Encryption Passphrase Protected by the 5th Amendment 537
Takichi writes "A federal judge in Vermont has ruled that prosecutors can't force the defendant to divulge his PGP passphrase. The ruling was given on the basis that the passphrase is protected under the 5th amendment to the United States Constitution (protection against self-incrimination)." The question comes down to, is your password the contents of your brain, or the keys to a safe.
Re:I was wondering... (Score:5, Informative)
If the subpoena is requesting production of the files in drive Z, the foregone conclusion doctrine does not apply. While the government has seen some of the files on drive Z, it has not viewed all or even most of them. While the government may know of the existence and location of the files it has previously viewed, it does not know of the existence of other files on drive Z that may contain incriminating material. By compelling entry of the password the government would be compelling production of all the files on drive Z, both known and unknown.
By giving the government his password, the judge held, that the defendant was incriminating himself by opening up all of his files that weren't pertinent to the investigation. That was my take on it. *I am not a lawyer, but I scored high on critical reading on the SAT's, for what it's worth.
Re:Interesting development (Score:5, Informative)
No, it doesn't tell you the second. If the government has the knowledge required to break the ciphers used by PGP, they would be very unlikely to reveal that for something as unimportant as this court case.
Personally, I strongly doubt that the NSA can break PGP, but this decision doesn't say anything one way or the other about the question.
Re:I was wondering... (Score:5, Informative)
But I'm nice and I found it an interesting read, so I will summarize it. There are a great many of cases involving what and when the government can force someone to turn over documents. Generally, things which don't represent what's in your mind can be forced over. An example would be a key to a lock as compared to a combination lock. The former exists, and is known to exist, and the latter's turnover requires the suspect to devolve information contained within his mind, which would be tantamount to testifying.
In this case, there is some splitting of legal hairs, and my description will be less than sound. While IANAL, I am marrying one
As I already rambled here, the government argues that they knew of the files, and that they had already seen the files. As such, the defendant needed to turn over the password. Something similar has been done previously, where the government knew that a suspect had a document in his possession,and the court forced its turnover. In this case, however, the judge unacknowledged that the prosecution has seen only a small number of the files on the encrypted drive, and that they were almost certainly incriminating. As such, the judge decided that he couldn't order the defendant to turn over the password as the governmetn would have access to new files it knew nothing about.
So, the lesson here is to just not talk to the police without your lawyer present, and don't fricking enter passwords to your files without a court order.
Re:I was wondering... (Score:3, Informative)
Animation is illegal? (Score:1, Informative)
animation gets you arrested?
Re:I was wondering... (Score:3, Informative)
That's exactly right. As far as I understand, the main concern is that by opening the disk he would potentially give the government access to the incriminating files not seen by the customs agents.
In certain circumstances... (Score:3, Informative)
Interesting thought... (Score:2, Informative)
Mount the volume with "KEY A", add a bunch of innocuous files, then unmount.
Mount the volume with "KEY B", then add the files you really want to keep from prying eyes.
If you're pressured to reveal a key, give them "KEY A".
Re:Wanna bet? (Score:1, Informative)
Re:Interesting development (Score:1, Informative)
Stuff from the WWII era is pretty widely known now. The NSA wasn't around then but its predecessors were. It's clear from the information available than they were decades ahead of academia at that point.
DES was designed in the mid-70s. The NSA was heavily involved in the later stages of the design, resulting in mysterious changes which nobody knew why they were made. A lot of people speculated that it was some sort of back door inserted by the NSA. Then in 1990, differential cryptanalysis was discovered in academia, and surprise! The new NSA-approved DES turned out to be much more resistant to it than the original. So we can conclude that the NSA was roughly 15 years ahead of academia at this point.
SHA-0 was published in 1993. It was quickly withdrawn, and replaced by SHA-1 in 1995. The reason for this was unknown, although the NSA claimed it was due to a security problem. In 1998, a cryptanalysis for SHA-0 was published, revealing a weakness which SHA-1 did not have. In 2004 an collision was found, and SHA-0 could be considered definitively broken. We can conclude that the NSA was only 5-10 years ahead of academia at this point.
