Forgot your password?
typodupeerror
Privacy The Courts Encryption Your Rights Online

US Judge Rules Defendant Can Be Forced To Decrypt Hard Drive 1047

Posted by Soulskill
from the it's-not-incriminating-yourself-it's-just-pushing-buttons dept.
A Commentor writes "Perhaps to balance the good news with the Supreme Court ruling on GPS, a judge in Colorado has ordered a defendant to decrypt her hard drive. The government doesn't have the capability to break the PGP encryption, and 'the Fifth Amendment is not implicated by requiring production of the unencrypted contents' of the defendant's computer."
This discussion has been archived. No new comments can be posted.

US Judge Rules Defendant Can Be Forced To Decrypt Hard Drive

Comments Filter:
  • no 5th? (Score:5, Insightful)

    by MrDoh! (71235) on Tuesday January 24, 2012 @01:22AM (#38801343) Homepage Journal

    If there's incriminating evidence, surely this is a perfect example on why the person can't decrypt as it WOULD self incriminate them!

  • Pesky constitution (Score:2, Insightful)

    by mykos (1627575) on Tuesday January 24, 2012 @01:28AM (#38801389)
    This kills the fifth amendment, and the NDAA killed the first, fourth, and sixth amendments. The second amendment has been dead for decades. I think only the 21st amendment is safe in the entire constitution.
  • depending (Score:3, Insightful)

    by arbiter1 (1204146) on Tuesday January 24, 2012 @01:28AM (#38801391)
    Depends on what is stored on that drive i would say No, and take the contempt of court charges.
  • by mercnet (691993) on Tuesday January 24, 2012 @01:35AM (#38801427)
    Since the laws mean nothing in the US anymore. TrueCrypt goes into great detail about making a decoy OS: http://www.truecrypt.org/docs/?s=hidden-operating-system [truecrypt.org]
  • by snowgirl (978879) on Tuesday January 24, 2012 @01:42AM (#38801485) Journal

    the NDAA killed the first, fourth, and sixth amendments.

    The NDAA provision is a statutory law, it CANNOT overrule any amendment. If they are in conflict, then the NDAA loses.

    And after that, WTF? How did it kill the first amendment? Did it establish a relgion? Prohibit the free exercise of religion? Abridge the freedom of speech, or press? Or our right to peacefully assemble? Or did it eliminate our ability to petition the government for a redress of our grievances?

    The second amendment has been dead for decades.

    WTF? The Supreme court just recently ruled that the District of Columbia, and later a state jurisdiction as well are unable to effect regulation of gun ownership in a way that prohibits the ownership of a gun by the general citizenship. No less, the ruling also enforced that regulation of gun ownership cannot require that the gun be dismantled, or otherwise stored in a non-functional state.

    And before anyone brings up the dissenting opinions in those cases, even the dissenting opinions stated that the 2nd amendment CLEARLY applies to all citizens, and not just to militia forces.

    I think only the 21st amendment is safe in the entire constitution.

    Your apocalyptic rhetoric is unnecessary hyperbole.

  • Re:no 5th? (Score:5, Insightful)

    by maxwells_deamon (221474) on Tuesday January 24, 2012 @01:43AM (#38801495) Homepage

    Produce the gun that was used in the robbery. Here is the subpoena

  • Re:depending (Score:5, Insightful)

    by introp (980163) on Tuesday January 24, 2012 @01:44AM (#38801505)
    You realize that you can be held indefinitely on contempt charges? As in, for the rest of your life or until you comply? There's no violation of your rights in that case because you are considered to hold the keys to your own cell, as it were.
  • Re:no 5th? (Score:5, Insightful)

    by SecurityTheatre (2427858) on Tuesday January 24, 2012 @01:50AM (#38801559)

    The issue is that the government CANNOT compel you to talk about evidence in the case. I thought that was the essence of the 5th. So if you sit quietly, you are now guilty for not cooperating? You have the right to remain silent. Unless you are compelled to speak the password, in which case you no longer have the right to remain silent. Better change the wording... :-)

