
Judge: Americans can be forced to decrypt their laptops - llambda
http://news.cnet.com/8301-31921_3-57364330-281/judge-americans-can-be-forced-to-decrypt-their-laptops/
======
scottdw2
You can be compelled to produce a physical key to a safe. However what if the
contents of the safe are paper with text written in an invented language,
known only to you?

Can you be compelled to translate them for the court?

What if they just contained numbers? Could you be forced to explain what the
numbers mean?

I would conclude that such an action would violate the 5th ammendment.

Forcing her to decrypt the hard drive is the same thing.

Given a warrant, the police have the right to search her hard drive. If they
can't understand what it says, she should not have to explain it to them.

Right now, they have no evidence. She is being compelled to produce evidence
against her self.

Providing a physical key produces no evidence. It produces a key.

Providing a decrypted version of the data on the laptop is producing
information. The contents of the laptop are such that they exhibit a high
level of entropy. By definition, they are not information. If they did contain
information, they would by definition not be encrypted.

Thus, the request is for the defendant in a criminal trial to replace
something that is not information with something that is information. That is
clearly a violation of the 5th ammendment.

~~~
steelaz
Comment taken from Reddit:

 _Actually if you read the ruling, it states that they have a recording of a
conversation, transcribed in the ruling, where she basically admits what they
are looking for is on the laptop. They then use existing Vermont case law
where some perv had child porn on his laptop that an officer and ICE agent
witnessed before getting locked out of the laptop. The case law the judge
quotes says "where the existence and location of the documents are known to
the government, no constitutional rights are touched, because these matters
are a foregone conclusion." So basically the established case law they are
using is where they already knew for sure the perv's laptop contained the
evidence they are looking for because they saw it firsthand. In this lady's
case, they know the laptop contains the documents they are looking for because
they have her recorded saying so. The judge states as much in the ruling:
"There is little question here but that the government knows of the existence
and location of the computer’s files." So as much as people are freaking out
about this, I don't think this is definitive case law that says the 5th
amendment doesn't ever apply. The Vermont case and now the Colorado case both
hinge on the government knowing that what they are looking for is on the
encrypted drive because they saw it and have an admission to it respectively.
This is what the ruling states in my opinion. The 5th amendment may still
apply if they don't know for sure the encrypted drive contains what they are
looking for, that is to say they never saw the contents nor you admitted to it
containing the contents which they seek._

~~~
scottdw2
The laptop does not "contain" what they are looking for. It contains
gibberish.

If they had her on tape saying "the evidence is in my house" and then they
searched her house and didn't find anything, could they force her to tell them
where the evidence was?

No.

Any position based on an analog to a vault, is ignorant of the facts.
Encrypted data is not locked in anything. It's scrambled.

Here's another analogue:

A locked safe on your portch carries an expectation of privacy. It can't be
opened by the police without a warrant. A dropped disk in plain site on your
steps does not. The police could copy the disk, break its encryption and use
the data as evidence against you.

Why? Because encrypted data isn't "locked", it's scrambled. If a credible
expert can unscramble it, then reading it was not a "search". It's equivalent
to reading a paper taken from your garbage.

The tape recording of her changes nothing about the facts of what the contes
of the drive are (gibberish), nor what the nature of decryption is
(testimony). Any judicial holdings to the contrary are erroneous violations of
the constitution and should be vacated.

------
Karunamon
This is an interesting case. From a civil liberties, card-carrying ACLU member
standpoint, I'm all for the "anti" side of this - keep the gov't out.

On the other hand, there's a decent case made that establishing this kind of
precedent would basically mean that if criminals are smart enough to use PGP,
then that data can never be used against them. Since you can be compelled to
turn over a physical key via due process, why can you not also be compelled to
turn over a digital one?

Most of the privacy arguments vanish as well since they don't want the
password (which could give them access to other things they're not supposed to
have), but they just want the data.

I'll be watching this one closely.

~~~
kinghajj
My understanding of existing case law regarding safes is that you can be
compelled to give up a key, as it is just physical property to which the state
has right to request, but can not be compelled to give a combination, as that
is just memory and would violate the fifth amendment. Just because
cryptographers use the term "key" doesn't mean the should be treated as real
keys. It seems obvious that a key/paraphrase is perfectly analogous to a safe
combination.

