Merely Cloaking Data May Be Incriminating? 418
n0g writes "In a recent submission to Bugtraq, Larry Gill of Guidance Software refutes some bug reports for the forensic analysis product EnCase Forensic Edition. The refutation is interesting, but one comment raises an important privacy issue. When talking about users creating loops in NTFS directories to hide data, Gill says, 'The purposeful hiding of data by the subject of an investigation is in itself important evidence and there are many scenarios where intentional data cloaking provides incriminating evidence, even if the perpetrator is successful in cloaking the data itself.' That begs the question: if one cloaks data by encrypting it, exactly what incriminating evidence does that provide? And how important is that evidence compared to the absence of anything else found that was incriminating? Are we no longer allowed to have any secrets, even on our own systems?"
Begs the question (Score:5, Informative)
Deniability is what matters (Score:5, Informative)
What you need is deniability, as in a steganographic filesystem [wikipedia.org]. No one can ever prove that there is even anything there -- "Oh, I was just playing with it, I can reformat it if you want." Even better, embed data steganographically in standard data formats, like images.
It would be interesting to interpret the protection against self-incrimination [wikipedia.org] to include data storage, i.e. your hard disk is an extension of your consciousness. Of course, this does not accord with the original aim of this right, which was to prevent false testimony/confessions induced by torture -- your hard disk exists apart from your "will."
Re:What kind of sensationalist nonsense is this? (Score:3, Informative)
I'm not sure it was meant to imply that the act of cloaking is itself incriminating, but rather that knowing you cloaked your data might tell them where to look. But then, it really was not worded very clearly.
Murder (Score:3, Informative)
Similarly, if the cops accuse you of murder and you don't tell them where the bodies are, that proves that you are guilty.
Re:Other types of cloaking... (Score:1, Informative)
http://www.securityfocus.com/archive/1/474727/30/
Re:Another take.. (Score:2, Informative)
Easy solution (Score:5, Informative)
[ standard truecrypt [ deacoy porn ] [ hidden truecrypt [ deacoy gay porn ] [ doubly-hidden true crypt [ secret spy stuff muahahahaha ] ] ] ]
Re:The Matter of Privacy (Score:4, Informative)
Re:It's called a "warrant". (Score:5, Informative)
Yeah. Except when the authorities just break down your door, or tap your|everyone's phone, or search your vehicle, or take your property, or freeze your assets, just because that's what they've decided they want to do. Warrant, my ass. Wake up.
Yes, it should. But it doesn't. So... now what?
No. There doesn't. There doesn't have to be a trial, either. Or access to representation. Or even a phone call. You can be tortured. Welcome to the USA. Papers, please.
Re:You Don't Even Have to Actually Cloak Any Data. (Score:1, Informative)
"...Rather, Levie's conviction was based on the in-person testimony of the girl who said she was paid to pose nude, coupled with the history of searches for "Lolitas" in Levie's Web browser." It seems to be me he would have been convicted regardless of the PGP's presence on his hard drive.
You can find the complete appeals court ruling at http://www.lawlibrary.state.mn.us/archive/ctappub
Re:Good luck... (Score:3, Informative)
Unless of course you're declared an Enemy Combatant, in which case, hi-ho, hi-ho, it's off to Gitmo you go!
Re:Why even ask? (Score:1, Informative)
Re:Ron Paul? Yeah Right. (Score:3, Informative)
But, more importantly, Paul has a long history of aligning himself with neo-fascist, white supremacist and Christian Reconstructionist groups. This man wants a fundamentalist, Taliban-esque theocracy run by white men. None for me, thanks.
Re:Guilty until proven innocent (Score:3, Informative)
Now you can get pretty fuzzy in talking about whether or not strange filesystems constitute enough of a secret for them to be called encryption, however encodings such as ASCII, Unicode, Huffman codes, etc. are not encryption by either the popular or the cryptographic definitions.
Re:The Matter of Privacy (Score:3, Informative)
However, if you take the ninth amendment, and salt with a liberal (pun intended) helping of Supreme Court rulings, starting with Griswold v. Connecticut [wikipedia.org] in 1965, you'll find that it is pretty much established law forty-two years later. It is a 9th amendment unenumerated right, but supposedly also supported by the "Due Process" section of the 14th amendment. I don't really understand how Justice Harlan's "substantive due process" rationale actually works, but it has been relied upon in decades of precedent and ruling after ruling, most notably Roe v. Wade, so it's basically legal fact at this point.
The scope is selective, however. Largely, privacy rights fall under the categories of "what you do in your bedroom," "what medical treatment you choose," and "what you do with your money." That's certainly enough of a basis to hold off a police state, however, and can always be amended to add new protected subject matter and activity without writing a new Bill of Rights. It's only going to expand at this point.
So, good news, you have a "right to privacy." It's established law and it's considered to be guaranteed by the 9th and 14th amendments. For instance, privacy law is the foundation of the various medical privacy acts. Someone just has to wake up the folks in Washington who don't understand that "common law" is, in fact, actual law.
The real problem, as you so aptly illustrated, is that we are voluntarily surrendering it with our own technology choices. Your "Brave New World" future portrait hits the nail on the head. The true blow to privacy is when we agree to use and implement such technologies, or allow them, through apathy and complacency, to become the only way to conduct our lives.
--
Toro
Re:Guilty until proven innocent (Score:5, Informative)
Pleading the fifth in front of a jury when you're the defendant is tantamount to an admission of guilt. But there was an encryption/steganography system called Rubberhose ( http://iq.org/~proff/rubberhose.org/ [iq.org] ) that allowed you to create an arbitrary number of encrypted volumes in one disk segment, where each volume took up a random sequence of blocks. You could have four or five encrypted volumes, one of which contained the incriminating material and the rest of which contained plausibly embarrassing and private material. Then you can comply; nobody can prove that you haven't decrypted everything, since the entire disk segment is filled with random-seeming data.
TrueCrypt does almost as well as Rubberhose, and it's maintained. It allows you to create nested encrypted volumes, but defaults to two volumes deep, and I'm not sure whether it supports any more than that.
Re:Why even ask? (Score:3, Informative)
And upon what do you base this assertion? The American people have shown time and time again that they'll accept any injustice, no matter how grave, so long as their bread and circuses aren't endangered.