  • by demonlapin (527802) on Tuesday January 24, 2012 @01:51AM (#38801567) Homepage Journal
    Remember, kids: if you have to do something illegal, do not write it down. Anywhere. Once you do, it's no longer something contained solely in your mind and nowhere else, and it is probably subject to subpoena, which will be deemed eminently legal. Don't put it in your diary. Don't tell anyone (you'll lose your expectation of privacy). If you must break the law, never ever speak about it. Do it and move on.
  • by Wrath0fb0b (302444) on Tuesday January 24, 2012 @01:57AM (#38801595)

    I'm fine with them breaking your encryption if they have probable cause; however, forcing you to give the password does seem to have a pretty straight-forward logical path to incriminating yourself (Especially if you are guilty and a subsequent search will yield something on the device).

    They aren't forcing you to give up the password, they are forcing you to deliver up evidence (in cleartext). Generally speaking, the right not to self-incriminate has never held to apply to tangible evidence like documents -- to which the court analogizes computer files. The distinction between testimony and evidence seems to me to be on old

    If the armchair lawyers at /. want to suggest that the 5A privilege extends to documents (or that a defendant can protect documents from the courts merely by running TrueCrypt), they are most free to do so. I, at least, would caution that this would have serious implications for the investigation of white collar crime, financial malfeasance, collusion. The antitrust case [wikipedia.org] against Microsoft, for instance, was based largely on email correspondence that could well have been encrypted before the court ordered them disclosed -- and if such protection actually existed, would have certainly been encrypted if only to trigger that legal protection.

    And, let's be honest, for every hapless Joe whose child pornography collection lands him in hot water, there will be a dozen of these well-dressed assholes with well-dressed-lawyers whose job it is to argue any and all points that have a chance of sticking to the fan. The law has this perverse sort of uniformity about it that let's everyone have the same sort of protections regardless of the circumstances that it was thought up in.

  • by Taco Cowboy (5327) on Tuesday January 24, 2012 @02:01AM (#38801627) Journal

    No American judge gonna force me to decrypt anything !

    I ain't gonna buckle under America's draconian laws

  • by Anonymous Coward on Tuesday January 24, 2012 @02:02AM (#38801635)

    You know, I can't find the citation right now... but you're ...sort of right.

    If it's a physical key to a safe, and you have it, you must provide it.

    If it is a /combination/ to a padlock -- you're not.

    Of course, the feds don't give a shit since they're a pair of boltcutters or a drill bit away from the inside.

    The real question would be if you had an 'unbreakable diamond safe with a combination' if they could require you to produce the combination.

    Frankly, I choose to say no. When you create a class of crime for which there exists an innocent person who could not possibly prove prove innocence, you've created something that should not exist.

    Of course, they are supposed to prove guilt in the US -- but the notion of knowing the mind of the criminal... is...fallacious at best.

    Requiring a man to provide something from the contents of his mind is the very equivalence of creation of thoughtcrime.

  • by vell0cet (1055494) on Tuesday January 24, 2012 @02:06AM (#38801667)
    "I do not recall" works really well for politicians. Why couldn't it work here?
  • USA (Score:0, Insightful)

    by Anonymous Coward on Tuesday January 24, 2012 @02:16AM (#38801723)

    Horrible place filled with human scum.

  • 5Th Ammendment (Score:4, Insightful)

    by jklovanc (1603149) on Tuesday January 24, 2012 @02:21AM (#38801769)

    Has anyone actually read the 5th? If not here is is:
    "No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation"

    The few words that are relevant here are "nor shall be compelled in any criminal case to be a witness against himself".

    A defendant does not have to answer questions about a case but has to allow lawful searches and provide subpoenaed documents in readable form. If those documents or other evidence is in a safe the defendant is required to open the safe. To me that is the same thing as providing a password.

    Another point is that the founding fathers never conceived of a situation where evidence could be hidden in plain sight by using a special word. They never took that into account when they wrote the amendment and interpretation has to change to take that issue into account.

  • by Tastecicles (1153671) on Tuesday January 24, 2012 @02:26AM (#38801791)

    What the fuck can they do?? Coercion and torture and denial of liberty isn't going to miraculously spawn useful recall.

  • by snowgirl (978879) on Tuesday January 24, 2012 @02:30AM (#38801807) Journal

    That rarely happens, at least in the United States.

