'Sorry, I've Forgotten My Decryption Password' is Contempt Of Court, Pal - US Appeal Judges (theregister.co.uk) 522
Thomas Claburn, reporting for The Register: The US Third Circuit Court of Appeals today upheld a lower court ruling of contempt against a chap who claimed he couldn't remember the password to decrypt his computer's hard drives. In so doing, the appeals court opted not to address a lower court's rejection of the defendant's argument that being forced to reveal his password violated his Fifth Amendment protection against self-incrimination. In the case under review, the US District Court for the Eastern District of Pennsylvania held the defendant (referred to in court documents as "John Doe" because his case is partially under seal) in contempt of court for willfully disobeying and resisting an order to decrypt external hard drives that had been attached to his Mac Pro computer. The defendant's computer, two external hard drives, an iPhone 5S, and an iPhone 6 Plus had been seized as part of a child pornography investigation.
Contempt of the court... (Score:5, Insightful)
Re:Contempt of the court... (Score:5, Insightful)
Re: (Score:3)
Under stress, and my poor memory due to my job, I can't remember the password. I write it down, but I seem to have lost it.
Re: (Score:2)
Well say hello to a jail cell then. You can be help for contempt for a very long time.
Re:Contempt of the court... (Score:5, Interesting)
All you need is a lawyer who's willing to argue that police lost evidence of this during arrest/warrant sweep. Happens quite often and there's a lot of case law on it.
Re: Happens quite often... (Score:3, Interesting)
"I don't know the pw, it's on the bottom of the laptop."
Police: "..." Unless of course they filmed the whole arrest and house visit.
And about the 'forgone conclusion' and the fact they aren't simply starting the trial based on the evidence that led to this conclusion:
I think it's quite possible that law enforcement told the judges, confidentially, that they already have hacked the disks using a secret back-door or other procedure, but
Re: Happens quite often... (Score:4, Insightful)
Possibly. That's the real question here, while I've read the case info provided in the article there's a bunch of things that are unclear until I get a chance to read the initial case. But, local police forces which is what this case is doesn't usually have the resources to backdoor things like this unless they're commonly known exploits. And if I remember the cases correctly, if they were seized as part of evidence in the original warrant and they were able to get the information off the drives without his co-operation it wouldn't matter anyway. Since it would have already proven that he was in possession of CP. So that doesn't really matter, in the rare cases where something like this happens they can seal part of the court case to protect the disclosure of things like that which would lead to the compromising of on-going investigations.
The real thing is is what you pointed out though, where the proof. There is none really. The prosecution states they have "known hashes" but that doesn't mean much beyond that. It's more likely that the sister saw actual CP, and that's it. That in itself leads weight to it, but it still doesn't mean too much without the actual evidence.
I wouldn't be surprised if this keeps moving through the court system, or their lawyer simply tells them to take the contempt charge which he'll likely serve on weekends and get on with his life. The contempt charge itself could be an entirely new ball of wax especially if it's contested which wouldn't surprise me. The lawyer(s) in question could make their career defining case off of it. Since then the court will have to prove that he knowingly engaged in contempt.
Re: Contempt of the court... (Score:2)
You have to be joking that the rest of the world would have thought highly of another President Clinton.
Re: Contempt of the court... (Score:4, Insightful)
A friggin' mole hill would still be higher than what the rest of the world thinks of Comrade Trump.
Re:Contempt of the court... (Score:5, Informative)
We don't need to mod you down. Just present facts. Not that I am a Trump supporter, but I can tell from how you write that you are unhinged due to rampant bias. It is affecting your mind. Specifically, but not limited to, your ability to process data, form correct opinions, and see facts as they are.
Case in point:
District Judge: Honorable L. Felipe Restrepo
He is an Obama appointee who made the original ruling and whose ruling the third circuit court of appeals upheld.
Please tell me how an Obama appointee is part of a vast right wing republican conspiracy to attack Americans.
