
Full disk encryption is too good? - mrsebastian
http://www.extremetech.com/computing/105931-full-disk-encryption-is-too-good-says-us-intelligence-agency
======
tptacek
Here is one of those oh-so-productive HN threads where virtually everyone is
competing to find either cleverer or more emphatic ways of agreeing with the
same statement; in this case, it's "the government shouldn't regulate
encryption", but it might just as well be "the government shouldn't be
electronically strip searching people at airports"†.

This phenomenon presents a manifold of problems, including:

* Because we appear to be unable to move past the most immediately obvious point, we can't fit any _other_ thoughts in our head, like, "maybe there is a real societal problem that needs to be addressed here" --- _not by regulating encryption_ , but, for instance, perhaps by allocating funding and training differently.

* It's boring to have a bunch of people with more or less the exact same life experiences competing to agree with each other.

* When it's not boring, it's exasperating, such as when the thread competes to build a case that all of law enforcement is a conspiracy to find more effective ways to predict who we're going to vote for --- or creepy, such as when people more or less suggest that child pornography isn't a real problem.

Two thoughts. That's all I'm asking. I agree that the first thought is "don't
regulate full disk encryption". The second thought though should be something
along the lines of, "yes, that's an interesting new problem for law
enforcement"; it shouldn't be "OH MY GOD LOOK HERE'S THE GOVERNMENT LOOKING
FOR ANOTHER EXCUSE TO SPY ON MY PORN STASH."

† _I know, I was just as bad on those TSA threads as everyone else_.

~~~
etherael
With regards to the point "maybe there is a real societal problem that needs
to be addressed here"; the problem that I have with that possibility is that
if the only evidence of any supposed crime that has occurred exists purely as
bits on a digital storage device, it's hard to claim that crime was worthy of
any sort of prosecution to begin with. Look at the guy that ended up
prosecuted in the UK under RIPA part III, nobody believes he was actually any
kind of criminal or threat, and yet they wanted to make a sacrificial lamb out
of him just to emphasize how serious they were about having this power
available to them.

Sure, it may be _easier_ for the government to attack the digital storage
device to find the terrorist's journal or plans or whatever, but that doesn't
mean it's the only way to do it. If someone has been making bombs, there is
plenty of evidence outside a document on an encrypted volume, etc etc etc. The
entire idea that a crime can exist purely in information is a step too close
to thought crime and all the problems that entails for my tastes.

If a crime supposedly exists, investigate the entire crime, not just some
theoretical digital footprint on a supposedly inaccessible storage device.
Don't try to backdoor negate the right to private information of the citizenry
purely because you're too lazy and inept to do so.

~~~
angelbob
_if the only evidence of any supposed crime that has occurred exists purely as
bits on a digital storage device, it's hard to claim that crime was worthy of
any sort of prosecution to begin with._

What, really? How about when it's a photo on a digital device?

Yes, yes, they're fakable. But other evidence may not exist, or may not be
findable without the knowledge embodied in that photo.

~~~
etherael
Then whatever it's actually a photo of that's such a heinous thing ought to
have some evidence for the occurrence thereof.

------
nextparadigms
It's like arguing thick walls and windows and strong door locks make it harder
for law enforcement to break in to catch the criminals.

Nowadays, I'm very suspicious whenever they use the phrase "to fight against
child pornography", because I just _know_ they have a different
agenda/priority in mind if they had to use that, but they'd rather give the
child pornography line to the public.

~~~
tptacek
Thick walls and windows and door locks _do_ make it harder for law enforcement
to break in and catch criminals. If technology drove the cost of fortified
residences down to the point where random common criminals were more likely
than not to live in nearly impregnable vaults, law enforcement would quite
rightly have a reason for concern.

It is a fallacious nerd narrative that LEOs want super powers to keep track of
what kind of anime porn you watch. They don't care. The day-in day-out of LEOs
involves crimes so banal (embezzlement, narcotics, counterfeiting, &c) that
they don't catch your attention.

