It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussion (archive)Woman forced by court to unencrypt her disk(94 posts)(94 posts)
(94 posts)
Pages:
1
2
3
4
5
6
7
This is my favourite topic
Posted January 28, 2012
avatar
orcishgamer: It's truecrypt, there is no backdoor if you properly installed it.
I don't think she used truecrypt.
Posted January 28, 2012
Nothing to see here, just a bunch of gross misunderstanding of American Constitutional law.
Posted January 28, 2012
avatar
orcishgamer: It's truecrypt, there is no backdoor if you properly installed it.
avatar
crazy_dave: I don't think she used truecrypt.
PGP was mentioned by at least one source. PGP has no backdoor, despite persistent canards that say the NSA put one in, and no mechanism for recovering a forgotten passphrase. Weak passphrases are susceptible to dictionary attacks, as with any passphrase-dependent system.
Posted January 28, 2012
avatar
crazy_dave: I don't think she used truecrypt.
avatar
cjrgreen: PGP was mentioned by at least one source. PGP has no backdoor, despite persistent canards that say the NSA put one in, and no mechanism for recovering a forgotten passphrase. Weak passphrases are susceptible to dictionary attacks, as with any passphrase-dependent system.
Good to know, I didn't know what PGP had or not - also I don't pay much attention to the conspiracy theory crowd :).
Post edited January 28, 2012 by crazy_dave
Posted January 28, 2012
avatar
crazy_dave: I'm in agreement with Xyem, the fact that the information is digital exclusively has little relevance to the workings of the analogy. The fact is that it contains evidence that they have a warrant to search. That the files are digital stored instead of physically stored is inconsequential.
I disagree, but I don't really care how it's rationalized so long as ultimately, police and courts can't compel people to cooperate with the police in accessing encrypted data.
Posted January 29, 2012
avatar
nuuikle: I was thinking that this (historical use of encryption) is more appropriate an analogy than the safe one. Physical evidence has already been obtained, so it's just a matter of getting at the information contained therein. If the police obtain a warrant to search one's home and discover papers written in a code they can't break, can they compel one to decode those papers?
I think there's a strong argument that the founding fathers thought they couldn't.
avatar
orcishgamer: They're really not, you're essentially arguing she has to interpret something they cannot understand. She's under no obligation to do so. In a safe, the evidence is not in their hands that's why you can be compelled to hand it over as part of a warrant process, they have the evidence on the harddrive they simply cannot make sense of it, she's under no obligation to help them convict her by helping them understand the data just as a murder suspect is under no obligation to explain how he might have killed the victim.
avatar
xyem: If it came across that I was arguing that she should be giving them the password, that wasn't my intention.

Can you be forced to give the combination/password to a safe?
You can be compelled to hand over the key, yes. If it's a combination I'm not sure.
avatar
crazy_dave: That's a fair line of argument, but then I think that a person should not have to hand over a key to safe either under that line of argument - the police have the safe under their control (and therefore its content) and you should be under no obligation to help them open it. However, you've said the law disagrees and that you can be forced to hand over a key. If so, then that law should be changed for this argument to hold.
While I don't actually disagree, in the US there's case law forcing you to hand over keys (of the physical variety) if the judge says so.
avatar
orcishgamer: It's truecrypt, there is no backdoor if you properly installed it.
avatar
crazy_dave: I don't think she used truecrypt.
The story I read indicated she did, but I'm not really up to searching for it tonight.
Post edited January 29, 2012 by orcishgamer
Posted January 29, 2012
avatar
keeveek: http://www.securitynewsdaily.com/1438-suspects-decrypt-hard-drives.html

USA strikes again. Does your legal system really doesn't respect even such standard rules like

nemo se ipsum accusare tenetur ? (nobody is forced to accuse himself)

In civilized countries, no court can force a suspect to do ANYTHING , even as simple as providing a password to your computer.

