
Judge: Fifth Amendment doesn't protect encrypted hard drives - Feanim
http://arstechnica.com/tech-policy/news/2012/01/judge-fifth-amendment-doesnt-protect-encrypted-hard-drives.ars
======
ctdonath
It's a variant of what's called "rubber hose cryptology": sometimes it's
technologically a lot easier to just beat the password out of someone
(smacking the soles of one's feet with a rubber hose apparently being a rather
effective technique).

I draw the line using a "rag doll" model. They can compel fingerprints,
physical keys, DNA, etc. insofar as they can manipulate your limp unresitive
(albeit uncooperative) body to take fingerprints, extract keys from pockets,
snip a hair, extract a blood sample, etc. They cannot, however, compel you to
act on their behalf and against your own interests - to wit, they cannot
demand you speak (type, write, press buttons) words the whole point of which
can and will be used against you. A fair argument may be made for compelling
you to provide the key/combination to a safe, but only insofar as they CAN
tear the safe apart with blowtorches & diamond saws if you don't cooperate.
But when it comes to the state's evidence hinging entirely upon the
defendant's cooperation, no - that's why we have the 5th Amendment (gov't
cannot compel one to testify against self).

~~~
rmccue
Could you not then argue the same for data encryption? Bruteforcing it would
be the equivalent of a blowtorch in that case. Would that not then mean that
they can compel you to give the key/password?

~~~
cynest
A blowtorch can open such a safe in <1 day. Depending on the encryption,
cracking it in a year might be impressive. And that assumes they can prove
it's even there.

------
fab13n
To counter this, you need an encryption method with these properties:

\- you can be banned or self-banned, irrevocably, from accessing your data;

\- you can prove to the judge that you can't access your data;

\- even with full forensic copies of your disk, you can't be un-banned.

You can do that by having part(s) of the key on server(s) online. Give
yourself, a couple of trusted friends and optionally a script, the ability to
wipe those keys: it will irrevocably seal your disk's content. Obviously, pick
servers under foreign jurisdictions which dislike to collaborate.

Even better, there's no proof that you're the one who destroyed the keys: you
can't be charged with evidence tempering.

~~~
gte910h
>Even better, there's no proof that you're the one who destroyed the keys: you
can't be charged with evidence tempering.

The court doesn't really work this way. Just because you cross your fingers
when you do something doesn't mean you aren't going to be charged with
destruction of evidence.

~~~
roc
If an office had a policy of shredding old financial paperwork and that policy
was faithfully followed on the day after, say, the COO was whisked away for
embezzlement, would it count as evidence tampering?

Or to the point: if you use a remotely-stored encrypted volume with a dead
man's switch as a day-to-day security policy, would it still be trivial to
charge someone for evidence tampering?

~~~
rosser
AIUI (IANAL, mind), no — or at least it's less likely. It's when you go out of
you way to destroy the evidence (and can be demonstrated to have done so) that
you're almost certainly facing obstruction charges. If you're just doing the
same thing you do every day, it's much harder to establish the intent to
destroy inculpatory evidence, which is what would trigger the obstruction
charge in the first place.

Second opinion?

~~~
nknight
In civil cases, once you know or have reasonable cause to suspect a court case
is imminent, you're technically supposed to act to preserve evidence, and not
doing so can lead to sanctions, even if the evidence was destroyed as part of
routine policy.

I'm less clear on how evidence tampering is dealt with in criminal law.

~~~
dkokelley
In a criminal case (and likely in the worst of criminal cases), the suspect
has no idea when the FBI will come bursting through the door to arrest him/her
and seize hard drives. A dead-man's switch would be impossible to prevent in
this scenario (aside from never using one in the first place).

------
simonsarris
I have question to those who know more about these things: Instead of hidden
volumes, wouldn't it be better to have an "under duress" password?

The hard drive is encrypted and sensitive folders are identified by the user.
When a password is given all contents are decrypted.

When a "under duress" password is given the sensitive folders are permanently
wiped and all the (remaining, innoculous) contents are decrypted.

This stops them from finding hidden volumes or operating systems because there
are none. Wouldn't that be a better model, and much harder to figure out?

~~~
tedunangst
Then they restore the hard drive from the cloned image they made before
entering the password and ask you once more for the password. This time, with
feeling.

~~~
repsilat
There might be a market for keeping your keys on some service "out there".
Boot your computer, type in your password, your computer sends the password to
the key service. If the password is correct they send back the key, if the
password is the destruct codes they delete the key.

No amount of hard-drive cloning will stop this. Paired with some other
optional measures ("we delete the password unless you send an email every
week" etc) and it's almost foolproof. You might still have a hard time arguing
against destruction of evidence, though. I guess if your "don't delete the
keys" email was "Please delete my encryption keys" you could be completely
honest and they wouldn't believe you, resulting in your keys being deleted
despite your complete cooperation.

~~~
nickik
I smell a startup.

Great Idea by the way. Like Wikileaks you would have to replicate all your
server in the countries that are the "freeist" or you need a very good system
to hide where you are. Tor is a good exampel.

