Slashdot Log In
Merely Cloaking Data May Be Incriminating?
Posted by
Zonk
on Fri Jul 27, 2007 07:39 PM
from the what's-mine-is-mine dept.
from the what's-mine-is-mine dept.
n0g writes "In a recent submission to Bugtraq, Larry Gill of Guidance Software refutes some bug reports for the forensic analysis product EnCase Forensic Edition. The refutation is interesting, but one comment raises an important privacy issue. When talking about users creating loops in NTFS directories to hide data, Gill says, 'The purposeful hiding of data by the subject of an investigation is in itself important evidence and there are many scenarios where intentional data cloaking provides incriminating evidence, even if the perpetrator is successful in cloaking the data itself.' That begs the question: if one cloaks data by encrypting it, exactly what incriminating evidence does that provide? And how important is that evidence compared to the absence of anything else found that was incriminating? Are we no longer allowed to have any secrets, even on our own systems?"
Related Stories
[+]
Privacy and the "Nothing To Hide" Argument 728 comments
privacyprof writes "One of the most common responses of those unconcerned about government surveillance or privacy invasions is 'I've got nothing to hide.' According to the 'nothing to hide' argument, there is no threat to privacy unless the government uncovers unlawful activity, in which case a person has no legitimate justification to claim that it remain private. The 'nothing to hide' argument is quite prevalent. Is there a way to respond to this argument that would really register with people in the general public? In a short essay, 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy, Professor Daniel Solove takes on the 'nothing to hide' argument and exposes its faulty underpinnings." At the base of the fallacy, as Bruce Schneier has noted, is the "faulty premise that privacy is about hiding a wrong."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Other types of cloaking... (Score:5, Insightful)
Re:Other types of cloaking... (Score:5, Insightful)
Also, The linked article is on local vulnerabilities in two common forensic software packages and doesn't even mention data "cloaking" techniques. If anything is offtopic here, it's the article or the headline.
Parent
Guilty until proven innocent (Score:5, Insightful)
I agree, technically speaking all data is "encrypted", it's the strength of the encryption that varies. Are we to assume that if forensics can't understand it then it is automatically incriminating? - That's nothing short of "guilty until proven innocent", under that policy the suspect can be locked away until he gives the investigators the non-existant key to unscramble the random sequence of bits found in the free sectors of his HDD.
"Also, The linked article...."
As is the custom on
Parent
Re:Other types of cloaking... (Score:5, Funny)
Parent
Easy solution (Score:5, Informative)
[ standard truecrypt [ deacoy porn ] [ hidden truecrypt [ deacoy gay porn ] [ doubly-hidden true crypt [ secret spy stuff muahahahaha ] ] ] ]
Parent
Why even ask? (Score:5, Insightful)
Why do you even have to ask? As private citizens we arent allowed to hide anything from the government. Its labeled as obstruction of justice and we get tossed in the can if we dont cough up the keys. Even if we have nothing to hide.
Re:Why even ask? (Score:5, Insightful)
I'd just like to point out, that if creating loops in NTFS is incriminating, does having an encrypted file system mean we have something to hide? Or, for that matter, wouldn't DRM be an obstruction, since it prevents access to content? Oh, right, DRM isn't bad, because it has large, multi-national corporations giving large campaign contributions-- err, I mean, supporting it.
Hooray for capitalism!
Parent
Re:Why even ask? (Score:5, Insightful)
Parent
Re:Why even ask? (Score:5, Insightful)
There is a definite need for encryption, and more than just the tired (and flawed) logic of "hiding from forensics", or "hiding illegal stuff" that a lot of people state.
For most companies, physical theft of equipment or media is a valid concern. For example, if someone steals a backup tape that is part of an encrypted backup set (or storage pool, depending on the terminology of the backup system), the company owning the tape can hire some private investigators to quietly hunt down the tape. Without encryption, it can mean serious losses (or prison time)if the info on the tape was any way sensitive, and SOX, HIPAA, or other corporate regulations get violated.
Parent
Re:Why even ask? (Score:5, Interesting)
Parent
Re:Why even ask? (Score:5, Funny)
Parent
Encrypt random noise. Lose the keys. (Score:5, Funny)
I encourage everyone to generate files containing nothing but random noise, encrypt those files, and throw away the key. If everyone does this then they can't tell what is a real encrypted file and what isn't. For good measure email some of these random files back and forth with suspicious subject lines.
Parent
It's called a "warrant". (Score:5, Interesting)
The cops go to a judge and get a warrant based upon whatever evidence they have that a law was broken.
They'd have to have access to it already to see that it was encrypted. And that access should require a warrant.
Again, see the word "warrants" there?
Encrypt EVERYTHING to protect yourself from regular criminals.
But if you are accused of a crime, you have to decide whether the encrypted data will help your case or harm it. And if it will harm your case, will it do more or less harm than refusing to decrypt it?
But there has to be a warrant. Focus your complaints on situations where there aren't any warrants.
Parent
Re:It's called a "warrant". (Score:5, Informative)
Yeah. Except when the authorities just break down your door, or tap your|everyone's phone, or search your vehicle, or take your property, or freeze your assets, just because that's what they've decided they want to do. Warrant, my ass. Wake up.
Yes, it should. But it doesn't. So... now what?
No. There doesn't. There doesn't have to be a trial, either. Or access to representation. Or even a phone call. You can be tortured. Welcome to the USA. Papers, please.