~~~
IgorPartola
You don't have to give up a key. They would be asking you to decrypt the
drive. Whether that requires you to enter a passphrase or turn on the webcam
and do a jig, it doesn't matter. They have no interest in your
key/password/secret 4 digit code. They want the contents of the drive.

Now they could be playing at a disadvantage, but the point is that the 5th
amendment does not enter into here. If the police have a warrant for papers in
your safe, they simply ask you to open the safe, by whatever means. This is no
different when they have a warrant for files (papers, information) on your
encrypted drive (safe) and are asking you to open it by whatever means.

~~~
jpol
Shorter Version:

It does not matter whether the government forces you to do something (e.g.
open a combination lock), as opposed to providing information (e.g. tell them
the combination). The deciding factor is whether there is an invasion of your
mental privacy inherent in the government compulsion. Whether you disclose the
combination or open the lock yourself, the contents of your mind are being
used to incriminate you, so your Fifth Amendment rights are being violated.
This is distinct from the government demanding the key to a safe, or even
taking a blood sample from you against your will, both of which are purely
physical impositions.

===

Longer Version:

If the police have a warrant to search your documents, that does not mean that
they can make you provide the documents to them. They can look through your
stuff to find the documents, but if the police cannot read them, that is their
problem.

However, a grand jury can subpoena documents from you, in which case you will
be compelled to provide them. In this case, you can invoke the Fifth Amendment
privilege against testimonial self incrimination as it relates to the
production of documents. To the extent that the act of producing the documents
requires you to use the contents of your mind, the act of production cannot be
used to incriminate you. So, on one hand, your Fifth Amendment right will not
protect you if the police already know that the documents exist and all of the
information that is contained in them. However, if the police do not know
exactly what documents they are looking for and what the documents say, then
the information found in the documents cannot be used against you in court,
nor can it be used to find other incriminating information.

See U.S. v. Hubbell, 530 U.S. 27 (Supreme Court case from 2000)
<http://supreme.justia.com/cases/federal/us/530/27/case.html>

~~~
IgorPartola
In other words if my password is "I am guilty" I can invoke the 5th and tell
the grand jury that I will not tell them my _password_.

However, when the grand jury says "produce the crooked accounting books we
know you have (witnesses have testified that you have them) that are stores on
your laptop", am I required to somehow produce them or do I just say "nope,
not going to happen." In the latter case, if those books are the difference
between an acquittal and a conviction, do they just let you go, or do they
hold you in contempt until you give in?

Lastly, what is the difference between using the contents of my mind when
entering a password vs telling the police where I left the key to my safe?

Very lastly, just do not talk to anyone ever:
<http://www.youtube.com/watch?v=6wXkI4t7nuc>

~~~
dedward
isnt the simple point of the 5th supposed to be more or,ess "you do cannot be
compelled bylaw to help convict yourself)... ay law to the contrary would be
unconstitutional.

~~~
evgen
No, the point of the 5th is that you cannot be compelled to give testimony
against yourself (which is under oath and for which you will go to jail if you
perjure yourself.) You are not protected from helping to convict yourself if
you leave the evidence of your crimes available to the court. An encrypted
drive is being considered as something like an un-crackable safe for which you
have the combination; providing the password is not testifying, it is
providing the court access to evidence that you would otherwise be concealing
from a valid warrant.

~~~
jangusa
Providing the password to a safe that contains incriminating documents
actually is testimonial in nature because it requires you to disclose
information you have in your mind (see above). As such, any information that
the government obtains by compelling you to give them the password cannot be
used against you in a criminal trial. The judge in the case being discussed
here got it wrong, and his decision will be overturned on appeal if it goes up
to the Supreme Court.

~~~
timdev2
But as the article mentioned:

"Prosecutors in this case have stressed that they don't actually require the
passphrase itself, and today's order appears to permit Fricosu to type it in
and unlock the files without anyone looking over her shoulder."

So the state is arguing that they're not demanding the password, only the
plaintext.

Still seems fishy, but it's not clear that it's testimonial.

I suppose one could argue that it's more akin to a judge demanding that you
produce the corpse the police have so far been unable to locate.

