Encryption and password privacy is an entirely unsettled area of US law. The courts can probably compel you to enter your password (to decrypt a drive, or what have you), while you can maintain that the content of your password can be protected under the 5th. So, for instance, say you had encrypted files of plans to build a bomb and detailed schematics of the White House. The judge can order you to decrypt the files without forcing you to reveal that the password was "K1llt3hPr3zn0w!"
As a practical matter, I've wondered what would happen if someone simply claimed they couldn't remember the password. Especially if one could make it look like the encrypted files hadn't been accessed in over a year.
But yeah: by simply refusing, you'd be thrown in jail for contempt and your only way out would be appellate review of the order. You'd have to challenge the contempt citation on the basis that the original order was unlawful.
I was a grad student in CS at Cambridge when this law was introduced. A nice man from the police came to lecture us about it.
We asked about proving that say the results from a Monte Carlo simulation, or even just a blank disc weren't encrypted - we were told not to worry the law would only be used against terrorists.
Since this was before 911 - the 'terrorists' in question were presumably the IRA, not sure they had much of an online presence back then.
A policeman came to visit our social education class in highschool, and my friend asked was it illegal to have an encrypted file that you don't know the password for. The policeman just looked at him like 'WTF are you talking about?'
Yes, but I'm assuming the UK didn't draft a law in the mid 90s to prevent Islamic attacks on the US.
The fact that their plans would be written in a foreign language (never mind a foreign alphabet) would have been more than adequate to keep it secret from British intelligence.
ps. You do know that we have been having terrorist attacks for almost a century.
>The fact that their plans would be written in a foreign language (never mind a foreign alphabet) would have been more than adequate to keep it secret from British intelligence.
This is one of the stupidest statements I have ever seen.
Why? Given that in 2010, nearly a decade after 9/11 and almost 7 years after the invasion of Iraq, the US military, State Dept, domestic law enforcement agencies and presumably intelligence agencies still have a severe shortage of Arabic-speaking staff, why do you find the statement stupid? The UK before 9/11 was much less focused on terrorism than the US is now. Developing robust foreign language capability in large organizations is very hard. That's why we often fail at it.
Plus, in my experience, Arabic is a difficult language for people who grew up speaking romance languages to learn. Perhaps not as difficult as Japanese, but still much more difficult than German or French.
Of course most police forces and so on will not have speakers available, but the comment said "British intelligence". Every intelligence agency has translators for all major languages, and have for decades (Arabic was an important language in the Cold War almost from the start). And they have translators for minor languages on tap - I bet they could find a Basque, Lapp, or Chukchi speaker if they needed one quicker than most universities.
We may have a stifling bureaucracy and an overstretched military, but at least the British Foreign Office actually has local knowledge and people who speak the language.
How easy would it be for an officer to present an encrypted computer and say - if you don't unlock this, you're getting thrown in jail. This is no different than a witch hunt, it's totally unprovable and throwing people in jail over not knowing a piece of information is unethical.
In the US, the prosecution is going to have to prove beyond a reasonable doubt that there is, in fact, encrypted information and that the suspect knows the key.
Yes, there are going to be gray areas. But if Bob has one computer in his house with his and only his finger prints all over it, wear that indicates that the computer has been used extensively, and the computer hard drive is filled with an encryption scheme wrapped around otherwise useless gigabytes of random data, then I am sure beyond a reasonable doubt that there is encrypted data on the hard drive and Bob has the key.
To establish reasonable doubt all the defense has to do is come up with some alternative way all of your facts can be true without Bob having the key. I can think of two from the top of my head.
1. Bob has mischievous friends, or worse, enemies at school. He leaves his laptop unattended/exposed where someone installs the encryption then wipes their fingerprints, or perhaps has worn gloves. Bob takes his laptop home and tries to regain access to the computer.
2. Bob unwittingly acquires the laptop from a criminal (he may have bought it, or maybe he fixes computers) who encrypted the drive and wiped away all fingerprints. Bob tries to gain access to the computer.
To be free from self-incrimination Bob can simply refuse to answer any questions about the laptop in question at all.
Doesn't work; it's an age old argument ("wasn't me guv, was my mate wearing my clothes") and it will be struck from the record if you claim it with no evidence.
Remember; reasonable doubt is not just the production of an alternate theory, it requires legitimate evidence to verify.
Both the example theories you cite would usually be easy to disprove as well. The first because you could look at various aspects of activity on the computer either side of the creation of the encrypted file and show that it resembles their usual activity (for example, there are numerous other ways to do it).
Now, this is where it gets clunky. I'm speculating here, but from direct experience so... take it with caution.
If you're under investigation for something and refuse to hand over a password then you're unlikely to automatically go to jail over it. The case that probably exists is that there is evidence to support the accusation, but no actual images/material. The latter is needed for a prosecution to succeed. I've never seen a case that looks like a blank go as far as demanding encryption keys - unless you are insanely careful there will always be traces left outside the encrpted file.
(BTW, Pro Tip - if you want to be secure from investigation, scrap windows (it logs way too much) and switch to Linux. Much of the forensics stuff is Windows focused so you instantly throw the [get the right file system and the main forensic tools won't even recognise it...]. Couple that with encrypted containers and you're on to a winner)
I think you're confusing "reasonable doubt" with "any doubt at all." Postulating malicious data-encrypting malfeasance is not reasonable doubt, it's conspiracy theory.