What's changing is that technologies that dramatically raise the cost of
investigating those crimes are now _the default_. As a civil libertarian, I'm
glad of that. But as a citizen and a counterparty to the social contract, I
can appreciate the underlying concern.

The thing you "just know" is false. They care a lot more about child
pornography (which happens a lot more than you appear to think it does) than
you think they do.

When they try to outlaw full disk encryption to increase their chances of
catching child pornographers, let's all share outrage together. Until then,
try opening your mind a little bit to LEO's concerns. They have real ones.

~~~
forgottenpaswrd
"What's changing is that technologies that dramatically raise the cost of
investigating those crimes are now the default."

Do you really think so?

Last time I checked, facebook made really really easy to investigate the live
of everyone as never before. I'm not the one that says that, the FBI chief
officers said that.

Last time I checked, there are cameras anywhere in the cities, from banks and
shops to circulation plates readers with days of video buffers, so if
something bad happens(terrorism) they have more information(and less cost)
than ever before.

Last time I checked, they store your telephone tower triangulation information
that stores when you were at what time.

They even can analogize all telephone communications of the entire country on
real time, store them on a hard drive, and transcribe it for easy searching.

Today this people have more information than ever, but of course, they want
more because they want to control everybody.

Terrorism and children protection has become the wild card they use to break
the freedom of the people, convert us in the serves and making them the
masters ( I got to meet the TSA people).

~~~
aidenn0
I have a friend who is a cop, and on slow days they just browse through the
facebook pages of suspects. People regularly publicly post pictures of
themselves breaking laws. A paroled felon posted a picture of himself holding
a rifle as his _profile picture_ (in the US it is illegal for any convicted
felon to posses a firearm).

~~~
dennisgorelik
Wouldn't it be legal for him to hold his friend's gun?

~~~
ovi256
Presumption of innocence doesn't apply to _criminals_ now, does it ?

~~~
jeffdavis
What are you objecting to, exactly? There's no indication that the police
would bypass the judicial system in this case. I would assume they would knock
on his door and ask him about it. If they still thought a crime occurred,
they'd make an arrest, and then proceed through the system as usual.

------
abalashov
Sometimes it is an inevitable consequence of the march of technological
progress that certain legal and civil artifacts of previous eras must fall
away, and we need to let that run its natural course, instead of trying to put
up pointless and ineffectual -- but costly and frightening -- bureaucratic
boondoggles in its way.

We will just have to live with the fact that secure end-to-end electronic
communication and storage encryption that is not accessible by law enforcement
is available to anyone who really wants it. For the most part, this is good
news for privacy, civil rights and protection from information crime; in a few
extremely marginal cases, like terrorist plotters and whatnot, this is bad,
but we can't have our cake and eat it too. Trying to stop it, roll it back,
pretend it doesn't exist, etc. is a pointless waste of time.

~~~
innoncent1
200 years ago, every man could own a rifle and all rifles were assault rifles.
Citizens were equal with their governments. They could ban together and form
armies. Today, looking at the vast differences between arms that governments
posses versus what their citizens may legally posses and you'll soon realize
that the _only_ technological equality we have remaining is strong encryption
thus the governments attack that technology accusing everyone who uses it of
being either a state sponsored terrorist or a child porn monster (why else
would anyone use it... what do they have to hide). They themselves use
encryption extensively, but they don't want me and you to do so.

The United States once classified some encryption algorithms as a munition and
banned exports. We citizens can't buy tanks or air craft carriers or
satellites, but we can legally use AES 256 encryption (at least for now) and
we should. That's all we have left.

~~~
jws
_every man could own a rifle_

In 1810, the 1 in 6 Americans that were enslaved were not allowed to own guns.
In another twenty years even free black men were no longer allowed to own guns
(varied by state).

Not terribly relevant, but it is easy to forget where we come from and how far
we've come in a relatively short time.

 _the only technological equality we have remaining is strong encryption_ –
um, I can think of too many counter examples to even begin.

 _The United States once classified some encryption algorithms as a munition
and banned exports._ – remember to thank Al Gore for having the stones to let
that be lifted and bringing us a fine SSL future with secure(ish) commerce in
the Internet. (Ancient history, back in his VP days.)