    And even if it does, in many cases you will be in a better facility than a maximum-security prison, depending on the state and the crime you are accused of. You will likely eventually be released, and you will have not been convicted of the crime, therefore retaining your civil rights (if you were accused of a felony).

    That, or eventually they crack the crypto.

    Happens more often than you would think [wsj.com]. And in the case of contempt of court, since the judge is actually a witness to the offense of contempt of court, your detention does not require a trial.

  • by Grishnakh (216268) on Tuesday January 24, 2012 @02:33AM (#38801829)

    Irrelevant. If the US government wants to extradite him, the British government will happily hand him over, no matter the offence.

  • Re:no 5th? (Score:5, Insightful)

    by Grishnakh (216268) on Tuesday January 24, 2012 @02:35AM (#38801839)

    So what's the difference between claiming the pistol is lost, and claiming you can't remember the password to your hard drive? How does the prosecution prove that you haven't forgotten something?

  • by ibsteve2u (1184603) on Tuesday January 24, 2012 @03:21AM (#38802077)
    Ramona Fricosu indulged in mortgage fraud. Only the banks, the ratings agencies, and Wall Street are allowed to do that.
  • Re:no 5th? (Score:5, Insightful)

    by snowgirl (978879) on Tuesday January 24, 2012 @03:25AM (#38802115) Journal

    What if the key itself is the confession to a crime?

    As numerous people have pointed out, but I will do so much more simply.

    They don't care about your password, they care about the data that it unlocks, so what your password is is immaterial. The case is not asking for the password to unlock the data, but rather an unencrypted version of the data.

  • by SecurityTheatre (2427858) on Tuesday January 24, 2012 @03:55AM (#38802283)

    In the UK, it is illegal to "fail to provide" they key when asked. Therefore, it is, in fact, illegal to forget the password, illegal to lose the password and illegal to have never known the password in the first place, to an encrypted volume in your possession.

    Yes, seriously.

  • Re:no 5th? (Score:4, Insightful)

    by bgat (123664) on Tuesday January 24, 2012 @05:01AM (#38802543) Homepage

    What a fucked up system do you have over there? I don't have to hand over anything. The State wants to restrict my freedom, THEY have to provide evidence. And they are allowed to violate my private space for that. But that's it. Anything they can't come up with themselves, tough luck.

    You guy should really see to not letting yourself get fucked in the ass any more. It's getting scary.

    Where do YOU live, Somalia? Either that, or you don't understand the laws you are living under wherever you are.

    The judge's ruling in this case is perfectly reasonable, and in conformance with the US Constitution and US law. And common sense.

    I'm not a USA law fanboi, but I have worked around enough GOOD lawyers (there actually are a few), and witnessed enough ACTUAL legal proceedings, to understand just how balanced and fair our system is. This "news" story really isn't news at all, except to someone who really doesn't understand the bigger picture here.

  • Re:no 5th? (Score:5, Insightful)

    by JosKarith (757063) on Tuesday January 24, 2012 @05:24AM (#38802649)
    In the UK if you encrypt your hard drive with a randomly generated key that is never displayed on screen so there is no way you could possibly know it you can still be ordered to hand over the key with penalties of jail for not doing so. Even though there is no way for you to know the key. The court can literally order you to do something physically impossible with the threat of deprivation of liberty if you do not. That is the true level of the idiocy of these laws.
    An extreme case, sure but history has shown us that government will push any power they are allowed to gather to the extremes (All the while wailing that they don't have enough power)
  • Re:no 5th? (Score:5, Insightful)

    by Dr_Barnowl (709838) on Tuesday January 24, 2012 @05:32AM (#38802675)

    TrueCrypt doesn't have a "burn the data" password, because that would be pointless - firstly, any digital forensics person worth their salt will make a bit-for-bit copy of your data to a separate storage device before working on it, and secondly, you're likely to attract additional criminal charges for attempting to destroy evidence.

    What it does have is a "hidden volume" system - it can store a second volume hidden in the freespace tail of the first. Because encrypted data looks random, it's easy enough to peg a volume as being encrypted, but it's virtually impossible to be sure that there isn't a hidden volume in the freespace at the end.

