Federal Magistrate Rules That Fifth Amendment Applies To Encryption Keys 322
Virtucon writes "U.S. Magistrate William Callahan Jr. of Wisconsin has ruled in favor of the accused in that he should not have to decrypt his storage device. The U.S. Government had sought to compel Feldman to provide his password to obtain access to the data. Presumably the FBI has had no success in getting the data and had sought to have the judge compel Feldman to provide the decrypted contents of what they had seized. The Judge ruled (PDF): 'This is a close call, but I conclude that Feldman's act of production, which would necessarily require his using a password of some type to decrypt the storage device, would be
tantamount to telling the government something it does not already know with "reasonably particularity" — namely, that Feldman has personal access to and control over the encrypted storage devices. Accordingly, in my opinion, Fifth Amendment protection is available to Feldman. Stated another way, ordering Feldman to decrypt the storage devices would be in violation of his Fifth Amendment right against compelled self-incrimination.'"
If the government has reasonable suspicion that you have illicit data, they can still compel you to decrypt it.
Nurz (Score:4, Funny)
V qba'g xabj, guvf ybbxf yvxr n ernfbanoyl fhfcvpvbhf cbfg gb zr...
Re: (Score:2, Funny)
Last Sentence (Score:5, Insightful)
Re:Last Sentence (Score:5, Informative)
This is a close call, but I conclude that Feldman's act of production, which would necessarily require his using a password of some type to decrypt the storage device, would be tantamount to telling the government something it does not already know with "reasonably particularity"
I'm guessing this is the trick. The government doesn't know there is evidence on the storage device. It sounds like they are making the argument that compelling a password for discovery purposes is a violation, but providing one to give them what they know you have is not. At least, that's what it seems like they are saying to me.
Re:Last Sentence (Score:5, Informative)
It's a wink-wink that they have to add "possession of child pornography" to the charges also in order to compel the keys.
Re:Last Sentence (Score:5, Interesting)
It reads differently to me. They do not know that he can decrypt the data (he could have destroyed the passphrase, or it was destroyed when left in the hands of an automated system and he was incarcerated), and compelling him to do so would be a) demanding that he prove that he could decrypt them, a "fact" about him that is not already known to be true (and could be incriminating.)
The last sentence in the summary reads like nonsense to me and does not seem to contribute anything.
They cannot compel you to do something they don't already know that you have the ability to do, and if it turns out later that they can decrypt the drive without your help, the fact that you were able to decrypt it would be the incriminating part (apparently) as much as whatever they had actually found on the drive. Even if they know there is illicit stuff on the drive (somehow) without having decrypted it, they do not know you have control over it (unless this was proven some other way.)
It's like those cops that ask, "do you have any illegal drugs on you" -- if you show them, you waived your right to be protected from unreasonable search and seizure. They did not violate it. You did. Has your fifth amendment right been violated? They could have asked the dog, and he would tell them, but putting dogs on you without probable cause is almost certainly illegal search violation. If you are threatened with contempt if you do not decrypt the drive, even when they haven't proven that you even can, it's much the same situation.
Re: (Score:3)
Just curious since I seem to have missed this.
When did being compelled to decrypt a drive, even if there is known evidence there, skip around the fifth amendment ie avoiding self-incrimination.
Re:Last Sentence (Score:5, Informative)
We have to pass the bill to know what's in it...
The argument I've heard is that, when information is at rest, it's not considered testimony for the information to be read (but some other form of discovery). Therefore if it can be shown that you're in a position to decrypt the drive, and the drive is admitted in discovery and you refuse to facilitate discovery, you are standing in the way of the discovery and can be held in contempt of court.
If it has not been shown that the drive can be decrypted with information you have, or could reasonably be expected to have (say, it can be shown by inductive reasoning that the drive contains the log of your activities), or if for example the ownership of the keys or the drive and the encrypted data is in question, it's not reasonable to compel you to decrypt it under penalty of contempt. It hasn't even been shown that it's in your power to facilitate the discovery.
You can be similarly compelled to provide paper documentation, even if it was sent through the mail. It's not testimony. It's facilitating (or obstructing) discovery.
Re:Last Sentence (Score:4, Interesting)
Interesting, and good to know.
From a non lawyer point of view, discovery that you provide, about yourself, sounds an awful lot like testimony against yourself.
Re:Last Sentence (Score:5, Informative)
Basically, it is a crime to withhold evidence that the government knows you have. But you can't be compelled to provide evidence against yourself that the government doesn't know you have.
Re: (Score:3)
Now, define "know".
Is it the kind of "know" that torturers use when they say "we know you did it, just admit it and we'll stop waterboarding you"? Not very helpful.
Re:Last Sentence (Score:5, Interesting)
But you can't be compelled to provide evidence against yourself that the government doesn't know you have.
What if the drive contains the evidence that they know you have, but it also contains other evidence that they do NOT know you have, which one would have precedence? If decrypting the drive will give them access to other evidence that would incriminate you in another crime.