~~~
Create
I am not convinced, that all that much has changed at the core -- despite Ed
Bernay's work and the American Dream. Today, 1 in 6 Americans that were
enslaved are rotting in prison etc. Another sign of a larger problem tp is
alluding to.

And Al Gore -- besides obviously having invented the InterTubes -- was only
reacting post festa. The PGP printout-book was scanned Down And Under (take
that Regulators!), and free implementations of strong crypto were popping up
everywhere (ie .de). Banning export was useless. If you can't beat them, join
them, and Let the Commerce Profit! Recent history, given his commercial
interests of the Intertube days (iGOOG Board). The Doors (of revolving
perceptions :).

------
CWuestefeld
_being able to crack full disk encryption is vital for the prosecution of
child porn and pharmaceutical spam barons, amongst others_

Put in those terms, it seems that the trade-off between our right to privacy
versus the needs of law enforcement is so ridiculously unbalanced that the law
enforcement people ought to just slink away with their tails between their
legs.

~~~
msellout
Could you explain that a little more? I'm not disagreeing, but I'm not sure I
understand what's so vital about preventing people from reading the data on my
hard drive after they've confiscated it.

~~~
sixtofour
You have a fifth amendment right not to incriminate yourself, which the
article mentions by noting that you don't have to give up your password when
asked.

In my mind (IANAL), if I don't have to give up information about myself, then
I have the right to encrypt my information, _and_ to not be presumed a
criminal merely for having encrypted my information.

Note that the 5th amendment is not about protecting your criminal activity,
since you're presumed innocent unless convicted. It's a right that you have
regardless of your character or activity.

~~~
nirvana
You're right, but I posed this very question to Kevin Mitnick once. He had
just recounted how, during his prosecution, he'd been forced to give up his
passphrase. (This was several years ago, and so I might have some specific
details wrong, and I'm also going to be a bit vague about it as a result.) I
asked him why he didn't just plead the 5th. He said he tried, but that they
moved him into solitary and they started abusing him in jail. (abuse is my
word, I don't remember the specifics) and they they used every method they
could to force him to give up the passphrase, including, I believe, holding
him in contempt for not revealing it. Eventually he revealed it.

It is my opinion, having read accounts of people being prosecuted by the
government for various crimes over the past 20 years, that in many cases, the
government does not hold itself within the bounds of the law, and that such
prosecutions are often illegal themselves. Yet, they are able to get away with
this, because, what prosecutor is going to destroy their career by pressing
charges on cops, other prosecutors or judges?

Also, in this day and age, asset forfeiture is extremely easy. The government
can seize all of your assets, effectively denying you the ability to pay your
legal counsel, forcing you to rely on the legal services they provide for you.
Further, even if you can afford your own counsel, as an "officer of the court"
they are subject to extreme pressure. I've read about a fair number of
situations where lawyers would not even introduce constitutional arguments for
their defendants innocence because it would result in recriminations against
the lawyers by the judge. (e.g.: its "frivolous" to claim that federal drug
laws are unconstitutional, even though to criminalize alcohol an amendment was
needed.)

I'm not a lawyer, of course, this is just my perspective.

~~~
redler
It's unlikely there will be a breakthrough that allows adversaries (in the
cryptography sense) to crack properly implemented strong encryption. Faced
with this dilemma, the only other options for the government are varying
degrees of black-bag and rubber-hose cryptanalysis. Surveillance (legal or
otherwise), asset forfeiture laws, jailing for contempt, lawsuits, deception
-- all are just different forms of the rubber hose. It worked against Mitnick,
and it would probably work against most of us.

<http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis>

<http://en.wikipedia.org/wiki/Black-bag_cryptanalysis>

~~~
etherael
I'm hesitant to mention this again but it does seem that rubber hose is being
overplayed as a trump card here too much. Shadow volumes and multiple layered
passphrases in arbitrary memorised data offsets on various volumes amongst a
scatter of purely random data is completely invulnerable to rubber hose.

It all depends on exactly how paranoid you are as to how deep you go with
layers of misdirection here of course but the point remains, they cannot
continuously compel you to provide a passphrase when they do not know that
another one actually exists.

This is the one arena where the only reason the government has any power at
all is due to our ignorance, they do not, and indeed should not, have any
power at all in this realm.