Better still, as someone else said, it's like the police demanding that you
translate notes you wrote down in your own made-up-and-known-only-to-you
language.

~~~
jangusa
The production of decrypted plaintext by means of an encryption key stored in
your mind falls squarely within the rule on production of documents from U.S.
v. Hubbell, discussed in jpol's comment above. It therefore seems quite likely
the state will lose on appeal.

------
Cushman
Okay, American hackers, here's your civil disobedience:

Go to a foreign country. Buy a flash drive. Set up two partitions; make one a
small TrueCrypt bootstrap partition, configured to decrypt the second with a
password. Random-wipe the second. (For insurance, you may wish to do this
provably. Maybe use a publicly-accessible source of random data?)

Travel back across the border. When you are asked to decrypt your drive,
inform the authority that you are unable to do so, since no password exists,
and the data is utterly meaningless.

They will probably want you to provide some evidence of this. Refuse; insist
that you cannot be required to prove that you have _not_ done something wrong.

If all goes well, they'll arrest you for something. Then, call a lawyer.

------
geoffschmidt
Let's look a little bit further down the road, say 100 or 200 years. If the
computer is implanted in my head, can you compel me to give you the data in
it? What if the computer is made partly of cells? Just how tightly integrated
do I have to be with the storage device before it's part of the private,
protected sphere of my personal consciousness?

I don't mean to be frivolous. As we become ever more dependent on cloud
storage and mobile devices as extensions of our memories and our capabilities,
we're eventually going to have revisit the legal boundaries of our personhood.

My communications with my attorney are subject to attorney-client privilege.
It's almost like the attorney is considered to be a subprocess of me when he
is thinking about my problems. We correctly see it as being in the public
interest to allow me to communicate with my attorney without hindrance. Why
shouldn't my communications with _myself_ be given the same privilege?

~~~
hobin
I am inclined to think that this is one of those cases where people feel
uncomfortable for some time.

...and then they get used to it.

------
waiwai933
If I encrypt a letter by hand using, say, Caesar's cipher (despite how weak it
is), could a court compel me (i.e. is there common law precedent in the US or
elsewhere) to decrypt said letter? Surely there must be some precedent before
we had computers and whatnot, right? This, after all, seems to be the closest-
fitting analogy I can think of—both the "key to lock" and "privacy of mind"
arguments seem to be stretching it.

Unless the reason they're using these analogies is that no one has ever
brought a non-digital encryption case before a court, which would make sense
as to why they're not consulting that precedent, but surely 230 years of US
law and several times that of British law would bring up something...

~~~
learc83
There is precedent that a court can't compel you give up the combination to a
combination lock, because it would be considered testimony. Seems to me that
this falls under that precedent.

~~~
philfreo
Source?

~~~
learc83
>The assembly of those documents _was like telling an inquisitor the
combination to a wall safe, not like being forced to surrender the key to a
strongbox._ Id., at 210, n. 9. The Government’s anemic view of respondent’s
act of production as a mere physical act that is principally non-testimonial
in character and can be entirely divorced from its “implicit” testimonial
aspect so as to constitute a “legitimate, wholly independent source” (as
required by Kastigar) for the documents produced simply fails to account for
these realities.

<http://www.law.cornell.edu/supct/html/99-166.ZO.html>

They're not actually talking about a combination lock, but using that as an
example of something that would be covered by the fifth amendment.

Basically, merely forcing one to reveal that one possesses the password can be
regarded as self incriminating.

------
pimeys
I used to think of moving to USA. I'm a pretty good programmer and it would've
been nice to work in an American startup. When reading these news, about
SOPA/PIPA, about the crazy amount of spying and control in the airports, about
forcing to decrypt my laptop, I don't want to go there even for a holiday
anymore. I'm happy here in Berlin and even though the salaries are half what I
would get from Silicon Valley, the cost of living is also much lower.

And I'm not alone.

------
grecy
>Dubois said that, in addition, his client may not be able to decrypt the
laptop for any number of reasons. "If that's the case, then we'll report that
fact to the court, and the law is fairly clear that people cannot be punished
for failure to do things they are unable to do," he said.

So can everyone just claim they can't decrypt their drive because of <sort-of-
plausible-excuse-here> ?

~~~
______
Yeah, does forgetting a password constitute one of these reasons? It's
perfectly plausible if the laptop has been sitting in an evidence locker for a
while. People forget passwords all the time.

------
kogir
This should be cause for serious concern. There's often no way to prove that
someone knows a key or pass-phrase. If a personal computer I've used for years
has TrueCrypt at boot, perhaps a reasonable argument[1] could be made that I
know the password. That's not true of a flash drive or an encrypted file on a
shared computer.