Re:Last Sentence (Score:4, Informative)
They can, however, use it as probable cause to get a second warrant to collect the new evidence. If police bust into your house with a warrant to search the kitchen for marijuana, and notice you have polaroids of a recent unsolved murder victim taped to the fridge, then they don't have to say "oops, we didn't see that." They can't take the photos or go rooting around the house for other evidence related to the murder on the existing warrant, but they can go back to a judge and request a new warrant (based on probable cause from testimony about seeing the photos) with different scope.
In the article's court case, the defendant was allowed to refuse to disclose a password not because the contents of the drive could be incriminating, but because disclosing the password itself reveals previously unknown information: that you know the password. If the court already considers it a proven fact that you know a password, and has a warrant for searching the drive, then you don't get 5th-ammendment protection against revealing the password, no matter what incriminating stuff could be on the drive. The 5th Amendment is typically interpreted to only cover the "contents of your head": you can't be required to provide potentially self-incriminating info about were on the night of November 3rd from the contents of your memory. Your appointments calendar in your desk safe, however, is not 5th-ammendment protected, so you might be required to hand over that combination.
Re: (Score:3, Informative)
In the USA at least, if the police have a legal reason to enter your home, (even including you allowing them in through the front door for any reason), they can then seize anything they can see that is also known to be illegal from any vantage point they have that is legal. Standing outside your window and looking in is not a legal vantage point, but you opening the front door would create one at the entryway just as the warrant makes your entire kitchen one. If they respond to a noise complaint, which does
Re:Last Sentence (Score:4, Informative)
I was careful in my example with a photo, because a photo isn't something illegal. Maybe you were hanging out with the victim before they got killed by someone else? A bag of weed or a gun with the serial filed off are indeed illegal things, that the cops can seize "from plain view." A photo is (usually) a perfectly legal thing, that police probably can't seize without a specific warrant. However, they've likely got probable cause to detain you on the spot and assure you can't destroy the photos/evidence while they're requesting a new warrant.
Re: (Score:3)
If the government already knows about the evidence, they don't need me to provide it.
Re: (Score:3)
I agree and I am not a lawyer, however, I can see the argument that discovery is not testimony and I think I have it laid out approximately right. I am the IRS. I am investigating you for tax fraud. It's not illegal search for me to compel your bank statements (and not just because I'm asking the bank, rather than simply asking you to incriminate yourself. If it's known that you keep a ledger of your business dealings that could contain incriminating information, that can be compelled as well. Destroyi
Re:Last Sentence (Score:5, Insightful)
Likewise, if there's good reason to believe that you have a different set of books in a safe, or perhaps a murder weapon - you can be compelled to give the combination. By providing the combination you are not confessing to fraud or murder - you already left that evidence; by not providing the combination you are standing in the way of the court to evaluate the evidence.
The fuzzy line is regarding whether there's reason to search in the first place (which is more of a question regarding the Fourth). Should the simple fact that a computer may have aided the crime be probable cause? Does there have to be evidence showing which computer was utilized (like only allowing the search of one computer behind a router's firewall instead of fishing in all of the computers - and what if there's multiple owners?...).
I think a really interesting test case would be if a criminal used a confession or otherwise key incriminating evidence as the pass phrase for an encrypted device. If they plead the Fifth, and then were compelled anyway - how much would be ruled inadmissible?
Re:Last Sentence (Score:5, Interesting)
"Likewise, if there's good reason to believe that you have a different set of books in a safe, or perhaps a murder weapon - you can be compelled to give the combination."
Not even.
In 5th Amendment cases, "reason to believe" is not good enough. Even probable cause is not good enough. They have to KNOW, already, that there is something illegal in there (and exactly what it is) before they can compel a password or a combination. See my explanation elsewhere in this thread.
If they don't already know it's there, beyond reasonable doubt, they can't compel you. Because then you would be incriminating yourself.
However, what they CAN do, if they have probable cause and it's something like a safe, is force it open. (If we assume they physically can. There are few things that can't be forced open given time and money.) If they force it open, there is no 5th Amendment question.
"I think a really interesting test case would be if a criminal used a confession or otherwise key incriminating evidence as the pass phrase for an encrypted device. If they plead the Fifth, and then were compelled anyway - how much would be ruled inadmissible?"
Because of what I just explained, that could never happen. If they already know that there is something illegal there, then they can compel you to divulge the password or combination. But if they DON'T already know, they can't compel you to divulge because the act of doing that would be incriminating yourself.
Re: (Score:3)
I think that in this case the condition is that the judge does not see compelling evidence that the data and keys belong to the defendant. That way he cannot be seen as obstructing discovery, since "anyone" could be the owner of that data, and there's onus on the prosecution to prove that defendant is the keeper. It's not that he's refusing to help. It's that we have no proof that he is in any position to help.
If I misread the summary and comments (haha articles) then feel free to correct me. If it was
Re:Last Sentence (Score:5, Informative)
"The argument I've heard is that, when information is at rest, it's not considered testimony for the information to be read (but some other form of discovery). Therefore if it can be shown that you're in a position to decrypt the drive, and the drive is admitted in discovery and you refuse to facilitate discovery, you are standing in the way of the discovery and can be held in contempt of court."
