US Judge Rules Defendant Can Be Forced To Decrypt Hard Drive 1047
A Commentor writes "Perhaps to balance the good news with the Supreme Court ruling on GPS, a judge in Colorado has ordered a defendant to decrypt her hard drive. The government doesn't have the capability to break the PGP encryption, and 'the Fifth Amendment is not implicated by requiring production of the unencrypted contents' of the defendant's computer."
Which key do I have to give? (Score:5, Interesting)
If the cipher doesn't require the ciphertext to give you a test for determining whether a given key is the right one, then you can claim that any key (including one you just made up from a thermal noise source) is the "real" key, and the fact that it decrypts to gibberish just means you were storing gibberish on the computer.
You won't be believed, but then at that point -- where the government gets to cross-examine and challenge your purported key -- you're pretty clearly coercing testimony, and much more obviously violating the fifth.
Re:Why we need plausible deniability encryption... (Score:5, Interesting)
Simple: don't know your password (Score:5, Interesting)
"Sorry your honor, I used a very long password made up of computer-generated, random characters: one that I could not possibly remember. I had it written on a scrap of paper on my desk and would only need to type it in on the infrequent chance that I had to reboot my computer. .... You should ask the detectives to re-search through the evidence they collected as the scrap of paper is likely in what they took."
Re:no 5th? (Score:4, Interesting)
Yeah it's not going to hold water once the SCOTUS gets ahold of it. I can't imagine this really holding up.
Re:no 5th? (Score:4, Interesting)
Wouldn't this be a 4th amendment issue instead of a 5th amendment?
If you are compelled to hand over the password it's pretty much the same as handing over physical keys.
I'd attack this on grounds of search and seizure, not self incrimination.
Yeah, I see the 5th amendment arising if they ask you to translate a language that only you speak (as you would have to give testimony to the content of the message). The 4th amendment would be them subpoenaing you to translate a language that numerous people speak... ("Higher a damn translator, I don't have to cooperate with your search, I just can't interfere.")
Had an issue once, and I turned over a notebook full of well... notes, as evidence to a lawyer. The English didn't need translation, and I translated the German for them, because they could just translate it anyways (better to unlock your door for a police search than have them bust down the door.) but my own private language? I told them that was confidential, and I wouldn't translate it until I were advised by a lawyer representing my interests to do so.
Re:Some disagreements in recent history (Score:4, Interesting)
Assuming you don't actually _know_ any national secrets, a CSS decryption key would be just as good. "I would be breaking the law if I gave you a copy of that key".
Re:5th Amendment Clarification (Score:5, Interesting)
5th amendment protects one against oral testimony against oneself, not self-incrimination or being forced to provide evidence.
The 5th amendment doesn't specify "oral testimony against oneself"
It says:
No person shall be ...compelled in any criminal case to be a witness against himself.
That is fairly broadly worded such that giving a passphrase can certainly be witnessing against oneself as it means providing information (witnessing) against yourself. Not to mention that the passphrase is in your head, so it isn't a physical thing to hand over either.
Which brings us to the 4th amendent which is supposed to keep the government out of our personal effects.
People seem to forget that the amendments to the Constitution do not give us any rights, but rather they limitthe government and how far they" can infringe on our "natural rights."
Re:Some disagreements in recent history (Score:2, Interesting)
Assuming you don't actually _know_ any national secrets, a CSS decryption key would be just as good. "I would be breaking the law if I gave you a copy of that key".
Law of necessity. You're allowed to break some laws in the execution of a warrant. Namely, police can basically commit burglary and theft to obtain evidence, except that they have a valid court order permitting their action.
Yellow sticky note (Score:4, Interesting)
I will gladly type the password if they provide me with the yellow sticky note that I wrote it down on. I have too many passwords to remember, why should this one be any different. Like anyone can actually remember a password.
Re:Opening under duress (Score:5, Interesting)
Using it will scramble the disk beyond ANY recoverability.
And then you've committed the crime of tampering with evidence / destroying evidence. Good luck evading conviction for that.
No, your only hope is to set up a random password whose mnemonic is something the *police* will destroy when they search your premises, as in "Your honor, my password was recorded by the order in which I kept Skittles on my desk but the act of collecting these Skittles destroyed my record of my password. It is irretrievably lost due to the actions of the police. I would help if I were able but my memory is wholly inadequate, and the only record was destroyed by the police."
Re:no 5th? (Score:5, Interesting)
Yep, definitely seems to be a real problem, like that poor dude that stayed in jail for 14 years because of his ex-wife's word.
How about the USB drive thing? If there's no passphrase, but rather a very long key stored on a USB drive, it should be pretty easy to claim you lost it. Even if they did find the USB drive (amongst a handful of other USB drives), if the key is hidden on there somewhere not obvious, such as in the metadata for a photo or something, they wouldn't find that. And how are they going to prove you don't have the key? Their encryption "experts" should at least be able to verify your claim that a long (i.e. too long for a human to remember) key is needed, and then you tell them, "it was on the bright red USB drive. Didn't you guys find that among my personal effects? No? I have no idea where it could be then, it was on my dresser last time I checked! Maybe one of your evidence guys took it, as it was one of those nice big and expensive 64GB models."