>One of the earliest attempts to quantify reasonable doubt was a 1971 article by Rita Simon and Linda Mahan, "Quantifying Burdens of Proof: A View from the Bench, the Jury, and the Classroom." In a later analysis of the question ("Distributions of Interest for Quantifying Reasonable Doubt and Their Applications," 2006[10]) , three students at Valparaiso University presented a trial to groups of students. Half of the students decided the guilt or innocence of the defendant. The other half recorded their perceived likelihood, given as a percentage, that the defendant committed the crime. They then matched the highest likelihoods of guilt with the guilty verdicts and the lowest likelihoods of guilt with the innocent verdicts. From this, the researchers gauged that the cutoff for reasonable doubt fell somewhere between the highest likelihood of guilt matched to an innocent verdict and the lowest likelihood of guilt matched to a guilty verdict. From these samples, they concluded that the standard was between 0.70 and 0.74.
People did that as a protest when the law was introduced - they emailed random numbers to the then home secretary (the minister in charge of the police in the UK)
> The courts can probably compel you to enter your password (to decrypt a drive, or what have you), while you can maintain that the content of your password can be protected under the 5th.
This is a really subtle point, but in the US this is not (usually) the case, because this is still self-incrimination. You see, by entering the password, you are demonstrating that you have access to the encrypted information, and demonstrating that you have that power is technically self-incrimination. The password is one piece of information that you can't be compelled to divulge, and the fact that you have the password is a separate piece of information, and you cannot be compelled to reveal either. This is also a really important piece of information too, because in order to stick you with any legal consequences associated with the encrypted information, they generally have to prove that you have control over or access to the information. If a file is encrypted it is still possible to reasonably doubt that you have access to its contents despite having access to the physical drive it is on.
While it is (currently, as far as I am aware) untested in the court of law, it may be possible to compel someone to use or divulge their password if this does not incriminate the person to do this. I can think of two ways this could happen: a) access/control to the encrypted information has already been proven, so the testimony is of null value b) the prosecution is not allowed to use the fact that you know the password in court, and takes the gamble that they can prove access/control some other way (possibly by using contents of the information).
This is, of course, assuming that passwords are classified as "testimony" and therefore protected by the 5th Amendment. If the password is ever recorded on a physical medium such as a piece of paper, that piece of paper is probably not testimony, but rather evidence. This means that, like the key to a safe, it is protected by the 4th Amendment rather than the 5th, and you can be compelled to give up the paper via a warrant. This presents quite a quandary in deciding which is more secure: a 16-character semi-mnemonic memorizable sequence, or a 128-character random sequence that must be stored on a USB stick?
This presents quite a quandary in deciding which is more secure: a 16-character semi-mnemonic memorizable sequence, or a 128-character random sequence that must be stored on a USB stick?
Considering that the record for number of decimal places memorized for Pi appears to be 67,890 I'd argue memorizing a 128-character random sequence would be both possible and most secure. ;)
For symmetric ciphers, 128 bits, not characters is considered secure. Assuming the uuencode character set [A-Za-z0-9+/] it's 6 bit per character, so 22 chars only. Quite doable.
Yes, this is the "act of production" privilege. The Fisher decision established that content is not protected as 'testimonial'.
"but the Court has never on any ground, personal privacy included,
applied the Fifth Amendment to prevent the otherwise proper
acquisition or use of evidence which, in the Court's view, did not
involve compelled testimonial self-incrimination of some sort."
"The taxpayer cannot avoid compliance with the subpoena merely by
asserting that the item of evidence which he is required to pro-
duce contains incriminating writing, whether his own or that of
someone else"
"The existence and location of the papers are a foregone conclu-
sion and the taxpayer adds little or nothing to the sum total of
the Government's information by conceding that he in fact has the
papers. Under these circumstances by enforcement of the summons
'no constitutional rights are touched. The question is not of
testimony but of surrender.'"
Fisher largely overturned the earlier (1886) Boyd decision. The court did not expand the Fisher limits until 2000, when the Hubbell decision expanded the testimonial aspect of production and limited the scope of the "foregone conclusion" rationale. For more on the act of production privilege, see http://www.georgemasonlawreview.org/doc/17-3_Cowen.pdf
But this all relies on a particularly narrow reading of the role of the password in these questions. You have no right (Boyd being long overturned) to withhold physical evidence that may incriminates you.
Anyway, this is an interesting area of law and definitely worth watching.
For those seriously interested in this area of law, I highly recommend http://cyb3rcrim3.blogspot.com, as it's a really good source of info on the topic . Susan Brenner is a law prof, and her analysis of current cases is a constant treasure trove of interesting nuggets of insight into the law as it pertains to computers, electronic devices, and digital media. It's broken down enough for the layman to grasp, yet heavy enough in vocabulary and citations/references, that a you'll have a decent understanding of the law and how the justice system works.
Claiming forgetfulness concerning the key would give you a way out unless they could manage to crack it - at that point you would have dodged the self-incrimination bullet but could not be legally bound to simply "decrypt it."
I agree though - the entire thing is an absurdly mucky business. Apparently however the English law doesn't have much like that in the way of loopholes, or he simply refused to decrypt it outright.
I believe there is a specific law in the UK that mandates key escrow -- the government must be able to decrypt anything.
This has been floated in the US before, but it has not gotten good PR. As it stands now, it is a Constitutional law issue -- does the fifth amendment mean that you can't be compelled to get up in the witness box and talk, or does it mean that you don't have to assist the prosecution in any way? Right now, the courts seem to be split 50/50, but I feel that practicality dictates that you don't have to give up your key. First they have to accuse you of a crime and bring it to trial, then you have to refuse to decrypt the key, then the first trial has to stop, then the government has to prove that you know the key, then you have to be convicted and sentenced, then you can go back to the original trial after analyzing all of the decrypted "evidence". If encryption becomes widespread, this just isn't practical. It's easy to prove that you sell drugs; someone goes up to you and buys them. It's not easy to prove that you didn't forget your encryption key, because we have no way to observe someone's mind. Laws that prohibit crimes that can't be proved tend not to do well.