If it has not been shown that the drive can be decrypted with information you have, or could reasonably be expected to have (say, it can be shown by inductive reasoning that the drive contains the log of your activities), or if for example the ownership of the keys or the drive and the encrypted data is in question, it's not reasonable to compel you to decrypt it under penalty of contempt. It hasn't even been shown that it's in your power to facilitate the discovery.
You can be similarly compelled to provide paper documentation, even if it was sent through the mail. It's not testimony. It's facilitating (or obstructing) discovery.
This is COMPLETELY off the mark. Here's how it actually works. (I should add that there have been several other cases about this point recently, and none of them ruled that it was "a close call", as this judge seems to think.)
If the government does not know that there is illegal material, or evidence of illegality, in the encrypted material, it cannot compel you to give up the password because that would be testifying against yourself.
There are a couple of essential points here: first, it has to be "a product of your mind". Something you know. Not some kind of item that they know exists. For example, in many circumstances you can be compelled to turn over a key to a locked door, because a key is not testimony. (Other matters surrounding a search of a locked room are beyond the scope of this post.)
The second essential point is that the government has to KNOW there is something illegal in the encrypted data in order to compel you to give them the password. Not "reasonable suspicion" as OP states. It has to be known beyond reasonable doubt. Because -- and this is the big point -- if they already know it's there, then you aren't incriminating yourself... you have already been "incriminated". You aren't admitting to anything because the illegal material is already known to exist. So, since you can't be said to be incriminating yourself, they can compel you to give up the password.
So let me give you some examples from other recent court cases like this one:
Someone was suspected of fraud but the evidence was all encrypted. The government could not prove the fraud without that evidence, which they had good reason to believe ("reasonable suspicion" as OP described it) that the evidence was in that encrypted data. But because of that, the government could not compel the defendant to give them the password, because there was a real danger he would be incriminating himself, which the 5th Amendment says you can't compel.
In another case, a man was crossing the border with a laptop. At the time, customs was allowed to search at will. (A Federal court recently ruled that government needs probable cause to search even at borders. But at the time, it was considered kosher.)
The man's laptop was turned on but asleep. His encryption software was running, so an encrypted volume on his hard drive could be accessed. 2 customs agents saw child pornography in the encrypted part of the drive, before the man somehow managed to turn the computer off. When it was turned back on, of course the encrypted data was no longer accessible.
In this case, it was ruled that the government could compel him to produce the password, because the government already knew there was illegal material there. He could not be said to be incriminating himself, because they already knew it was illegal. The testimony of 2 customs agent was acceptable "k
Re:Last Sentence (Score:4, Interesting)
Your analysis is off-the-mark for this particular case. According to the judge's writeup linked in the summary, the prosecution in this case actually did have evidence that child porn files were being downloaded to the servers and saved to the encrypted disks. The reason that the defendant was granted 5th Amendment immunity is that the prosecution lacked evidence that he was the only person in control of the computers. Maybe someone else had broken in and set up the encryption without the defendant's knowledge? By turning over the encryption keys, the defendant would prove that he knew the encryption keys, and thus incriminate himself of being responsible for the porn-filled encrypted disks (instead of an unwitting victim of hacking).
Re: (Score:3)
The same reasoning applies with those: in the first case, the guy would have been incriminating himself (admitting to the court that he was a criminal) by letting the court access those files.
It's a subtle distinction (law gets subtle!), but "incriminating yourself by letting the court access files" is not the same as "incriminating yourself by showing you can access files." The latter has been ruled to fall under 5th Amendment protections. The former is still a legally open question (the courts might not agree to consider it "incriminating yourself," and instead consider it "handing over a safe key to cooperate with evidence gathering").
Assuming your first case is this one [cybercrimereview.com] (referenced in the th
Re:Last Sentence (Score:5, Insightful)
> They could have asked the dog, and he would tell them, but putting dogs on you without probable
> cause is almost certainly illegal search violation.
I would argue the dog itself doesn't even constitute a search since they are so unrelaiable IN THIS CASE. There have been some great studies which have shown that dogs are only really useful in cases where their handler has no notion of what he might find or where. So border checkpoints, or random bomb searches, they are great....
The problem is, that when the handler suspects there may be something to find, the animal almost always "detects" something. A great study recently setup a course to test dogs and handlers. The handlers were told that there were drug and bomb scent samples throughout a church, some of which were marked, some which were not.
The trick: There were no drug scent samples. ALL of the marked spots were fakes, even some which included some meat for the dog to get him interested in it.
The result? Lots of "hits". Only a very small minority of search trials found no hits at all, and the highest percentage of hits were not in the places where there was meat for the dog, but where there was a flag for the handler to see:
https://www.erowid.org/freedom/police/police_article1.shtml [erowid.org]
Its really pretty striking that these are allowed at all. Its not even clear why a judge would issue a warrant for something this unreliable.
Re: (Score:3)
That's nice, but in February the Supreme Court explicitly ruled about dog searches, "tough shit, the searches are legally admissible, we believe cops more than we believe you".
http://reason.com/blog/2013/02/19/scotus-approves-search-warrants-issued-b
Re: (Score:3)
> how it can even be doubted when and if the dog does uncover something substantive in a search.
Oh I didn't address this.... never forget there are multiple parts to a trial. If the use of a dog is considered improper, and not something which gives probable cause. Look at the study there, only a small fraction of searches found nothing, even though none of the searches had anything to find.
