
DOJ: We can force you to decrypt that laptop - d0ne
http://news.cnet.com/8301-31921_3-20078312-281/doj-we-can-force-you-to-decrypt-that-laptop/
======
roc
The truly interesting bit, will be when a case of (real or alleged) multiple
hidden encrypted volumes is publicized.

If the government feels the information they want is on a laptop, the laptop's
owner would suddenly find themselves forced to prove a negative (there are no
more hidden volumes), lest they be held in contempt.

If they can seemingly compel you to reveal something they can't proven even
_exists_ and lock you up until you can prove that it _doesn't_ , the door for
abuses isn't even wide open; it'll have been removed from its hinges along
with most of the wall.

~~~
DavidSJ
US v Hubbell makes clear that the government cannot compel production of
documents (except under immunity to prosecution) which it does not know, ahead
of time, to exist.

~~~
roc
Then how can they compel someone to unlock a laptop to enable arbitrary
access? Wouldn't they be limited to requesting specific documents?

~~~
bhousel
Every case is a little different, but investigators do need probable cause to
search a laptop.

This is a mortgage fraud case involving years of criminal activity, so I'm
guessing that it's probably not too hard for the prosecution to produce
witnesses who can say "yes, she sold me that crappy mortgage and used her
laptop when I went to meet with her.", or direct information of her internet
usage (ISP, or logs from cable modem), or observation of her using the laptop
by police during the investigation.

~~~
VladRussian
the DOJ have laptop (like a knife in a murder case). According to Miranda, the
defendant have the right to remain silent (incl. all kinds of communications,
ie. oral, keyboard typing, Morse alphabet using campfire smoke, etc... ) and,
in particular, can't be compelled into communicating any information in
connection with her/his using of the laptop (or murder knife), while the DOJ
is free to have as much witnesses as they can describing defendant's usage of
the alleged crime tool.

~~~
Estragon
Miranda doesn't apply, here. That derives from the 5th amendment, but it
pertains to police interviews after _arrest._ The ability to obviate the 5th
amendment by offering immunity amounts to a way to compel potentially
incriminating testimony. It's likely that eventually the question here is
going to be the extent of the immunity required to compel testimony of the
password: just immunity for information contained in the password itself, or
for information contained in the files it unlocks?

<http://en.wikipedia.org/wiki/Miranda_warning>

------
d0ne
_IANAL_ ( Edit to include a reference for my opinions[1] )

The general argument for forcing someone to turn over the key to a door once
compelled by the court is that it is commonly known there are other reasonable
means by which to access the content the door protects that do not require the
key:

1) Locksmith 2) Break the door down 3) Use a different door if one exist

These are reasonable methods as neither of them take a considerable amount of
time, in many cases a reasonably consistent amount of time between unique
cases, and are methods that are readily available in all markets and
jurisdictions. This makes the case that the contents behind the door can be
accessed through various methods, some of which do not require my involvement,
therefor my not turning over the key is only nominally delaying the
inevitable.

In the case of an encryption key that protects data, which once protected is
only in the possession of the individual who also posses the key, this is very
different IMHO.

It is very different for this simple reason:

If proper procedures have been followed, and certain encryption methods have
been utilized, there is no reasonably consistent method for acquiring the
original data other than information I posses in my mind.

I say reasonably consistent because if you had limitless resources and
limitless time you could try every possible combination and at some point gain
access. That is, however, unless the mechanism that relays the encryption key
is not designed in a way as to destroy the data after N failed attempts.

In either case, no court can be reasonably certain of the time it would take
to access the original data or if they would ever gain access at all. This
directly conflicts with my right to a speedy trial and certainly conflicts
with my right not to incriminate myself as I'm the only one who can provide
access within a reasonable amount of time.

[1] <http://news.cnet.com/8301-13578_3-9834495-38.html>

~~~
nodata
I think this was discussed here the other day (can't find the link, sorry).
The thinking went something like this: a passphrase is equivalent to a
combination wall safe and not to a lock with key: one requires a physical
thing to open it, the other requires something within your head. The something
within your head is equivalent to testimony.

~~~
aplusbi
The thing is, the court can compel you to open the safe. You don't have to
reveal the combination but you do have to open it (or face contempt charges).

This is pretty much the same thing they are demanding from her - we don't want
your password, we want access to your hard drive.