The ruling determines that the Fifth Amendment, which protects people against self-incrimination, does not apply in this case.
What the hell?
It is any different than a court order which requires you to provide a key for a locked box? Cause if not, it's not a violation of the 5th amendment.
Post edited January 29, 2012 by stoicsentry
Posted January 29, 2012
avatar
crazy_dave: I'm in agreement with Xyem, the fact that the information is digital exclusively has little relevance to the workings of the analogy. The fact is that it contains evidence that they have a warrant to search. That the files are digital stored instead of physically stored is inconsequential.
avatar
da187jimmbones: I disagree, but I don't really care how it's rationalized so long as ultimately, police and courts can't compel people to cooperate with the police in accessing encrypted data.
There's usually more than meets the eye in a case that results in this hot a dispute. It's not over whether she can be compelled to furnish the unencrypted data. The prosecution already can do this. Whether you think it's a Bad Thing or not, it is already so. The dispute is over whether she can do so without incriminating herself. If she cannot do so without incriminating herself, she cannot be forced to.

There's a whole legal formality called "production" involved. Production is not just turning over the evidence that is demanded. It's turning it over in such a way that your adversary can connect it solidly to you. You can't be compelled to do so, if the act of doing so would allow your adversary to make the connection between the evidence and you that he otherwise couldn't do.

This is an oversimplification, but it may serve to explain the point of the judge's ruling.

Say the prosecution thinks it's your computer, but can't prove it. If they demand that you decrypt files on it, and you do so, that would prove the connection between you and the files. It doesn't matter whether you do so by giving them your passphrase, or typing in your passphrase privately, or decrypting the files by any other means. It would be self-incrimination, and your lawyer would rightly direct you to refuse.

On the other hand, say the prosecution damn well knows it's your computer, that they know you know it's your computer, and that you have encrypted files on it, and that they can prove it. Now, the act of decrypting the files no longer incriminates you. They already know they're your files. (This is called the "foregone conclusion doctrine".) Because they already know and can prove your relationship to the files, you are not incriminating yourself by decrypting them, and you can no longer refuse to do so.

What the judge actually ruled was not unusual for a "foregone conclusion" case. It has three points:

1. The prosecution is entitled to read the files in the clear, and the defendant is ordered to make it so.

2. The prosecution must not use the defendant's compliance with the order in proving "production". They must base their proof of "production" on what they already know. (They know the computer was found in the defendant's bedroom. They know the defendant talked about the computer in a way that identified that computer as hers. They know the computer had the defendant's name as its host name. The judge said that was enough.)

3. The defendant is entitled to at least a copy of the disk.
avatar
orcishgamer: The story I read indicated she did, but I'm not really up to searching for it tonight.
The judge's order said the disk was encrypted with PGP Desktop. Full text here:
http://www.wired.com/images_blogs/threatlevel/2012/01/decrypt.pdf
avatar
stoicsentry: It is any different than a court order which requires you to provide a key for a locked box? Cause if not, it's not a violation of the 5th amendment.
The whole thing comes down to whether the act of doing so incriminates you. If the prosecution can't prove it's your box, they can't compel you to produce the key, not because they can't compel you to yield up the evidence inside, but because they can't compel you to prove it's your box.
Post edited January 29, 2012 by cjrgreen
Posted January 29, 2012
avatar
cjrgreen: There's usually more than meets the eye in a case that results in this hot a dispute. It's not over whether she can be compelled to furnish the unencrypted data. The prosecution already can do this. Whether you think it's a Bad Thing or not, it is already so. The dispute is over whether she can do so without incriminating herself. If she cannot do so without incriminating herself, she cannot be forced to.

There's a whole legal formality called "production" involved. Production is not just turning over the evidence that is demanded. It's turning it over in such a way that your adversary can connect it solidly to you. You can't be compelled to do so, if the act of doing so would allow your adversary to make the connection between the evidence and you that he otherwise couldn't do.

This is an oversimplification, but it may serve to explain the point of the judge's ruling.

Say the prosecution thinks it's your computer, but can't prove it. If they demand that you decrypt files on it, and you do so, that would prove the connection between you and the files. It doesn't matter whether you do so by giving them your passphrase, or typing in your passphrase privately, or decrypting the files by any other means. It would be self-incrimination, and your lawyer would rightly direct you to refuse.