That is how its doubted. Its not about whether or not there were drugs, its about whether the method to detect them
Re: (Score:3)
No, I think some of the other people got it right. What all this means is that the 5th amendment applies if law enforcement does not know a priori that some important piece of evidence is encrypted.
If they have a priori knowledge, they can ask for the keys and it has to be provided. But if they're only asking for the keys to find out if there's evidence, then the 5th amendment applies and it doesn't have to be provided.
Either way, it's a good idea to not cave during the initial questioning and let the court
Re:Last Sentence (Score:5, Interesting)
Incorrect. The government knows that the specified files are (or were) on the storage device at some point. What it lacks is evidence that the defendant is capable of accessing that storage.
Re:Last Sentence (Score:5, Interesting)
No, the trick is this:
The government hasn't proven that Feldman *has* the encryption key. Compelling him to turn over the encryption key would be compelling him to admit that he has the key. The compelled admission that he has the encryption key is the fifth amendment violation.
Had Feldman admitted that he had the key or if there was prima facie evidence that he possessed the key, the government could still compel him to provide it.
Re: (Score:2)
In other words, the key itself is considered evidence, rather than simply a means to an end. In order for the government to demand it, they would have to know you have it, and in this case, they couldn't demonstrate such knowledge.
So, sort of like a car? (Score:5, Interesting)
So, it's rather like if the police found a special car with very strong windows and combination locks. They have strong evidence that it's got a lot of heroin in it and want to get inside it to search it and have a warrant to do so but can't get it open.
They think, but don't have much evidence to support that belief, that you had unrestricted access to the car interior and therefore have the combination and can open the door for them.
What this ruling says is that they can't compel you to product the combination because then you would be being forced to reveal that you did, in fact, have the combination and, hence, access to the inside of the vehicle which would be incriminating given the contents of the car.
If, however, they found a surveillance video that showed you opening the door of the car using the combination you could then be compelled to provide the combination as that would not reveal, for the first time, that you actually had access to the interior of the car.
Is that correct?
Re: (Score:3)
That's some pretty involved mental gymnastics they came up with to work around the fifth amendment. In reality, it's much simpler. Any information a suspect provides is testimony. If that information increases the chance of the suspect being found guilty, then it is incriminating testimony. No one can justly be forced to provide incriminating testimony.
Re: (Score:3)
So the important thing to take away from this is that if law enforcement questions you at all about an encrypted drive, you don't just deny them the key, you remain silent about it.
Re: (Score:3)
So, the best thing to do, if any police or govt agency starts to ask you questions, you should immediately NOT talk to them, and lawyer up. Don't give them any information (such as this).
From what I've been reading and watching, this is especially true if you are indeed, innocent.
Shut up. Lawyer up.
Re:Last Sentence (Score:5, Informative)
It came from the linked article that references a rejected appeal in a bank fraud case concerning turning over an encryption key.
Re: (Score:2, Insightful)
I believe the distinction is that in Feldman's case, the act of decryption shows that he had access to and control over the storage devices. This, by itself, would apparently be incriminating.
Re: (Score:2)
By ordering to decrypt, the accused is compelled to tell the government what they are not already known, that is, the content of the encrypted drive that could be evidence against accused . Hence the 5th Amendment Violation
Re: (Score:3)
By ordering to decrypt, the accused is compelled to tell the government what they are not already known, that is, the content of the encrypted drive that could be evidence against accused . Hence the 5th Amendment Violation
Wrong. They have the right to the information on the encrypted drive. What the government doesn't know is whether or not the accused is the one putting the encrypted data there. If he has the key, he is guilty - no need to decrypt the drive! If he doesn't have the key, he is innocent (all slightly exaggerated).
Re: (Score:3)
Wrong, the government has the right to break into the data, but not to force somebody to interpret the data for them.
This would be a bit like if you had a secret crime lair where you kept all the evidence of your misdeeds. The government would have a right to search for it, but if they couldn't find it or couldn't figure out how to open it, they couldn't force you to open it for them or tell them where it is or acknowledge its existence.
What's more, they couldn't force you to incriminate yourself against ot
Re: (Score:2)
This would be a bit like if you had a secret crime lair where you kept all the evidence of your misdeeds. The government would have a right to search for it, but if they couldn't find it or couldn't figure out how to open it, they couldn't force you to open it for them or tell them where it is or acknowledge its existence.
A better analogy: There are guns hidden in a locked cupboard. It is locked, but can be opened with brute force. The police ask you to unlock it.
The fact that you have the keys to unlock the cupboard is evidence against you. The police will get the guns with or without your help, but without your help, they find it much harder to prove that you owned the guns or knew about them. In this case, the fact that you can decrypt the drive can itself be evidence against you. Imagine the police lost the hard drive
Re: (Score:2)
In other words, if the law enforcement had a reasonable suspicion you have incriminating data of a particular kind (perhaps a list of the prostitutes you pimp for, whatever) and a reasonable person would assume that data is on the encrypted media, they could go through channels (subpoena, search warrant, some form of judicial writ) that would require you to decrypt the media for a search for that specific data.