~~~
d0ne
However, in the case of a safe there exist other reasonable methods to access
its content such as a safe cracker or breaking open the door.

As I stated in my comment above, in the case of properly encrypted data where
exactly one person possesses the key this is not the same.

~~~
aplusbi
_Technically_ it's not the same thing. Whether or not it is _legally_
different is an entirely different matter - one that has not yet been
resolved.

If the court decides that encryption is like a safe then, regardless of how
impossible it is to open the safe without a key, the court can coerce you into
decrypting your HD.

However, if the court decides that encryption is like a secret language that
only you can translate (a more accurate representation of encryption, in my
opinion) then they will likely rule that they cannot coerce you into
decrypting the data.

------
jergason
I thought this quote by the DOJ was pretty ridiculous:

 _Public interests will be harmed absent requiring defendants to make
available unencrypted contents in circumstances like these. Failing to compel
Ms. Fricosu amounts to a concession to her and potential criminals (be it in
child exploitation, national security, terrorism, financial crimes or drug
trafficking cases)_

I don't like how they bring out the bogey-men of child pornography and
terrorism to justify making her decrypt the drive.

~~~
raganwald
Laying aside the emotional rhetoric, the point being debated is whether public
interests will be harmed or not. What's clear is that _prosecutorial_
interests will be harmed, but the entire point of constitutional rights is
that sometimes there is conflict between the interests of those who prosecute
crimes and the public interest.

For example, you could easily argue that having a lawyer present during
interrogation harms public interests for exactly the same reasons: Child
molesters, terrorists, and just plain naughty people will clam up and not give
investigators information that could lead to a conviction.

We had that discussion, and south of the border you decided that public
interests were harmed by _not_ allowing a lawyer to be present and were
further harmed by not warning suspects of their rights.

(Canada takes a different view with respect to the right to a lawyer for
complex reasons.)

------
cookiecaper
Again, the best analog is a document handwritten in a made-up cipher. If
someone finds a paper in a notebook that looks like it contains useful
information but the actual glyphs used are unreadable to the masses, or the
order of the letters are scrambled, or whatever other personal encryption
scheme the defendant used when he wrote that note, can the government compel
the defendant to reveal the key to his personal cipher? Can the government
compel the defendant to not hand over the key to the cipher but provide a
decoded interpretation of the message?

That is the correct analogy for this situation much more than safes or doors.
Computer encryption is the same thing, just uses a common cipher and the
information is encrypted millions of times faster than a human could crypt by
hand.

~~~
RexRollman
I totally agree with you. And as I said in the other article about this, I
simply don't believe it is the duty of citizens to help the government make
their case.

------
mckoss
The DOJ claims that allowing defendants to exercise their 5th amendment rights
against self-incrimination would "make their prosecution impossible."

To which I say:

1\. Your prosecutors are lazy and want to force criminals to prosecute
themselves.

2\. If the only external evidence of a crime is a private file on a hard
drive, it seems to me that not much harm was done to society and we should
leave these people alone.

~~~
Canada
#2 is the best point.

It's worth it to trade letting some guilty people get away with it in order to
have the freedom of conscience to write whatever we like in our computers and
not be compelled to turn over our private writings.

If something bad was done to someone else, there's going to be evidence of it
elsewhere: Contracts must be held by some other party, bank records, etc.

Is the prosecutor trying to claim the government needs access to the accused
computer to convict her of a commercial crime? Are there no third parties
involved who are in possession of useful records? No banks were involved in
this mortgage fraud? Really???

------
hippich
"Decrypting the data on the laptop can be, in and of itself, a testimonial act
--revealing control over a computer and the files on it," said EFF Senior
staff attorney Marcia Hofmann.

I believe this is enough to get protection under 5th amendment. Giving
password or providing decrypted content is already testimony against yourself
saying that you control these files..

------
quellhorst
It is cases like this that makes me glad to donate to EFF.

------
grecy
It's pretty astounding to me that if you write sometime in "code" (read:
another language) you have to provide a way to "translate it" (into English I
presume). It's not my problem if others can't read my brain dumps.