------
pavelkaroukin
What if lawyer-based service is created, which allows to automate
representation of client including when client need access to data on the his
hard drive. Essentially, develop algorithm allowing external OTP
authentication.

And this lawyer, representing user, will have in agreement something like this
"In case my client is under investigation or incriminated or ..." I will not
be allowed to release OTP password.

Of course, this service will be based in country which treat law as a law, not
inconvenience.

What I am missing? There are no such countries may be?

~~~
tedunangst
In my lay opinion, you are treading very close to making the lawyer complicit
in the crime, at which point there is no privilege shield.

~~~
pavelkaroukin
Only if lawyer is USA based this might make him commit a crime. But what if
lawyer based in the country where forcing to reveal password is unlawful?

~~~
EchoAbstract
In the USA it is not legal (in violation of the 5th amendment) for the court
to compel you to reveal a password (if your read the brief the Judge says as
much). However, if the court can prove by other means that you own the data on
a drive, they can compel you to provide them with the unencrypted contents of
the drive via a search warrant.

~~~
bluedanieru
If they can prove it, why do they need you to decrypt it for them?

~~~
savramescu
They know you stole the car because they've got surveillance video so now
they're serving you with a warrant to produce the car so they can also prove
physical presence in the vehicle. This is my view of the ruling.

The chick got recorded talking about the documents so they're asking for a
readable version.

------
MichaelApproved
Everyone is trying to figure out which encryption technique can bypass the law
when it's already too late. The best solution for this type of case is to
_keep your damn mouth shut_ and don't talk about the contents of the drive.

 _"the police had recorded a phone call between Fricosu and her husband in
which she seemed to acknowledge ownership of the laptop and to reference
incriminating material on it."_

Without that recording, the prosecutions case would be a lot weaker. Sure,
encrypt your files, but keep your mouth shut about it!

------
showerst
Just out of curiosity, what's the case-law like if she had encoded these
documents and stored them on paper?

I certainly don't want to see mandatory decryption, but at the same time it
doesn't make sense to let an accused completely skip out on discovery by
simply truecrypt-ing the evidence either.

~~~
mikeash
To me, the most convincing argument is, what if you legitimately forget your
password?

If that alone gets you thrown in jail, then you're going to be jailing a _lot_
of innocent people. On the other hand, if that does _not_ get you thrown in
jail, then one can simply claim to have forgotten the password without
repercussion.

Personally, I'd rather let people hide evidence by encrypting it than jail
people for being forgetful, since those seem to be the only two choices.

~~~
alextgordon
And, what if I do this?

    
    
        head -c 1048576 /dev/random >not_encrypted_I_promise
    

I can't _prove_ that file isn't actually encrypted data. Are we going to throw
people in jail for possessing random data without a justification?

~~~
tedunangst
No, we're only going to throw people in jail for possessing random data and
failing to produce encrypted documents we have evidence they possess.

~~~
gcb
that's the most dodged response ever.

i think for his question to even be made, it was assumed he was being accused
of possessing encrypted something.

Let's attach the old guy from france that got into the 3 strike law without
even having a computer at the time. Now let's say instead of getting the IP of
that old guy from france, the police got the IP of the comment above yours,
from let's say mr Buttle. Now they confuse him with Mr Tuttle and assume he
has encrypted criminal data. but all they could find on his computer is the
file "not_encrypted_i_promise".

he is then throw in jail because he failed to provide the password. His
infective defense was that he was "playing" with philosophical questions
regarding encryption.

~~~
tedunangst
Then explain that to the judge. The defendant in this case is not claiming to
be the victim of mistaken identity.

~~~
gcb
that was even less to the point. you are good

ignore the mistaken identity, was just a means to reach the false/wrong
accusation resulting in the experiment he just did convicting him.

~~~
tedunangst
I don't see the problem. People get convicted based on faulty evidence. The
sad fact is it happens. [Yes, that is a problem, but...] Why is cryptography
special?

~~~
gcb
read the comment that started this thread.

the guy has a file that is pure garbage. not encrypted.

the law officers THINK it's encrypted. the judge orders him to give the key.
...there's no key. it's honestly garbage data.

That's what make encryption special. It were a safe, the police could crack it
open somehow. with encryption, they can just claim it's too advanced to be
cracked and that will be treated like you are lying.

------
pavelkaroukin
BTW, hackers, if you did not see it yet, check out what EncFs offer you.
Essentially, it allows you to have multiple passwords on the same repository,
and only files decryptable with currently used password are shown (require
special option during mounting to ignore incorrect password warning).

Using that you can have any number of passwords and any number of "partitions"
inside your folder. This is not like hidden partition in TrueCrypt, where you
can not prove it exists at all.

------
Groxx
Makes sense.

Yes, dead-man switches and whatnot always come up with cases like this -
that's not really part of this ruling. This case includes: a) they have record
of the defendant stating the information exists on the machine, which she
stated she owns, and b) they have (a very good) reason to believe the drive
can be decrypted.

All of this strikes me more as a search warrant than anything, in the same way
that they can break locked doors if they have a warrant to search a location.
That it's a cryptographic lock really has no bearing on the matter - if the
documents were printed and put in a locked closet, they could be confiscated
and searched. Why is this different?

------
tedunangst
Yesterday's link, to the original source:
<http://news.ycombinator.com/item?id=3502850>

------
thereallurch
Any technologies exist that let you have multiple encrypted OS's on multiple
keys? For example, 1 key could boot up one OS and another key could boot up a
different OS. Seems like it'd be difficult to prove that you booted one or the
other...