If someone plants a safe in my house, I may be held in contempt for a while
while it's drilled open. Properly encrypted data might withstand attacks for a
lifetime or more.

[1] Best I can tell, it's possible for me to TrueCrypt encrypt your computer
with only physical access. You wouldn't notice until next boot.

~~~
aaronblohowiak
>This should be cause for serious concern.

Just like using an IP address as identification of a person.

------
jwhitlark
It's an interesting situation: What you say to your doctor, lawyer, or spouse
is protected, but what you say to yourself, is not.

~~~
rsl7
So tell your lawyer your passphrase.

------
mcritz
“I’m sorry, Your Honor. I have forgotten my password.”

If it’s good enough for Bob McFarlane and Alberto Gonzales, it’s good enough
for regular Americans, too!

------
jdietrich
For anyone wondering what this might look like in practice, look up the
Regulation of Investigatory Powers Act. There have been a number of
prosecutions in the UK for failing to provide encryption keys, many of them
resulting in imprisonment.

Notably, the first prosecution was of a paranoid schizophrenic man, who was
moved to a secure psychiatric hospital during his prison sentence.

We have not yet had a test case regarding deniable encryption, but I imagine
it will be only a matter of time.

------
ryanwaggoner
What if you made your passphrase itself a confession to a crime?

"I shot the sheriff."

Then you could claim that supplying your password would constitute self-
incrimination, and so you'd like to invoke your 5th Amendment rights :)

~~~
geoffschmidt
Ceci n'est pas une pipe. Reasonable people are sophisticated enough to
understand that there is a difference between using a sentence as a password,
and believing that sentence to be true.

On a related note, I once looked into changing my middle name to an executable
implementation of RSA, so that my passport would be a non-exportable munition.
(No go.)

~~~
lawnchair_larry
What was their reason for declining the name change?

~~~
bdonlan
I would guess that it would be too long if written out in English, and that
they'd probably deny a name change to a name that contains characters not
normally used in names (asterisks, semicolons, underscores...)

------
feralchimp
I'm a government-should-leave-reasonable-people-the-hell-alone libertarian and
a crypto-is-the-shit kind of guy. I also think warrants for searches of
encrypted media are totally legit, and think the hair splitting over "typing
in the password without anyone seeing it" vs. "being compelled to dictate the
password" is completely pointless.

1\. Not every vocal Utterance qualifies as Testimony, and the only person who
gets to self-identify with an encryption key is Whitfield Diffie, and that
rule only applies after 3 bong hits -OR- when he's doing Salvia with Ron
Rivest as his sitter. Your weasel card-skimming ass ain't no Whitfield Diffie.

2\. If you leak enough inculpatory evidence _outside_ your encrypted hard
drive, such that the police are now holding a warrant for searching _inside_
your encrypted hard drive, the jig is up, son! Shouldn't have leaked all that
other guilt-stench, and should have plausibly-deniably deleted that evidence.

~~~
ataggart
Individuals should not be compelled to actively participate in their own
prosecution. This is the spirit of the 5th Amendment.

~~~
feralchimp
I appreciate that the adversarial method of trial has given rise to that and
other threads of argument on behalf of defendants; I'm just not buying it in
this case.

It's an absurdly low bar for "active participation." He's not being asked to
compute the AES decryption on 3x5 cards, or help the prosecution find the spot
where the laptop is buried in the woods. When you're caught, you're forced to
empty your pockets. If your 'pockets' include 1TB of incriminating data,
that's your bad.

Is one also actively participating in his own prosecution when he fails to
resist arrest? How about when he agrees not to leave the country as a
condition for posting bail? After all, he's had that vacation to [insert non-
extradition country here] for _months_! Why should he change his plans to
benefit the prosecution?

------
eck
Isn't this one of the things TPMs are designed to defend you against? The TPM
only releases the encryption key after the right password is entered, some
number of wrong passwords cause a reset, and perhaps a single duress code
instantly causes a reset? Once the TPM is erased, who's to tell if it wasn't
just broken to begin with.

~~~
gte910h
You mirror drives as part of evidence collection

~~~
yew
. . . which is subsequently rendered useless by the TPM erasing itself.

(The standard procedure is to encrypt the drive using a key stored in the TPM.
The TPM then decrypts the drive when provided with the proper authentication.
If the designated security policy is violated the TPM destroys the key,
rendering the drive's contents useless.)