------
hammock
Thorough and detailed commentary here in yesterday's thread:
<http://news.ycombinator.com/item?id=2744688>

------
naner
What happens to her if she doesn't know the password?

~~~
bhousel
An obstruction of justice charge, probably.

Here's a pretty decent page about the charge:
[http://www.federalcriminallawyer.us/2011/01/12/federal-
law-o...](http://www.federalcriminallawyer.us/2011/01/12/federal-law-on-
obstructing-justice-a-summary/)

tl;dr: "18 USC 1503 is a felony offense for which the sentence can be 10 years
imprisonment."

~~~
naner
That seems to be imply that she is lying, though.

What if she actually doesn't know the password? For example if it isn't her
laptop or the password was written down and lost or it is an old encrypted
volume which she doesn't use anymore, etc.

~~~
bhousel
Federal investigators and prosecutors aren't dumb. For all of those scenarios
that you mentioned, it would be easy to tell whether or not this was a laptop
that she used frequently.

Where did she get it from? (or from whom? - she should be able to say.) In
what condition was the laptop found, on her desk? opened? screen saver on? or
powered down? in a pile, covered in dust? any fingerprints or other signs of
use? Any removable media present? They can look in her office for passwords
written down. They can check her mobile devices for password managers and
compel her to unlock those.

Understand for the case to even proceed to indictment (which happened last
year), they have done all of this work to make sure that their case is pretty
solid. There are pretrial hearings, and depositions and other things which
lawyers do to answer all these questions about whether they can prove that she
really should be able to provide the password.

~~~
JohnsonB
None of those are reasonable or reliable indications that he/she is lying
about having forgotten a password. There are fingerprints or signs of use?
What if the defendant has been actively trying to remember the password, or
has just done something as simple as moved the laptop's location to get it out
of the way? Removable media present? What if it was left in there from when
they did have use of the password and didn't have use for the media otherwise?
And even if the computer is found on their desk, with the screensaver on, the
defendant could have just forgotten the password, it happens and is expected
especially if they tended to just barely remember the password before and just
happened to forget it at that time.

The fact is, no matter how sure the prosecution is of the accused's guilt and
the hard drive's content, the accused can still just have forgotten the
password. That's it, just forgotten the password. and the accused could be
innocent of the crime, and now facing inescapable prison time, all because
they wanted to keep their personal financial documents safe and have an
unreliable memory. That is not a reasonable way to carry about justice.

~~~
cbs
>None of those are reasonable or reliable indications that he/she is lying
about having forgotten a password.

I agree fully, forgetting passwords happens. My AD account at work has a
short, random password with a forgiving lifespan. Even though I have to enter
it a few dozen times a day, following the long weekend I had for the 4th it
took me 5 minutes of sitting at my desk before I remembered enough to make a
few guesses at it.

If I went more than a week or so without opening my encrypted partition, the
password is long, complicated and changed frequently enough that I will most
likely forget it. I currently only know it by muscle memory.

~~~
danvet
Add to that that at least my muscle memory is especially flaky when I try hard
to remember what I'm actually supposed to type and/or I'm otherwise under
stress/nervous. Usually just not thinking about the password for 5 minutes
works, potentially facing 10 years in prison is certainly not gonna help.

------
chopsueyar
Begin the off-base analogies.

Is the government's whole case dependent on the hypothetical contents of her
laptop?

I have to disagree with the Obama adminsitration's stance on this, and other
"electronic" civil liberty positions.

------
yason
Well, they can't _force_ anything if only she knows the password. For what
I've read they can only threaten with and convict for obstruction of justice,
a felony.

So, depending on her mindset she can choose whether to become a convicted
fraudster or a convicted but potentially innocent freedom and privacy fighter
(with that 10-year sentence). I'm not saying that doing time isn't easy but...

------
twalker
Has anyone developed anything that would completely delete a disk when a decoy
password is typed in, whilst displaying a fake OS instance filled with a legit
looking my docs, internet history etc?

