Mass. Supreme Court Says Defendant Can Be Compelled To Decrypt Data 560
Trailrunner7 (1100399) writes ... Security experts have been pounding the drum about the importance of encrypting not just data in transit, but information stored on laptops, phones, and portable drives. But the Massachusetts Supreme Judicial Court put a dent in that armor on Wednesday, ruling that a criminal defendant could be compelled to decrypt the contents of his laptops. The case centers on a lawyer who was arrested in 2009 for allegedly participating in a mortgage fraud scheme. The defendant, Leon I. Gelfgatt, admitted to Massachusetts state police that he had done work with a company called Baylor Holdings and that he encrypted his communications and the hard drives of all of his computers. He said that he could decrypt the computers seized from his home, but refused to do so. The MJSC, the highest court in Massachusetts, was considering the question of whether the act of entering the password to decrypt the contents of a computer was an act of self-incrimination, thereby violating Gelfgatt's Fifth Amendment rights.
The ruling.
Re:Except, of course, they have to prove you can (Score:5, Interesting)
From TFS:
He said that he could decrypt the computers seized from his home, but refused to do so.
Just because he was a dumbass doesn't mean the rest of us have to be.
But let's say you want to be honest - here's a conceptual idea:
Encrypt your stuff on a drive with two-factor auth. The first is a key that expires after x number of days, renewing the expiration every time you access it (let's say 3 to 14 days, tops.) The second factor is a passphrase. Shouldn't be hard to cook up if you use a high-bit-count SSL certificate as your key, and the encryption software checks the date. Keep the key on a separate but random-looking USB stick, SD chip, whatever. When you're not using it, stick it in a camera, unused smartphone, or similarly hidden. To prevent BIOS/EFI tinkering, insure that the encryption software double-checks that the system time is within the window (between last successful access and new expiry date) on boot, and destroys the key if the date is outside that window. Same with insuring that the HDD is in the same hardware it originally sat in, destroying the key if the software detects that a series of MAC addys and serial numbers don't match up.
After the keypair expires (after all, you've been in jail all this time and unable to access it, so...) you can truthfully say that the data is unreachable by any means (though I do suggest that your statement not end with the phrase "...so suck it, copper!") Of course, this means *you* can't access it either, but one would hope you had a backup of the data stashed somewhere beyond the reach of a warrant or the authorities' knowledge, yes?
Fun mental exercise either way. :)
Same lie, two people, different outcome (Score:5, Interesting)
Judge thinks you are lying. You're a geek, who presumably knows how to secure information on a computer. You saying "I lost the data" is equivalent to saying "My whole life is a lie and I don't actually know how to do any of the things I always talk about." Bullshit. You didn't lose the data. Your RAID6 didn't have a three-drive failure, and your backups weren't untested.
Same judge can think Lerner is telling truth. Lerner is an administrator, and she uses an iPhone and thinks the "e" on her desktop is the Internet, Her saying "I lost the data" is equivalent to her saying "I think the car's oil might be low, but I haven't looked. but the problem really could be oil, because I read a story in Readers Digest about a couple who saw some smoke coming out their hood, and when they finally got to town for someone to check it out, it turned out they were low on oil!" Her act is consistently dumb enough that no dumbness could be out of character.
When Lerner is asked the airspeed of an unladen swallow, she smiles helplessly, shrugs, and says "I don't know. What did you swallow?" When you're asked, you smugly immediately instinctively counter with "African or European?" and when the judge says "European," your eyes suddenly dart around and you say, unconvincingly, "Uh... I don't know anything about swallows."
Re:Except, of course, they have to prove you can (Score:5, Interesting)
Destruction of evidence is a separate crime, and simply having some type of electronic dead man's switch on it does not get one off the hook.
A self-destroying/expiring system is not illegal.
But the real problem with Penguinisto's idea is it won't work. When computer equipment is seized; the power is immediately removed, and the software can do nothing.
Power removal and system reboots are common enough, that there's no way the only copy of important data is in RAM; although, even if there is, authorities might attach a Firewire/PCI/Thunderbolt device, and use Inception to RAM dump the lower 4GB to write-only media.
