Armed Polite Society
Main Forums => Politics => Topic started by: zahc on July 11, 2011, 11:39:06 PM
-
Things have gotten worse faster than I have kept up with. How this is even debatable escapes me. Do they still tell people that they have the right to remain silent, and just cross their fingers behind their back? Also, what does "compel the defendant" actually mean? They waterboard you until you comply?
The Obama administration has asked a federal judge to order the defendant, Ramona Fricosu, to decrypt an encrypted laptop that police found in her bedroom during a raid of her home...
Public interests will be harmed absent requiring defendants to make available unencrypted contents in circumstances like these. Failing to compel Ms. Fricosu amounts to a concession to her and potential criminals (be it in child exploitation, national security, terrorism, financial crimes or drug trafficking cases) that encrypting all inculpatory digital evidence will serve to defeat the efforts of law enforcement officers to obtain such evidence through judicially authorized search warrants, and thus make their prosecution impossible.
Prosecutors stressed that they don't actually require the passphrase itself, meaning Fricosu would be permitted to type it in and unlock the files without anyone looking over her shoulder. They say they want only the decrypted data and are not demanding "the password to the drive, either orally or in written form."
Read more: http://news.cnet.com/8301-31921_3-20078312-281/doj-we-can-force-you-to-decrypt-that-laptop/#ixzz1RrJ53Hc8
So you have right not to provide data that will incriminate you. You don't have a right not to provide data that will allow the prosecution to obtain data that will incriminate you. Hmm...
-
The hopeful side of me wants SCOTUS to hear this.
The skeptical side of me wants SCOTUS far away from setting precedent based upon the potentially criminal behavior of someone that attracted police ire in the first place. More often than not, they side with the Executive Branch.
I was actually just 15 minutes ago, thinking about opening a thread pertaining to Fiber Optic splitting in context of room 641a, and the value of public/private encryption where the server sends a key over wire/light in the first place. The "sniffer" in 641a intercepts the public key that you get, rendering public/private encryption worthless.
Thus, any "encrypted" files stored on an internet resource based upon a public/private encryption exchange between the file server and your computer, will result in interception of the key as well as the packet data.
However, VPN or other authentication schemes using private/private encryption (such as random number key fobs with passcode tokens) are still immune to intermediary snooping, as far as I can figure. As long as the vendor of the private/private system hasn't allowed for a software back-door to the algorithm.
Or, anything encrypted locally to your computer and THEN sent over the wire (clear or otherwise) using a private key, will still be secure (in theory).
I weep for the 5th. :'(
I'm sure that once the Statists get their pet SCOTUS ruling, if darker days do come in regards to this issue, PGP will be grounds for a no-knock... accessing the digital data while unencrypted because the user is actively using it during the warrant execution. After all, you NEED a SWAT team to get those dangerous embezzlers and kiddie pr0n traders (as repulsive as that is, it don't need a no-knock).
-
I was actually just 15 minutes ago, thinking about opening a thread pertaining to Fiber Optic splitting in context of room 641a, and the value of public/private encryption where the server sends a key over wire/light in the first place. The "sniffer" in 641a intercepts the public key that you get, rendering public/private encryption worthless.
Ummm, it doesn't work how you think it works. The reason the public key is called such is that it does not matter if the public knows the key.
The entire field of public/private key cryptography assumes that someone is listening in the middle.
-
I haven't read the article, but if the laptop was in her room and a warrant (big assumption) says they have access to everything in the room, how is the laptop more privileged than a locked box?
Chris
-
I haven't read the article, but if the laptop was in her room and a warrant (big assumption) says they have access to everything in the room, how is the laptop more privileged than a locked box?
Chris
Would you be tolerant of a person being compelled by force to open that locked box if it contained incriminating evidence against them? I wouldn't, I would certainly expect those serving the warrant to have to find a way into said box on their own. It's just that the locked box in this instance is composed of electron charges and is of such technical complexity it is beyond the means of the State's actors to force their way into it where-as the physical locked box you alluded to can easily be breached with the right mechanical tools whether or not the defendant participates in or even agrees to its access.
-
....and what happens if the defendant continues to refuse the password?...... =|
-
....and what happens if the defendant continues to refuse the password?...... =|
Or what if the password was forgotten . . . or on a thumb drive that SOMEONE WHO SEARCHED THE PREMESIS subsequently lost? Or was written on a Post-It note stuck to the bottom of a desk . . . which was no longer there after the search?
In other words, can the authorities PROVE that the laptop's owner CAN remember the password?
-
Would you be tolerant of a person being compelled by force to open that locked box if it contained incriminating evidence against them? I wouldn't, I would certainly expect those serving the warrant to have to find a way into said box on their own. It's just that the locked box in this instance is composed of electron charges and is of such technical complexity it is beyond the means of the State's actors to force their way into it where-as the physical locked box you alluded to can easily be breached with the right mechanical tools whether or not the defendant participates in or even agrees to its access.
Pretty much my position. They have it in their hands, let them do the searching without my assistance. Maybe they also want me to do other aspects of their jobs and tuck them in at night, too?
-
Ummm, it doesn't work how you think it works. The reason the public key is called such is that it does not matter if the public knows the key.
The entire field of public/private key cryptography assumes that someone is listening in the middle.
You beat me to it, and are correct. The whole point is in a public/private key cryptosystem, encryption is easy, decryption (unless you have both keys) is extremely difficult (ie transcomputational if done right). Now, if you are in the middle, and you receive the public key, generate your own key pair, and send your public key to the intended recipient (eliminating the original message and replacing it with your own) you can decrypt the traffic back, then re-encrypt with the original public key, and no-one is the wiser (based on just the messages)...so p/p crypto isn't totally resistant to man in the middle, just to snooping in the middle.
-
Would you be tolerant of a person being compelled by force to open that locked box if it contained incriminating evidence against them? I wouldn't, I would certainly expect those serving the warrant to have to find a way into said box on their own. It's just that the locked box in this instance is composed of electron charges and is of such technical complexity it is beyond the means of the State's actors to force their way into it where-as the physical locked box you alluded to can easily be breached with the right mechanical tools whether or not the defendant participates in or even agrees to its access.
Uhm. Yes? Cops just call a locksmith. It is not the defendant's fault that she purchased a lock box the police can't open.
Folks, this is why you do crypto right. TrueCrypt has plausibly definable features for a reason. Stegnography is also your friend.