In that case you give them the decoy password and they clear your machine for
you

~~~
gnosis
This idea sounds nice, but in practice it will only be useful when the
investigators are completely incompetent.

Any competent investigator will make backups of your disk, and work only on
the backup. They'll probably also use their own tools to decrypt any content
on the disk, rather than booting up the suspect's OS and relying on the
suspect's tools.

Also, for trying something like this, you'll probably face additional
destruction of evidence and obstruction of justice charges.

------
ChuckMcM
Here's hoping this case gets to a published ruling so that we can move the
debate forward. :-)

------
asciilifeform
This is why you must give out the password.

 _The one that sets off the thermite, that is._

You will still be imprisoned, but it will be a sentence of known length,
rather than "at the king's pleasure."

And be sure to compare the penalty with the one you were originally trying to
escape from.

~~~
marshray
I suppose you were referring to the thermite used to burn up the documents in
high-security safes rather than as a general bomb.

That's not a plausible scenario with general-purpose computer parts. The lab
would obviously have made backup copies of the drive first.

~~~
asciilifeform
Yes, and yes.

Use general-purpose computer parts, _with some imagination._

One simple example:

Modify the power pins (in a USB keychain drive _and a dedicated USB socket,
naturally_ ) such that +5v and ground are connected backwards.

Connect a diode in such a way that should the stick ever be plugged into an
_ordinary_ USB socket, power is applied to a small piece of nichrome igniter
wire (model rocket store, or cannibalize any electrical heating appliance.)

The igniter wire is wrapped around a small magnesium ribbon glued to the
exposed (use nitric acid) EEPROM die.

Make sure that the package still looks like a normal USB key from the outside,
and is well-sealed to avoid unsightly smoke and light (if you do not take care
to do this, you may well find "endangering a law enforcement official using an
illegal pyrotechnic device" or the like added to the charges against you.)

And of course none of this will help if the enemy expects it. The above is
merely an example.

~~~
marshray
OMG. With that much knowledge and creativity clearly you must be a terrorist.
Or someone who grew up way back when the official US government policy was
that kids should learn hands-on Science and Math.

In any case, you do something like that today you will frighten the living
daylights out of enough technically-illiterate-but-powerful people that you
will not get out of jail for a long long time, regardless of whether or not
there is any reasonable justification for it.

~~~
asciilifeform
Put it together correctly, and there will be no visible pyrotechnics. Just a
USB stick which mysteriously fails to mount. AFAIK, most police agencies will
not attempt chip-level data forensics, and perhaps no one will take the
trouble to pry the stick open.

Know that any serious electronics tinkerer could come up with many tricks far
more clever than this one.

And once again, one ought to compare the sentence for evidence destruction to
that which your original crimes carry.

~~~
marshray
I don't think you can confine the energy you're talking about in the space of
a USB stick without releasing some heat, light, noise, and/or smoke. The
people handling your evidence are pretty sharp.

Once they notice anything funny, your "device" will be sent off to their bomb
lab. They will have first-rate capabilities and, given the infrequency of
actual bombs in the US, they'll probably have plenty of interested experts on
hand.

There's a good chance that guy writing the report advising the judge of what
you've done earned most of his hands-on experience with IEDs in Iraq.

I know you're not intending anything malicious, I'm just trying to explain to
you the seriousness of what you're proposing.

I am a serious electronics tinkerer though and I find the idea of a secure-
wipe facility interesting. You really want to look for ways to do it that
don't set off any red flags.

Here's a good standard: If you wanted to productize such a device would you be
able to get Underwriters' Laboratories to (UL) to safety certify it for use in
the home?

~~~
asciilifeform
_> I don't think you can confine the energy you're talking about in the space
of a USB stick_

It is very much possible to incinerate a chip die within a compact,
hermetically-sealed container without releasing smoke or other tell-tale
signs. The US and other wealthy nations' armies use self-contained modules
like this in their encrypted radio equipment.

Plus, if you need more room, you can mimic an external USB hard drive rather
than a keychain drive.

 _> I'm just trying to explain to you the seriousness of what you're
proposing_

It is true that if your handiwork produces smoke, flame, noise, etc. I do not
envy your fate. If it happens during arrest, the police might even shoot you.
But if, on the other hand, nothing suspicious is seen when your equipment is
seized, and weeks later detectives discover a few grams of molten slag where
an EEPROM chip should be, I doubt you will be tried for having set off an
illicit bomb.

You will still go to jail. A reason will be found to put you there - it isn't
hard. "Give me six lines written by the most honest man..."

Perhaps it only makes sense to rehearse and plan for this data-destruction
scenario if you possess secrets that remain important _apart from any criminal
case against you._

 _> If you wanted to productize such a device would you be able to get
Underwriters' Laboratories to (UL) to safety certify it for use in the home?_

This is very much the wrong question to ask.

Something like this can _never_ become a consumer product. The government
would never permit it to be openly sold, regardless of any safety
considerations.

If you view law enforcement officials as your enemy, using unmodified off-the-
shelf equipment, regardless of its rarity and expense, is _simply stupid._
Back doors are a near-certainty. And the only way I know of to securely and
unambiguously wipe large amounts of data on short notice is combustion.