It is generally accepted at this point that the NSA is just a few years ahead of what is public knowledge. They know more than the public, but not greatly more. They have enormous resources at their disposal, but without huge theoretical breakthroughs those resources will not break modern algorithms. Their capabilities are unknown, but from what is known it is pretty safe to say that they can break older ciphers, newer ciphers with extremely short key lengths, and improperly used newer ciphers, but they cannot break newer ciphers when used properly with a reasonable key length. In other words, your 2048-bit RSA keys and 128-bit AES encrypted data are very likely to be safe even if the NSA wants to get into them.
The idea that the NSA has quantum computers ready to crack encryption is pretty well ridiculous. The government has not been ahead of private industry when it comes to electronics and computation since the 50s or 60s. The first practical quantum computer is virtually guaranteed to come from the private sector.
Re:Animation is illegal? (Score:1, Informative)
An amusingly slow way to ignore the Constitution.
Re:Better use of a botnet? (Score:3, Informative)
brute force attacks on a search space of 2^128 is boarding on consuming all of approximated
energy of all the stars in the Milky-way galaxy (imagine Dyson shells around all the stars
in our galaxy)
So in reality if a greatly less than brute force method is not found for such search spaces
then there is no real way of practically applying brute-force methods.
Re:Plausible deniability (Score:4, Informative)
Q: Is it possible to use TrueCrypt without leaving any 'traces' on Windows?
A: Yes. This can be achieved by running TrueCrypt in traveller mode under BartPE. BartPE stands for "Bart's Preinstalled Environment", which is essentially the Windows operating system prepared in a way that it can be entirely stored on and booted from a CD/DVD (registry, temporary files, etc., are stored in RAM - hard disk is not used at all and does not even have to be present). The freeware Bart's PE Builder can transform a Windows XP installation CD into BartPE. As of TrueCrypt 3.1, you do not need any TrueCrypt plug-in for BartPE. Simply boot BartPE, download the latest version of TrueCrypt to the RAM disk (which BartPE creates), extract the downloaded archive to the RAM disk, and run the file 'TrueCrypt.exe' from the folder 'Setup Files' on the RAM disk (the 'Setup Files' folder should be created when you unpack the archive containing TrueCrypt).
Re:Horrible case law (Score:3, Informative)
You contradict yourself two short sentences later.
"Therefore it should be held under the same rules as getting access to a safe or a house."
It is, and this is where you contradict yourself and support the judge's (correct) conclusion. See oliphaunt's posting above regarding the Supreme Court's decisions in regards to combination safes. [slashdot.org] For convenience, I'll reproduce the relevant portion of his posting here:
In distinguishing testimonial from non-testimonial acts, the Supreme Court has compared revealing the combination to a wall safe to surrendering the key to a strongbox. See id. at 210, n. 9; see also United States v. Hubbell, 530 U.S. 27, 43 (2000). The combination conveys the contents of one's mind; the key does not and is therefore not testimonial. Doe II, 487 U.S. at 210, n. 9. A password, like a combination, is in the suspect's mind, and is therefore testimonial and beyond the reach of the grand jury subpoena.
Uhh ... no (Score:5, Informative)
Article. V.
The Congress, whenever two thirds of both Houses shall deem it necessary, shall propose Amendments to this Constitution, or, on the Application of the Legislatures of two thirds of the several States, shall call a Convention for proposing Amendments, which, in either Case, shall be valid to all Intents and Purposes, as Part of this Constitution, when ratified by the Legislatures of three fourths of the several States, or by Conventions in three fourths thereof, as the one or the other Mode of Ratification may be proposed by the Congress; Provided that no Amendment which may be made prior to the Year One thousand eight hundred and eight shall in any Manner affect the first and fourth Clauses in the Ninth Section of the first Article; and that no State, without its Consent, shall be deprived of its equal Suffrage in the Senate.
How the hell did the parent post get a +5 informative of all things?!