-
TrueCrypt has plausibly definable features for a reason.
I think The Rev got autocorrected from "plausibly deniable" but he is absolutely right.
Trucrypt allows the creation of hidden and main volumes in the same encrypted system. Basically, there are two passwords you can give up, and they reveal different content. There is no way for anyone to prove that more than one password exists on any encrypted system, so you can put embarrassing or private (but not incriminating) content into one password, and the actual stuff you want to hide on the other password. If compelled to reveal a password, you can reveal the one that is least incriminating.
Of course, that all assumes that someone can prove a Truecrypt volume is actually an encrypted volume. It's hard to do.
-
Regardless....forcing someone to unencrpyt thier software is no different than asking them for the combination to a locked safe, or to sit on the witness stand and incriminate themselves.
The 5th amendment is pretty clear.
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
The police's job is to gather evidence. If the laptop is encrypted, let them figure it out.
-
Regardless....forcing someone to unencrpyt thier software is no different than asking them for the combination to a locked safe, or to sit on the witness stand and incriminate themselves.
The 5th amendment is pretty clear.
The police's job is to gather evidence. If the laptop is encrypted, let them figure it out.
Agreed. They can obtain a warrant for the drive, or even a warrant for the encryption key, but your 5th amendment rights protect you from having to supply incriminating evidence, in the same fashion that you can't be forced to open a safe (and then they have to drill it). In this case, they can't "drill it", so they are looking for a run-around. Fortunately, it is the individual that has the right to determine if something is incriminating, and thus refuse to submit the information. (subpoenas are used for third party information).
I really want this to go to SCOTUS and fast, not only is this slope slippery, it's pretty steep.
-
I haven't read the article, but if the laptop was in her room and a warrant (big assumption) says they have access to everything in the room, how is the laptop more privileged than a locked box?
In my mind the encrypted volume doesn't contain anything without the presence of the key.
-
In my mind the encrypted volume doesn't contain anything without the presence of the key.
Also, one of the articles I was reading on this had a good point:
A physical key, a safe, or a paper file can be subpoenaed, however, a passcode is something kept in your head--if you can be compelled to provide the authorities with something that is only known in your own mind, that really makes the fifth amendment moot--how is a passkey any different than your memories of a crime. The point of the fifth was to prevent self-incrimination by eliminating the possibility of a "tell us or we will imprison you for contempt" deprivation of liberty. The more I read about this, the more I am really worried just how bad it will be if this is allowed, as it would mean you could be charged with contempt for not providing the authorities with information in your head. Its not like this is new territory--they can't imprison for contempt killers for not revealing where the body is hidden
-
One more thing....what if you forgot the passcode? Whether you actually did or not, if this is upheld, the burden of proof would then lie on you to prove you actually did forget something? Also, what if the encrypted volume had no incriminating evidence? If this sets precedent, the "prove to us you haven't committed a crime" (or be punished for contempt) situation is now present, which effectively defeats not only the self-incrimination part of the 5th, but also the due process clause, Custodial interrogation clause (since you would be jailed for contempt until providing the information, thus being forced to provide information by way of imprisonment). Also, since SCOTUS has ruled that silence is speech onto itself I believe, doesn't this also violate the first amendment? (forcing someone to communicate).
Overall, the only way I can see getting around this is with Use immunity...but since that is right on the edge of allowable precedent, they would still not be able to use any information, or evidence that information led to, against the client...of course, our freedom loving courts would be sure to treat that part carefully...right?
-
One more thing....what if you forgot the passcode? Whether you actually did or not, if this is upheld, the burden of proof would then lie on you to prove you actually did forget something? Also, what if the encrypted volume had no incriminating evidence? If this sets precedent, the "prove to us you haven't committed a crime" (or be punished for contempt) situation is now present, which effectively defeats not only the self-incrimination part of the 5th, but also the due process clause, Custodial interrogation clause (since you would be jailed for contempt until providing the information, thus being forced to provide information by way of imprisonment). Also, since SCOTUS has ruled that silence is speech onto itself I believe, doesn't this also violate the first amendment? (forcing someone to communicate).
Overall, the only way I can see getting around this is with Use immunity...but since that is right on the edge of allowable precedent, they would still not be able to use any information, or evidence that information led to, against the client...of course, our freedom loving courts would be sure to treat that part carefully...right?
All that would be true.......if we still had a Constitution that was still being enforced..... :facepalm:
-
In my mind the encrypted volume doesn't contain anything without the presence of the key.
You are actually completely right and I've never thought about it in this way before, but the fact of the matter is simply that the incriminating evidence does not exist. Without the key, an encrypted volume is nothing. It contains no evidence. if you were too look at the data down to any level there would be no useful information contained there. The most that you could conceivable construe an encrypted volume to be is merely building blocks. A road map, if you will, to CREATE the offending information. For that you need a key.
This case is not analogous AT ALL to being compelled to open a safe. It's more closely analogous to being compelled to manufacture something illegal so that you can be prosecuted.
It's as if the goonsquad broke into your workshop looking for machineguns, and all they find are metal-working tools and steel stock. They stick you in the room and say "We know that you have in your head the knowledge to make a machinegun. Now go out in the shop and make one, or ELSE!
-
This case is not analogous AT ALL to being compelled to open a safe. It's more closely analogous to being compelled to manufacture something illegal so that you can be prosecuted.
It's as if the goonsquad broke into your workshop looking for machineguns, and all they find are metal-working tools and steel stock. They stick you in the room and say "We know that you have in your head the knowledge to make a machinegun. Now go out in the shop and make one, or ELSE!
Because, of course, the Feds would never do that..... ;/
http://en.wikipedia.org/wiki/Ruby_Ridge (http://en.wikipedia.org/wiki/Ruby_Ridge)
-
You are actually completely right and I've never thought about it in this way before, but the fact of the matter is simply that the incriminating evidence does not exist. Without the key, an encrypted volume is nothing. It contains no evidence. if you were too look at the data down to any level there would be no useful information contained there. The most that you could conceivable construe an encrypted volume to be is merely building blocks. A road map, if you will, to CREATE the offending information. For that you need a key.
This case is not analogous AT ALL to being compelled to open a safe. It's more closely analogous to being compelled to manufacture something illegal so that you can be prosecuted.