~~~
marshray
_It is very much possible to incinerate a chip die within a compact,
hermetically-sealed container without releasing smoke or other tell-tale
signs._

Yes I know it is. I just don't think you are going to homebrew it out of model
rocket igniters and magnesium ribbon.

 _The US and other wealthy nations' armies use self-contained modules like
this in their encrypted radio equipment._

And they're not going to jail for releasing smoke in a federal crime lab.

 _If you view law enforcement officials as your enemy, using unmodified off-
the-shelf equipment, regardless of its rarity and expense, is simply stupid._

The great majority of the off-the-shelf equipment is not even designed or made
in the US. It's used by the US govt as much as anybody else.

 _Back doors are a near-certainty._

Really? Name three hidden back doors from the US government. I can only think
of one or two, making them pretty rare.

Sometimes back doors are found, so it's not that nobody's looking:
<http://www.nextgov.com/nextgov/ng_20110707_5612.php>

_And the only way I know of to securely and unambiguously wipe large amounts
of data on short notice is combustion._

Which is why I don't think you're going to do anything except dig yourself
deeper.

~~~
asciilifeform
_> And they're not going to jail for releasing smoke in a federal crime lab._

No, they merely stand to lose wars.

How long should a soldier expect to live if the enemy catches him in the
middle of destroying encryption keys and understands right away that it is
what he is doing?

 _> Name three hidden back doors from the US government. I can only think of
one or two, making them pretty rare._

Are you serious?

Who are you trying to fool? This is an insult to the intelligence of every
reader of this site.

~~~
marshray
_How long should a soldier expect to live if the enemy catches him in the
middle of destroying encryption keys and understands right away that it is
what he is doing?_

Cryptosystems are designed to protect military secrets, not an individual
soldier in such a highly specific circumstance. It's not unheard of to have a
"duress code" or other silent wipe functionality, but I doubt hiding the
keypress effects from a local observer is a primary concern of infantry
soldier gear.

The idea is that they would wipe the keys _before_ they are captured. If they
are captured in the act of wiping the keys that would be following standard
orders. The radio operator would be worth more alive than dead, but he'd still
better put his hands up when there's a gun in his face.

 _Are you serious? Who are you trying to fool? This is an insult to the
intelligence of every reader of this site._

I'll take that as a 'no' then.

This back-and-forth is kind of frowned upon on this site. My email is in my
profile if you'd like to continue the discussion.

------
Shenglong
_Prosecutors stressed that they don't actually require the passphrase itself,
meaning Fricosu would be permitted to type it in and unlock the files without
anyone looking over her shoulder._

I wonder if anyone has thought of using more than one keys as a decryption
possibility. I've always considered it, but never figured there'd be too much
use. Say, have one correct key to decrypts data stored in one way, and another
key to either "decrypts" into a pre-generated text, or another variation of
what's stored. I guess it latter might be too content dependent.

~~~
jarin
Truecrypt has supported that kind of plausible deniability for a while.

~~~
themenace
And there is a system called Deniable Video extends that concept of plausible
deniability to live audio & video. It's like TrueCrypt for real-time data.