I believe the law in the UK allows for a jail sentence of up to two years for not revealing a password or encryption key.
While it's a dubious law in may ways, when you hear a UK politician calling for longer detention without trial and stating needing to break encryption you can at least point to this law and say that their claims about longer detention are nonsense.
On February 19, 2009, Judge Sessions reversed the
magistrate's ruling and directed Boucher "to provide an
unencrypted version of the Z drive viewed by the ICE agent.
That case was goofy because he initially typed in his password in front of law enforcement and provided them access, which nullified any claims of self incrimination.
It'd be similar to confessing to murder, telling the cops where the body is, and then invoking your right to remain silent, and expecting them not to look for the body under "fruit of the poisonous tree" logic.
You might be right. The wikipedia page said "the laptop was powered-up", which is a little ambiguous ("was [already?] powered-up"). But I think the principal is the same in either case. He already volunteered the information once.
Lying under oath is a criminal offense. Proving you're lying may be tricky, but if it were to somehow become obvious you were lying, you'd then have to answer for that offense as well as whatever other charges you were dealing with before.
This is really common advice, but I'm not sure it's the best option.
it was tongue in cheek. of course you don't have the right to lie to protect yourself from a legitimate investigation where probable cause already exists.
But some people are ASKING about the US, and everything I've said above is as it pertains to US law. Which is a worthwhile discussion anyway, as US readers are the largest single group of HN readers.
Apologies... If you had replied to a question, I wouldn't have felt compelled to post that. But in the UK, it's illegal to refuse to give up your password.
What happens if you say you forgot the password, and the files in question haven't been accessed in over a year? This is a question in my initial post that's still relevant to UK jurisprudence; an answer to which could move the conversation forward in a way far more productive than imagining I didn't know the article was about something that happened in the UK.
I'm not the one downvoting you. But I want a conversation that's adding information or content to which I wouldn't easily have access. So for instance, an answer to the question I pose above (or, if not a concrete answer, something along the lines of what would probably happen).
Just thought of a feature idea for TrueCrypt and other similar packages: encrypted files or partitions can have multiple passwords, which reveal different things. So you could have a password that reveals something embarrassing but not incriminating. If the police or border nazis threaten you with prosecution unless you reveal your password, you give them this one. Meanwhile, you hide anything really confidential behind a password that you never give out.
More people should learn from this attitude. This is what I say every time I have an idea, and I later found out someone already built a startup around it (happens quite a lot, since I spend half my waking time thinking of startups).
Indeed. It means you possibly have a head for good ideas. You should be far, far more worried if nobody else has beaten you to the punch on any of your ideas, because that would tend to indicate that your ideas are either impractical or of low quality.
Presumably the UK police are aware of this feature, which could lead to a more interesting situation when you can't prove that you've really unlocked to the deepest level.
My understanding of the feature is that is is impossible to verify whether or not you are using a hidden volume within a TC encrypted volume.
Although file-hosted TrueCrypt volumes (containers) do not contain any kind of "signature" either (until decrypted, they appear to consist solely of random data), they cannot provide this kind of plausible deniability, because there is practically no plausible explanation for the existence of a file containing solely random data. However, plausible deniability can still be achieved with a file-hosted TrueCrypt volume (container) by creating a hidden volume within it.
Clarification: it's impossible to determine if a hidden volume exists in a TrueCrypt volume. It is trivial to determine whether a given password unlocks the main, hidden, or neither volume.
Data about the hidden volume is encrypted and kept in the second 512 bytes of the volume, where as data about the normal volume is in the first 512 bytes. If there is no hidden volume, the second 512 bytes are purely random data.
It's impossible to tell an encrypted volume header apart from random data. It's very much "try, and if you fail, you either have the wrong key or the volume doesn't exist".
I've met a couple of people who actually deal with computer forensics for the police and they are seriously smart people and totally on top of their game. So while you're average cop might not understand the details, they have forensics guy who certainly do.
As to proving anything, my understanding is that it is theoretically impossible to prove, but sometimes bugs in the implementation or various user mistakes mean that you can, in practice, sometimes get a good indication that something is hidden,
How is it annoying to use? You have to enter 2 passwords instead of 1... Is that it?
As for the data loss, if you only enter the first password, it will let you overwrite the space where the hidden encrypted volume is stored yes. How else would it work? If it didn't let you do this, it would be obvious that a hidden container exists...
nah, the police can't torture you for your password. Only the evil criminals can do that. The courts can incarcerate you for not revealing a password, it's is up to you the criminal to decide if the punishment for not revealing the password is more/less severe than the punishment for whatever crime your hiding the evidence of with the password.
Edit: OK now I have found evidence to prove myself wrong. At some point in the past I though I had read of a court case where a judge ruled that a defendant had to reveal a password. But a more recent case says otherwise: http://www.usatoday.com/tech/news/techpolicy/2008-02-07-encr...
Depending on the country, the symmetric set difference between the police and "evil criminals" is quite small.
And even then when the police can't torture your officially, they can have ways of torturing you un-officially. They can lock you up with a group of gang members who are on the un-official "payroll" of the police. They rape and torture you until you reveal the password. The case in the media will come out as "my cellmate confessed in a moment of weakness and here is the password".