It's as if the goonsquad broke into your workshop looking for machineguns, and all they find are metal-working tools and steel stock. They stick you in the room and say "We know that you have in your head the knowledge to make a machinegun. Now go out in the shop and make one, or ELSE!
That's one hell of a defense.
I like it.
Have you considered submitting the idea to the EFF?
-
I think The Rev got autocorrected from "plausibly deniable" but he is absolutely right.
Trucrypt allows the creation of hidden and main volumes in the same encrypted system. Basically, there are two passwords you can give up, and they reveal different content. There is no way for anyone to prove that more than one password exists on any encrypted system, so you can put embarrassing or private (but not incriminating) content into one password, and the actual stuff you want to hide on the other password. If compelled to reveal a password, you can reveal the one that is least incriminating.
Of course, that all assumes that someone can prove a Truecrypt volume is actually an encrypted volume. It's hard to do.
Ah, yes, I did. Friggin phone.
While it is true that you cannot mathematically prove a TC container is encrypted data instead of a dump from a pseudo random number generator, it is possible to reasonably and accurately suspect a file is a TC container. File size mod 512 = zero, file size >= 19 KB, passes a chi-square distribution test (ie uncommonly random), no common file headers. There's an app called TCHunt for doing those checks.
Again, a truely paranoid individual could include a number of RNG dumps on their systems. /dev/random is fine, but I really do recommend a quantum RNG using a single photon detector and a laser. The US government had an interesting exhibit at Defcon with a working implementation that was quite nice, and easily scalable.
Quantum RNG
(https://armedpolitesociety.com/proxy.php?request=http%3A%2F%2Fwww.revdisk.net%2Fgal%2FDefcon17%2FDefcon_NIST_07.jpg&hash=11f51d0d2effb78b132f3b86727fb77a569039dc)
Data visualization, rand() vs Quantum RNG
(https://armedpolitesociety.com/proxy.php?request=http%3A%2F%2Fwww.revdisk.net%2Fgal%2FDefcon17%2FDefcon_NIST_09.jpg&hash=aae9667e0adb8bee90984d0ac625a19b7c84cfbd)
A decade ago, I'd sound like a paranoid nut. Nowadays, I probably sound like someone who is a bit overly serious, but not completely insane. I wonder what the same advice will sound like in another ten years. "Illegal" or "Bloody well necessary" is my best guess.
That's one hell of a defense.
I like it.
Have you considered submitting the idea to the EFF?
It's been tried. Judges simply toss folks into jail on contempt until they crack. Most folks don't have enough of a rainy day fund to be able to afford months in prison as their family losses everything they own.
-
It's been tried. Judges simply toss folks into jail on contempt until they crack. Most folks don't have enough of a rainy day fund to be able to afford months in prison as their family losses everything they own.
What has been tried? My "Compelling someone to type in the key is tantamount to compelling someone to manufacture evidence (not merely reveal evidence)" argument? Or "Nyah Nyah, you can't prove I have an encrypted volume!" strategy?
-
What has been tried? My "Compelling someone to type in the key is tantamount to compelling someone to manufacture evidence (not merely reveal evidence)" argument? Or "Nyah Nyah, you can't prove I have an encrypted volume!" strategy?
Neither really. Folks easily guess (actually, pretty much know) there's an encrypted container. Folks don't tend to clean up after themselves and leave plenty of evidence proving the container contains valid data. And the prosecutors know there is a valid key. So they ask for the key, and the judge throws them in jail if they refuse to provide said key. AFAIK, any arguments that it's an express violation of the 5th or variations of your argument have had mixed but mostly inefficient results. Folks eventually roll and hope they can get it suppressed on appeal.
Again, hard to fight for your rights when your family is losing everything. The deck is extremely stacked in favor of the prosecution and government.
-
This case is not analogous AT ALL to being compelled to open a safe. It's more closely analogous to being compelled to manufacture something illegal so that you can be prosecuted.
Another way to think of it would be being forced to assemble and very shredded document. Nobody else in the world has any idea what that shredded document looks like and you're the only one that can put the evidence back together for the government.
That would be my preferred analogy.
-
That's what makes having an encrypted volume within an encrypted volume nice. You just "hide" something that isn't actually illegal but either personal, like bank information, or controversial, like pdfs of how to make full-autos or just loads of porn, perhaps even gay porn, not for your actual viewing but to make it look like something you wouldn't want other people to see. You put that on the first part that is encrypted and then put the stuff you actually want to hide on the second part.
>:D
-
One more thing....what if you forgot the passcode?
Or, like me, you occasionally like to produce broken encrypted stuff just to waste the time of anyone trying to crack something they found?
CDRs are cheap in bulk, so creating a CD image of encrypted data, then having a random number generator go through and flip some bits in that image before burning it to disk is also cheap. Labeling it something suspicious but not inherently incriminating and putting it among all my other backups is downright amusing.
They can have my 600MB of assorted open source software when they pry it out of my cold, corrupted CDR.
(I also keep some similar files on many of the assorted 256MB-1GB flash drives I just can't bring myself to throw away.)
-
I wonder if you can create an encryption that will open with one certain password and wipe the entire disc with another certain password.....and I wonder what the prosecution would do if you only "remembered" the second password......
-
I wonder if you can create an encryption that will open with one certain password and wipe the entire disc with another certain password.....and I wonder what the prosecution would do if you only "remembered" the second password......
Wipe the entire disk? They would probably charge you with destruction of govt property since it's more than likely they would transfer the encrypted file to a different system. Even though it would be probably contained in a VM, I'm sure they would love the excuse to charge you with something even though it's an easily recreated VM with little to no intrinsic value...the install is still their property.
I'm with revdisk on this, while I hate this idea, it's hard to fight it. I would think the best bet is some sort of encrypted embedding into other files...where your protected payload is embedded inside a group of other files, and that whole group encrypted. The more layers of discovery, the better chance of it not being noticed...provide the initial key, they decrypt a bunch of normal stuff...they then have to discover/determine there is the embedded data, then attempt to get that data.
Now, let's say there isn't a passcode or key, but rather a method (eg a steganographic method)...since now it's not a "key" but rather, you would have to disclose a series of actions you manually (ie entering a series of command line inputs one at a time that yield the steganographic embedding) performed, which is much closer to the normal things the 5th has been upheld to protect...is the legal situation different?