------
daimyoyo
Will she need to be convicted first or can she go to the Supreme Court on
what's happened so far? This seems like the perfect case to test the
boundaries of electronic security.

~~~
gnosis
IANAL, but from what I understand there have to be rulings from the lower
courts first before a case can make it to the Supreme Court level. And even
then the Supreme Court chooses which cases they want to hear and which they
don't. So just because the case makes it to the Supreme Court, doesn't mean
they'll decide to hear it.

What's even more frustrating is that the Supreme Court doesn't have to state
any reasons for refusing to hear a case. They could just do it on a whim, or
for some completely biased reasons and no one would ever know.

------
shareme
What we are actually seeing is how far behind the DOJ and FBI are behind in
having competent computer forensics professionals as part of their human
resources..

We saw the same thing with the Patriot Act..do not have proper staff? than by
God make sure that the US constitution suddenly does not apply if traveling
outside the US..

~~~
16s
They have plenty of competent computer forensics guys and equipment. But even
with all of that, proper encryption with a strong passphrase is infeasible to
attack. Forcing the key holder to disclose the key is the easy, inexpensive
first step.

------
maeon3
What worries me about this precedent that your computer can be immediately
taken from you and interrogated against your will, the computer will not be
given any rights.

The computer needs the right to plead the 5th. One day far in the future,
computers will be part of who we are. Basic Human rights was designed to
protect humans, not the computers. When the computers integrate with us, I
hope we can take back all the rights the courts have stolen. Pleading the 5th
will be futile, as all the courts have to do is download your computer module
and then scan the logs of what you did, where you did it, and what you were
thinking when you did it.

This stuff is important, and needs a creative solution that stops the
criminals while not making everyone a criminal.

------
chrisjsmith
Does it matter? Governments are bullies.

<http://www.vvsss.com/grid/xkcd-on-crypto.gif>

Here in the UK, we already have to hand over our keys or be chucked in jail.

~~~
lotharbot
Is there any reason you linked to a third-party site instead of xkcd itself?

<http://xkcd.com/538/> (easily googled -- xkcd crypto, first hit.)

~~~
chrisjsmith
Oh pedant, I thoroughly apologise for my ignorance. May my vegetables all die,
my breath smell for eternity and my armpits flood with hair and engulf the
earth.

~~~
cfaubell
It's not pedantry. Linking directly to the content's author makes sure that he
is properly credited and gets the exposure.

------
TheCondor
There is a certain romantic man against the world sort of idea where I support
this kind of privacy. Some kind of 1984 like scenario.. I'm thinking like
someone writes some particular brand fiction for his own enjoyment, somehow it
becomes illegal and he's now a criminal for his private thoughts or the
contents of his private writings. Or practicing an outlawed religion in
private or something. The reality of the most recent cases regarding this
stuff is you've got some fairly petty thefts, child porn, and similar crimes.
An investigation reached the point where a computer was seized, they drew
suspicion,crimes may have been observed and recorded, it's not like they were
randomly going through customs or pulled over by a police officer and the
contents of their computer were requested. Are there any cases of note where
the suspect or defendant has some sort of cause to champion?

If we accept that this encrypted space is protected by the fifth amendment,
then why won't we just regulate that encryption needs a "law enforcement
access key" or make such encryption just illegal? You can make a very
compelling case that it's not serving any public good if you can list off
criminals and crimes that have gone free because of it. That would make the
very use of encryption potentially becomes a crime regardless of the encrypted
information content. Is that not the logical next step?

I'll assert what I've asserted many times, here and other places: if you're
breaking the law for some ideological reason and keep encrypted electronic
records of it, you're way better not going to court and not being on any
police or prosecution's radar than just banking on the encryption holding.
Pirating movies on bit torrent isn't exactly civil disobedience either, that
would mean doing so openly and publicly.

~~~
pyre

      > it's not like they were randomly going through customs
      > or pulled over by a police officer and the contents of
      > their computer were requested
    

That happened in one case. The problem with that case, is that the guy
unlocked the computer for customs, customs found child porn, they turned off
the computer, and later on the guy refused to unlock the computer of them
again. The issue with this is that the border agent already saw that there was
incriminating evidence in the encrypted volume, which muddies the waters a
bit. Granted, if he mentioned child porn in passing to the border agent, they
couldn't force him to testify against himself and make that same statement
later on (e.g. in court, or on video).

------
djackson
It's easy to see why you wouldn't want someone to decrypt _your_ laptop.

