Mass. Supreme Court Says Defendant Can Be Compelled To Decrypt Data 560
Trailrunner7 (1100399) writes ... Security experts have been pounding the drum about the importance of encrypting not just data in transit, but information stored on laptops, phones, and portable drives. But the Massachusetts Supreme Judicial Court put a dent in that armor on Wednesday, ruling that a criminal defendant could be compelled to decrypt the contents of his laptops. The case centers on a lawyer who was arrested in 2009 for allegedly participating in a mortgage fraud scheme. The defendant, Leon I. Gelfgatt, admitted to Massachusetts state police that he had done work with a company called Baylor Holdings and that he encrypted his communications and the hard drives of all of his computers. He said that he could decrypt the computers seized from his home, but refused to do so. The MJSC, the highest court in Massachusetts, was considering the question of whether the act of entering the password to decrypt the contents of a computer was an act of self-incrimination, thereby violating Gelfgatt's Fifth Amendment rights.
The ruling.
Ruling doesn't change much. (Score:5, Informative)
If you read the ruling, the court admits that the only reason they said the defendant could be compelled to decrypt his data was because he had already admitted to the police that he was involved in the case, and that the details of his involvement were on the hard drive. I'm sure if he had kept silent the entire time and told them nothing, it would've been a different story.
Important Caveat (Score:5, Informative)
Haven't read the entire ruling, only scanned it, but there is an important caveat in it:
We now conclude that the answer to the reported question is, "Yes, where the defendant's compelled decryption would not communicate facts of a testimonial nature to the Commonwealth beyond what the defendant already had admitted to investigators."
Seems like this guy has said "I did this, this, and this, and these files show that, but I don't want to let you see them", and the Court has ruled that he has to, because he's already admitted to those things, and therefore he would not be incriminating himself in doing so.
Of course, the reality may be that there's evidence of further illegal activities that he hasn't admitted to in the encrypted files. That might make the case for self-incrimination. I'd have to read the full ruling to see what, if anything, they said about that possibility.
criminal defense attorney and programmer here (Score:5, Informative)
This is why you don't talk to the cops, especially if you find yourself in the fortunate situation of having illegally acquired 13 million dollars and encrypted all of the evidence. If you say nothing to the cops, you win. The only way you lose is if you brag to them about how awesome a job you did at getting away with the crime.
The people up here who are saying "tell them you lost the key" "tell them it was scrambled not encrypted, etc" are all idiots. Lying to the cops is a crime. Telling them nothing is the superior response.
Cop executing search warrant: "it's asking for a password"
Def: "I want a lawyer, I'm not talking to you"
Cop: "You encrypted it, didn't you?"
Def: "lawyer lawyer lawyer"
Cop: "We'll just get a warrant anyway and you'll go to jail. Help us help you."
Def: "did't you hear me? I want a lawyer"
That being said, I'm in FL so I'm covered by the 11th circuit ruling. Either way, silence is golden. I'd say that at least 30 percent of my cases would have turned out much better if clients hadn't consented to searches, admitted to elements of crimes or just generally blabbed when they should have remained silent.
Re:I lost the password (Score:4, Informative)
As a lawyer he should have known better (Score:5, Informative)
He did not have to tell the police anything here, he has probably lectured his clients many times on exactly why they should never talk to the police, does not matter if you have nothing to hide, does not matter if you think you have done nothing wrong, and if you have done something but think you can talk your way out of it you are a fool. Ask for your lawyer then shut your mouth, and do not answer any questions, I dont care if they ask you about the weather, the reply is 'ask my lawyer.'
From the language used in the opinion, if he had simply shut his mouth and not started bragging/volunteering information, he would be in a very different situation today.
Re:I lost the password (Score:3, Informative)
She personally didn't lose the e-mail and much of it has already been recovered.
Re:Ruling doesn't change much. (Score:5, Informative)
You may not agree, but it seems to be well established in law that once you admit to the crime and identify the existence and location of evidence, you've waived your 5th Amendment right.
Re:Except, of course, they have to prove you can (Score:4, Informative)
To prevent BIOS/EFI tinkering, insure that the encryption software double-checks that the system time is within the window (between last successful access and new expiry date) on boot, and destroys the key if the date is outside that window. Same with insuring that the HDD is in the same hardware it originally sat in, destroying the key if the software detects that a series of MAC addys and serial numbers don't match up.
This wont work, because you do not control the software used to decrypt it. If you are using a standard cipher (and you really, really should be using a standard vetted cipher), they will us their own decryption software that neither cares about certificate expiration nor about the new BIOS on the lab image that theyre using.
No "time expiring" crypto method that actually works has been devised, most probably because it literally cannot be done in a secure way. The attacker controls the decryption software and the hardware-- not you.
Re:I lost the password (Score:5, Informative)
No, as the series of court rulings have gone, the Fourth Amendment does not protect you from lawful search and seizure (such as a safe or hard drive). The combination to the safe, or encryption key to the drive, is not incriminating evidence and providing it to allow for lawful search and seizure does not violate your rights.
In most circumstances, this is just plain false. As explained (but not very well) in TFA.
Unless it is already known "with particularity" that the drive or safe contains some specific illegal or incriminating material, a judge cannot compel someone to hand over a decryption key or combination. Because those are the only circumstances that would not compel him to incriminate himself. This has nothing to do with the Fourth amendment at all, it's just the Fifth.
Having said that: if they have probable cause or a warrant, they can force open a safe without violating either the 4th or 5th Amendments. The 4th only requires probable cause, and it doesn't require the suspect to incriminate herself, so the 5th isn't violated.
However, with decent encryption there is no way to do that with a hard drive, so the circumstances are very different and the 5th Amendment comes into play. The court cannot compel speech, or "a product of the mind" like a combination or encryption key, if in doing so the individual would incriminate himself. The exception -- the ONLY exception -- is when specific evidence or illegal material is already known to be inside, "with reasonable particularity" as the courts have put it. ONLY in those circumstances is a suspect not being forced to incriminate himself. (And of course if the court did compel disclosure, and the material in question turned out to not be there after all, then the witnesses who said it was would be in some very serious trouble.)
Simply suspecting something is inside is not sufficient. Probable cause is not sufficient. It is a far higher standard of evidence.
Re:I lost the password (Score:2, Informative)
As another AC, my agreement that Rigel47 is a low-information poster aka knows fuck-all about what he's talking about, won't mean much.
But this WaPo summary [washingtonpost.com] of the situation which confirms that the IRS had a 6-month backup retention policy should be meaningful.
I do not expect this information to change Rigel47's opinion one bit. Truth rarely convinces ideologues. But anyone else following along might learn something.
Re:Except, of course, they have to prove you can (Score:5, Informative)
http://forensic.belkasoft.com/... [belkasoft.com]
"Solid State drives (SSD) introduced dramatic changes to the principles of computer forensics. Forensic acquisition of computers equipped with SSD storage is very different of how we used to acquire PCs using traditional magnetic media. Instead of predictable and highly possible recovery of information the suspect attempted to destroy, we are entering the muddy waters of stochastic forensics where nothing can be assumed as a given."