Re:Contempt of the court... (Score:4, Insightful)
Trump's travel bans ran into difficulty because Trump himself said that they were Muslim bans and targeted at Muslims. After the first one failed his staff started talking about how they could make minor, cosmetic changes that meant it was still a Muslim ban but addressed the very narrow point in law that the first ruling was based on. Naturally, the courts didn't fall for it, especially as all this was said in public.
Trump's executive orders keep failing because he is an idiot, surrounded by idiots, and none of them know how to run a government or write a legally sound executive order. Nothing to do with the judges' opinions of Trump, and everything to do with the fact that he basically argued the plaintiff's case for them outside the court so they could simply submit his speeches and tweets as their evidence.
Re: (Score:3)
I would rather do a year in prison than 6 months in jail.
I have never been to prison, but I was in jail, and I didn't think the experience was so bad. It was far better than what I expected from watching TV. Most people were polite and cooperative, and it was a great opportunity to practice my conversational Spanish. Even the guards were friendly. The only big downside was the food. I am a vegetarian, and most meals were baloney sandwiches. They also had peanut butter, but that got really monotonous.
This was the Santa Clara County Jail in San Jose, Californ
Re: (Score:3)
He may be in jail a long time ... and considering these particular (and unlawful) laws, he is better off being in jail on the contempt charges.
When he gets out from the contempt charges, the same judge will ask for the password again.
Re:Contempt of the court... (Score:4, Informative)
It's the law, innocent until proven guilty. So the judge failed to prove the person did remember the password, hence the judge is in contempt of justice. In order to prosecute for failure to remember and state a password, the court must prove the defendant does remember it, otherwise they a just fucking guessing because that is what they want, a really horrific corruption of the justice system.
Think of the ramifications, the court claims you saw something with no evidence of proof of that claim, you say you did not and they imprison you until you say what they want you to say. You can not legally force memory, to force people to remember and just to be clear, how many you idiots got 100% on every exam you ever took, well, according to shit for brains judge, you put down the incorrect answer on purpose. Courts are not for fucking guessing, want to make a fucking claim, then fucking prove it.
Re: (Score:3, Insightful)
People who call me because they have forgotten the password of their own computer and who want me to reset it is not unusual. Do you think those people are lying and they only call me to hear my beautiful voice? Don't get me wrong, I'm pretty sure the guy remembers his password, but a justice system where someone can be put
Re: (Score:2)
Re: (Score:2)
Sounds like someone's never heard of asymmetric cryptography you can encrypt files without having the ability to decrypt them. Of course that's not usually the type of encryption used to secure entire drives.
Re:Contempt of the court... (Score:4, Insightful)
Well someone, somewhere needs to have the ability to decrypt them. They're rather useless otherwise and you may as well just delete the files. And if you have a way to decrypt them at all, then they could easily extend this ruling of contempt to include any intermediate steps required.
The only way "I don't know how to decrypt them" really holds up even in a hypothetical is if you were using an asymmetric key to generate the encrypted files for an anonymous third party that you have no direct contact with, and they managed to get you at just the right time between purging your local copies and shipping off the encrypted ones.
And even then, you'd have to have some way to get the data to said third party which means a trail of some sort (albeit possibly a cold trail if it leads out of the country or something.)
Sadly your best bet in a situation like this is to appeal to the constitution.. somewhere between the 4th and 5th amendments in this case.. but even that's on shaky ground as the courts are still trying to figure out how (or even if) 200 year old laws should be applied to modern digital devices.
Re: (Score:3)
You need to create plausible deniability. Keep a broken USB flash drive around. When asked for the password, tell them you use a keyfile on the USB drive instead. Oh, too bad, they broke the flash drive, now there is no way to decrypt it any more.
Re: (Score:3, Interesting)
Irrelevant.
Of course, it is not — and the judge is well aware of it. He had these large drives attached to your computer. They both agree, he accessed the data on them with a password. He claims, he no longer remembers the password — well, the judge happens to not believe him.
This is not a Constitutional question
Re:Contempt of the court... (Score:5, Insightful)
This is not a Constitutional question — the guy is not asked to testify against himself. What he is to say is not under oath and will not be used against him.