If law enforcement merely thinks you are a criminal (because you are living "above your means") an
Re: (Score:2)
Re: (Score:2)
Where did the last sentence in this summary come from? It seems to be completely contradictory to the main content. Elaborate?
In this particular case, whether the defendant knew the password or not was in itself something that could be used as evidence against the defendant. Even if the hard drive had been destroyed or lost, supplying the password could be used against him. In a different case, if it is known that there is encrypted data and it is known that you have the password, and there is no evidence in the password itself, then they can compel you to decrypt.
It has to do with foregone knowledge (Score:5, Informative)
It's a subtle point described in the judges decision.
If the government has knowledge of particular documents, they can force you to present them. This includes forcing you to open your safe or decrypting your hard drive.
If the government has no knowledge of the contents of the hard drive, no information from other sources that indicate that you have specific documents it wants, then it can't force you to decrypt your hard drive.
The judge's position was that since the government had no indication of whatever documents are on the hard drive, producing them tied the defendant to the documents - providing evidence of control and ownership. Since that evidence (control and ownership) was not available to the government beforehand, it would be compelled testimony.
I think this is also reasonable in light of the fourth amendment. If the government doesn't have knowledge of specific documents, it can't go "rummaging around" on your disk looking for things.
Re: (Score:3)
If the government has knowledge of particular documents, they can force you to present them. This includes forcing you to open your safe or decrypting your hard drive.
If the government already knows something, it doesn't need me to do anything. It can use the information that it already knows. If the government doesn't know something, and that something is incriminating, then forcing me to reveal that something violates my 5th amendment protection against being forced to bear witness against myself.
Re: (Score:2)
Scenario 1: As a citizen, I step off the plane after getting back from a foreign country. Not knowing who I am, ICE goons randomly pull me aside and order me to give up the encryption key to my laptop. They have NO reasonable suspicion that doing so will yield i
Re: (Score:2)
It is explained in the ruling, explicitly.
Page 8: "But the following question remains: Is it reasonably clear, in the absence of compelled decryption, that Feldman actually has access to and control over the encrypted storage devices and, therefore, the files contained therein?"
Page 9: "I conclude that Feldman’s act of production, which would necessarily require his using a password of some type to decrypt the storage device, would be tantamount to telling the government something it does not already
Re: (Score:2)
Bleh, the second paraphrase should read:
> If the government has reasonable suspicion that illicit media exists, but can not verify you have access to that illicit media, it can not compel you to retrieve that media.
Re: (Score:2)
Not from me.. ;-)
Re: (Score:2)
In TFA, they state that, in the latter case, the accused was compelled to reveal his encryption key because he was recorded in a discussion where he talked about the encrypted [device] containing incriminating information.
In the former, the prosector's request was just a fishing expedition, so it was denied.
It is an unsettling distinction. Computers hold so much information about nearly every aspect of our lives, it really doesn't seem right that one piece of evidence allow that to be pried wide open.
Would
Re: (Score:2)
Would a warrant be issued to tear apart your home if it was overheard that you had a doobie in your sock drawer or would they limit the search to your sock drawer?
If the evidence was what you presented, and they searched your kitchen cupboards, a lawyer would probably get any cupboard evidence suppressed. If they found heroin in the sock drawer, they could use that evidence.
Re: (Score:2)
Where did the last sentence in this summary come from? It seems to be completely contradictory to the main content. Elaborate?
From summary: If the government has reasonable suspicion that you have illicit data, they can still compel you to decrypt it.
IANAL - however.... ;)
At least one possibility is that you can be granted immunity and compelled to testify or produce.
Kastigar v. United States [ohio.gov]
(1972), 406 U.S. 441 -- Use and derivative use immunity is coextensive with the protection of the Fifth Amendment. If a person who has been compelled to testify under a grant of immunity is later prosecuted, it is the burden of the government to prove incriminating evidence is derived from a wholly independent source.
I believe there may be other possibilities as well.
Comment removed (Score:5, Informative)
Re: (Score:2)
I'm no lawyer but I think the central issue here is providing access to the encryption key would establish a relationship between that content and the accused. A relationship that is not already established.
Somehow this is different than providing access to encrypted content of hardware you clearly own because it is not about compelling decryption it is about establishment of linkage between individual and encrypted content.
Suppose the password is shared?
Re:Last Sentence (Score:5, Informative)
Not quite right.
The government is asking for information which would demonstrate that he had the capability to access the information in a device. Such an admission would be useful to the prosecution which must account for the custodial chain of the device and the data within it.
An example of a situation where you might require this sort of defense:
1. You buy a computer from Bob on Craigslist. You stick it in your garage to work on later.
2. Bob is busted for something, and when questioned about the computer, says he sold it to you.
3. The police arrive at your house, and with a warrant seize the computer from your garage.
4. It turns out that 'Bob' was selling CP or something similarly illegal. The prosecutor decides that YOU purchased the computer/HDD as part of a purchase of CP from Bob.
5. You claim that you have no idea what is on the machine, and the prosecutor demands that you provide the encryption key to decrypt the files for search.
At this point, if you were to provide the encryption keys, it would demonstrate that you DID have the ability to access the files on the computer, this would be providing evidence to the prosecution that you were part of the chain of custody.
