Armed Polite Society
Main Forums => Politics => Topic started by: roo_ster on January 25, 2012, 08:25:14 AM
-
Encryption and the Fifth Amendment Right Against Self-Incrimination
http://volokh.com/2012/01/24/encrytion-and-the-fifth-amendment-right-against-self-incrimination/
Who says you can't testify against yourself? Feral Federal judges, that's who.
Comment:
"Indeed much of the court’s time, as I see it described here and in so many others posts, are exercises in rationalizing doing whatever the *expletive deleted*ck the judge wants to do."
-
And they wonder why there are outlaw hackers. Where things are going is palpable enough.
-
"I find and conclude that the Fifth Amendment is not implicated by requiring production of the unencrypted contents of the Toshiba Satellite M305 laptop computer,"
The above copied here purely so that we can marvel at its raw, pure nonsense.
"requiring the production of the unencrypted contents of the Toshiba Satellite M305 laptop computer" :
this
1. assumes the computer belongs to the accused, and requires the accused to essentially admit that
2. assumes the computer has data on it which is cyphertext for some imagined/alleged plain text. There is no way to prove this. If such ciphertext exists, the court is requiring the accused to admit they had knowledge of it.
3. assumes the accused knows the passphrase for said alleged data, even if the accused knows of its presence.
There are probably more I am missing.
The big thing that keeps coming up in these cases is this:
Prosecutors in this case have stressed that they don't actually require the passphrase itself, and today's order appears to permit Fricosu to type it in and unlock the files without anyone looking over her shoulder. They say they want only the decrypted data and are not demanding "the password to the drive, either orally or in written form."
I don't see what they are doing there. They are stressing that they don't require the accused to hand over the (supposedly existent) passphrase, but that they only want the accused to hand over the (supposedly existent) plaintext data. I don't see how this distinction matters. If the court can compel the accused to hand over possibly incriminating (supposedly existent) data, then why couldn't they compel them to hand over the passphrase? How is the alleged passphrase more incriminating than the alleged plaintext? If anything, asking for the plaintext is a harsher demand because it requires the accused to do the (admittedly minimal) work of decrypting the data for the accusers.
I know that courts can compel people to produce documents. But I just don't see how they can get around the fact that they are asking for
--a passphrase which they assume exists, and which they assume the accused knows, but they can't prove either,
--to decrypt plaintext that they assume exists, but which they cannot prove exists
-
Sooooo if this was a safe and she wouldn't give the combo? If they think there's things on there get a warrent and treat it the same.
-
As I understand it, LE would drill the safe for you if they had a warrant but no combo, and are butthurt they don't have the skills needed to force break an encrypted HD.
-
It's different than the safe analogy. It's more like the police found a sheaf of papers with random numbers on them. They don't like the fact that it's legal to possess papers with random numbers on it.
The government can already access all the information on the hard drive, the defendant is being forced to provide information that will interpret the data in a way that will satisfy the government...obviously in an way which produces incriminating information. I can't think of a more blatant way to require the accused to incriminate himself.
The Government’s forensic expert was unable to conduct a search of the computer’s contents because the contents were password-protected.
Note carefully, people: this is false; an untruth. The forensic expert was able access every byte of, probably every magnetic domain of the hard drive. And the did not find incriminating information! Then they compelled the accused to produce incriminating evidence. The incriminating evidence was not "on the hard drive" waiting to be unlocked. They got it directly from the accused. The fact that they didn't find what they wanted when they searched the hard drive explains why they pressed forward with compelling the accused to provide information, but the whole safe analogy is just wrong.
-
Agreed. Without the password, the information in question doesn't actually exist. The information they need is in the head of the suspect; which should be protected by the 5th amendment. :mad:
-
Would be nice to have the encryption set up so entering a certain non-password causes an automatic deletion of all data >:D
-
That was my thought too, Tallpine.
Anybody capable of rigging that? Rev?
-
Yes it's possible.
Unfortunately, that would likely get some bogus charges thrown at you. In addition, a PROPER wipe of a disk requires many passes and can take a lot of time.
Maybe there's a hardware device that can magnetically "brick" them.
At my work, if I enter my keycode on the door a certain number of digits "off", it summons the cavalry.
-
Sure. Heck, there's even a disk maker that has a container of acid inside, with the right code, acid gets released, disk surface is totaled.