It is indeed a Constitutional question. He's accused of a crime, and he's being asked, er forced to aid the prosecution. What happened to his right to remain silent, his right against self-incrimination?
And yes, I do believe it is the goal of the prosecution to use any passwords he provides to find stuff that *will* be used against him. They are *demanding* that he aid their prosecution of him by divulging secrets ... how is that not testifying against himself? Next, are they going to waterboard him for the passwords?
What is demanded of him is a key to the premises, for which a perfectly valid search-warrant has already been issued.
If they were demanding a physical key, he could refuse to tell them where that is too. That said, without that ... they'll just knock down the door.
Also ... has a search warrant been issued to search his brain?
This stinks to high heaven. I thought that it was already established by case law that you did not have to say anything to aid the prosecution in any way, that your right to remain silent was absolute in a criminal case?
Re:Contempt of the court... (Score:4, Interesting)
No, but you can set your encryption to scramble the key if there are (X) false attempts. Or even to scramble if a certain password is entered instead of the real one. And, if you used reasonably secure encryption, once that is done, its toast. I cannot ever be decrypted with today's technology. And likely can never be decrypted, ever.
judge won't like it. Prosecution won't like it. But it is easy to prove that this is a fact.
Re: Contempt of the court... (Score:5, Informative)
No, you cannot "set your encryption" to do that. Your shit will be imaged.
Re: Contempt of the court... (Score:5, Funny)
No man, you just tell your encryption don't take that shit, don't let yourself be imaged, encryption. Stand firm in the face of these fascists, encryption, and do right by me man.
Rubber-hose cryptanalysis (Score:2)
Perhaps some type of expiry after 30-60 days of non-use for sensitive encrypted drives might protect against this, since there's no way the person could decrypt the drive after that threshold.
Re: (Score:3)
Re: (Score:3)
How do you implement the timeout assuming the attacker will have possession of the device in question?
Apple has been dealing with something similar with their 10 try then wipe password limitation they keep figuring out new ways to bypass it.
Re:Rubber-hose cryptanalysis (Score:4, Interesting)
As a victim of a rubber hose attack by the American government I can offer some insight into how it works and how everyone looks at the issue wrong. The government usually gets it hands on you somehow and threatens you with some ridiculous mandatory minimum prison sentence. Its a somewhat civilized approach to the rubber hose attack.
You go hire a big buck attorney who starts to work on the case. Next thing you know the government is offering you immunity for whatever is on your computer in exchange for the passwords. Of course your attorney says give them the passwords and this thing will likely go away. You hand over the passwords and it goes away, the statute of limitations ticks off a few years later.
Now if you are the main target of their interest they will wait until they can nail you to the wall and do this step to anyone they think may be able to help.
A better approach would be to use a wifi accessible ssd hidden in a wall or elsewhere it wont be found. Most of the time they are in and out of your house in under a hour, it is very rare, without an informants telling them all of your opsec secrets that anything well hidden will be found.
Cops are humans, most humans are lazy and have mixed feelings about their job, remember that. Encrypted disks in the hands of the government should be treated as the starting point in negotiations.
Re:Rubber-hose cryptanalysis (Score:4, Interesting)
.Perhaps some type of expiry after 30-60 days of non-use for sensitive encrypted drives might protect against this, since there's no way the person could decrypt the drive after that threshold.
You aren't imagining the defendant's computer in a nice neat room with his drives plugged in and a cop sitting at it trying to guess the password, are you?
No, the drives will have been imaged through a hardware device that blocks all attempts to write, and their work will be on their own computers running their forsensic software against the images of his drives, with his original drives safely in the evidence lockup.
And if criminals start using drives with custom firmware to foil this (they've already read the first GB sequentially? return gibberish and erase everything!), the cops will then be removing the control boards and subsituting their own before they do the imaging.
"Self destructing crypto" will just be something else for them to work around. It might foil the local police department, but if the FBI/NSA/CIA/etc. really wants your data, that's not going to foil them any more than straight strong crypto will.