On the other hand, say the prosecution damn well knows it's your computer, that they know you know it's your computer, and that you have encrypted files on it, and that they can prove it. Now, the act of decrypting the files no longer incriminates you. They already know they're your files. (This is called the "foregone conclusion doctrine".) Because they already know and can prove your relationship to the files, you are not incriminating yourself by decrypting them, and you can no longer refuse to do so.

What the judge actually ruled was not unusual for a "foregone conclusion" case. It has three points:

1. The prosecution is entitled to read the files in the clear, and the defendant is ordered to make it so.

2. The prosecution must not use the defendant's compliance with the order in proving "production". They must base their proof of "production" on what they already know. (They know the computer was found in the defendant's bedroom. They know the defendant talked about the computer in a way that identified that computer as hers. They know the computer had the defendant's name as its host name. The judge said that was enough.)

3. The defendant is entitled to at least a copy of the disk.
very interesting analysis, cheers! So if I understand correctly, it is not whether the evidence itself links you to the crime, but whether or not the act of producing the evidence links you to that evidence of the crime?

avatar
orcishgamer: You can be compelled to hand over the key, yes. If it's a combination I'm not sure.
So I'm not sure about a lock combo, but a judge did rule that you don't have to give up a password, but I'm not sure where the distinction is. I found crjgreen's analysis very interesting.
Post edited January 29, 2012 by crazy_dave
Posted January 29, 2012
avatar
cjrgreen: <>
Very good explanation. Thanks a lot.

EDIT:

Is all that for criminal cases too?
Post edited January 29, 2012 by da187jimmbones
Posted January 29, 2012
avatar
stoicsentry: It is any different than a court order which requires you to provide a key for a locked box? Cause if not, it's not a violation of the 5th amendment.
In civil law countries court cannot order you to bring a key for a locked box.

I don't know how it is in barbaric states of USA :P
Posted January 29, 2012
avatar
cjrgreen: <>
avatar
da187jimmbones: Very good explanation. Thanks a lot.

EDIT:

Is all that for criminal cases too?
Fifth Amendment protection against self-incrimination doesn't apply directly to civil cases. It does apply indirectly: if your testimony in a civil case (or a non-trial proceeding such as a grand jury or Congressional investigation) might implicate you in a crime, you can "take the Fifth".

Because this could prevent a lot of valuable testimony, it is a common practice to bargain for immunity, when a witness testifies in a civil case, or a witness not charged testifies in a criminal case. To the extent that you are granted immunity, the evidence you give can't be used against you in a criminal trial, and you can't take the Fifth to avoid testifying.
Posted January 29, 2012
avatar
xyem: Can you be forced to give the combination/password to a safe?
In the UK yes, section 4 of RIPA is all about "notice to surrender" passwords safe combinations/keys. 2-5 years in prison (+ fines of course) for failure to comply depending on what is being investigated.

The UK is a total police state, the law doesn't even pay lip service to the universal declaration of human rights (or the ECHR or human rights act) any more.
Posted January 29, 2012
Actually, thinking about this again.. Can't she just claim that the encrytion is her method of DRM, protecting her property on her HDD?

I know it's illegal to break DRM so would the police even be allowed to try breaking her encryption even if they have her pc?
Posted January 29, 2012
avatar
xyem: Can you be forced to give the combination/password to a safe?
avatar
stuart9001: In the UK yes, section 4 of RIPA is all about "notice to surrender" passwords safe combinations/keys. 2-5 years in prison (+ fines of course) for failure to comply depending on what is being investigated.

The UK is a total police state, the law doesn't even pay lip service to the universal declaration of human rights (or the ECHR or human rights act) any more.
Phew - I was starting to think 10+ years of crime drama shows had been telling me lies about the legal system
Pages:
1
2
3
4
5
6
7
This is my favourite topic
Community
General discussion (archive)Woman forced by court to unencrypt her disk(94 posts)(94 posts)
(94 posts)