Japan is unique among democratic countries in that confessions are obtained from 95% of all people arrested, and that its courts convict 99.9% of all the suspects brought before them. (...) It is how the police obtain these confessions that troubles human-rights activists. A suspect can be held for 48 hours without legal counsel or contact with the outside world. After that, he or she is turned over to the public prosecutor for another 24 hours of grilling. A judge can then grant a further ten days of detention, which can be renewed for another ten days.
I hope you weren't seriously trying to conflate the Northern Irish situation (which was more like a civil war or a war for independence) and the US military with the UK police.
That doesn't make either of those right, there is no mistake about that, but the UK police is amongst the most professional forces in the world. Not quite the RCMP but to suggest that they'd torture inmates to get a password is simply nonsense.
In the US the current rules for personal hard drives are bound by the 5th amendment which has been interpreted as "a reasonable expectation for privacy." What happens is the police say "Give us your password and we'll drop whatever sentence by 75% for helping the investigation." You don't have to give your password but the NSA works pretty extensively with law enforcement and the FBI (most US cases that require password cracks are federal cases but thats a separate issue).
Anything that ever touches an ISP is a totally separate issue though. In that case, in the US, any information stored by an ISP can be retrieved without a warrant 6 months (I'd need to confirm its not 120 days) after the incident. Those cases fall under the interpretation of a message overheard. In 5th Amendment cases, if you say a message in a crowded room, you don't have a reasonable expectation of privacy and this is how any message on the internet is interpreted legally. There was also a court case this spring where the DoD sued an ISP to give over IP addresses sooner than the 6 month (120 days?) limit (anyone got a link?). The DoD dropped the case though.
Do you think the NSA is going to reveal to foreign governments that they've broken AES by going after some guy with child porn on his laptop? I personally doubt it.
Could the NSA cooperate with the FBI? Yes. Will they? Not if it means they can't spy on Russia anymore.
They could just provide the password without divulging how they did it. The best way would be for them to get the drive, if they crack the password, and the password looks like it could have been guessed or generated from some contextual info about the subject or the case, then they return it the police. If they do crack it but the password is actually a random string and disclosing it would betray NSA's abilities, they they simply refuse to disclose it.
On the other hand maybe it would be better to create disinformation that they have cracked all kinds of ciphers or at least their popular implementations? Maybe it will lead enemies to try to implement their own or use alternate implementations that are actually less secure. This will be similar to Airforce's disinformation related to captured UFO tech in the 50s and 60s...
It has nothing to do with holes in AES, NSA just has better brute force capabilities than the FBI or any other law enforcement. And while you sit in jail awaiting trial, they take the months it takes to brute force a key.
"Breaking AES" is not at all necessary. All it takes is one implementation hole, or some plaintext unknowingly cached by a program.
The NSA don't merely employ scores of cryptanalysts to sit around all day to try to break ciphers (though I expect they do this too). Exploiting mistakes is their bread and butter.
It occurs to me that since this part of a child pornography investigation, 16 weeks in jail for not giving them a password might actually be a far lighter sentence than if the key was provided and illicit material was found. I don't condone the porn, but it does seem like a logical trade-off.
this wouldn't be double jeopardy. It would be a second instance of him refusing to turn over the passwords. Just as you can be tried twice for murder twice if there are two separate murders, you could be tried twice in this situation.
This was (?) the way the USSR used to handle conscientious objectors:
They would send you a letter to go serve in the military,
You would go to where you where assigned,
You objected because of your conscience,
They would then send you to a force labor camp or mental institution for a few years,
The hard work, unhealthy food and living conditions,
lacking health care, medical experiments, and violence among convicts
would often destroy your physical and mental health,
Then when you where released,
They would send you a letter to serve in the military.
…
Unless, naturally, your conscience would no longer object to serving in the military…
Disclaimer: IANAL. Disclaimer: IANAA (I Am Not An American)
Assaulting the same person twice would still be two different assaults. Stealing a truck, getting caught and punished, and stealing the same truck again would, to my understanding, not be risk-free, legally speaking. I suspect the same would probably apply here, though given how unintuitive the law is, especially in this area, I may well be dead wrong.
Edit: To clarify, my point is that if the law amounts to "Refusal to turn over requested passwords => jail time", this would seemingly constitute a second refusal, even if the requested password was the same.
By the same logic, if the authorities had asked him one hundred times in the first interview for his password, and he'd refused one hundred times, then he could be charged with one hundred counts of the offence and put away for 30 years.
The courts aren't run by robots. If it's substantially the same instance of the offence, he couldn't be tried again.
What rationale do they have against double jeopardy? Without it you can make any jail sentence be until someone's death. You can be given a speeding ticket for the same offense until you have no money left.
Scotland has a different legal system, based on Roman law (not Common loaw). Scotland is moving to repeal double jeopardy but it hasn't passed yet.
Note that double jeopardy still applies in all but the most serious cases -- rape, murder, and comparable -- and AIUI charges cannot be brought again unless substantial new evidence comes to light.
You can certainly be tried for the same crime twice. You can't be tried twice for the same criminal act. Arguably, if they ask him again after doing his 16 weeks, it's a new action if he refuses to comply.
It's not a trial. It's refusal or follow a court issued order, the punishment is contempt of court. They don't need a trial in that case... the judge that issues the order can simply judge whether or not you're complying with it.
In all these scenarios, you're screwed the moment you find yourself in court (actually probably long before then when you convince some law enforcer that you're doing something wrong) Judges and lawyers aren't going to be hip to this hypothetical plausible deniability game.