But, computer forensics never work on *your* PC. First thing they do is take a copy of the disk through a "read only" widget - preserves the state of the evidence. So, you'd just be scrambling bits on some tech's VM image. Which they could then pull up another copy, and show the judge your code that's designed to destroy evidence. bad juju.
Plus, you might inadvertently introduce a backdoor if you mucked with off the shelf code. Best to use truecrypt, and leave it stock. Maybe set up a hidden volume, so you can give them the "fake" password, which unlocks a sanitized OS for them to look at. Mathematically impossible to prove any other OS instance exists, in that case. Plausible deniability.
But no, I haven't thought about this at all. Surly none of my machines are setup like this.
-
Sure. Heck, there's even a disk maker that has a container of acid inside, with the right code, acid gets released, disk surface is totaled.
But, computer forensics never work on *your* PC. First thing they do is take a copy of the disk through a "read only" widget - preserves the state of the evidence. So, you'd just be scrambling bits on some tech's VM image. Which they could then pull up another copy, and show the judge your code that's designed to destroy evidence. bad juju.
Plus, you might inadvertently introduce a backdoor if you mucked with off the shelf code. Best to use truecrypt, and leave it stock. Maybe set up a hidden volume, so you can give them the "fake" password, which unlocks a sanitized OS for them to look at. Mathematically impossible to prove any other OS instance exists, in that case. Plausible deniability.
But no, I haven't thought about this at all. Surly none of my machines are setup like this.
I didn't even think about the hidden volume thing on truecrypt.
I think i'm going to rethink my home PC set up
-
I wish I had data worth truecrypting against possible gooberment snooping.
-
I wish I had data worth truecrypting against possible gooberment snooping.
There will come a time where even threads like these will be grounds for arrest.
-
That's why I'm changing my screen name to The Real Fitz. =D
-
There will come a time where even threads like these will be grounds for arrest.
1. Good luck trying to enforce that.
2. Your internet dealings are proved from a ISP level, not from the contents of your hard drive.
-
That's why I'm changing my screen name to The Real Fitz. =D
I already reserved longeyes@imahomegrownterrorist.com for an email addy
>:D >:D
-
1. Good luck trying to enforce that.
2. Your internet dealings are proved from a ISP level, not from the contents of your hard drive.
lol....
1.) THey try to enforce all kinds of silliness now.
2.) I know. it was called drawing a parallel. I work in IT. I have the basics of teh interwebz and hard drivez down
-
lol....
1.) THey try to enforce all kinds of silliness now.
2.) I know. it was called drawing a parallel. I work in IT. I have the basics of teh interwebz and hard drivez down
1. Try, sure. Try don't equal do.
2. Wasn't trying to imply you don't. Just saying that if it gets to the point they're scouring your hard drive, there was probably a lot that preceded it. This was occassioned by roo-ster pointing out that he felt no need to secure his drives vs fed.gov, as there is nothing incriminating on them. Me, I'd be more worried about getting virtually flaked but I don't know how one could realistically prevent that.
-
No offense to anyone who does encrypt. It's a personal choice and I understand why one would. Just saying that someone chosing not to is not necessarily a foolish choice.
-
No offense to anyone who does encrypt. It's a personal choice and I understand why one would. Just saying that someone chosing not to is not necessarily a foolish choice.
I don't think anyone made that assertion in this thread
-
All of this proves that I am a genious. Anything controverseal I've said here? Actualy just clever code for my actual opinions and anti-goverment plots. A code so complexive, even I don't know what I realy said.
-
Agreed. Without the password, the information in question doesn't actually exist. The information they need is in the head of the suspect; which should be protected by the 5th amendment. :mad:
This - the law is way, way behind the technology on this one.
What're the odds the Supreme Court justices have any realistic idea about how encryption works?
-
What're the odds the Supreme Court justices have any realistic idea about how encryption works?
Probably about the same odds that they would care to learn. :'(
-
I wish I had data worth truecrypting against possible gooberment snooping.
Think of it this way; it's funnier when .gov comes snooping if the hidden data truly is worthless. :laugh:
-
Another handy trick: if you don't want to be able to remember a password, use something like a UUID (For example: 4c9837d0-4860-11e1-b86c-0847203c9a66)
Write it down on a random page of a random book.