Re: (Score:3)
Why would you want to live in such a society? Have we really fallen so far that citizens now support such insane shit?
Re: (Score:2)
I wanted to look in to nesting this so that one passowrd unlocks the data, another password unlocks a 'blank' drive.
What if (Score:5, Insightful)
>"upheld a lower court ruling of contempt against a chap who claimed he couldn't remember the password to decrypt his computer's hard drives"
I am not saying that is the case here, but what if a defendant really doesn't remember the password? Throw him in jail forever? Some devices don't need a key/password UNLESS they are disconnected or reset, and it is very plausible someone might have been using something for a long time without knowing.
Re: (Score:2)
>"upheld a lower court ruling of contempt against a chap who claimed he couldn't remember the password to decrypt his computer's hard drives"
I am not saying that is the case here, but what if a defendant really doesn't remember the password? Throw him in jail forever? Some devices don't need a key/password UNLESS they are disconnected or reset, and it is very plausible someone might have been using something for a long time without knowing.
Yeah. I don't know the pincode for my SIM-card, I only ever need it when the phone updates the operating system, and it is separate from the code used to lock the phone. So if my phone is powered down, I have no way of unlocking it without traveling back to my home country out of US reach to get the printed copy of the pincode.
Re: (Score:2)
What type of phone do you have that doesn't have to be restarted every few days?
Re: (Score:3)
But...
I have owned my current iPhone for roughly 3 years. And in that time, I have rebooted it exactly once, for an OS upgrade. I force-shut it down one other time only because I was in the middle of nowhere, basically lost, and wanted to save the last 5% of battery for a 911 call if it became necessary.
Put bluntly, it has never cr
Re: (Score:2)
Re:What if (Score:4, Informative)
Presumably by the time the courts are ordering decryption, the computer has gone through forensics by actual computer forensics people.
Your possibility might apply to the cop who's beating down your door and just trying to get a quick takedown but if you refuse that initial step it will go to people who know what they're doing long before it goes to a judge.
Re: (Score:2)
Maybe he said it with a snarky attitude.
But, I had the same question...if you're not allowed to 'forget' something...what if you actually do?
Re: (Score:2)
He probably 'said' it through his attorney via filing, which I expect would be on-paper.
While it's possible to be snarky on paper it requires both intent and a general finesse for language that most people don't have.
Re:What if (Score:5, Interesting)
what if a defendant really doesn't remember the password? Throw him in jail forever?
Sure. Why not? The criteria is "reasonable doubt" not "certainty". In practice, the standard for "reasonable doubt" is not very high. When DNA evidence first became valid in court, the Innocence Project reviewed thousands of old cases, and determined that about 10% of them could not possibly have committed the crimes for which they were convicted. One case overturned was the Central Park Five, which EVERYONE, including our president [nytimes.com], was absolutely certain were guilty. There are many, many other cases with no DNA evidence, but there is no reason to believe the false conviction rate is any lower for those.
So if 90% certainly is good enough to lock up some poor black kids for life, why isn't it good enough for a rich white guy with a Macbook Pro?
Re: (Score:2)
While I'm sure there's no shortage of racism involved in that particular distinction, there could also be very valid reasons.. specifically witness testimony.
Chances are you can find someone who will claim they witnessed an assault or saw some kid selling drugs or whatever.. possibly not accurate testimony since its been shown time and again that peoples' memories aren't terribly reliable in stressful situations, never mind the possibility of outright deceit. But you can often find someone to step forward.
Re:What if (Score:5, Insightful)
How about we work on improving justice for all without regard to socioeconomic status or race.
Sure. But if we fix it only for the rich white guys, then they no longer have any motivation to fix the system for others, and it is they that are empowered to do so. We should indeed fix it for everyone. But we need to start at the bottom.
Re: (Score:3)
This question actually did come up in this case, as at one point the defendant claimed to have forgotten the passwords. However, the defendant undermined himself by at another time refusing to provide the passwords by which he proved that he did have them.
Re: (Score:2)
Believe me I've tried, considering they contain photos taken together with two separate previous girlfriends.