    You have two pass phrases ; one for the first volume, where you keep stuff that could be construed private or slightly embarrassing (tax returns and *legal* porn, or photos of your naked wife, etc) to make it believable, and one for a second volume, where you keep your dastardly plan to conquer the world.

    You put up a sufficient amount of resistance to giving up your first password to make it look convincing. "None at all" is an option - that way you look like a hopeless amateur cowed by the almighty power of the state. You do not give up the second password, or give any hint that there might be a hidden volume.

  • Re:no 5th? (Score:5, Insightful)

    by muckracer (1204794) on Tuesday January 24, 2012 @05:45AM (#38802723)

    > > How does the prosecution prove that you haven't forgotten something?

    > The problem is the judge can throw you in jail for contempt to "give you time to remember".

    But, purely in the semantic sense, 'forgetting' is not the same as 'being in contempt of'. Kinda like the difference between an accidental death and premeditated, deliberate murder.

    Besides, if you really did forget your long passphrase, no time in jail will likely 'make you remember'. How do I know? Forgot my own not just once. Mostly after a mere two or three months of not actually using it. Your body memory of typing it in gets messed up. If you use it each day you have the illusion to never forget. Well, take a vacation to Australia for 10 weeks and then find yourself dumbfounded sitting in front of your machine (I'm talking 128-bit passphrases here). The important point here is, that this can happen even without any outside pressure! And you will rack your brain for days, sometimes you will remember, more often you won't. In a pressure situation, legal proceedings etc. chances are, your passphrase has long been eaten by a synapse grue.

    PS: Chadwick's wife is a b*&%!!

  • by Anonymous Coward on Tuesday January 24, 2012 @06:28AM (#38802907)

    First, why not use the obvious countermeasure here. When you create an encrypted volume, you should enter 2 keys, not just one. One will unlock your drive, another will appear to unlock your drive, but in fact deletes the contents of the disk entirely. Essentially it replaces the on-disk encryption keys (which is what your password in reality unlocks) with keys that are only useful for the second partition. The second partition is then enlarged to extend over the original copy. Several programs provide this ability (granted they're for-pay and not cheap, but nevertheless, your privacy is worth something to you isn't it ?). This trick is known to have worked in China (that must have taken some serious amount of balls).

    This is how banks do it (one code unlocks the safe, another, seemingly identical sets of an explosive charge destroying the vault's contents).

    As for the extradition, let's hope for UK encryption users that they do that. After all, in the US, the above judge will probably get called back, providing such horribly weak justification. Even if this stands, the reality is : in the UK there is zero doubt : authorities can imprison you for not revealing passwords to them, in the US there is doubt (as the supreme court has not yet ruled on a case like this), with predictions that this judge's decision will not stand.

    Very subtle, adding the bit about Bush about this judge. As if it's relevant. Nobody ever points out that democrat-appointed judges blocked the repeal of slavery for decades ... And that's equally relevant to today's democrats as this decision reflects on republicans.

    In the UK, it is established legal precedent to imprison people for refusing to reveal keys [pcpro.co.uk]. (in fact this can be applied to foreignors in the UK)

    And of course nobody seems to have read the entire article. May I present a blatant repeat of a few paragraphs that seem to have escaped most people's attention ?

    In March 2010, a federal judge in Michigan ruled that Thomas Kirschner, facing charges of receiving child pornography, would not have to give up his password. That's "protecting his invocation of his Fifth Amendment privilege against compelled self-incrimination," the court ruled (PDF).

    A year earlier, a Vermont federal judge concluded that Sebastien Boucher, who a border guard claims had child porn on his Alienware laptop, did not have a Fifth Amendment right to keep the files encrypted. Boucher eventually complied and was convicted. the article fails to mention this was not his laptop, but government property. He had signed that he would provide access to a govt administrator. So an obvious detail : you can rely on ecnryption, but don't rely on your employer doing it for you. Also : read contracts BEFORE signing them

    The article provides a thoughtful conclusion :

    Much of the discussion has been about what analogy comes closest. Prosecutors tend to view PGP passphrases as akin to someone possessing a key to a safe filled with incriminating documents. That person can, in general, be legally compelled to hand over the key. Other examples include the U.S. Supreme Court saying that defendants can be forced to provide fingerprints, blood samples, or voice recordings.