~~~
rdtsc
>they cannot continuously compel you to provide a passphrase when they do not
know that another one actually exists.

unfortunately there have been cases of judges simply jailing people for
contempt for years

~~~
etherael
I understand this, I mean that they don't _know_ how many layers of
misdirection are actually involved, you can provide n fake layers of
encryption with trivially incriminating information, as long as the "free
space" of the volume in question contains randomised data, they can never know
if it is actually an encrypted volume one level deeper or not.

~~~
koenigdavidmj
rdtsc's point is that you are assuming that the system will play by their own
rules. Not necessarily the case, especially when the entire weight of public
opinion is against you.

~~~
etherael
My point is that I understand that, I'm not expecting the system restrict
itself in any way shape or form, this is par for the course in many places
around the world where no quarter can be expected from the authorities. They
can't continue to compel you for more and more passphrases for more and more
encrypted shadow volumes that they're not even aware actually exist, this is
what it eventually reduces down to.

~~~
merijnv
> They can't continue to compel you for more and more passphrases for more and
> more encrypted shadow volumes that they're not even aware actually exist

The point is, they can. If you're in some place run by a dictator they can do
whatever the hell they want to you, including torturing you until you die.

~~~
etherael
Sure, but it's tactically useless, as they can't _know_ if they're just
applying useless pressure because they don't know how many layers of shadow
volumes there are to penetrate. So yes, they can be pricks, but to no
discernible effect.

~~~
koenigdavidmj
>So yes, they can be pricks, but to no discernible effect.

They won't get more data, but they will send a clear signal to other users of
this stuff to behave themselves.

~~~
etherael
People in power have never been short on excuses for abuses thereof, this
aspect of this issue is just another in a huge ocean of existing valid and
arbitrary ones.

------
alexhawdon
What a crap article, especially to go on here.

1\. Everyone on here except the tinfoil-hat brigade know that governments
can't crack modern encryption that's been properly implemented. If they /do/
have the capability then it's tucked away somewhere very secret and they're
using it for far more important things than catching criminals.

2\. "with the cryogenic RAM freezing technique, presumably" - errr, no. With
the "sit down at the computer and turn off the encryption/copy the data to an
external drive technique", I think you'll find. Obvious bullsh*t to anyone
technical but sounds 'cool' to your average 14yr old who reads these sort of
sites.

3\. "a risk to national security" ... "vital for the prosecution of child porn
and pharmaceutical spam barons". Okay, so we eventually get closer to the
truth. But hey - 'national security threats' sound much more urgent - let's
put that in the article.

~~~
pjin

      2. "with the cryogenic RAM freezing technique, presumably"
      - errr, no. With the "sit down at the computer and turn off
      the encryption/copy the data to an external drive
      technique", I think you'll find. Obvious bullsh*t to anyone
      technical but sounds 'cool' to your average 14yr old who
      reads these sort of sites.
    

Errr, actually yes. You may be interested in [1] and [2].

[1] <http://citp.princeton.edu/pub/coldboot.pdf>

[2] <http://www.youtube.com/watch?v=JDaicPIgn9U>

~~~
jeffreyg
I'm assuming he was mocking the ignorance of the article as it addressed live
memory acquisition. The author jumped to something obscure (RAM freezing) when
there are forensics tools (memorize, etc) that can be used to image memory on
a running machine in hopes of getting a decryption key / other passwords.

~~~
wmf
Or even easier: if the encrypted drive is mounted, just use cp (or the
overpriced forensic equivalent). Cold boot attacks are sci-fi.

~~~
tjoff
Are you guys saying that a person that use full disc encryption doesn't lock
the computer when leaving it?