To jail I go, apparently.
Decrypted or not, you were going to jail; only difference would be on what charges.
Re: What if (Score:4, Funny)
Perjury, obviously, for claiming to be a Slashdot reader with a girlfriend.
Re: (Score:2)
Then they charge you with destruction of evidence.
It would be kind of interesting to see how that played out though. Would they have to argue that you intentionally set up a system to destroy evidence based on knowing that you were committing crimes?
Steve Martin to the rescue (Score:2)
That's not good law (Score:5, Insightful)
This amounts to "We know you're guilty even though we can't prove it so we're not going to bother with proof", and worse, they're using that to apply a potentially unlimited sentence.
Just because the guy is accused of having a child porn collection doesn't mean the niceties of law shouldn't apply.
I'm actually not so much for the right against self-incrimination, but I am very much for the right to a fair trial based on evidence and not what people 'know'. I'm also very much on finite sentences proportional to the needs of protecting society, punishing enough to scare the next guy, and attempting to reform the convicted if possible... but there shouldn't be a sentence at all without a just conviction.
Re: (Score:2)
Just because the guy is accused of having a child porn collection doesn't mean the niceties of law shouldn't apply
Does the law distinguish between having, distributing or making these images? I consider those very different crimes.
Also, since they know he visited the sites and downloaded *somethings*, they can nail him just for that crime and waive or suspend the contempt charge if he agrees to forfeit possession of the hard drives.
Re: (Score:2)
It's a bad law because it's literally leaning on "I said so."
The power is ultimately in the owner's hands. Consider: Even under torture, access is technically only granted when the owner says. And so, like warrant canaries, this power will simply rearrange itself until it's out of reach again, until untouchable by infantile laws that are comparable to a child shouting about a supershield that blocks anything.
Immediate example: The key distributes itself (perhaps via deadman) to a random, unknown recipient o
Re:That's not good law (Score:5, Interesting)
An admission of a crime was made, written up, encrypted, and put on a USB(CD maybe) and sent to the Home Secretary. The police were then contacted and informed that the Home Secretary has, in his possession, an admission of a crime that requires a custodial sentence.
Technically, that he never had the keys to unlock it was irrelevant. He had an item that was an admission of a crime, he was duty bound to hand it over and unlock it, even though there's no way on earth he could. But the way the law was written, he was the one in trouble.
If this is allowed to stand, we now have the way for someone/anyone to send you an encrypted file (email/cookies), that will then get you found in contempt of court as you are unable to prove you can't unlock it.
Re: (Score:2)
They had evidence and testimony that he had downloaded and viewed the material and also that he had transfered it to the encrypted storage. They just didn't have access to the encrypted storage to show what was still there. The defendant made no effort to refute any of that which is why producing the password is considered non-testimonial.
Re: (Score:2)
This amounts to "We know you're guilty even though we can't prove it so we're not going to bother with proof", and worse, they're using that to apply a potentially unlimited sentence.
Well, the forensic analysis of his laptop (whose encryption the authorities managed to break themselves) showed that he visited known child exploitation sites and downloaded "thousands of files with the same hash values as known child pornography files." (quote from TFA). The downloaded files weren't on the laptop, so they're assumed to be on the encrypted external drives. Also from TFA: "Authorities in Delaware investigating the case already had a sense of the contents of the drives because, according to c
Re: (Score:2)
Either they need the drive or they don't.
If they need it... tough! (or at least it should be) - because they can't prove he hasn't genuinely forgotten the password.
If they don't need it, the contempt charge is a disgusting act by the legal system to ignore its internal checks and balances. Just finish the trial with the evidence you have, get the conviction, and apply an appropriate sentence.
This is bullcrap (Score:2)
While I have less than zero sympathy for child pornographers, what about the 5th amendment? I thought it was to EXPLICITLY prevent the courts from obliging you to give information that may incriminate you.
Also isn't the onus on the court to prove you're definately guilty before punishing you? I think its more than reasonable that someone could honestly forget their password, especially in a stressful situation such as a trial.