Re:no 5th? (Score:5, Interesting)
If there's incriminating evidence, surely this is a perfect example on why the person can't decrypt as it WOULD self incriminate them!
A person does not have a right to destroy, withhold, or falsify evidence of their wrongdoing with the intent of stymieing investigators. That's obstruction of justice.
Where it gets tricky, and where the law is still unsettled, is how this privilege of the government to investigate is balanced by a person's right against being forced to testify against themselves. In an ideal world, the accused should not be required to have any part in his trial at all. He should be able to simply say and do nothing, and the government can either prove its case or not. The reason that this is tricky, is that if the accused reveals his password, he actually divulges two distinct facts: 1. the encrypted evidence, and 2. that the accused knew how to decrypt the evidence. #2 should not be underestimated, because that eliminates the need for the prosecutor to prove that the accused had access to the encrypted evidence, knew of the evidence, etc.
In my opinion, which isn't worth the paper it isn't printed on, this should hinge on whether or not it can be shown that the accused knows the password. If it can't be shown, then I don't think it's right to compel the defense to divulge both facts. But if it can be shown (or has already been admitted/learned) that the accused knows the password, then I think the accused must decrypt the files.
A low-tech example of this is in safes. The authorities can make you hand over the key to a safe, but not the combination. If the safe is locked with a combination, they must crack open the safe if they want its contents. Obviously this is less feasible with modern encryption technology.
Re:Simple: don't know your password (Score:5, Interesting)
True story: I've entered my 4-digit ATM PIN dozens of times from memory, but the other day, I couldn't remember it. It just fell out of my memory for no particular reason. I'm still not sure what it is; I'll have to check my password database (encrypted, of course).
This has happened to me several times before, and no, I'm not old enough to make senility a likely explanation :)
Courts Won't Win -- Use Hidden Volumes (Score:5, Interesting)
Since there's no way to prove that a second volume exists within the blank space of the first one, encryption will win the day.
Re:Some disagreements in recent history (Score:4, Interesting)
Can they force _you_ to break the law by giving them the key though?
Re:Am glad that I ain't American !! (Score:5, Interesting)
"Excellent, thank you for the key to the container. Now, give us the key to the hidden container."
"I didn't use one. There is no hidden partition."
"There is nothing incriminating on the container we can access; Just bank statements and a password file. You must have incriminating evidence in the hidden container."
"I didn't use a hidden partition."
"We'll see who the jury believes."
Re:Let's hope he gets extradited, he'll be better (Score:5, Interesting)
What you need instead is a hidden volume. The idea is you have a normal OS and a hidden OS where your dirty secrets reside. You are prompted for a password at boot time and the password you enter determines which volume is booted into.
What you need instead is two hidden volumes. The idea being that when you decrypt the normal OS with a tool that supports a hidden volume and people find it squeaky clean, they'll tell you "ha ha now tell us the other password" so you have a hidden OS where your porn resides, and a hidden OS where your dirty secrets reside. Ad nauseum depending on how nauseous your dirty secrets are.
Re:Let's hope he gets extradited, he'll be better (Score:4, Interesting)
Problem is that forensics officers take backups. They'd back up the drive first and boot from the backup so whether it destroys the data or not is irrelevant. And if you gave the officers the "self destruct" password that horked the backup then that is further evidence that you are up to no good.
A nefarious person could designate a sequence of sectors in various parts of your hard drive as "sectors that will never be read" during the normal course of system operation.
And then patch their hard drive firmware so that if more than 4 of the "off limits" sectors are read, the hard drive will start zero'ing all sectors in the background, and on next power cycle start an ATA Secure erase.
In other words... latent tamper resistant hardware mechanisms implemented such that unauthorized backup attempts result in hardware level self-destruct, so if someone steals the hard drive they can't use it.
Another method of protecting against physical theft of the HDD and passphrase guessing is to utilize online cloud-based services for key distribution.
Instead of the passphrase being used to decrypt the HDD, it gets entered into software, which connects using the internet and makes an API request that results in contacting a number of off-site cloud-based services.
If the passphrase gets entered incorrectly enough times, FAILS to get entered on a certain schedule, or a passphrase with certain characteristics gets entered instead of the correct one, the remote cloud services shut themselves down, and can no longer pass binary data required to derive the HDD decryption keys.
They can also monitor each other and contain an IDS, so if one of them is compromised, it will be ordered to shutdown, and key material required to bootstrap can be incinerated.
e.g. I'm saying the group of all the 'remote cloud security nodes' would form a cooperative group, and for a cloud security node to bootstrap, the other nodes would have to reach an agreement through an election process, and each node would only contain 1/3 or 1/4 of the key material required to reconstruct the HDD decrypt key after presentation of the right passphrase-decoded material from the requestor.
The cloud services can be in disparate geopgrahic locations, even multiple countries, to help reduce the chance of a hacker breaking into a sufficient plurality of those remote providers.