In the case where the person WAS compelled to turn over the encryption key, the prosecution already had evidence that the person already could access the encrypted device/file. Therefore, by turning over the encryption key, the person was not providing any evidence that the prosecution did not already have.
So if in the example I provide above, you had made a statement that "Hey, Bob sold me a computer, and you wouldn't believe the nasty stuff he had on it in an encrypted file." That would mean that you could not plead the 5th as it would already be a fact that you could access the encrypted file, so providing the keys wouldn't be giving any evidence to the prosecution.
Re: (Score:2)
Re: (Score:2)
Compel means do what we ask, or sit in jail until you do what we ask.
Re: (Score:2)
They can compel you to try, they can not compel you to succeed ie this is what the password should be #V3ry@L0nG@Pa55W0rd# but it doesn't seem to be working, perhaps I entered the wrong key last time I changed it and all the stress of the prosecution is making me forget which special character, which capitals and actual phrase but I 'WILL' keep trying. I truthfully have forgotten quite a few passwords in my time and either lost the data or was forced to use other methods to access it. You only have to look
Obligatory XKCD (Score:5, Funny)
Oblig xkcd is wrong yet again (Score:3, Insightful)
Bzzt. In this real life example, when the guys with the $5 wrench came along, the victim called his lawyer who brought in a judge who wields a $100 wrench.
And it all happened (he beat the $5 wrench guys) because he encrypted. If he hadn't encrypted, he might not have ever known he was under attack (well, ok, in this particular example he actually did; most of the time you don't), wouldn't have been confronted with the $5 wrench, and wouldn't have have had the recourse of getting the judge to come in with
Re: (Score:3)
Examples of what's important are: your shopping list, where you're having dinner tonight, mundane thoughts such as "yes, I'll have another beer" and nearly anything else. Anything you say can be used against you, and I'm not quoting Miranda; I'm quoting reality itself.
This is so very true. See Here [youtube.com] for details.
Forgive my ignorance... (Score:5, Interesting)
Does the 5th amendment right to avoid self-incrimination apply only to the particular charges being brough in a given case, or does it cover any statement that could be incriminating, even if it were in a different proceeding, or if the record from Case A were to be used as evidence in Case B?
Say, in the case of an encrypted HDD, it's reasonably plausible that a broad spectrum of the suspect's electronic activities will be there. Common software tends to be a bit 'leaky' in terms of recording what it does(temp files, caches, search indexes, etc.) and most people don't have entirely separate computers for each flavor of crime they are engaged in.
If somebody were being charged for one crime that probably left evidence on the HDD(kiddie porn, say); would the fact that they know that there is evidence of CC-skimming(but, unlike the kiddie porn, the feds have no circumstantial evidence or other grounds for belief) justify a 5th-amendment refusal to decrypt the volume? Would the other potentially-incriminating stuff be irrelevant because it isn't among the charges(even if the court record could be used as evidence to bring future charges)? Would the suspect be compelled to divulge the key; but the prosecution only have access to material relevant to the charges being filed, with some 3rd party forensics person 'firewalling' to exclude all irrelevant material?
Re: (Score:2)
No, it applies to all cases ... if you state something in case A, it can be used in case B. Which is the point of the protection: if you are on trial for jaywalking, and can "prove" that you were not jaywalking because
Re: (Score:2)
If somebody were being charged for one crime that probably left evidence on the HDD(kiddie porn, say); would the fact that they know that there is evidence of CC-skimming(but, unlike the kiddie porn, the feds have no circumstantial evidence or other grounds for belief) justify a 5th-amendment refusal to decrypt the volume?
Well first of all if the police only knows that the material possibly or probably exists but not how you're implicated then the 5th should apply, since this whole case revolves around the testimonial value of decrypting the information. But if they find it proven through other evidence that you have the decryption key, then decrypting it doesn't give any additional testimonial evidence. It does cause the involuntary production of evidence, but you can not refuse to give say a DNA sample that would prove you
Mountain out of a molehill (Score:5, Interesting)
Encryption keys? It's arguing about the wrong topic. These silly arguments about the Fifth Amendment will soon be about as relevant to our lives as the Austro-Hungarian Empire.
Re: (Score:3)
Did you even read the quote you posted?
Re:Mountain out of a molehill (Score:5, Insightful)
Hard to believe those are the words of mayor "You can't have a big soda, or smoke until you're 21, because I'm the government agent and I say so" Bloomberg...
Re:Mountain out of a molehill (Score:5, Informative)
Re:Mountain out of a molehill (Score:4, Insightful)
Yes, we live in a dangerous world where people like Michael Bloomberg want to take away our freedoms.
No "terrorist" can ever take away our freedoms. Only governments are capable of using enough force against us to accomplish that.
Re: (Score:2)
You introduce that as though it's some kind of extreme example, but don't you think it makes sense that people in government, SHOULD always be the main opposition to constitutional limits on government's power? If you ever find yourself looking to mayors, presidents, senators, councilors, etc to somehow use as inspiration or
Re: (Score:2)
Sorry, Umuri, my thread-fu is weak. Would delete and repost in the right place if I could.