    On the other hand are civil libertarians citing other Supreme Court cases that conclude Americans can't be forced to give "compelled testimonial communications" and extending the legal shield of the Fifth Amendment to encryption passphrases. Courts already have ruled that that such protection extends to the contents of a defendant's minds, the argument goes, so why shouldn't a passphrase be shielded as well?

  • Re:no 5th? (Score:5, Insightful)

    by DarkOx (621550) on Tuesday January 24, 2012 @06:42AM (#38803001) Journal

    Providing an encryption key is the state effectively asking you to help them interpret evidence. Suppose they grab your appointment book.

    The next thing you know you are in court and the prosecution is demanding you explain how all the entries for yoga class, and dinner with Sarah, are really codes for drug deliveries and pickups?

    Really its pretty simple, they have data and they want YOU to explain how to transform it into evidence you have committed a crime. Its CLEARLY UNCONSTITUTIONAL.

  • by DrXym (126579) on Tuesday January 24, 2012 @07:00AM (#38803087)

    First, why not use the obvious countermeasure here. When you create an encrypted volume, you should enter 2 keys, not just one. One will unlock your drive, another will appear to unlock your drive, but in fact deletes the contents of the disk entirely.

    Problem is that forensics officers take backups. They'd back up the drive first and boot from the backup so whether it destroys the data or not is irrelevant. And if you gave the officers the "self destruct" password that horked the backup then that is further evidence that you are up to no good.

    What you need instead is a hidden volume. The idea is you have a normal OS and a hidden OS where your dirty secrets reside. You are prompted for a password at boot time and the password you enter determines which volume is booted into. Tools like Truecrypt support this already.

    The problem is the very fact you are using an encryption tool which supports hidden volumes is likely to raise suspicions that you have a hidden volume even if they cannot prove one exists. At the very least you would have to ensure the decoy volume looks plausible, e.g. you use it frequently for your non incriminating activities, scatter around some sensitive looking but non incriminating documents, all to give the impression that is the one and only volume. The more plausible the decoy is, the more plausible your defence is after you hand over the key.

    Even then they might catch you out. by building up a list of inconsistencies of activity shown by the computer's event log and other logs on the HDD vs what they can glean from other logs. e.g. if they might know you were on the internet at such and such a time, or downloaded a particular file, or your phone says it was USB synced at the time yet your OS has no knowledge of these events. Enough inconsistencies combined with evidence of using crypto that supports hidden volumes combined with other evidence they have might still be sufficient to find you guilty.

  • by AmiMoJo (196126) <mojoNO@SPAMworld3.net> on Tuesday January 24, 2012 @07:04AM (#38803107) Homepage

    Well, you could always take the two years you'll get for refusing to hand over the key. Clearly anyone with really dodgy stuff on their HD will choose that option over say 10+ years for terrorism or 5+ years and a lifetime on the sex offenders register.

  • by Anonymous Coward on Tuesday January 24, 2012 @08:41AM (#38803587)

    Ah, America. Where "innocent until proven guilty" and "the right to refuse to testify against oneself", not to mention the right to face your accuser and the right to a speedy trial and the right to not be detained without charges, mean exactly Jack Shit after years of Republican rule.

  • Even then they might catch you out. by building up a list of inconsistencies of activity shown by the computer's event log and other logs on the HDD vs what they can glean from other logs. e.g. if they might know you were on the internet at such and such a time, or downloaded a particular file, or your phone says it was USB synced at the time yet your OS has no knowledge of these events. Enough inconsistencies combined with evidence of using crypto that supports hidden volumes combined with other evidence they have might still be sufficient to find you guilty.

    Maybe... But I would submit that their phone likely wouldn't be configured to sync with the "dirty" volume. And, of course, a truly "bad guy" wouldn't be using a smart phone... he'd be using a simple burn phone, dialing all numbers from memory, and calling only other burn phones.

    Finally, it seems like a much better idea to use a bootable USB that you encrypt somehow to house your "secret" volume. Boot your machine to the flash drive, when you're not using it hide it somewhere. Done with it? Wipe it, encrypt the blank drive then change the keys and throw it in a river.