-
Now, let's say there isn't a passcode or key, but rather a method (eg a steganographic method)...since now it's not a "key" but rather, you would have to disclose a series of actions you manually (ie entering a series of command line inputs one at a time that yield the steganographic embedding) performed, which is much closer to the normal things the 5th has been upheld to protect...is the legal situation different?
I always thought steganography was a cool way to hide data. Then I took a a SANS 401 class for work that included a lecture by an FBI agent on encryption, et al. He said that steganography was the number one method used by child pornographers to hide data. After that I always worried that if I were ever to hide something innocuous but private, like my master password list, inside say, a picture of Zardoz, then for whatever reason have my computer searched, when they found the size anomaly in the Zardoz image, I'd automatically be suspected of child pornography.
I would hate to go from the generic, "What are you hiding?" to, "You dirty filth, you must be a pornographer and we're going to ruin your life!". At that point I'd probably decrypt the file, even though from the freedom perspective I shouldn't have to.
In that same class, they mentioned that the Chinese use the same flags for steganography, and other forms of encryption are also immediately suspect of anything from "cultural pollution" to spying, and that their methods for "requesting" access are somewhat less pleasant than ours. They cited a few cases where fed.gov workers went to China with encryption on their laptops and required Embassy intervention. Of course I would never suggest anyone travel to China or elsewhere without using a sterile laptop with a VM and a tunnel to files that are stored somewhere else.
-
I always thought steganography was a cool way to hide data. Then I took a a SANS 401 class for work that included a lecture by an FBI agent on encryption, et al. He said that steganography was the number one method used by child pornographers to hide data. After that I always worried that if I were ever to hide something innocuous but private, like my master password list, inside say, a picture of Zardoz, then for whatever reason have my computer searched, when they found the size anomaly in the Zardoz image, I'd automatically be suspected of child pornography.
I would hate to go from the generic, "What are you hiding?" to, "You dirty filth, you must be a pornographer and we're going to ruin your life!". At that point I'd probably decrypt the file, even though from the freedom perspective I shouldn't have to.
In that same class, they mentioned that the Chinese use the same flags for steganography, and other forms of encryption are also immediately suspect of anything from "cultural pollution" to spying, and that their methods for "requesting" access are somewhat less pleasant than ours. They cited a few cases where fed.gov workers went to China with encryption on their laptops and required Embassy intervention. Of course I would never suggest anyone travel to China or elsewhere without using a sterile laptop with a VM and a tunnel to files that are stored somewhere else.
THAT, plus eleventy billion. I beat that into corporate brass' skulls with a lead pipe. Sterile laptop, bare minimum files necessary (individually selected), VPN back, only do work on the remote system back in the States. US Customs can and does seize laptops for noncompliance with US export regs, which are quite large. Add espionage, theft, government shenanigans, etc and you'd be a fool to bring a live production laptop loaded with not required files with you.
Done right, steg does not leave traces. Few folks do it right. You want to generate the base files yourself, and not leave the original files laying around. This means good data organization, routine random number overwriting of your empty space on disks or whole disk encryption, and careful concealment of your steg software.
Honestly, I would not even attempt doing it right if I was going to China or through US Customs. Just because you're innocent doesn't mean you won't be found guilty. I go completely sterile, minimal work via VPN, and wipe the laptop prior to bringing it back.
At home, I don't keep data I don't need and I bloody well make sure it's wiped. Old computers? Rip out the HDs and destroy them. Don't keep stuff you won't need. Use TrueCrypt containers with plausible deniability, wipe and reload your computers on a regular basis (every year or so), prune your data as needed, and be careful how you dispose of information. Crosscut shredders are cheap these days. So is a blowtorch for old hard drives or thumb drives.
Remember, just because you have nothing to hide doesn't mean you can't be hung anyways. Having worked in compliance, I learned the hard way. It is NOT possible to be in compliance with all the laws on the books. No human on the planet knows all of them. Heck, no human on the planet knows a FRACTION of them. But you are still bound to follow all laws and regulations.
-
Another fun tip from a guy that used to travel to China on business:
Photocopy the base of your laptop before you leave. You know, where all the screw heads are.
See if they're still in the same place when you get back.
-
Rip out the HDs and destroy them.
After going through five laptop HDDs in the last two and a half years, I want to know where I can get some drives that don't destroy themselves in 6-8 months.
(SMART failure for bad sectors on all of them, 3 WD Caviars, two Hitachi Travelstars, four different laptops.)
EDIT TO ADD: how hard would it be to include something in BIOS or added to the HDD's firmware that would thrash the snot out of it after x number of failed password attempts? Inducing bad sectors can't be all that hard, and a fully encrypted drive losing enough data that way to be unrecoverable is quite plausible.
-
After going through five laptop HDDs in the last two and a half years, I want to know where I can get some drives that don't destroy themselves in 6-8 months.
(SMART failure for bad sectors on all of them, 3 WD Caviars, two Hitachi Travelstars, four different laptops.)
EDIT TO ADD: how hard would it be to include something in BIOS or added to the HDD's firmware that would thrash the snot out of it after x number of failed password attempts? Inducing bad sectors can't be all that hard, and a fully encrypted drive losing enough data that way to be unrecoverable is quite plausible.
Depends on the encryption and how the file is written...if it's block based and written sequentially, bad sectors would only trash the data in those blocks. What you would want to do is compress, byte/block distribute (ie spread a given block across as many new blocks as possible), then compress. With the proper distribution (basically a backwards error correct--you want the data to be as vulnerable as possible to "errors"), a single bad block would contaminate the entire data set. With properly chosen encryption, distribution, and compression, you coud make it very sensitive to even small changes, however, that introduces substantial risk as well of data loss.
Overall, I think it is becoming the case that you should write down or store on a computer anything you don't want read...if you want it secure, keep it in your head, our thoughts are still protected...I think
-
our thoughts are still protected...I think
Actually, this case is trying hard to prove the opposite.
As soon as the court rules (IF they do) that a password stored in your head is fair game to be revealed by compulsion, indefinite imprisonment, etc. then we have a precedent that your thoughts are not protected. The entire 5th will come down brick by brick.
-
Sorry I'm late to the party. And, I'm sure that some of you may be surprised by what I'm about to say, given that my ex-prosecutor side tends to come out ni many arguments around here, but I have to say that this is exactly the type of situation that the 5th Amendment should apply to. The request would compel a person to give up incriminating information. In my mind, this case is a simple loser for the prosecution. I would be very interested to read the final opinion on this issue, as I just can't see how you can legally argue this one in favor of the State.