A drive isn't an extension of your brain or your relationship with your wife. It's physical evidence. The only thing that makes it different than say a really big lock on the door of your house or a safe is the effort it takes to circumvent when a court agrees to admit the evidence. Almost never is that evidence used alone.
There are subtle issues to the meaning of the evidence provided, like you might not need to give up the password and thus decrypt everything else encrypted with it, you might just need to decrypt the data in question in a convincing manner to the court. Being able to decrypt the drive doesn't have to prove that you are responsible for the contents.
He's not being tried for refusing to hand over the password - he's being held for contempt of court or similar, which can (and does) go on indefinitely. He's free to leave any time as soon as he hands over his password.
A friend of mine flew back home to Canada. After clearing customs, he was one of the random people chosen to have their luggage inspected. He had his laptop on him and the customs agent booted up the computer, asked him to enter his password and then took his laptop away before bringing it back without telling him anything about it.
I wondered what would have happened if he refused to type in the password.
Not sure why your were upvoted (probably for the sentiment that freely entering one's password without reason should not happen) because that is not correct.
In the US, "customs" typically refer to ICE and TSA, both are enforcement functions of the United States Department of Homeland Security.
checking facts... You are correct. I incorrectly assumed they were equivalent to UK and Norwegian customs, where customs and border protection are separate entities.
I've been wondering about this for a while, my current idea is to wipe my computer before every trip. I keep a backup on a desktop computer that I access to while away. If this happened while coming back to canada, I'd probably still argue and see what I can do. Not sure if I'd go all the way to letting them take my laptop away for ever. They can't refuse to let you back into the country so.. at least on that point you are safe.
They can slap an "obstruction of justice" charge on. Or charge you with "contempt of court" and just jail you based on that.
In broader terms yes the system has a way to inflict random punishment on you for disobidience.
In other countries they will just start breaking your fingers, your loved ones fingers, and so on. So the password problem is solved a lot "easier" then.
A. If any person without just cause knowingly obstructs a judge, magistrate, justice, juror, attorney for the Commonwealth, witness, any law-enforcement officer, or animal control officer employed pursuant to § 3.2-6555 in the performance of his duties as such or fails or refuses without just cause to cease such obstruction when requested to do so by such judge, magistrate, justice, juror, attorney for the Commonwealth, witness, law-enforcement officer, or animal control officer employed pursuant to § 3.2-6555, he shall be guilty of a Class 1 misdemeanor.
Notice it says "any person" not just elected official.
> This seems very unlikely given the (1) the 5th amendment and (2) only judges can issue contempt of court citations.
This entire story smells fake. If TrueCrypt just saved your life, would you really go tell reddit? The dialogue feels constructed; there's no insight about the experience. It's more likely that it's a fabrication by a district attorney, to be cited in the future (just as you have here).
Edit: further evidence for this being a fake:
* This supposedly happened in Februrary 2004, back when TrueCrypt was version 1.0a and barely known.
* His story suggests that his laptop's system drive was encrypted. TrueCrypt added system disk encryption in version 5.0 in 2008.
* He slips up and says he used AES encryption; this is noticed in the comments and he edits it out (I assume).
You may be right. There's a good chance that the AMA is fake.
Meanwhile, here's a much more reputable source (pointed out elsewhere in these comments) that indicates that this issue is not yet resolved and is currently being tested.
You cannot be compelled to incriminate yourself in the US. However, that doesn't mean you can't be compelled to give up your password, since it's not the act of giving up the password that is incriminating.*
As an analogy, if you had a safe that contained incriminating evidence and you hid the key, you could be compelled by the court to reveal the location of the key.
* As far as I know (IANAL) whether or not giving up a computer password is considered self-incrimination or not is still undecided.
It's not analogous to testifying against yourself (Fifth Amendment). It's analogous to forcing you to give them a key to a door so they can search your basement.
Maybe. It is still not clear. In this case "your basement" consists of information (bits). The 5th protects you from divulging information that would incriminate yourself.
If they want to take your hard drive or take your computer as evidence they can take it by issuing a warrant. They can argue that your encrypted stuff is really dangerous because it is encrypted but I think they shouldn't be able to make you talk and divulge the encrypted info.
Now that is what "I think" should happen. I believe there will occur some high profile case, that will lead to creation of laws that will either force key escrow, ban encryption, or force you to divulge the password under threat of jail time or very high fines.
In the USA of today you can be compelled into doing anything the government considers a matter of national security. It all changed starting with the Patriot Act. American citizens have no inalienable rights anymore merely those that are not inconvenient to the government.
In the US there are conflicting precedents at the moment, so it really depends on where the case is being heard. At the moment the case that seems to have the strongest route to the Supremes is the one involving child porn at the border, allowing the court to address both the "are passwords protected" question and the legality of laptop border searches. Unfortunately for the cyberliberty crowd this particular case is the last one they want to see before the court, the facts are not good and it provides an easy excuse for a "law and order" majority on the court to significantly extend the government's reach.
Yeah that's the border - slightly different, though they also set up border checks hundreds of miles "inland" around the country which makes their intentions suspect.
What I hate about all these cases is it comes down to child porn which makes it impossible to defend. Why can't it be something mundane that actually shows why this is a REALLY bad idea.
I just saw a scary university lecture on youtube on why you should NEVER talk to to the police, even to "explain things", even if you know you are 1000% not guilty of whatever they are after. So now it makes perfect sense to me that if they want to go trolling across your hard drive, they are doing exactly that - you are testifying against yourself for whatever charges they want to invent afterwards.