~~~
DasIch
Unless you are in the same room as the computer I'd consider it rather
unlikely that you will be able to turn it off in case of a raid.

~~~
IgorPartola
There are lots of ways to overcome that as well. For one, you could set up
your computer such that if you don't enter some key combination every minute
it shuts down. Or you could set up a tricky kernel that does not allow
opening/cp'ing certain files and if you try, triggers a shutdown. Or you could
have speech recognition running, and as soon as you utter a certain phrase
near your machine, it shuts down.

The point is that inaction or inadvertent action by the law enforcement may
trigger an action on the machine. Such digital landmines could be made so
unpredictable that there would be virtually no way to extract the data on site
reliably.

In general, there is no solution to this problem. The person protecting their
data will always be able to surprise the person that's trying to extract it.
Furthermore, no government can control "manufacture" of encryption, the way
that it can control manufacture of physical goods. It could mandate that a
backdoor must be provided, or that you need to escrow your decryption key such
that it could get at your data, but let's face it: people that do have
something sinister to hide will not care much for this regulation anyways.

------
noonespecial
So full disk encryption _does what its supposed to do_? Great. Next.

------
TMK
Great. I feel that full-hard disk encryption is necessary for our own privacy
safety. If I had problems with Cops I would probably be shutting down my PC
always before letting anyone in, though I already have quick auto-shutdown
system with my SD card. I unmount my SD card and the PC shuts down and can not
be logged in without the card if the SD card is not mounted.

~~~
rohit89
Couldn't they just force you to give the decryption keys ?

~~~
troels
Not if you forgot it.

~~~
lucian1900
Actually in the UK you can be detained indefinitely even if you plead that you
forgot it.

~~~
ja27
That scares me. I've forgotten half my Truecrypt passwords. I guess I should
give up and delete those archives.

------
pavel_lishin
> First, evidence-gathering goons can turn off a computer (for transportation)
> without realizing it’s encrypted, and thus can’t get back at the data
> (unless the arrestee gives up his password, which he doesn’t have to do);

I thought that if they had a warrant, you had to give up the password, much as
you'd have to give up the key to a locked door in your house?

~~~
cheald
The Fifth Amendment precludes that.

> No person shall...be compelled in any criminal case to be a witness against
> himself

Courts have previously upheld passwords as self-implicating information, which
you cannot be constitutionally compelled to provide.

> in In re Boucher (2009), the US District Court of Vermont ruled that the
> Fifth Amendment might protect a defendant from having to reveal an
> encryption password, or even the existence of one, if the production of that
> password could be deemed a self-incriminating "act" under the Fifth
> Amendment.

<http://en.wikipedia.org/wiki/In_re_Boucher>

Boucher ended up having to unlock the hard drive, because he had previously
unlocked the drive for border agents. Had he refused, the court likely would
have held that he could not be compelled to produce the password or the hard
drive contents.

A warrant gives law enforcement the right to gather evidence, but doesn't
compel you to provide it. If you won't provide it, they are authorized to take
it by force. In the case of encryption, they don't have enough (legal) force
to take it. Therefore, they are entirely dependent on the accused cooperating
to gather that information, but the accused cannot be compelled to cooperate
under the Fifth. This is scary for them, because it means that they can't
legally compel you to give up the information, and they can't gain access to
it by force. A wholly uncooperative defendant is effectively unassailable.

~~~
potatolicious
> _"you cannot be constitutionally compelled"_

The US government has frequent shown that they have no qualms against _un_
constitutionally compelling individuals...

~~~
cheald
Indeed. Hence the "(legal) force" qualifier.

I wouldn't be at all surprised to learn that targets had passwords "coaxed"
out of them.

------
w1ntermute
<https://www.xkcd.com/538/>

It's common knowledge that the government has few qualms about violating its
own laws. No doubt they won't allow some pesky legal restrictions stand in the
way of cracking FDE.

~~~
teaspoon
Are you suggesting that the FBI tortures every suspected pedophile and spammer
who uses FDE?