    Granted, it is slower than booting off your internal SSD/SATA2-3 buuut... you can't always have privacy & convenience.

  • Re:no 5th? (Score:5, Insightful)

    by Nelson (1275) on Tuesday January 24, 2012 @09:00AM (#38803723)

    The difference? There are a couple but the first of which is that the lawyers and judges involved are not stupid, they may not be techsters but they are almost certainly not stupid and this encrypted data is but one piece of evidence and you f-ed up long before if you're in this position. Second, there is a judge that will judge.

    If you pistol is stolen or lost, you have some obligation to report it as such. It's typically registered and in that case, they know you have it, know the make and model. If you conveniently discover that it is missing when a court requests it they can check to see if you reported it lost or stolen beyond that, there is a judge there to judge you and he'll judge your credibility as he sees it from your behavior up to that point. Basically, keep track of your weapons, particularly when you're getting ready to be involved in a trial. Are you the kind of person that loses a pistol and forgets to tell anyone?

    The password isn't quite the same. They may have some idea if you regularly used the computer. Again, I'll reiterate a couple things, the other guys aren't stupid and you didn't get in this position simply because of an encrypted drive. Now if you've spent 3 years doing something considered crime and there is other testimony where you've suggested you don't remember something because it's on the computer you use daily and now you don't remember the password, I can tell you how I'd judge you. Or maybe it's on the computer you resisted handing over and kept in a safe, those factors might not be admissible in the case against you but they certainly come in to play when you attempt to "forget" the password. Do you regularly use computer and keep track of dozens of accounts and passwords but this one computer you had locked up in a safe at your mothers house that you tried to pretend didn't exist, you forgot how to log in?

    What will a judge think from your story?

  • Yes (Score:4, Insightful)

    by SmallFurryCreature (593017) on Tuesday January 24, 2012 @09:05AM (#38803745) Journal

    This is as so often the silly debating of the law of little kiddies and the reason lawyers in general are so reluctant to discuss law. First year law teachers hate their job because of the constant attempts by students to re-examine the laws that has already been re-examined for hundreds of years by far greater minds then the average student... like cats.

    An execution is written down as a murder. Every executed prisoner in the US is a murder victim. Just that the law has ways of allowing such a thing to happen, in certain circumstances while murder in general is forbidden.

    You can see kiddies at work when it comes to the police speeding without lights or sirens. Allowed? YES, regardless of what you think the law says, especially traffic law, IF the police has good reasons to do so and with a high expectation of the police not to endanger others. But if the police on their way to a crime scene feel the need to turn of the siren to avoid alerting the criminals and you jump in front of them on a zebra crossing... don't expect much sympathy from a judge.

    It is the INTENT of the law vs the actual wording in a changing world. Jews do it all the time, the Sabbath rules are hard to deal with in a modern world of electricity, batteries and essential technology. Can you use an elevator on the Sabbath? In a skyscaper? With a bad heart? It didn't matter when there were no elevators or when the highest floor could be reached by anyone able to survive for that long. But modern medicine has allowed people to continue to live when they became feeble and created housing so high that even top fit humans would need to take a breather.

    What about a fridge? Even if you don't use it, you are using it. Food put in before the Sabbath if kept fresh for you by the labour of someone else at the power company. The laws were written in a time before fridges, how do interpret them?

    This is an interesting exercise because you avoid the emotional baggage of the 5th and protection against unreonable searches and can focus on a simpler balance (provided you ain't religious yourself) of the "Intent of the law" and the "written law". On the "need" for their being one day of the week in which the people can reflect (except farmers (livestock) of course who never can take a day off) on their god AND the "need" to deal with the parts of the world that cannot be told to wait for one day.

    There are of course many types of labor, especially labor itself (woman giving birth) that have not been part of the sabbath rules for millenia, mid-wiving for instance. Taking care of the dead. Health-care in general. And yet, when thousands of years later the standbye mode is inventented, it has to be discussed how this applies to Jews who want to observe the laws of their fate.