-
Sorry I'm late to the party. And, I'm sure that some of you may be surprised by what I'm about to say, given that my ex-prosecutor side tends to come out ni many arguments around here, but I have to say that this is exactly the type of situation that the 5th Amendment should apply to. The request would compel a person to give up incriminating information. In my mind, this case is a simple loser for the prosecution. I would be very interested to read the final opinion on this issue, as I just can't see how you can legally argue this one in favor of the State.
What is your opinion on forcing someone to give up the key to a physical enclosure (building, safe, etc) or deliver records, etc. and it's comparison to this case?
-
I wonder if this isn't a gamble to set precedent. Suppose there's a 50-50 (25-75? 10-90?) chance of the prosecution's winning in this case. Would it be worth it to the prosecution/government to try to get it through SCOTUS to "bring down" any and all encryption techniques?
After all, if the government can compel an accused to provide a key, then there's no point in doing any encryption. Thus a lot of e-stuff related to terrorism, etc, would become an open book.
Perhaps a naive thought, but I can't help wondering about it.
After all, running things past the Supreme Court nowadays is a dicey, chancy thing, and if "they" lose the case, they really haven't "lost" anything, and if they win, they win big. Might be worth only a 10% chance of winning to try it.
Terry, 230RN
-
After going through five laptop HDDs in the last two and a half years, I want to know where I can get some drives that don't destroy themselves in 6-8 months.
(SMART failure for bad sectors on all of them, 3 WD Caviars, two Hitachi Travelstars, four different laptops.)
EDIT TO ADD: how hard would it be to include something in BIOS or added to the HDD's firmware that would thrash the snot out of it after x number of failed password attempts? Inducing bad sectors can't be all that hard, and a fully encrypted drive losing enough data that way to be unrecoverable is quite plausible.
That is why forensics folks do a hard drive replication and always work off the copy.
Sorry I'm late to the party. And, I'm sure that some of you may be surprised by what I'm about to say, given that my ex-prosecutor side tends to come out ni many arguments around here, but I have to say that this is exactly the type of situation that the 5th Amendment should apply to. The request would compel a person to give up incriminating information. In my mind, this case is a simple loser for the prosecution. I would be very interested to read the final opinion on this issue, as I just can't see how you can legally argue this one in favor of the State.
First off, I'd like to say thank you. Usually cases are only mentioned if they border on insanity. We forget that thousands of judges are decent folks.
Unfortunately, as far as I know, the above is also a minority opinion. Our laws often have trouble keeping up with technology.
-
What is your opinion on forcing someone to give up the key to a physical enclosure (building, safe, etc) or deliver records, etc. and it's comparison to this case?
Well, when I was prosecuting, and had the key situation come up, we usually gave the person a choice. Give up the key or the lock is getting cut off. In one case I remember well, it was give up the combination to the gun safe or they are going to force entry. He gave up the combination because he had a couple of nice shotguns inside he didn't want damaged (along with his homemade kiddie p0rn). You aren't forcing the defendant to do anything here but minimize damage to his/her property. With the password, it's clearly a situation where you are forcing a person to give a statement. If nothing else, it's a statement of ownership, because by giving the password, you are acknowledging everything protected by that password, as well as knowledge of the contants.
And RevDisc, you're right on several points. They do always replicate teh hard drive and work on the copy. It's the only way to properly preserve the evidence on the machine. And, you're also right in that the law and technology aren't on the same page. Not by a long shot. A lot of courts in Ohio don't recognize filing by fax, much less by other electronic means.
-
That is why forensics folks do a hard drive replication and always work off the copy.
And how do they do that? Assuming they disconnect it from the machine it's in, there are a few ways that a small circuit on (or inside) the drive could detect a disconnect without falsing on a simple power shutdown. (continuity between the various ground pins on an SATA or PATA connector, or ground pin and shell on USB for example - even if this isn't maintained at the controller, it would be trivial to short those pins together in the cable or at the controller-side connector) It doesn't take a lot of power to scramble a fair swath of data, and most of the desktop drives I've disassembled had room for a button cell battery, microcontroller to handle the processing, and the wiring to just start sending random bits to the write heads. Anyone determined to do Really Bad Things could set up a clean room to install the circuit in drives for their operatives, and now that I think about it, it sounds like a half decent product for various black markets. (Not working too closely together, so that any potential weakness isn't necessarily consistent among all designs.)
-
Well, when I was prosecuting, and had the key situation come up, we usually gave the person a choice. Give up the key or the lock is getting cut off. In one case I remember well, it was give up the combination to the gun safe or they are going to force entry.
Hmmm . . . if the individual was storing primers or black powder in the safe, some types of forced entry could be hazardous.
-
Hmmm . . . if the individual was storing primers or black powder in the safe, some types of forced entry could be hazardous.
Which has nothing to do with encryption.
Well, when I was prosecuting, and had the key situation come up, we usually gave the person a choice. Give up the key or the lock is getting cut off. In one case I remember well, it was give up the combination to the gun safe or they are going to force entry. He gave up the combination because he had a couple of nice shotguns inside he didn't want damaged (along with his homemade kiddie p0rn). You aren't forcing the defendant to do anything here but minimize damage to his/her property. With the password, it's clearly a situation where you are forcing a person to give a statement. If nothing else, it's a statement of ownership, because by giving the password, you are acknowledging everything protected by that password, as well as knowledge of the contants.
And RevDisc, you're right on several points. They do always replicate teh hard drive and work on the copy. It's the only way to properly preserve the evidence on the machine. And, you're also right in that the law and technology aren't on the same page. Not by a long shot. A lot of courts in Ohio don't recognize filing by fax, much less by other electronic means.
Which invalidates the concern over "damage" to contents of the drive.
If adjudicated "not guilty" the suspect party is getting all his original computer equipment back intact. No acetylene torches used to "brute force" and destroy contents of the drive, since the technicians will be working against copies of the data rather than original data.
I'm thinking that a doubled password is just the ticket... but give them NOTHING. If they happen to get lucky and find the "bad" password (if you had anything "bad"), you say "You're manufacturing information" and provide the "good" password in your defense that shows embarassing, but not illegal, data. Then they have to prove that their forensic trail isn't suspect, and that the technique they used is even legitimate. 90% of the time I bet the whole debate then goes right over the top of the jury and they acquit out of frustration.