You can legitimately claim that you don't know the password in this case; it's long enough that you would have a very difficult time even trying to remember it. If you need to be sure, and have the time, destroy said page of said book - now the data is truly unrecoverable by anyone.
Of course, having it in your head is better. In theory, no one can get to that. But, this is useful in limited cases where you might want to deny even yourself the ability to get into something fairly easily.
-
Or, write down a bogus password. Play dumb when it doesn't work.
On passwords, anyone think about this yet? It's interesting...
http://xkcd.com/936/
-
Or, write down a bogus password. Play dumb when it doesn't work.
On passwords, anyone think about this yet? It's interesting...
http://xkcd.com/936/
Also this:
http://xkcd.com/538/
[tinfoil]
-
If you destroyed the slip of paper with the password, that would be destruction of evidence possibly, yes?
Of course it would have to be proven that the paper you destroyed contained a passphrase. If you didn't admit that, I don't know how it could be proven.
What if I stored my password as a latent image on a piece of photographic film, and stored it in a simple lightproof envelope? I know enough to open it in the dark and develop it, but anyone snooping around would just take it out of the envelope and would have a scrap of film.
-
If you destroyed the slip of paper with the password, that would be destruction of evidence possibly, yes?
Of course it would have to be proven that the paper you destroyed contained a passphrase. If you didn't admit that, I don't know how it could be proven.
What if I stored my password as a latent image on a piece of photographic film, and stored it in a simple lightproof envelope? I know enough to open it in the dark and develop it, but anyone snooping around would just take it out of the envelope and would have a scrap of film.
I think the simplest method is to write down a fake password, DONT destroy it, leave it up, then play dumb when it doesn't work.
-
Actually, a random line out of a book you have with you at some point would be perfect. How likely is it that someone could get the right line on the right page?
-
Actually, a random line out of a book you have with you at some point would be perfect. How likely is it that someone could get the right line on the right page?
I don't have the inclination to do the math, but I would presume very low. Assuming they don't know what book to start with. Even then, really. The number of words used is fairly low (owning to repeats), but even a short pharse statistically occurs very infrequently. (What is is, most phrases of six words or more are likely to be unique on the internet? [1 (http://languagelog.ldc.upenn.edu/nll/?p=1223)] Ah, combinatorial explosion, how we love you.)
-
moneyllamadisturbshoneycombs
-
I wish I had data worth truecrypting against possible gooberment snooping.
Just fill it full of gay midget porn. >:D
-
Not sure I understand the point being made here - not saying this is right or wrong. How is this different from refusing to answer a court's question about anything, e.g. revealing a source, violating client/patient confidentiality, or...? A person always has the right to refuse to answer, but that doesn't mean they won't go to jail if they refuse to reveal information critical to the case. With or without specific evidence, the court can evaluate the overall situation and deliver a verdict or punishment...right?
-
pshaw you wanna interrupt all this with common sense? kill joy
-
Jesus, you really are a statist
-
this is nothin new they show up at your house demand you open safe. you say no get an obstruction charge. depending on how incriminating the stuff on the computer is it might be worth it. it might not be worth it to them to spend what it takes to crack your box even if they are able
-
this is nothin new they show up at your house demand you open safe. you say no get an obstruction charge. depending on how incriminating the stuff on the computer is it might be worth it. it might not be worth it to them to spend what it takes to crack your box even if they are able
No, it's different, because the information DOES NOT EXIST without the encryption key.
By forcing you to give it to them, they are forcing you to CREATE incriminating evidence
-
they can't make you do anything, if you are a true committed revolutionary.it does becvome a "you can beat the charge but you can't beat the ride situation
-
I'm just waiting for TSA to ask me to log in to my encrypted laptop.
I can't.
It's not only a violation of company policy but a possible violation of federal law, due to ITAR, etc.
-
Actually, a random line out of a book you have with you at some point would be perfect. How likely is it that someone could get the right line on the right page?
Even better, two lines from different places in the book.
One of my favorite things to annoy anyone snooping is to email myself an encrypted message where I've gone through and edited a percentage of the ciphertext to render it truly undecipherable. I have a few files of the same type running around on my various flash drives, and the occasional heavily encrypted English paper or some similar non-interesting file. The more garbage they have to sift through slowly, the more it costs them to get anything interesting. Of course, I create extra keys to encrypt some of this stuff, then delete the keys afterward.