    Computer encryption is the same to our general law. The intent of the law is that the police when in possession of a search warrant, can search. I had it happen to me, I lived in small room inside a larger house and a warrant had been issued on the house, so my room was searched. Not very thoroughly, they were looking for a person and the room as said was small, but I was still very upset about it AND unable to do anything about it. Because the law was written with an intent, not a complete checklist for every exception.

    And if they had found a dozen children in my room, tortured and killed. Could the police have done anything?

    THINK carefully, the answer might surprise you. YES and NO... how can that be? They certainly could have launched an investigation HOWEVER it is highly likely you would walk away from it IF there is no way to find any evidence without having to go through the illegally obtained evidence first.

    And that sucks... but if they had seen a blank CD that I had payed the fee for artists on... should they be able to launch an investigation?

    No, they can't (and wouldn't for that matter) but why?

    Because we INTEND the law to weigh the needs of society vs the needs of the individual. There is no way to write this d

  • by nahdude812 (88157) * on Tuesday January 24, 2012 @09:33AM (#38803955) Homepage

    A single hidden volume is good enough, maybe better than multiples (I'm not sure there is software which supports more than 2 volumes total, you get into trouble with volumes potentially overwriting each other's contents since they each have to not know about the others). A single hidden volume creates plausible deniability, because the default configuration is no hidden volume.

    Now here's the problem with secondary volumes. In order for it to be plausible, you need to keep the red herring volume up to date. It needs to have files with recent timestamps on it and so forth. If they look in there and all the files are out of date and haven't been modified in 6+ months, it's not credible and threatens the plausibility of the denial. It works poorly for whole-disk encryption unless you're very good about doing most of your work in the primary volume, and only booting into the secret volume for short periods of nefarious activity.

    It's possible to mount both volumes at once, and just be careful about sticking all the evidence on the secondary volume, but in most modern OS's, there'll be problematic artifacts indicating the secondary volume exists in the form of "Recent Files" lists in applications or in the OS level. You'll also have to worry about program caches being written out to the primary volume and being recoverable from free space on the drive; so as part of shut-down you'll need a script which writes random data to the empty space and knows how to destroy the internal cache files of all your applications - even ones you don't use for nefarious purposes since a cache file may not be zeroed out when it's allocated (thus capturing sensitive data). Basically keeping both mounted at the same time is a sure fire way to accidentally leave behind some evidence on the "safe" drive.

    The only safe way to do this is to dual-boot sensitive and non-sensitive volumes. Boot into the sensitive volume only for secret activities, and otherwise be booted up on the non-sensitive volume for everything else. You can see why maintaining multiple red herrings is problematic, and since the plausibility of the denial does not significantly increase, while the chances of leaving behind some indicators of a tertiary volume increases significantly, you're better off with a single hidden volume. As a final note, if you do maintain two red herring volumes, your secondary volume needs to have a reason you'd keep it secret. If there's nothing sensitive on there, it's too obvious of a distraction; you might as well label the volume "red herring."

  • by Moryath (553296) on Tuesday January 24, 2012 @09:38AM (#38803987)

    As naive as it may sound, why not just do less illegal stuff?

    Who says they are doing illegal stuff? The government's alleging it, but in the ordinary course of events, the 5th Amendment is supposed to protect us against being required to give evidence against ourselves. We are supposed to be presumed innocent until proven guilty in a court of law.

    And yet, the cops can get away with [youtube.com] feeding people information, planting information, and pulling every dirty trick they can come up with to try to get a conviction, innocent or not. The US history books are replete with innocent people railroaded by a corrupt system. The evidence in the Troy Davis case, where police intimidated and coached witnesses and doctored evidence, shows that an innocent man was put to death just recently by the corrupt system.

    I'm not advocating doing illegal stuff, but I am suggesting that you probably want to keep your affairs under wraps anyways, even if fully legal. The moment you start waiving one of your rights, courts start ruling you also waived others.

  • by Moryath (553296) on Tuesday January 24, 2012 @09:44AM (#38804051)

    And unless you think I'm joking, consider the case of a police officer coming round to your house because he wants to "ask you some questions." Maybe he claims it's about a neighbor's domestic disturbance. Maybe there was a noise complaint that your dog was barking too loud late at night. Could be any number of things. You let him inside to "talk." Courts in some jurisdictions have ruled that by opening the door and letting him pass the threshold, you just consented to him searching your house for anything he might find suspicious.