~~~
gte910h
They're mirroring the drive. Why wouldn't they mirror the TPM too? Or are you
contending they're tamperproof?

~~~
yew
They are intended to be tamperproof, yes. Mirroring the contents of a TPM is
an exercise in hardware deconstruction where you also have to worry about
setting of auto-erase traps. It's not _impossible_ by any means, but it's not
standard procedure and there's no guarantee it will actually work.

------
jrockway
"I forgot the key." Done.

(Presumably serving an 18 month contempt sentence in a county jail is better
than the 25-to-life in a maximum security federal prison you'd get if they saw
the contents of your hard drive.)

~~~
ComputerGuru
If I'm not mistaken, there's no limit on contempt of court. A... stubborn
judge could keep you detained until you're no longer in contempt.

~~~
jrockway
I've read that it's tied to a particular grand jury session, which is
something like 18 months.

Either way, the longest contempt sentence ever was 14 years, which is nothing
compared to what you'll get if the government convicts you of laundering
money, selling drugs, possessing child porn, or all the other crimes that you
might have documented on your computer.

~~~
3143
Why would you want that person to be able to avoid going to jail just because
he was smart enough to use encryption?

~~~
jrockway
Because I believe in the right of a person to be secure in his papers. If
you've done something illegal, the government should be able to make its case
without needing your computer. If they can't, what you've done is, to me, not
illegal. The people that wrote the Constitution seem to agree.

------
Steko
related:

<http://news.ycombinator.com/item?id=2693599>

'TrueCrypt User Held in Contempt of Court (truecrypt.org) "

------
trotsky
Perhaps I don't understand some dynamic here, but what prevents someone from
just stating that they no longer know the pass phrase? I thought that was more
or less a free pass, as no one can prove what you do or don't remember. Hence
why the phrase "I'm sorry, I don't recall that senator" is used so often when
everyone knows they're lying.

------
ChrisNorstrom
The problem here is what are they going to find that ISN'T Illegal?

Everyone has cracked software, pirated movies, & torrents. Then there's
content that isn't illegal but very personal: chat logs, email archives,
contact lists, usernames & passwords, FTP info, master passwords to
everything, OH and my entire life's worth of inventions and ideas. I'm not
saying they'd steal them but remember, we're talking about the American
Government here. The same one that can't account for billions of dollars in
missing money. Lost 6.6 Billion in Iraq and doesn't know what happened to it.
And doesn't know how or why a warehouse full of missiles in the middle east is
empty. If that's how they treat their money and weapons, I wonder how they're
going to treat my life's work. So...

Just use TrueCrypt to create a hidden volume on a flash drive or SD card, keep
everything else un-encrypted. They won't even know it's there. I've got a 32
GB SD card just for this purpose, it's got all my project files on it,
thunderbird portable, my entire collection of inventions and business ideas,
my life's work basically. If anyone were to plug that card in, it would just
read "card has not been formatted yet". I've got a backup of it as well.

If you have a hard drive full of torrented content or DVD rips that look like
torrented content just make 2 TrueCrypt volumes, one that is visible (put some
porn on it to simulate a "this is all I have hidden" excuse) and the other
volume hidden (with all of your pirated content). They literally won't ever
know it was there.

~~~
Simucal
I'm curious what the courts would say when told that it is possible to have a
hidden inner volume that is impossible to detect and when I hand over my key
it may just be the outer containers, not the hidden inner container that I
have unlocked.

~~~
ChrisNorstrom
The best way to hide something is with misdirection and dead ends. It's by
letting someone win a little but not all the way.

If you're a straight male just make a second inner hidden volume and put a ton
of gay porn on it. After a few days of arguing with the court just reveal your
password to it and they'll think "oh shit, this is what he was hiding. Well
nothing to see here, moving on. That's all."

~~~
MengYuanLong
I really like this idea but I think it is important to ensure that whatever
XXX material you have, the actors are clearly over 18. Lord knows it may make
your standing far worse if you have anything pushing the line.

So, 30+ year old models in your Safe For Government/get out of jail porn
directory.

~~~
dagw
Also make sure the XXX material is fully paid for and licensed, or they'll no
doubt slap pirating charges on you for your porn collection.

~~~
finnw
That's probably not feasible these days. Commercial porn sites only offer
licenses for streaming, not downloading.

------
cynwoody
What if she can't remember the pass phrase?