Re: (Score:2)
I thought it was to EXPLICITLY prevent the courts from obliging you to give information that may incriminate you.
The password (like a key to a safe) itself isn't self-incriminating, even if the thing it's protecting may be.
Re: (Score:2)
So if you make the password itself something that would be incriminating, you could legitimately withhold it?
Re: (Score:2)
The password (like a key to a safe) ...
I think you mean "like a combination to a safe". Passwords aren't like physical keys—they're something you know, not something you have. And unlike physical keys, which can be seized with a warrant, there is no precedent for requiring a suspect to divulge the code to a combination lock.
Re: (Score:2)
the fifth amendment is so the cops can't torture you to force you to confess like used to happen in Europe around the time it was written. I read an interesting book one time how they used to put you on the rack and break your bones until you confessed or they were sure you really didn't do it.
the concept that the police can collect evidence and you have to give up evidence of your guilt has been around for a long time cause justice trumps your right to break the law
Re: (Score:3)
This is a case of secured evidence, not self-incrimination. If you have a locked safe that you won't give the combo to, they have the legal authority to break into your safe (and not compensate you for it), this is just an issue of where they are authorized to use force, but don't have sufficient force. (and this does indeed piss off the law / govt when it happens, they fancy themselves omnipotent and take enormous offense when proven otherwise)
It really comes down to more of a case of getting the book thr
Re: (Score:3)
It does seem ironic that the law/government makes the laws in the first place, so they can write whatever suits them, yet they still break them.
Re:This is bullcrap (Score:5, Insightful)
The Courts (and Law Enforcement) have gotten really lazy, and it's confusing to me why they don't see it.
During the San Bernardino iPhone stuff and other such stories, there were so many 'seemingly intelligent' people saying how encryption shouldn't be allowed because it made law enforcement difficult. Since when has it been easy? Wearing gloves makes it hard to pickup fingerprints. Should you outlaw gloves as well? However, these people are saying, "You should be forced to live in a way that makes it simple for us to track you all the time." "Papers Please!"*
Two statements:
"As more and more people are using encryption these days it's much more difficult for us to obtain evidence." - legitimate
"As it impedes our abilities to gather evidence encryption in consumer devices should be restricted or should include a law enforcement backdoor." - completely not legitimate
*(Actually with the 'papers please' that's more about proving you're allowed to be there, rather than checking to see if you shouldn't be there. So it really doesn't apply to the situation.)
Re: (Score:2)
And when a judge orders you to do something in a trial, such as provide a password to your drive, and you decline, that's contemp
Re: (Score:2)
So you're telling me that the Judge has power to order you to do literally anything during a trial? such as stick a knife in yourself or someone else? and if you refuse you are now in contempt and can go to prison for ever?
Re: (Score:2)
Re: (Score:2)
Yes, it happens all the time. Don't they have Fox News where you live?
Re: (Score:2)
a) Forensics had already proven that he had downloaded and viewed material and then transfered it to the encrypted storage and the defendant did not deny any of that, so the defendant is already incriminated.
b) Being jailed for contempt is not punishment for the crime, it's a sanction for refusing to follow the court order to supply the password. It's not even considered a punishment per se so "cruel and unusual punishment" arguements, like against the solitary confinement here, are hard to make.
Re: (Score:3)
It has been established that you can't be forced to turn over the numbers to your combination lock while you can be compelled to provide the physical key if you have it. The problem is that in cryptography, we call it a key but we mean combination lock, the judges here ruled a cryptographic "key" is something similar to a physical key, a piece of code/hardware you can give them to unlock your "safe" while it's actually a combination lock.
Re: (Score:2)
They get a saw and cut your nice expensive safe open.
Comment removed (Score:4, Insightful)
In fairness (Score:5, Insightful)
So when are the politicians going to be charged with contempt of court when they "do not recall"?
Contemptible. (Score:5, Insightful)
That is, unless it's the physical key to a safe, or some hardware encryption key. That's physical, and subject to seizure. But a combination or encryption password is a product of the mind, and forcing it out is forcing self-incrimination.