-
Well, when I was prosecuting, and had the key situation come up, we usually gave the person a choice. Give up the key or the lock is getting cut off. In one case I remember well, it was give up the combination to the gun safe or they are going to force entry. He gave up the combination because he had a couple of nice shotguns inside he didn't want damaged (along with his homemade kiddie p0rn). You aren't forcing the defendant to do anything here but minimize damage to his/her property. With the password, it's clearly a situation where you are forcing a person to give a statement. If nothing else, it's a statement of ownership, because by giving the password, you are acknowledging everything protected by that password, as well as knowledge of the contants..
Okay, in the key/combo situation, is there a contempt charge precedent in there if they don't choose to provide the key or combo?
Thanks for your inputs, I'm even more wary now...again, my worst fear is:
What if you manually scramble the data (specific, manually entered, bit-wise shuffles (or manually doing a block cypher, but each step executed on the system)--now the "key" is the order and specifics of a series of actions. Could they then force you to reveal your actions, as they constitute the encryption key? Seems like that's the same as holding someone until they tell you exactly what other actions they performed. Overall, this is a horrible precedent if it goes through.
-
Which has nothing to do with encryption.
It's not a whole lot different from keeping your virus collection on an encrypted drive.
-
Well, when I was prosecuting, and had the key situation come up, we usually gave the person a choice. Give up the key or the lock is getting cut off. In one case I remember well, it was give up the combination to the gun safe or they are going to force entry. He gave up the combination because he had a couple of nice shotguns inside he didn't want damaged (along with his homemade kiddie p0rn). You aren't forcing the defendant to do anything here but minimize damage to his/her property. With the password, it's clearly a situation where you are forcing a person to give a statement. If nothing else, it's a statement of ownership, because by giving the password, you are acknowledging everything protected by that password, as well as knowledge of the contants.
And RevDisc, you're right on several points. They do always replicate teh hard drive and work on the copy. It's the only way to properly preserve the evidence on the machine. And, you're also right in that the law and technology aren't on the same page. Not by a long shot. A lot of courts in Ohio don't recognize filing by fax, much less by other electronic means.
Having established an ounce of credibility regarding IT forensics, let me make this statement. IT forensics is even more of a joke than normal forensics. Many kinds of normal forensics has a very long way to go before they can or should be considered science. DNA forensics is solid, if done correctly. Even bedrock solid "forensics" such as fingerprints is... less than optimal. By less than optimal, I mean any scientist trying to make such claims would be burned at the stake, deservingly so. Collaborative Testing Service ran a test (the FIRST test, in 1995!) of 156 professionals asked to identify four suspect cards with prints of all ten fingers against seven latents. 44% did so correctly.
k, so normal forensics is bad, but not horrifically bad. IT forensics... trust me, I could easily, trivially and casually frame a person on "IT evidence". With automated tools, that I could teach a 12 year old to operate. Leaving no marks that any IT forensics geek could possibly disprove. I know this, because I was bloody trained to do so by IT forensic geeks.
Only useful purpose for IT forensics is to hang morons, or for superficially convincing reason to hang someone you really want to hang on but can't otherwise nail. Forensics is more alchemy than science. I don't know the proper analogy for IT forensics. Using a witch doctor analogy is providing way too much credibility.
I am not some "truth'er" or other nut job that thinks rainbows in a sprinkler is an NSA conspiracy. I've been a geek since I could walk. I know and have gotten drunk with the best computer forensics folks in the world (in Vegas, heh, some GREAT stories there). Heck, I could be one of the best computer forensics folks in the world if I had less integrity or ability to feel shame. I can provide proof and working examples of everything I mentioned.
And how do they do that? Assuming they disconnect it from the machine it's in, there are a few ways that a small circuit on (or inside) the drive could detect a disconnect without falsing on a simple power shutdown. (continuity between the various ground pins on an SATA or PATA connector, or ground pin and shell on USB for example - even if this isn't maintained at the controller, it would be trivial to short those pins together in the cable or at the controller-side connector) It doesn't take a lot of power to scramble a fair swath of data, and most of the desktop drives I've disassembled had room for a button cell battery, microcontroller to handle the processing, and the wiring to just start sending random bits to the write heads. Anyone determined to do Really Bad Things could set up a clean room to install the circuit in drives for their operatives, and now that I think about it, it sounds like a half decent product for various black markets. (Not working too closely together, so that any potential weakness isn't necessarily consistent among all designs.)
Block transfers. There are plenty of overpriced devices that you slap the original HD and a blank HD into, hit a button, and it will give you a bit accuracy copy of the original HD. It's standard practice. It doesn't load the OS, it goes straight to the lowest level. Oversimplified? HD reads a 0, it copies a 0. HD reads a 1, it copies a 1.
And yes, folks have tried to implement ways of detecting this and other forms of hardware hacking. Photovoltic cells inside of chips, pressurized sections, etc. All of which can and have been bypassed. For PV cells, you simply don't allow any light. For pressurized sections, you do your work in a pressurized baggie with nitrogen to the right PSI. etc etc. For hard drives, it's even easier. You can take out the platters, and slap them into another enclosure. It's done on a regular basis for data recovery.
Which has nothing to do with encryption.
Which invalidates the concern over "damage" to contents of the drive.
If adjudicated "not guilty" the suspect party is getting all his original computer equipment back intact. No acetylene torches used to "brute force" and destroy contents of the drive, since the technicians will be working against copies of the data rather than original data.
I'm thinking that a doubled password is just the ticket... but give them NOTHING. If they happen to get lucky and find the "bad" password (if you had anything "bad"), you say "You're manufacturing information" and provide the "good" password in your defense that shows embarassing, but not illegal, data. Then they have to prove that their forensic trail isn't suspect, and that the technique they used is even legitimate. 90% of the time I bet the whole debate then goes right over the top of the jury and they acquit out of frustration.
Ayep. Hence why folks go with the plausible deniability encryption. It works against "lead pipe cryptoanalysis", the joking term for physical coercion. Trust me, crypto geeks have thought of every friggin possibility and developed countermeasures for the overwhelming majority. The overwhelming majority of folks don't care enough to do it right, and doing it even slightly wrong invalidates a lot of security.