Re:Mountain out of a molehill (Score:5, Insightful)
We just had a demonstration that most people are willing to live under Marshal Law, have their houses searched, in a violation of the 4th Amendment. We have the federal government actively campaigning for the abolition of the 2nd. People being sued for speaking their mind (1st Amendment), and so on. So what is to protect us from government taking the 5th away? Not to mention that the Federal Government has consistently violated the 9th and 10th.
IF we the people had any balls, we would be dragging President, most (if not all) of Congress into court and charged with treason. Problem is, who is able to arrest the President of the USA for Treason? Who is willing? Obama, GWB, Clinton ..... all are guilty. But stick a (D) or (R) after their name, and all of a sudden 1/2 the people will "like" what they are doing, say "It isn't that bad".
No, it isn't "That bad". It is worse.
Re: (Score:3, Insightful)
If they're willing to have their houses searched, then it is not a violation of the 4th amendment to search their houses. You can give permission to the police to search your house.
Yeah, "permission." They were showing up at houses with teams of something like six heavily armored SWAT members, banging on the doors, aiming automatic rifles at the home owners, and then asking to be "allowed" to look at home.
Want to say no? That's OK, they're backed by literal tanks and even more armed SWAT people, aiming through the windows at anyone they can see from their tank.
So, yeah, they were "consensual" searches. In the same way a mugging victim "consents" to having his wallet stolen in excha
Re: (Score:2)
Police can search your home at any time without a warrant.
What the 4th amendment does is protect you from whatever they find from being used against you in court if they can't justify the search.
Re: (Score:2)
The article calling for giving up the constitution isn't calling for the establishment of a police state, as you seem to be implying. It's pointing out that arguing over interpretation of an ancient document that doesn't evolve with the needs of the time is unnecessary for freedom (as evidenced by other countries and America's presidents own frequent disregard for it), and causes unnecessary problems. Example: people who justify gun ownership not on any kind of reasoned argument about the needs of the time,
Chicken Little, take 100 (Score:2)
I've just heard too many people rant and rave for years about how the Constitution is being ignored, destroyed, etc. to get worked up about this. When George W. Bush was president, we heard that he was going to declare martial law and suspend the elections. Yet the man obeyed every Supreme Court dec
Makes fishing expeditions illegal (Score:2)
And requires the police and DA to do some detective work before a conviction is possible.
As for leaders who are dissatisfied with the protections given in the constitution, use the democrat process that we have to amend the constitution. It's quite possible to change it. Don't like the 5th amendment, then propose something else. Ignoring the laws we have on the books isn't acceptable as then they will be inconsistently applied. Inconsistent justice is not justice at all.
How did he encrypt it? (Score:5, Interesting)
What encryption algorithm did he use that's FBI-proof?
Re: (Score:3)
Re: (Score:3)
Well, AES-256 is readily available but I guess only the Feds and the accused know what was used.
Anything that is worth it's salt (pun intended) will cause grief for any person trying to decrypt the data. There's lots of tools out there, just go look at a few.
I would recommend looking at TrueCrypt http://www.truecrypt.org/ [truecrypt.org] and OpenPGP http://www.openpgp.org/ [openpgp.org] first.
Re: (Score:2)
Well, AES-256 is readily available but I guess only the Feds and the accused know what was used.
Anything that is worth it's salt (pun intended) will cause grief for any person trying to decrypt the data. There's lots of tools out there, just go look at a few.
I would recommend looking at TrueCrypt http://www.truecrypt.org/ [truecrypt.org] and OpenPGP http://www.openpgp.org/ [openpgp.org] first.
Yes, I know there's lots of tools out there, that's why I asked the question. I've looked at a few, but I don't know which ones are so difficult to crack that the FBI was willing to try to get the judge to compel the defendant to reveal the key and risk having the judge rule that the defendant is within his rights to not reveal the decryption key. It seems like if the FBI secretly had the ability to break the encryption, they would have done that instead of risking that the judge would rule in the favor of
Re: (Score:2)
Well as of a year ago, here's a few tidbits on AES and the NSA.. [schneier.com] But that was a year ago and I don't think the NSA would be sharing
their resources with the FBI on something like a potential kiddie pr0n case.
Re: (Score:2)
Re:How did he encrypt it? (Score:5, Insightful)
Yeah!
We crimin... drug... pirat... SECURITY EXPERTS want to know!
I think you mean "citizens".
There are lots of legitimate reasons a citizen may want to save information that they don't want even the US government to read. Just because I keep a diary doesn't mean I think some FBI agent should be privy to what I've written just because they suspect that I may have committed a crime.
Where we stand (Score:2)
There is a baseline to all of this and that's: does the government know what's on the encrypted drive?
If it does, such as in the case of the guy moving child porn across the border from Canada, the agents SAW the kiddie porn, so when ordered to decrypt the harddrive the government already knew what was on there.
If the government doesn't know what's on there and only suspects it thats when the 5th kicks in.
Make sense?
Re: (Score:2)
"Make sense?"
Not to me. If the government agents want to swear under oath that they saw the material, their testimony could be used as evidence. I don't see why their supposed "knowledge" should make any difference in the matter of whether or not the accused needs to turn over their encryption keys.