Sure, law enforcement has a right, with the proper warrant, to break into the safe or attempt to decrypt the contents themselves, but failing that, they're simply SOL.
Re: (Score:2)
Although the SCOTUS agrees with you, there hasn't been any legally binding decision made surrounding these issues, lower courts have typically established that providing some assistance to your own conviction is acceptable.
The 'true' solution would be to create a password/passphrase that requires you to actively participate with your mind. Eg. - I can only unlock this password by doing some sort of obstacle course with each stop providing me parts of the passwords.
Destroy code? (Score:4, Interesting)
Seems like encryption systems need to have two passwords; one that decrypts the volume and another that wipes the keys and images a fresh filesystem. When they compel you to enter your password, you enter the "destroy code."
Sure, you could be charged with tampering with evidence if they realized what you'd done. But maybe that would be preferable to indefinite incarceration for contempt of court.
Re: (Score:2)
Probably the best solution.
But, could you really be charged with evidence tampering if the prosecution can't prove beforehand there was evidence there in the first place?
I suspect it would be a long and expensive process to find out what the final outcome would be.
Re:Destroy code? (Score:5, Insightful)
No, it is not even fantasy to have a "destroy everything" password. Even a rookie investigator knows to make a copy first. If you provide self-destruct keys it'll be blatantly obvious.
Re:Destroy code? (Score:5, Interesting)
This is very hardware dependent. Plenty of systems out there that require a passkey to unlock but nuke themselves with a few bad tries. They are not clonable (unless you're the NSA and even then some go to lengths to prevent chip lapping and other methods from working). In essence it's a small computer that you can not practically copy with a hardened interface that stores the actual decryption keys.
Even the TPM chips tied to hard drives should support that.
Re: (Score:2)
Seems like encryption systems need to have two passwords; one that decrypts the volume and another that wipes the keys and images a fresh filesystem. When they compel you to enter your password, you enter the "destroy code."
Sure, you could be charged with tampering with evidence if they realized what you'd done. But maybe that would be preferable to indefinite incarceration for contempt of court.
I doubt that would work in this case as I'm sure LEO images the media and tries to decrypt the images.
Re: (Score:2)
I doubt that would work in this case as I'm sure LEO images the media and tries to decrypt the images.
You don't wipe the drive itself, you wipe the key stored in the TPM or equivalent (which is tamper-resistant and not easily cloneable). Even with the master password, no one can decrypt the contents of the drive without the active participation of the original TPM. An image of the encrypted drive will not help at all if the TPM can be persuaded to delete the sole copy of the decryption key, for example by providing it with a duress password.
Re: (Score:2)
I think forensic analysts will mount your disks in read only before mucking with them.
A better solution would probably be to have a password that decrypts only part of the drive which contains decoy data.
Ressurect different HDD Image? (Score:2)
Rather than destroy the contents it would be better to have a separate code that will show photos and videos of granny's 100th birthday.
"Sir, why did you use password protection for such a purpose?"
"Why wouldn't I use it to protect my memories of my G'Ma?"
Re: (Score:2)
The first thing try do when they take your computer is make forensic copies of all storage media.
Re: (Score:2)
I think a time bomb would be better. An internal clock will count down 1 week, and if no key is given in that time it wipes the decryption key. The courts should be held up long enough to permit this too occur, if not you can reduce the time.
What court? (Score:2)
Secret courts can pry my encryption keys out of my cold dead American hands!
Clearly violation of 5th amendment.. (Score:3)
Does this case fit the precedent? (Score:5, Interesting)
If he has not ever revealed the password to authorities, the Constitution absolutely prohibits this action by the court. A man cannot be compelled to self-incriminate, the court may not presume guilt (innocent until proven guilty), and the court can only establish guilt through due process of law (everything from investigation to conviction) and with equal protection under the law (the law is applied the same way to everyone). This ruling blatantly violates most of these basic rights if the contents of the drive are not a "foregone conclusion."
Re: (Score:3)
Sure they can. Do this field sobriety/breathalyzer/blood test combo. Oh, you refuse? Don't worry, we'll use that as evidence against you in a criminal case because you broke a civil law!
