in violation of the DMCA anti-circumvention clause? His software is DMCA Grade-A illegal if anyone stores anything, no matter how trivial, that is his own copyright, is legal, and is deliberately hidden from this program.

    Anyone with a legal background want to send this guy a "cease and desist" letter? }:^>

    --
    Toro
    (c) 2007 *all rights reserved*

I don't want to achieve immortality through my work. I want to achieve immortality through not dying. -- Woody Allen

Working...