Okay, in the key/combo situation, is there a contempt charge precedent in there if they don't choose to provide the key or combo?
Thanks for your inputs, I'm even more wary now...again, my worst fear is:
What if you manually scramble the data (specific, manually entered, bit-wise shuffles (or manually doing a block cypher, but each step executed on the system)--now the "key" is the order and specifics of a series of actions. Could they then force you to reveal your actions, as they constitute the encryption key? Seems like that's the same as holding someone until they tell you exactly what other actions they performed. Overall, this is a horrible precedent if it goes through.
Re key or combo, I'm not a judge, but for the most part, no. They call a locksmith, who usually just drills or torches the thing open. (Another rant, locksmiths, blah!)
Second part, ayep. They'd hit you with contempt charges until you fold like origami. Respectfully speaking, 99.999% of lawyers, judges and prosecutors know barely more than Microsoft Office. (Trust me, I worked for lawyers, they thanked the Gods for being given a geek.) TrueCrypt or homebrew crypto (always a bad idea) is a black box to them that they don't really understand, and don't really care to understand.
And yes, it is.
-
Okay, in the key/combo situation, is there a contempt charge precedent in there if they don't choose to provide the key or combo?
No. It was just a situation where we had a warrant for the contents of the safe, and you gave the subject the option...tell us how to open the safe or you won't have a safe when all is said and done. In pure theory, a search warrant is a court order, and failure to comply with the order could be contempt. Never researched that issue before.
-
Rev,
You have just hit on some of the biggest fears of people within the justice system, be it criminal or civil, which is the ability of anyone to manufacture evidence that cannot be discerned from real evidence. It's a real concern among judges and lawyers that in many situations, the advance of digital technology is putting the entire world of evidence in jeopardy. No one uses film anymore, and digital photos are so easily manipulated that the value of photo evidence is starting to come into question. Same for digital video. You mention fingerprints. Digital images of fingerprints are all the rage, and just as much a concern. And don't get me started on all of the digital record keeping.
I know that teh trend around here is to fear the .gov using technology in this way, but it goes way beyond that. Alter digital x-rays in a malpractice suit to get money from a doctor. insurance company creates a set of digital photos or a digital video to use to deny your claim. A candidate for office uses alterred digital photos or records to destroy the image of an opponent. Piss off a neighbor, and suddenly he's got photos of you growing weed in your backyard, which he turns over to the PD, resulting in a search warrant that finds the weed he planted there.
It is truly endless, and frightening. How does a court ensure that the evidence being offered is authentic, given the level of technology we have no, much less that which is just around the corner?
-
Ironically, the best methods for authentication come along with the best methods for encryption. If a camera generates an appropriately constructed hash digest of the image, then encrypts that digest and imbeds it steganographically into the LSB of the image, there would be no way to remove it (if done appropriately), and it would provide a cryptographically secure way of ensuring the image is unaltered, as any modification would render the original hash unrecoverable.
-
Ironically, the best methods for authentication come along with the best methods for encryption. If a camera generates an appropriately constructed hash digest of the image, then encrypts that digest and imbeds it steganographically into the LSB of the image, there would be no way to remove it (if done appropriately), and it would provide a cryptographically secure way of ensuring the image is unaltered, as any modification would render the original hash unrecoverable.
And how do you stop someone faking the hash after they modify the image.
Even assuming that there is a secret key in the camera, physical access to the camera is all you would need to be able to fake this. Access to the secret key would be needed to validate the authenticity of the image anyway, so how do you protect the secret key from attackers while making it available to prosecutors?
-
And yes, folks have tried to implement ways of detecting this and other forms of hardware hacking. Photovoltic cells inside of chips, pressurized sections, etc. All of which can and have been bypassed. For PV cells, you simply don't allow any light. For pressurized sections, you do your work in a pressurized baggie with nitrogen to the right PSI. etc etc.
All this assumes they know what's being used. (And, for that matter, that the small-town cops who did the original raid didn't just yank out the drive and stand there wondering why it was making whirring noises with nothing plugged in.)
-
And how do you stop someone faking the hash after they modify the image.
Even assuming that there is a secret key in the camera, physical access to the camera is all you would need to be able to fake this. Access to the secret key would be needed to validate the authenticity of the image anyway, so how do you protect the secret key from attackers while making it available to prosecutors?
You are correct, but my point was to show that an image in unaltered (as in, taken from a specific device, and not digitally modified). With proper choice of the hash size, embedding method, and number of repeated steganographic blocks, you could be reasonably confident that some amount of the original data was present--thus any image with two set of data, or none, has been altered. Ideally, the code would be based on a secure key exchange combined with a timestamp and unit ID. Now, I am in no way saying these methods are absolutely reliable, but nothing is, it simply increases the likelihood of catching an alteration, or increases the cost of doing so (just like encryption).
Film was just as alterable, it just was more costly/time sensitive to do so.
Now, a more important question, can anyone think of a provably secure method of making a digital timestamp?
-
Maybe I jumped a point or two. Right now, to authenticate a photo, or a video, or any recording, is to have someone testify that they saw the original, and the photo/video truly and accuratelly depicts what they observed. It's then admissible. All of this talk about hash and encryption means nothing at this point because the rules don't call for it.
And or more a concern are the digital records. How hard is it to simply add or delete a line from a list of phone calls made by your phone? A few keystrokes and no one knows the difference.
What frightens me the most about this is not that the police can fabricate evidence against me. Heck, they've had the ability to do that for as long as there have been guys wearing badges. It's the fact that the entire court system is sitting back and waiting for something to happen instead of looking at the new technology and doing something to the rules to protect the integrity of the system.
As to the OP, I stand firm on my opinion that compelling the password is a 5th Amednment violation.
-
Fabricate evidence? No way man, people always die with crack sprinkled on them.
-
Rev,
You have just hit on some of the biggest fears of people within the justice system, be it criminal or civil, which is the ability of anyone to manufacture evidence that cannot be discerned from real evidence. It's a real concern among judges and lawyers that in many situations, the advance of digital technology is putting the entire world of evidence in jeopardy. No one uses film anymore, and digital photos are so easily manipulated that the value of photo evidence is starting to come into question. Same for digital video. You mention fingerprints. Digital images of fingerprints are all the rage, and just as much a concern. And don't get me started on all of the digital record keeping.