~~~
fleitz
I think he's suggesting that the US government uses pain up to and including
the amount of pain induced by breaking a limb or organ failure to extract
information from those it holds without trial. This assertion would seem to be
consistent with the official position of the US government. Whether inducing
pain equivalent to organ failure to extract information is a violation US or
International law is probably a question best answered by the ICC.

~~~
w1ntermute
> Whether inducing pain equivalent to organ failure to extract information is
> a violation US or International law is probably a question best answered by
> the ICC.

No doubt this question has already been answered on numerous occasions with
respect to such violations in 3rd world countries and enemies of the US and
its allies. However, the US government, for all practical purposes, is above
international law.

------
RexRollman
I believe that we will eventually return to "good" old days, when strong
encryption was outlawed. If the intelligence sector doesn't get it overturned
itself, then I expect that someone in Congress will probably push a bill
through to do so under the guise of preventing child porn (after all, who
isn't against child porn?).

Oh, and a tip of the hat to Phil Zimmermann, who created PGP twenty years ago
this year.

~~~
jrockway
No, this won't happen. Every major corporation encrypts the fuck out of their
employee's laptops, because they are legally required to do so.

The ship has sailed. Crypto is a key component of the modern economy. It would
be like banning US dollars because drug dealers use US dollars.

~~~
jleader
Ever tried to obtain more than 10,000 of those US dollars? Not exactly
"banned", but pretty heavily restricted, from what I understand, for just
about that reason.

~~~
jrockway
Obvious bullshit. Consider corporate payroll; anyone making more than $120,000
a year gets a monthly paycheck for more than $10,000, and this causes no
problems.

~~~
jleader
I was referring to physical dollar bills; how many drug dealers get paid by
direct deposit?

------
pg
Or so they want us to believe...

~~~
boyter
That's exactly what I think. The fact that governments are now saying that
some encryption is un-crackable makes me highly suspicious.

I'm not a tin-foil hat person, but I wouldn't trust any encryption out there
with my life if there was a concentrated effort by combined governments to
defeat it.

------
dubya
It sounds like it hurts fishing expeditions. They can always get a warrant and
hide a tiny video recorder somewhere pointed at the screen, or install a key
logger to capture the password (maybe not on a notebook?), or work with the
*-baron's ISP to capture evidence that goes over the internet.

~~~
billswift
Or do a black bag job to get the key, then type it in after seizing the
computer and say it was just a lucky guess.

------
michaelfeathers
> the FBI, CIA, and NSA, also have a problem cracking encrypted hard disks —
> and according to a new research paper, this is a serious risk to national
> security.

Imagine what would happen if people could hold information in their minds
without putting it computer files. That would be a very serious risk.

------
bootz15
I like safety, be it encryption, locking my doors, etc. Good luck finding a
legal justification around that.

------
rsingel
US CERT is NOT an intelligence agency. Very misleading title.

~~~
mrsebastian
"US-CERT's mission is to improve the nation's cybersecurity posture,
coordinate cyber information sharing and proactively manage cyber risks to the
nation while protecting the constitutional rights of Americans. US-CERT vision
is to be a trusted global leader in cybersecurity - collaborative, agile, and
responsive in a complex environment."

From: <http://www.us-cert.gov/aboutus.html>

Certainly sounds like intelligence (and counterintelligence) is one of the
main aspects of their work. Agree, they don't sound like _human_ intelligence
gatherers... but I'm fairly certain that US-CERT would know plenty of
information about hackers, hacking, pirates, and so on.

------
DTE
The feds were worried a long time ago but full disk encryption (or any
encryption really) was not adopted by the public. The barrier to entry was too
high. Only now is this odd relationship (encryption is ok but only when it
isn't commonly used) going to have to play out in our legal system and
culture, and it will be super interesting to see how we decide as a society
what the limits of this technology are.

See:
[http://www.wired.com/wired/archive/1.02/crypto.rebels_pr.htm...](http://www.wired.com/wired/archive/1.02/crypto.rebels_pr.html)

------
droithomme
Well goodness. If this same US government didn't insist they have the right to
clone my hard disk without a warrant whenever I go through customs, maybe I
wouldn't need full disk encryption.