It seems like a bad idea to store anything incriminating on your local hard drive. Why not keep your encrypted files on a flash drive? If the police show up destroy the flash drive using a hammer, ensuring that the flash memory chip is thoroughly pulverized and completely unreadable.
Likewise, if you are going to be using the internet for devious purposes drive around and use a neighbor's open wireless network access point, which highly reduces the chances that anything can be traced back to you. Or set up your own unsecured wireless network point and suggest to officers that illegal use came from an outside source.
Not that I want to condone illegal activities, or condone lying to police officers, but to the hacker in me these seem like simple, sensible steps to take that will be more dependable than even a 50 character password.
But my goal is not to be a smart criminal. My goal is to have a right to privacy to my own stuff.
That said, I don't see why the well-established precedents of opening locked doors and safes shouldn't apply to computers. If you subpoena my safe, I have to open it for you. Otherwise, I certainly won't.
Intentionally destroying incriminating evidence is probably not something you should ever do. Certainly not in such a way that leaves evidence in the form of pulverized IC remains all over your kitchen counter.
Depends on what it's evidence of. If you're destroying evidence of murder, treason, or something else that'd guarantee you a life/death sentence, an obstruction of justice charge isn't going to seem like very much in comparison.
Usually there'll be a reason for the police to kick your door down. I imagine that plus destroyed evidence would be enough to prove beyond reasonable doubt.
There might be all sorts of reasons - if you're being busted for fraud or tax evasion and all of your hard drives are mysteriously blank, or there are empty filing cabinets and a big pile of ash then I would imagine that would go down fairly badly in court.
The modern equivalent is a whole bunch of destroyed media - thumb drives, flash cards or hard drives.
Maybe you just put your private data on flash drives and smash it to bits with a hammer for your own personal privacy, or to get rid of pictures of an ex-girlfriend. There's no way of knowing.
I understand that in some areas, not only is it illegal to operate an insecure wireless access point (in the UK at least), you can be held accountable for the actions of people that use the access point.
That doesn't cover you for swap files / hibernate files or memory dumps which are written unencrypted and largely outside your control. Obviously it's hit or miss what may or may not be included in there but there are a fair number of leaks where even "secure" information is handled in an insecure fashion.
My understanding is that the "oops Agent Smith, my WiFi was unsecured" is not legally feasible, or is going away.. you are responsible for access to your pipe. Which sucks... heh.
That doesn't sound feasible to me, because there are so many older people and non-technically savy individuals who don't know how to secure their wireless access point. In addition, some models don't support security that is strong enough to prevent hacking, or they are set up using default or easy to guess passwords. Lastly, many wireless points are deliberately left open so that they can be used by customers of cafes, etc.
So in summary, I seriously doubt that you can be held responsible for another person's use of your pipe.
The MPAA telling you that is no different than me telling you that. I have no legal authority to do so, no matter how many lawyer's names appear on my letterhead.
"It sends a robust message out to those intent on trying to mask their online criminal activities that they will be taken before the courts with the ultimate sanction, as in this case, being a custodial sentence."
seems like a good reason to have "innocent until proven guilty". drive could contain anything, or nothing.
I think that the law is worded so that it's an offence to have encrypted files and not be able to decrypt them. Whether it's deliberate or just forgotten isn't relevant (though I'd hope it would make a difference in sentencing).
Use TrueCrypt to do whole disk encryption on your Windows XP hard drive. Then boot your computer with a Linux Live CD and dd the first 512 bytes to stdout. This is what you'll see in plain text ASCII:
"TrueCrypt Boot Loader"
No expert is needed to prove that you are using TrueCrypt whole disk encryption. It has a huge stamp right up front.
That's certainly true for that particular instance, in that particular implementation. But it's not necessarily the case. Take some random file and encrypt it with gpg; there's nothing obvious in the contents to mark it out as encrypted data.
:symkey enc packet: version 4, cipher 3, s2k 3, hash 2
salt eae60ad4255dc4e2, count 65536 (96)
gpg: CAST5 encrypted data
OpenPGP encrypted data is easy to find too. It even tells you the algo used. The example is symmetrically encrypted, but it works the same with asymmetric keys. Even shows who it is encrypted for. Edit: formatting.
Just out of curiosity, what would happen if someone e-mailed you something with a title of 'Here are the files you requested about [illegal stuff]' and include an attachment with encrypted contents.
Then say I notify the cops about your 'illegal' activities.
I'm wondering ...
Person A refuses for - pure principle (and maybe some ripped DvD's)
Person B refuses for - let's say child pornography and a dirty bomb manual
There are other legitimate reasons to not want to reveal the contents of your hard-drive besides principle or self incrimination. For instance, if you had the private information of any other people. My SO works with HIV, and recently got access to sensitive data that had to be sent on DVD via courier.
Who here trusts the police to not disclose their HIV status?
If you're in the Unites States, the data is probably protected by HIPAA, the Health Insurance Portability and Accountability Act[1]. HIPAA includes a clause stating that the Attorney General or their designee may issue a subpoena compelling your SO to disclose that information, but only to someone investigating a Federal health care offense.
I've searched through the rest of HIPAA for keywords such as "law enforcement", "criminal", and "disclosure", but I couldn't find anything about being compelled to disclose HIPAA-protected information to law enforcement in any other circumstance than investigation of a Federal health care offense. However, I did not thoroughly read HIPAA, and there might be something in another section of the US Code that's relevant.
Hopefully someone more knowledgeable about this can let me know if I've missed something.
Yup, that's the case. The question is whether or your hard drive is protected from a criminal charges subpoena. The data is kept encrypted on the hard drive, but of course the authorities don't know what's on the hard drive until it's decrypted.