    Or say you get pulled over by one of the famous Texas "you got a taillight out bud *nightstickcrashbreaknoise*" Badged Highwaymen. You get out of your car but leave it unlocked, or do you lock it and hold on to the keys? In the first case, some courts have ruled that by leaving it unlocked you consented to it being searched!

    The point again is: once you start waiving your rights, you wind up giving up others. And it keeps going and going and going. You think you're "cooperating with the police" and that they will like you and not charge you with anything and treat you nice because of it? Bullshit - the police are the initial arm of "evidence gathering" for prosecutors, a set of conscienceless, amoral assholes who see all citizens as nothing more than a potential conviction notch in their belts.

  • As naive as it may sound, why not just do less illegal stuff?

    Who says they are doing illegal stuff? The government's alleging it, but in the ordinary course of events, the 5th Amendment is supposed to protect us against being required to give evidence against ourselves. We are supposed to be presumed innocent until proven guilty in a court of law.

    Call me naive, but I fail to see the problem with warranted searches. The 5th Amendment doesn't protect us from discovery. You can't physically prevent an officer with a warrant from searching your house. If you have a safe, and the police have a warrant, you *must* give them the key or face obstruction of justice. I fail to see the problem with that, or with being required to give the key to your virtual safe.

  • Re:no 5th? (Score:3, Insightful)

    by Anonymous Coward on Tuesday January 24, 2012 @11:30AM (#38805563)

    What's the problem with this? If the prosecution knows the defendant owns a pistol and is accusing the defendant of robbing a liquor store with a pistol, the prosecution is certainly within its rights to subpoena the defendant to produce the pistol so it can be tested against the three slugs pulled out of the counter clerk.

    This is simply not true. If the prosecutor or a law enforcement official can prove there is a gun and can prove where it probably is (i.e. probable cause) they can get a search warrant and get it themselves. I was a deputy district attorney for years and can tell you there is nowhere in the United States where the state can subpoena a gun from a criminal defendant.

    There are limited exceptions to the Fifth Amendment. One example is booking questions. If you get arrested, the police can require you to answer the normal questions involved in the booking procedure and use those answers against you. An example: Officer: "What's your address?" You: "I can't remember because I'm so drunk." This will be admissible to prove that you were drunk during your DUI case.

    I haven't read the opinion yet, but the theory must be that demanding the defendant turn over the encryption key is akin to another exception to the 5th amendment: it has long been held that requiring the defendant to do some physical act generally does not implicate the right against self-incrimination. Think of O.J. being ordered to put on the glove. These types of situations are generally permissible. IIRC from the summary on Wired, the judge here apparently indicated that the state would not be able to mention to the jury that the defendant had provided the encryption key.

    To me, this limitation indicates that the judge knows the defendant is being forced to provide incriminating herself. He is apparently okay with that, as long as the source of the incriminating information is concealed from the jury. I believe that this is no better than forcing a criminal suspect to answer questions from law enforcement (in violation of Miranda), concealing that fact from the jury, but allowing the prosecutor to use the information gained from the interrogation. This is a poor decision and bad law.

  • by Moryath (553296) on Tuesday January 24, 2012 @01:33PM (#38807607)

    What's wrong with cops lying to or misleading suspects?

    Aside from the fact that it is KNOWN to make innocent people plead guilty? Aside from the fact that it makes the already dirty cops look that much closer to using forged evidence?

    It's a valid tactic...

    And if you had this thing called a "conscience" you'd realize it should NOT be valid. Period.

    I'm not saying innocent people haven't been railroaded, many have, but reality doesn't permit police (especially in crime-ridden cities) to be knights in shining armor. Crime is an ugly thing, why would trying to solve it be much prettier?

    Every time I hear someone like you I want to throw up. What was it our justice system used to be about? Didn't Thomas Jefferson say he would rather a dozen guilty men go free than see one innocent man convicted? When did we abandon our principles?

When the weight of the paperwork equals the weight of the plane, the plane will fly. -- Donald Douglas

Working...