~~~
talmand
I can see the legal issues that would be forthcoming if you refused to share
the key to allow for access or agree to type it in yourself. Obstruction and
all that.

I'm wondering what the legal ramifications might be if you set a secondary key
that would wipe the drive in the most secure method possible and then provide
that key. Or even the alternate boot sequence as suggested.

~~~
mc32
>I'm wondering what the legal ramifications might be if you set a secondary
key that would wipe the drive

Destruction of evidence. <http://en.wikipedia.org/wiki/Spoliation_of_evidence>

~~~
talmand
Oh, I get that, I'm not saying it's a way to avoid the ramifications, I'm just
wondering what they are.

I have to say that I somewhat agree with the ruling because there are similar
situations with physical objects, not true one-to-one but they are there. I'm
just wondering how the courts would react to the destruction of digital
evidence that was not directly initiated by the defendant, but indirectly by
preparing for the possibility.

------
orbitingpluto
Classical jibberish passwords are mostly muscle memory. I know I wouldn't be
able to remember some of my mine of that sort after two weeks.

If you were incarcerated and you knew you might have to comply with an order
to decrypt a hard drive, it might be in your best interest to create and
shadow type many alternate passwords until you actually forget the important
one. Then (hopefully) you're just a polygraph away from a not guilty in an
obstruction charge.

~~~
SquareWheel
Of what I understand of the methodology used by polygraph, forgetting the
password wouldn't help you out here. You'd still be intentionally misleading
the police, and that would lead to the signs the polygraph attempts to detect.

------
lukev
An important clarification since some people seem to be confusing the issue:
the police seized her computer already, presumably legally and with a warrant.

So while this does present an interesting edge case in the fifth amendment
(does evidence count as evidence if it's encrypted?), it shouldn't set off
civil liberty alarm bells in your head nearly as badly as several other things
currently going on in this country.

~~~
mikeash
I disagree. If you can be jailed for refusing to decrypt data on a computer
seized under a legitimate warrant, then you can be jailed for not having the
password for encrypted-looking data on a computer seized under a legitimate
warrant. A warrant does not imply guilt, so this means innocent people may be
imprisoned.

~~~
lukev
I agree completely.

Just saying that a question of what a court can compel you to do as part of a
trial (before sentencing) is a quite different than a _fourth_ amendment issue
of illegal search and seizure which it seems some people are conflating this
with.

------
ROFISH
It looks like they're not trying to decrypt the laptop for the fun of it, but
judge has physical evidence that the laptop contains relevant information to
the case. From the article:

 _But the police had recorded a phone call between Fricosu and her husband in
which she seemed to acknowledge ownership of the laptop and to reference
incriminating material on it._

~~~
tricolon
A recording of a phone call is now physical evidence of the existence of
information somewhere else?

------
AndyKelley
Did anybody see this?

 _But the police had recorded a phone call between Fricosu and her husband in
which she seemed to acknowledge ownership of the laptop and to reference
incriminating material on it._

I'd like more details about this - without any clarification, this sounds
_extremely scary_.

~~~
lukev
Presumably the phone call surveillance was under warrant.

It's also worth noting that they would have needed a warrant to seize the
computer itself to begin with. The question is whether, having been seized,
they can require her to decrypt it for them.

------
rdl
I really hope this gets appealed.

------
plasma
It would be cool to have a "canary" system in encryption.

For example, without having entered the 'everything is OK' password every
week, the drive/encryption automatically destroys itself.

So if the drive is ever compromised, or you are separated from it, etc, the
fact that you do nothing should cause the protected data to be destroyed.

------
thisischris
I forget my password for things all of the time...This situation would be no
different.

~~~
cosmando
It could also create a scenario in which a bug in a decryption or hash
function could potentially land an end user jail time.

------
jimbishopp
Note to self: never acknowledge ownership of a laptop with incriminating
material on it (encrypted or not); especially while on the phone or in the
general vicinity of a recording device.

------
ck2
I used to think we didn't want these kinds of cases in front of the supreme
court right now - but I am starting to change my mind. They are showing signs
of intelligence.

------
jQueryIsAwesome
What happens if a friend of a suspect burns some papers that the jury suspects
that those were incriminatory evidence?

In this context: what would happen in the case the crypto software deletes all
the data after not logging in for 1 week? (It would be too short for the trial
to happen i guess)