------
linuxhansl
"being able to crack full disk encryption is vital for the prosecution of
white-collar criminals, child porn ringleaders, pharmaceutical spam barons,
and the curtailment of terrorism"

Again, there is a terrorist and "child porn ringleader" hiding under every
rock.

Before computers and full disk encryption people used other forms of
information hiding, and the world did not end. If the only evidence for a
crime is to be found on some encrypted disk drive, it would be a weak case
anyway.

------
lywald
The next step is reading people's minds to know what they fantasize about.

[The study, titled “The impact of brain privacy on police investigation,”
illustrates the difficulty that CSI teams have in obtaining enough data to
build a solid case against criminals.]

It's funny because we'll come to this one day.

------
tobylane
Shame (for the agency) the courts already decided on this. Hope this stands.
<http://en.wikipedia.org/wiki/United_States_v._Boucher>

------
joeybaker
Misleading title, the quote is nowhere to be found in the article which says
little beyond the fact that encryption is tough to crack. Nowhere does it say
it can't be done.

------
Karunamon
> the FBI, CIA, and NSA, also have a problem cracking encrypted hard disks

Was I the only one who thought "Good." when they encountered this sentence?

------
ck2
When full disk encryption is outlawed...

------
devs1010
good, hopefully this can spell the end of these asshats digging around in
everyone's data

------
nirvana
I've always thought that a solution to the problems with insufficient 5th
amendment protection would be to make your password a passphrase that contains
an admission of a crime.

For instance:

"I admit that I smoked marijuana on the 5th of December 2010". or "I under
paid my taxes in 2005 by $50."

These passphrases, as literal admissions of a crime, would _have_ to be
protected by the 5th amendment.

Of course, that presumes that the legal system operates under the constraints
of the bill of rights, a presumption I don't believe currently holds very
often.

(Neither of the example phrases given here are actually true about me. )

~~~
hugh3
Full marks for lateral thinking, but I don't think that works.

It's the use-mention distinction. Uttering a set of words is _not_ the same
thing as asserting that they're true. If you say "My password is 'I killed and
ate a young girl in Tucson'" then that does not count as a confession, and
could not be taken as one by any court (thankfully, because I just typed out
that sentence myself...). Therefore, uttering that sentence does _not_ count
as testifying against yourself.

~~~
nirvana
I'm presuming that they are true, and that they are a revelation of an actual
crime that you committed. Thus, by revealing the passphrase, you are revealing
evidence about yourself, and effectively testifying against yourself.

I believe you'd have to be under oath as well.

Further, I believe that this strategy would be employed as an argument to not
ever giving up the passphrase. You would tell the judge, or whomever, that the
phrase is a literal confession of a crime, and thus, by doing so, invoke 5th
amendment protection.

(You may be right, and my idea may not work. I just want to make sure you're
not assuming that the confession is for a false crime, when I meant it to be
for a real one (though my examples of course, are false.) Which is why I
didn't use a murder as an example...)

~~~
evgen
The court is not interested in your passphrase, they want the information that
it is protecting. The court will simply compel you to provide the information
in another manner if you claim that revealing your passphrase would be a 5th
amendment violation (although I doubt they would even buy that one to begin
with.)

1) tell you to provide the pass phrase to your lawyer (which makes it
protected via attorney-client privilege) and then tell your lawyer to unlock
the system and provide it to the court

2) out-geek you and notify you that since your encryption system does not
actually use your passphrase but instead passes it first through a strong hash
function you are to provide the court with the hashed passphrase so that they
can use a decrypt method which skips the hashing step.

The short version is that claims that a passphrase alone is protected via the
5th is unlikely to succeed.

~~~
tedunangst
1) I read about at least one case where that's about what happened. The police
asked the defendant to unlock the computer; they didn't ask for the password
itself.

------
wavephorm
Geez ExtremeTech really needs to do something about their iPad support. That
is without question the worst iPad viewing experience I've ever seen. Just
give the iPad visitors the desktop version. Whatever mobile system they are
using is horrendous, unusable, and should be abandoned.

~~~
watmough
I believe it's a commonly available theme.

Seen it in a few places. I also think its terrible.