A covered entity may use or disclose protected health information without the written consent or authorization of the individual... in the situations covered by this section, subject to the applicable requirements of this section.
(a) Standard: Uses and disclosures required by law. (1) A covered entity may use or disclose protected health information to the extent that such use or disclosure is required by law and the use or disclosure complies with and is limited to the relevant requirements of such law.
This would seem to give court orders and criminal subpoenas the power to demand decryption of your hard drive regardless of whatever HIPAA data it contains.
1. HIPAA doesn't apply to you unless you're an employee of a covered entity, that is, a health care provider, health care plan, or a firm contracted by a member of the previous two categories to handle billing. You can hand out your private medical information to whomever you want without worrying about HIPAA.
2. Even if HIPAA did, it doesn't give you the power to refuse to disclose HIPAA data when such disclosure is required by law[1].
No - IIRC it's 5years for 'normal' crimes or 7 years for terrorist cases.
The whole law is ridiculous, it also includes unlimited spying by the security services with the bizarre Kafkesque part that you have to cooperate with the spys and it's a crime to inform anyone that you are being spyed on.
The law became a laughing stock when the government claimed it was necessary to fight international terrorism but then had to admit that there had been 1000s of intercepts by local school boards to investigate parents trying to get their kids into better school catchment areas, and city councils tracking cell phone locations to prosecute people for their dog's litter
As great as hidden volumes are, traces showing the inconsistency between the fake and real volume will be left on your system unless you take heroic measures to erase them.
Things like logs of all the external drives you connect, and links to recently opened files.
I've been resetting people's 8 character passwords lost due to Post-Vacation-Insomnia for ages, I'd really like to see them expect me to remember a 50 character password under stress conditions.
One way to have long, but memorable passwords is to construct them using the first letter of each word a rather long, but memorable quote/phrase. E.g., The opening of the Gettysburg Address yields: fsasyaofbfutcannciladttptamwce. And if you forget the exact words, you can always look them up.
It is probably just a concatenated string of his credit card number or social security number and random words. I wonder if they are currently trying to crack it using some kind of dictionary brute force mechanism, or if there is some kind of lock out enabled after five tries.
If they have physical access, then there is no effective lock-out mechanism. Presumably they can determine which encryption software is used, and can use the algorithm as many times as they want.
This has happened before, although the details aren't clear.
It was reported last year (http://www.theregister.co.uk/2009/08/11/ripa_iii_figures/) that two people had been convicted for similar offences. It seems that most people don't comply, but not all of them are charged:
"Of the 15 individuals served, 11 did not comply with the notices. Of the 11, seven were charged and two convicted."
The 5th amendment protects against forced testimony, not against compulsion to provide evidence. You can refuse to testify against yourself, you cannot refuse to comply with a valid search warrant.
The difference is that testimony is revealing the contents of your brain ("I saw X, I did or did not do Y, I felt Z") and evidence is revealing the contents of your car trunk. Evidence does not have its own opinion of what did or did not happen, evidence does not decide what is or is not the truth. Evidence simply exists; it is for others (giving testimony) to give evidence context and relevance.
damn. that's a really good point, but i still think it'd fall under the 4th. A password is closer to providing a key to a locked door rather than testimony.
It would be interesting to know if there was ever a hybrid case where there was a password-protected door with a numeric keypad, and someone refused to give the pw. I'd assume in a case like that, however, the cops would just smash shit out of it.
Perhaps a solution is to commit two crimes: crime A which has to do with the encrypted file, and crime B which has nothing to do with it. Then, use a phrase which is self-incriminating for crime B as the password for the encrypted volume. For example, "IBrokeTheSpeedLimitBy15MilesPerHourOnJuneTheTwenty-Seventh,InTheYearTwoThousandAnd4".
In which case the judge would compel you to reveal your password to your attorney. The attorney would not be able to reveal the password as that would violate privilege, but they would be compelled to uphold the terms of the valid search warrant on the decrypted data.
Well, suppose that you do give them the unencrypted file. They already have the encrypted file and presumably are aware of the encryption scheme you used, so (this could be totally wrong, as I don't know enough about encryption) they should be able to figure out the encryption key.
Any encryption scheme that is not worthless does not work that way. If you have the plaintext and the ciphertext (but did not get to choose the plaintext to be encrypted) then you are still no closer to getting the key.
I thought remembered a court precedent in the US that ruled being compelled to divulge encryption keys was equivalent to being compelled to hand over keys to locked places (like a safe), which is historically required.
That said, I can't find such an article, so hopefully I'm making it up and we are indeed safe in our minds.
No legally in the US you are not required to give the keys to the safe, but they can drop your sentence significantly for working with the investigators. For a safe, if you don't give them the key, the get a grinder and hack saw, for an encrypted hard drive in the US they give it to the NSA (though 50 chars would be tough for even them i'd expect).
The NSA doesn't want anyone to know what their capabilities are, but I remember a case where they gave it to a university which threw a cluster at it...
edit: 'they' being 'the authorities', not the NSA.
There's United States v. Boucher but case had a couple of wrinkles, including the fact that Boucher had previously cooperated with law enforcement so it was thought that providing a password wasn't self-imcrimination since it wouldn't add to the knowledge of what the authorities already had: http://en.wikipedia.org/wiki/United_States_v._Boucher
I am surprised that they didn't keylog his machine - as having a warrant to search/seize means a warrant to keylog probably could have been obtained.
The police will learn from this and avoid these 'oh dammit' moments by just keylogging everybody from now (or at least those suspected of having encrypted volumes).