Parent
Re:Why even ask? (Score:5, Insightful)
Yep, there you have it. Police are allowed to look at anything in plain sight but need probable cause to look at anything else. Of course, that means nothing when simply having something not in plain sight is considered probable cause.
Parent
Begs the question (Score:5, Informative)
Zonk should know better by now. (Score:5, Insightful)
Furthermore, when you start multiplying the meanings that a word or phrase can have, you start reducing its usefulness. When it cannot make a specific idea clear, in contexts where the meaning may be ambiguous one now has to use even more words to get their idea across.
Anyway, this specific mistake has been pointed out many times on slashdot. Zonk really should know better by now.
Parent
But Comrade... (Score:5, Funny)
Good luck... (Score:5, Insightful)
Absent any other damning evidence (other concrete evidence found at the defendant's house, financial records at banks and such pointing straight to the suspect, witness testimony, etc), the prosecutor is pretty much fscked if he thinks a jury (dumb as they may be) is going to buy any counter-argument to even a halfway cogent alibi. Everyone knows that Windows is insecure. Everyone knows someone who got a virus. Everyone knows that identity theft is a Bad Thing(tm).
Sorry, but I somehow don't see how a whole case could hinge on just one bit of evidence: "well, he has an encrypted filesystem, and he keeps invoking the 4th/5th amendments(?) in order to not unlock it, so you must convict..."
Then there's the whole "evidence of absence is not absence of evidence" bit.
Not much left to be useful after all that...
The police mindset (Score:5, Insightful)
And the police expect total control of any given situation. Whenever one does not cooperate with the police, the police no longer is in total control and will take whatever measures are necessary to regain total control.
Adding those two points simply will make that anyone who hides stuff from the police is automatically an ennemy that has to be controlled at once.
As a matter of fact, one cannot never win against the police. In a courtroom, yes, maybe, but not against the police.
So the obvious solution is that everyone should perform maximum obfuscation/encrypting of data, the idea being that one cannot jail a whole country.
Let me get this straight... (Score:5, Interesting)
Of course the difference between this scenario and one where someone merely claims to be unable to decrypt the data is irrelevant.
I thought that we were innocent until proven guilty in this country, not vice versa.
Deniability is what matters (Score:5, Informative)
What you need is deniability, as in a steganographic filesystem [wikipedia.org]. No one can ever prove that there is even anything there -- "Oh, I was just playing with it, I can reformat it if you want." Even better, embed data steganographically in standard data formats, like images.
It would be interesting to interpret the protection against self-incrimination [wikipedia.org] to include data storage, i.e. your hard disk is an extension of your consciousness. Of course, this does not accord with the original aim of this right, which was to prevent false testimony/confessions induced by torture -- your hard disk exists apart from your "will."
The Matter of Privacy (Score:5, Insightful)
There is no promise of Privacy in the Constitution, and even if there ever had been, we'd have ground that right down to a bloody stump by now with the growing power of technology on one side and the exploding power of government and big business on the other. It's hard to even say that in a world with accelerating technology and the ability to grow weapons of mass destruction in your own garage or basement, that there isn't some justifiable need for privacy to give way to greater security.
That said, Govenment and big Business have proven beyond any shadow of a doubt that they cannot be trusted to wield the power of absoute intrusion with intelligence, dignity, or even a modicum of good taste. Microsoft is planning to turn your personal computer into their data tap in your home, a private spy on your desk... and what about our government, just today, four men falsely accused of murder in Boston by the FBI (two of whom died in prison and two others who spent 30 year behind bars), just got record making settlements of $102,000,000.00 for malicious prosecution and false imprisonment. Are these really the folks you wants to be watching every atom of your transparent life day in and day out? God help you if it becomes in their political or financial interest to have you made into "Soylent" (pick a color.)
So if we're going to live in a transparent society, where every person is;
- Videod from the time they leave their front door to the time the get back in the evening,
- Having every network packet they send or receive deep scanned for content, ownership, recipients, and legality,
- Running a computer with hardware and software providing virtually total exposure to data collecting agent both benign and malignant,
- And ultimately where every appliance, every room, every space will be filled with intelligent sensors recording every action, preference,
habit, activity, and affiliation that any of us might have,
then we are clearly far overdue for the creation of a new Bill of Rights. We must begin to think about the implications of our technology, and how the clear and unbridled abuse of that power by a loathsome few endangers all of us. If the world is to become transparent, then we must be assured that the eyes that see us, are fair, impartial, and dedicated to the sanctity of our humanity, and our dignity. In short those eyes cannot be human. They can be programmed by humans (who are themselves seen transparently by all), so that the tools that insure our safety, our comfort, ease, and efficiency, aren't used against us by greedy, power hungry, or despotic men. The temptation for misuse is simply too great, we must relenquish the process of watching people to ever smarter machines who have been programmed to act in our best interest. We need to make the breaking of these laws or personal protections prunishable by the most draconian measures. We need to watch the watcher and perhaps even watch those. We need to give people the blessings of infinite information without robbing them of every last shred of their humanity.In the end, this may indeed be the greatest challenge of the twenty first century
You Don't Even Have to Actually Cloak Any Data... (Score:5, Insightful)
So, according to the morons on that court, even if you haven't actually encrypted any data, the fact that you had the tools to encrypt data was enough to judge criminal intent, sort of like possession of burglary tools. The problem, of course, is that encryption software has legitimate uses.
I wonder if any of those judges had Microsoft Office on their computers - if they did then they possessed encryption software and could be viewed as having criminal intent.
Re:4th Amendment (Score:5, Insightful)
Parent