What about Bernie Madoff? Wouldn't you be furious if all data produced by a
corrupt hedge fund manager was encrypted? Wouldn't you want the DOJ to be able
to hold them in contempt of court? If you hamstring your government, you
aren't allowed to complain that it is ineffective.

~~~
muuh-gnu
"The trouble with fighting for human freedom is that one spends most of one's
time defending scoundrels. For it is against scoundrels that oppressive laws
are first aimed, and oppression must be stopped at the beginning if it is to
be stopped at all." -- H.L.Mencken

~~~
djackson
Yeah... no.

There's a line, and past that line, law enforcement has no power to enforce
laws at all. Removing the DOJ's ability to collect evidence is, in some cases,
the equivalent to denying a detective access to a crime scene. If all
productions of electronic evidence can be encrypted, and the defense is not
forced to decrypt those files, then dirty corporations only need to encrypt
everything to defend themselves in court.

Defense: "We produced everything you asked for."

Prosecution: "We can't even verify that statement. Decrypt it"

Defense: "We don't have to."

Case closed.

~~~
andrewcooke
rights are rights because they allow you to do what would otherwise be
illegal.

for example, there's no need for a _right_ to free speech if you're only going
to say things that everyone thinks should be said.

rights exist because some things are so important they are worth the cost of
abuse.

 _At first blush it may be thought surprising that one should have a right to
do that which one ought not. Is it not better to confine rights to that which
it is right or at least permissible to do? But to say this is to misunderstand
the nature of rights. One needs no right to be entitled to do the right thing.
That it is right gives one all the title one needs. But one needs a right to
be entitled to do that which one should not. It is an essential element of
rights to action that they entitle one to do that which one should not. To say
this is not, of course, to say that the purpose or justification of rights of
action is to increase wrongdoing. Their purpose is to develop and protoect the
autonomy of the agent. They entitle him to choose for himself rightly or
wrongly. But they cannot do that unless they entitle him to choose wrongly. -
Joseph Raz, The Authority of Law (p 266)_

the final sentence of the quote above is hugely important.

~~~
djackson
Nobody has the right to avoid a reasonable search in the United States. You
are protected by the fourth amendment from unreasonable searches, but you
aren't going to convince me that a detective has no right, with a warrant in
hand, to search a suspect's home for a murder weapon.

Similarly, you aren't going to convince me that a prosecutor, warrant in hand,
has no right to search a computer for evidence of credit card fraud.

~~~
evilduck
You still make the assumption that the prosecuted _knows_ the password and is
implicitly guilty.

Imagine for a second that I was less technically minded and didn't use
encryption and I purchased a used laptop from someone who did, I then get
caught up in the legal system (guilty or innocent for the charged crime, it
doesn't matter, but _I_ did not use encryption) and some prosecutor has a
warrant to compel me to unlock that encrypted volume, else I be held in
contempt. What now?

~~~
sorbus
You would have explained the origin of the encrypted data on the laptop, and
they would either drag the person who was the origin into the case as a
defendant or have him testify. It's really quite simple; they're not just
asking "what is the password?" and ignoring any answer that isn't the
password, as you seem to think.

If you were to refuse to give the password under the grounds that someone you
refuse to identify sold you the computer with the encrypted data already on
it, then you would rightly be considered to be lying because that's the most
plausible case for that behavior.

~~~
cbs
_You would have explained the origin of the encrypted data on the laptop, and
they would either drag the person who was the origin into the case as a
defendant or have him testify. It's really quite simple_

Assuming the original owner can be identified (I've bought a laptop off of
craigslist with no way to find the previous owner even a day later), found
(contact data is still valid, person is willing to cooperate with the
investigation), is willing to corroborate your story (what if the laptop was,
unbeknownst to the buyer, stolen property or the seller pleads the 5th and/or
lies about the encrypted files), and that the prosecution is willing to
believe the both of you.

It is simple, but relies on a WHOLE lot of faith in the system.

 _you would rightly be considered to be lying because that's the most
plausible case for that behavior._

If you're going to be held in contempt (as the GP seems to be discussing) just
for something that is the most plausible of options kind of destroys the
judiciary's position of dealing with the complex unforeseen circumstances that
arise in law. The most plausible situation is that OJ killed his wife, but we
don't carry out justice with such imprecision.