Keylogging is the one real weakness of all the TrueCrypt/other encryption schemes (that and your password is in memory in the clear while the volume is mounted, and even afterwards depending on your settings).
You wouldn't re-encrypt the whole drive; usually, the master key is stored in the first few sectors of the disk, encrypted with the login key. That way, you only have to re-encrypt a small amount of data to effectively change the entire disk's key.
Adding a keylogger (presumably hardware) is not without its risks. If the suspect discovers it, they have a window of opportunity to cover their tracks.
Absolutely. I think this is a great win for crypto; this guy is truly free from the prying eyes of the government.
It's good for society, too -- instead of convicting someone based on evidence on the guy's own computer (bringing into question context, chain of custody issues, and so on), the cops will have to build a solid case to convict him. When the police are forced to cross their ts and dot their is, society wins.
So I see this as good for everyone, even the children he may be abusing. They will get a fair trial that leaves no question about this guy's guilt. (If he is really guilty, of course.)
It's about time this happened. In the UK we have a law called the Regulation of Investigatory Powers Act (RIPA) which allows access to certain data held by ISPs or can compel people in certain cases to not only hand over encryption material but prohibits them from acknowledging that they had been charged under such a law.
As you can imagine, that last bit results in some very complicated situations. The laws governing paedophilia are quite different, with paedophiles having to sign a sex offenders register.
In the case of a sex offender being caught, it's easier to just take the RIPA sentence instead. This is what appears to have happened. I hope the guy's password is long enough otherwise regardless of his crime he's in for a world of pain.
If they base the case entirely on one piece of evidence than they have already lost. Through programs like CSI, people are convinced that most of the evidence for a case comes from a lab and all they need is that one piece of evidence.
What really happens is the investigators have to answer the 5-Ws (who,what,etc) and they "build" a case against you. If they have one piece, then they can go fishing for the rest. This is why it's important to shut your month when talking to the police. Anything you say at this point can really open you up to all types of crap later. They'll twist your words around, become your friend, good cop/bad cop, mention friends and family and all other types of tricks to get you to talk. Believe it or not, criminals willingly give up testimony about themselves. Some guy in a lab with half a shoeprint isn't what wins the case, you do.
If all the prosecution has is one piece of evidence then a competent barrister can shred it to pieces. This guy's job is to create FUD, and lots of it. The less evidence the prosecution has the easier his job is. But what he/she can't do is fix anything you say in front of the police while he isn't there. This is why it's important to shut up and ask a lawyer first.
I am not sure I understand the basis on which this person was jailed. If the court order to search his computer was provided on the basis of probable cause, what was that probable cause? If law enforcement already had evidence of some kind of misdeed, why do they need access to his computer? If the evidence of his misdeeds is on the computer, wouldn't providing it be a) self-incrimination of some description, as mentioned extensively elsewhere here and b) law enforcement's inability to get access to the information get the case dismissed due to lack of evidence?
Can anyone explain how TrueCrypt works for OS X? Could I have my entire home directory on the hidden partition? What about their hidden operating system feature? So I can have my normal OS as the decoy OS and then have a hidden Linux OS (as example) that I use for sys adm type stuff and boot to it when I need to? Can VMWare or Parallels see this partition and create a VM based on it?
Essentially, you can't true-crypt anything that can't run TrueCrypt before you need access to it. So you wouldn't be able to run TC and enter your password prior to logging in, which requires your home directory. Perhaps this could be sidestepped, but I'd think it'd be a mega-hack unless you can boot to a USB drive which can decrypt things and then boot OSX. I haven't heard of anyone doing that though, probably because Macs are a bit different with their bootup. You're essentially stuck making a file-as-a-volume or a hidden partition, though I don't know how / how well hidden partitions work in OSX.
Once your file / hidden partition is mounted, it's just another mounted volume. Anything which can read / write to a volume it's not on shouldn't notice a thing.
Also, it looks like it might just be Windows which gets the hidden-OS capability, as it requires a TC boot-loader on-disk or on an external booting device. Which means it should be possible for others as well, but it sounds like they haven't done it yet.
http://www.truecrypt.org/docs/?s=hidden-operating-system
Would it be possible to have one password for accessing the system, and a separate password for permanently wiping sensitive parts (in the background, even)? What would be the legal implications (other than the obvious obstruction of justice charges if the authorities catch on)?
They already have this. You can have two levels of passwords: one for the OS and one for a hidden encrypted partition or encrypted file where you keep your truly sensitive info.
If the Police have a warrant to search a safe, presumably you can be required to hand over the combination or be in contempt of court. Even if the combination for the safe 'lives in your brain'.
ISTM a virtual 'locked container of documents' would have the same legal status.
I'm not sure why so many techies go down the Walter-Mittyesque 'Enemy of the State' route when discussing this sort of thing. Mention the police in conjunction with encryption and suddenly everyone's a paranoid compound-dweller...
Let's be clear here - it is unlikely that this guy is making a stand for paranoid techies - it is much more likely that he's got pics and videos on his HDD of kids getting raped that he doesn't want the police to see.
As a practical matter, I've wondered what would happen if someone simply claimed they couldn't remember the password. Especially if one could make it look like the encrypted files hadn't been accessed in over a year.
TrueCrypt's Plausible Deniability (http://www.truecrypt.org/docs/?s=plausible-deniability) makes these issues even more complicated.
But yeah: by simply refusing, you'd be thrown in jail for contempt and your only way out would be appellate review of the order. You'd have to challenge the contempt citation on the basis that the original order was unlawful.