Which brings me to the next point..... after the seized computer is shipped to a lab; the first thing they will do is remove the storage media from the computer, hook it up to a Write blocker (Which is a special hardware dongle that is inserted into the I/O path and blocks any Write operations, Security commands, or other destructive messages from being sent to the hard drive), before powering the system back on, booting from a read-only USB stick, and dumping a complete backup image of the entire disk to archive.
In the event that there is an ATA security lock/ATA password setup on the drive; the lab can disconnect the normal disk drive controller, and attach a custom one. If this is an encrypted SSD; they will have equipment and details from the drive manufacturer (obtained under lawful order), required to read the keys off the controller's PRAM chips.
They can also, lift the platters out of the drive, and have those imaged --- in case they suspect attempt to overwrite files with all zeros.
In short: The idea of using two factor in software with expiring keys for data stored on a HDD is extremely naive, if you think a LEO's lab will screw up and lose the data because of it.
Your only chance is if you have a really tamper-resistant HSM with a self-destruct mechanism, and the LEO cannot identify the manufacturer, or work out how to safely get in; considering the fact, forensic labs have many advanced diagnostic tools available that can be used to analyze unknown media modules, and chances are good they can cut in and analyze the logic and data stored on even so-called tamper proof electronics...
Re:I lost the password (Score:3, Interesting)
Re:I lost the password (Score:5, Interesting)
No, as the series of court rulings have gone, the Fourth Amendment does not protect you from lawful search and seizure (such as a safe or hard drive). The combination to the safe, or encryption key to the drive, is not incriminating evidence and providing it to allow for lawful search and seizure does not violate your rights. They can admit evidence produced by oneself into court (such as two sets of books in one's own handwriting for a case of fraud) and that is not a violation of the Fourth (or Fifth) - just so with information one puts on a hard drive. What they can not compel one to do is testify against oneself (which is the Fifth by the way) nor assume guilt because you do not take the stand (not that a prosecutor won't toe that line with the jury). So, if one can keep all details of a crime in one's head and manage to destroy all other evidence which could be subject to lawful search and seizure - then you've got a shot at being a criminal mastermind.
I'm not sure I entirely agree with the line of thought - but I can certainly follow the logic as well as the precedence.
What would be interesting is if one's pass-code was material evidence with respect to the case - but a possible way around that would be limited immunity or ruling it as inadmissible evidence...It would make for an interesting case study.
Re:I lost the password (Score:5, Interesting)
Not only that either.... he admitted not only that he COULD but, that the communications that they were looking for were, indeed in those encrypted volumes.
As I understand, previous arguments and rulings have centered upon the idea that decrypting data would potentially give away information that the police didn't have already: like that you have the key and are associated with the contents.
If the police find a USB key in my drawer, and I refuse to talk about it, they only know that I posessed it. They don't know whats on it...or that I actually know whats on it. For all they really know, it could be an empty encrypted parition that I setup and lost the key to (yes, I have done this a coupel of times), it could even be a drive someone asked me to hold onto.
OTOH if I give them that information, then they can connect me directly with the unencrypted data, this makes a good amount of sense in that case.
Re: known data isn't there (Score:5, Interesting)
All this is making me start to think of some kind of more clever "panic mode" encryption.
You'd have to make it really fast, such that it's reg proto-encrypted two ways, one normal, and the panic mode. So say something really fast like shift-control-alt-F11 instantly flips the "panic bit".
We as geeks could put all kinds of awesome stuff into it, smashed into a kind of digital Klein Bottle with milk for Schrodinger's cat.
"Do you know how to decrypt it?"
"No"
"Why not?"
"Because it's time-locked with a code that cannot be found until next September."
"Do you know what documents are on there?"
"The ones you are looking for are not there because they were broken into component parts that only the computer knows, tied to a code that September code. Meanwhile other documents you did not know were there, are there, because they were created by algorithms the moment I hit the Panic Button and not a moment before. And the base of the September key is an English phrase which may or may not admit a crime. You don't know."
"So what if the case is dismissed?"
"I can do other work until September. What's important is that it cannot be broken right now."