It is not different here. They are nailing the dude for contempt, not for not testifying against himself. There are always ways around that bush
the court may not presume guilt (innocent until proven guilty), and the court can only establish guilt through due process of law (
Re:Does this case fit the precedent? (Score:5, Interesting)
I agree with your second part. Civil asset forfeiture is a blatantly unconstitutional thing that is constantly abused. It's still not a constitutional action, but the guys with the guns make the rules in the end.
Re:Does this case fit the precedent? (Score:4, Informative)
Ruling that it's a "foregone conclusion" is exactly what happened here, but for different reasons.
While the defendant hadn't provided the Mac Pro and hard drive passwords previously, the investigators managed to figure out the password to his Mac Pro and were able to use that access to determine that it had been used to visit child porn sites and download thousands of files that matched the hashes for recognized child porn files. Those files weren't found on the Mac Pro, but the defendant's sister testified "that Doe had shown her hundreds of images of child pornography on the encrypted external hard drives". Between the download history, hash matches, and testimony about the location of the files, the judge ruled that it's a foregone conclusion that the drives contain child porn and that turning over the password is not testimonial in nature as a result.
I'm not sure that I necessarily agree with that assessment (it could be that providing the passwords is still testimonial in nature with regards to crimes they don't know about that his knowledge of the passwords would implicate him of), and the article points out that it's likely this case will go all the way to the Supreme Court.
While we're at it... (Score:2)
Only one way out... (Score:5, Funny)
My password is "sorry I've forgotten my password". They won't be able to claim I didn't tell em!
I can relate (Score:4, Insightful)
I had a couple of encrypted partitions on my Linux setup that I rarely accessed that became inaccessible after a Linux update. In my case I did remember the password but Linux would not accept it. I eventually reformatted it and restored the data from a backup.
Any time you are arrested you should always choose to remain silent and request an attorney even if you are innocent [crammlawfirm.com].
Re: Access/modification times (Score:2)
Re: (Score:2)
Well, then, they could probably get an estimate of "access time" from the amount of dust on the computer, skin oil on the keys, etc.
Re: (Score:2)
Anyway, his passcode is "1Admit1'mGuiltyAsH3ll.", so disclosing it would be self-incrimination.
Re: (Score:2)
No the logic is the same as a suspect ordered to unlock a safe/hidden room/car etc. having to do that. If the locked space then contains something illegal it is valid evidence however the suspect isn't being forced to say there are illegal stuff there.
Or to make the comparison even easier: if police have a search warrant they have to be provided access to a location, failure to give that access is in itself a criminal act. Here the police have a search warrant for the disks and aren't given access to them.
T
Re: (Score:2)
Re: (Score:2)
In my personal experience, passwords that are > 24 characters, are easily forgettable if unused for a period of time. I struggle with remembering complicated passwords if I haven't used them in over a month. Not sure if it's because they're to complicated or if it's a neurological limit. I also suffer from ADD and have a history of radiation exposure.
That being said, I completely understand how it's possible for someone to forget a password.
Obligatory xkcd - https://xkcd.com/936/ [xkcd.com]
Re: (Score:2)
I told you so.
While it still (at the moment) seems unconstitutional to force a person to reveal their passwords, it is simple to get around this by ordering the person to enter the password themselves.
So if you think you're going to evade the long arm of the government by memorizing all your passwords, think again or you too will be jailed.
And remember kiddies, "I forgot" or "I don't remember" only works if you are part of the government itself ;)
The Cheney defense although I'm sure it was used by others long before him
Re: (Score:3)
I've skimmed the judgment. It's a convoluted case. He asserted his Fifth Amendment rights at some point, but failed to do so again at his contempt of court hearing. When he was held in contempt, he appealed and this time he again asserted his Fifth Amendment privilege. But the court that was hearing his appeal of the contempt of court ruling couldn't weigh its ruling based on the circumstances of his original, criminal case ... it could only rule on the civil contempt of court hearing, in which the Fifth Am