Victimless crimes? (Score:3)
I sometimes wonder at all the victimless crimes we seem to have.
In this case federal prosecutors not only don't have a victim, they don't have evidence of a crime. The only way to convict the defendant is to get the evidence from him.
I think the constitution was made specifically to protect us from these sorts of "investigations of suspicion"; specifically, the founding fathers recognized that many activities may seem suspicious from the outside and in certain contexts, but that the government can't simply come in and rummage around for reasons to arrest someone.
This is especially salient in today's world, where innumerable crimes go unaddressed even though there are real victims, and investigating and prosecuting would be trivial. Spam, phishing fraud, identity theft, stolen laptops where the laptop tells the owner where it is, robocalling - all crimes where an average citizen has to beg the government to intercede... to no avail.
Having "suspicious activity" but no evidence should be a clear signal to the authorities. Drop the case, or do something to get real evidence. This general "he's done something wrong, we only need the tools to do our job" thing has to stop.
Do your job by protecting real victims.
I can't remember... (Score:2, Interesting)
Politicians, police, and heads of major bodies are trained to answer "I can't remember" to questions where a refusal to answer is not permitted.
By Law, in the USA, the statement "I cannot remember" can NEVER be categorised as lying (without a freely offered self-confession of this fact). Understand that the USA is one of the obscene nations where lying to law enforcement goons is a serious criminal offence in itself, whereas the same law enforcement goons have full State authority to use lies as a tool of i
Those darn dems (Score:2)
Lessons (Score:4, Interesting)
Things I learned from reading the ruling:
1. As usual, keep your mouth shut. The guy merely admitted that he lived alone in his current residence for 15 years before he got smart and lawyer-ed up, and that fact makes an appearance in the ruling. It doesn't hurt much and they would have figured it out anyway, but it definitely didn't help.
2. Use whole-disk encryption and encrypt everything. All evidence against him mentioned in the ruling was obtained from unencrypted drives and were what should have been private bits and metadata that leaked or never making it to the encrypted drive, especially log files. They have highly incriminating file-names, drive letters, peer-to-peer download logs, basically a ton of metadata. While this ruling almost certainly doesn't cover all the evidence against him, it's not clear the FBI would have anything at all if it weren't for the two drives that they found unencrypted. Although they must have had something else to go after him in the first place.
3. IMO he really dodged a bullet at least in this narrow instance. Crudely speaking, Judge says it isn't reasonable to conclude that both the files in question necessarily exist and that the defendant had access to them (it sounds like the real problem is the latter). This when they have file-names, log files, and the disks in question were taken from his residence where he has lived alone for 15 years, and while he certainly hasn't admitted the disks were his, I don't see an active claim to the contrary either (which I'd likely support but he needs to say it). I'm very pro-encryption and am generally not happy with the court compelling encryption keys, but this is one of the weakest cases for not doing so that I could think of, and is probably why the FBI decided to go for it and now potentially lost big if this it the burden or proof they are stuck with to prove ownership or control of data on a disk.
I can't hand over the key (Score:3)
I have files on my Hard Drive that are encrypted, with the key being stored on a USB dongle. Unfortunately, that dongle went missing.
So I now sit on a lot of files that I can't access and couldn't turn the key over (but hey, if you find the dongle in your search, be my guest), but I know the moment I delete them I find that darn dongle...
Re:England (Score:4, Insightful)
Yeah sometimes we pass silly laws in the UK and other times they do in the States. Its like trying to figure out which pile of shit has the least offensive smell.
Re: (Score:3)
Re: (Score:3)
$22k a year? I'd be willing to not edit the submissions for a fraction of that.
Re:What is the method / software used (Score:4, Interesting)
The FBI has admitted defeat in attempts to break the open source encryption used to secure hard drives seized by Brazilian police during a 2008 investigation. <URL:http://news.techworld.com/security/3228701/>
Re: (Score:3)
Pretty much anything open source. If you're not allowed to see the source (skype, hardware disk encryption, proprietary encryption, windows built-in encryption) you can bet that FBI has a master key.
Doesn't mean it's safe just because it's open source, but broken or bogus encryption solutions which are open source are quickly found out.
Re: (Score:3)
If they can crack it they're totally free to use it.
imagine that there's a body buried someone in kansas. they can't force you to tell them where it is so that they can go collect evidence against you from it.
But if they find it themselves they're free to use it.
for encryption the search space is a mathematical one but otherwise it's similar.
of course if the NSA or some such can crack it there's no way that they'll admit it for something as trivial as a conviction for some petty criminal because then everyo
Re: (Score:2)
I don't think it would be illegal. The only reason that this is an issue is because they either can't or won't break the encryption themselves. Instead they are trying to compel the suspect to divulge information that could be inciminating. If they had other evidence proving that there was evidence on the encrypted device then they could legally compell the suspect to do so.
So far as breaking the encyption there are a couple possibilities in play. The government might have access to the computing power or t
Re: (Score:3)
I'm sure the FBI / NSA has some supercomputers that could crack his computer in very short orde.
Then you simply watch too much television.
Re: (Score:3, Insightful)
That is because you don't understand encryption.