I know that teh trend around here is to fear the .gov using technology in this way, but it goes way beyond that. Alter digital x-rays in a malpractice suit to get money from a doctor. insurance company creates a set of digital photos or a digital video to use to deny your claim. A candidate for office uses alterred digital photos or records to destroy the image of an opponent. Piss off a neighbor, and suddenly he's got photos of you growing weed in your backyard, which he turns over to the PD, resulting in a search warrant that finds the weed he planted there.
It is truly endless, and frightening. How does a court ensure that the evidence being offered is authentic, given the level of technology we have no, much less that which is just around the corner?
You're not going to like this answer. Really can't, when it comes to anything digital. Oh, there's plenty you can do to make it better. Maybe even within "reasonable doubt", too. With escrowed hashes and strong crypto trusts (it's a PKI thing, like chain of custody but with crypto). I wouldn't lay down money on it.
All of the examples you mentioned are entirely possible, and have been done already. I could certainly generate all of those. With a bit of a hand, I could automate the process so YOU could do all of that as well by point and click.
Respectfully, you legal guys don't know the tech. And the tech people don't know the law. You'd need to overhaul a lot of legal procedures, and there's exactly nothing solid to replace them. So, legal folks will try to pretend the situation doesn't exist, and apply outdated laws/procedures to digital situations. This was my job for quite some time, actually. Applying outdated Cold War laws to the modern society and technology. And it'll work at least 80% of the time. Course, that remaining 20% or less could be innocent folks going to jail on crimes they didn't commit.
Ironically, the best methods for authentication come along with the best methods for encryption. If a camera generates an appropriately constructed hash digest of the image, then encrypts that digest and imbeds it steganographically into the LSB of the image, there would be no way to remove it (if done appropriately), and it would provide a cryptographically secure way of ensuring the image is unaltered, as any modification would render the original hash unrecoverable.
Ah, implementation hack. Sure the hash is cryptographically secure. But where are ya storing it? Unless it's an off-site and well secured escrow, you can mess with it by overwriting. Remember, encrypted data should look almost indistinguishable from random data. So even if you don't want to generate a new hash (which would be trivial), overwrite random sectors of the picture and your secure hash is now just random junk that proves nothing.
Quantum encryption is absolutely unbreakable. In a theoretical world. For the real world, I can give ya pictures of working kit (http://www.revdisk.net/gal/Defcon17/Defcon_NIST_11.jpg) that can intercept it without any evidence of interception. Mathematical perfection rarely gets implemented so cleanly in the world, as we both well know.
-
Ummm...
Rev, that looks..... Complicated.
-
In pure theory, a search warrant is a court order, and failure to comply with the order could be contempt.
Wouldn't the warrant be an order only to the searchers? IIRC, the subject is under no obligation to assist, merely not to actively hinder. (i.e. you can't stand in the doorway to keep the cops out, but you don't have to unlock the door for them; the warrant just allows them to kick it in if you don't unlock it.)
Of course, with encryption, the issue boils down to who wants your data and why; the local sheriff trying to find your pirated videos isn't likely to dedicate the same effort and expense as NSA trying to get your list of Luxembourgish revolutionary spies who have been elected to the US Senate. The sheriff may try the technical equivalent of a door-kick, while NSA does the technical equivalent of using ninjas with handheld backscatter xrays.
-
Ummm...
Rev, that looks..... Complicated.
What does? The quantum key exchange cracker? Nah. Not really. I mean, sure it's complicated in theory, but pretty straight forward in electronic engineering. Most of the hard work is done on FPGAs. Everything else is really just getting stuff to and from the FPGAs.
The following is a bit simplified, so the physics geeks please don't smack me. Quantum key distribution uses quantum mechanics to guarantee secure communication by using loophole in QM wherein any process of measuring a quantum system in general disturbs the system. You're basically turning your standard PKI public key into photons, and relying on its quantum state for the information. If you look at the quantum state, you change it. You should be able to look at the qubits, do a bit of math and say "zOMG, someone iz readin' my qubits!" or "kewl, no one iz readin' my qubits". Now, obviously, the quantum physics can't be cracked, but poor implementation CAN be. If you say, do the math wrong, lazy or imcomplete. Hence the above device. So even using the most secure form of communication allowed by the laws of physics, you can still be screwed if you don't do it right.
Heck, the hackers in question got it past the TSA. Ponder that one.
-
You have just hit on some of the biggest fears delights of people within the justice system, be it criminal or civil, which is the ability of anyone to manufacture evidence that cannot be discerned from real evidence.
FIFY
All this is enabled and aggravated by the childlike faith and ignorance that people have in matters of computing. Cheap computing is the biggest invention in the history of mankind, IMO, but nobody knows how it works or understands the ramifications. If the geeks of the world were as ambitious as they are talented, they could literally inherit the world.
A great example; the average Joe still looks at the magazines in the checkout aisle at the store and thinks that they are photographs or that they represent reality in any way. They might, but there is basically no reason to believe that. The same Joe still believes in so many things that have been hollowed of all but the superficial by the proliferation of computing, networks, and data storage. The government is itself a victim (and an antagonist) in this as has been pointed out in this thread, with the very rule of law suffering under benevolent yet completely un-thought-out (or maybe perfectly thought out and malicious) march of technology for its own sake. I wonder how many generations must elapse, how many viruses have to propogate, how much must be extorted, how far the institutions of learning and law have to fall, before the masses revolt and refuse computing on any but their own terms. Society, government and corporations have already gone much farther than I would have imagined, and a higher price than I would have imagined has already been paid, all in a ostrich-like coping mechanism of pretending there's no problem. The early geeks from the shallow end of Moore's law saw this but were too optimistic, too utopic in their vision. The crypto-anarchic society is the only possible free technological society. The other alternatives are amish-like luddism or a consensual slavery of those who wield the computing power and those who submit themselves to it.
By the way, all this reminds me of my recent fingerprinting for my TX CHL. I put my hand on this little magic ansible thing, and it beeped, and my "fingerprints" were, according to the beep, in some database somewhere. "Fingerprints" which supposedly will be used in court of 'law' to decide guilt or innocence.
-
Cheap computing is the biggest invention in the history of mankind
Maybe not the biggest, but it ranks right up there with the pitchfork =)
-
A great example; the average Joe still looks at the magazines in the checkout aisle at the store and thinks that they are photographs or that they represent reality in any way.
You mean they didn't resurrect JFK to make Forrest Gump?