Of course, she could be lying, but how could they prove that?

~~~
shmerl
They can apply various methods, such as polygraph to determine whether she
really forgot the key, and it won't be so easy for her to avoid revealing the
real fact.

~~~
desas
Polygraphs are considered reliable? In the UK they are inadmissible in court.

------
meatmanek
A stupid idea: what if we passed a law making, say, knowing an encryption key
illegal, with a $0.01 penalty per year? Then asking you for your encryption
key would be asking you to provide self-incriminating testimony.

~~~
chimeracoder
You don't need to do that - there's a decent argument to be made that forcing
you to decrypt a drive is already forcing you to testify against yourself, in
violation of the 5th Amendment.

~~~
techtalsky
Right, and that's what the article says a judge decided is NOT the case.

~~~
Nick_C
No he hasn't. Pls read the article. They are requiring her to provide the
documents.

------
duncan_bayne
Personally I think this is reasonable, provided that requests for decryption
keys are handled with the same level of respect for law & privacy afforded to
physical keys.

There is a thornier issue though: stenanography + encryption. What if the
encrypted data aren't visible in the first place? Or, what if the data aren't
provably encrypted data?

I can imagine a case where someone languishes in jail for contempt of court,
after being ordered to produce something that doesn't actually exist.

------
hippich
Once again - either providing password, or entering it without revealing
password itself is a self-incrimination simply because this way you prove you
are owner of this information.

Why this is important? It might be not yours information but you might know
password. And this will make you incriminating yourself.

And most important, no matter what, right to not incriminate yourself should
be remain untouched. Otherwise, nothing protects people from its government.

------
ThePinion
This is a serious question that I hope gets answered: Is it possible to tell
Linux (or Windows I guess) to immediately crash if you boot it up and are
either 1) not connected to the internet or 2) not connected from a certain IP
address.

Then you could give up the key, but tell them "see, it's broken and I haven't
been able to use it anyway."

------
scelerat
Does the defendant's fate hinge on the contents of this laptop? It seems not:
the article mentions other evidence against her.

If a case hinges entirely on the contents of an encrypted laptop, perhaps it's
not the strongest of cases... which is kind of the point of the fourth and
fifth amendments: keeping the government honest, so to speak.

------
stretchwithme
I wonder by what means they will make their hands type. Can they be taser-ed
into submission, like the guy who couldn't stand up in the college library?

~~~
marshray
Yes, contempt-of-court in the US can mean being held in an abusive jail.

------
RexRollman
"He said the All Writs Act, which dates back to 1789 and has been used to
require telephone companies to aid in surveillance, could be invoked in
forcing decryption of hard drives as well."

I respectfully disagree, even if his opinion is correct under the law. A
defendant should never, ever, be forced to assist in his own prosecution, and
being forced to decrypt the drive would be doing exactly that.

------
Derbasti
Yet another freedom lost in the land of the free: You are not allowed to have
secrets any more.

------
cschep
Obligatory XKCD: <http://xkcd.com/538/>

Seriously though, why does the government think they can win at this stuff?
Without hitting the guy with a wrench that is.

------
nirvana
I wonder about this: What if the key to the encryption is written on a dozen
seemingly random notes on yellow sticky notes in your office full of yellow
sticky notes? Or, it is composed of the last letter on each page of a series
of innocuous looking documents, such that the government might seize the
documents but naturally in the process of doing so, scramble the documents
order rendering the password irretrievable. Or its some combination of words
from a book, or some other innocuous piece of material that they'd simply
ignore and that would be thrown out after they left. The one FBI raid I'm
directly familiar with involved them seizing the computers and even the
phones, but not the desks or the phone books, etc.

In this case the passphrase existed in the location where the laptop was
seized but in the intervening months, or in the act of seizing it, the phrase
was destroyed. Thus it is the responsibility of the cops who seized it that
the passphrase is no longer retrievable, and thus it is the government's fault
the data is impossible to decrypt.

I'm sure there's an even better way to accomplish something similar that I'm
not thinking of, where the phrase is kept handy, but only obvious to you so
that you know how to derive it, but the simple act of serving a search warrant
will eliminate the phrase by rearranging the key elements.

Then in court you can testify honestly to exactly how you looked up the
phrase, but the government would have no way to recreate it.

~~~
IgorPartola
Sure. You could do even better: keep your computer on at all times and keep
everything you do in RAM. No encryption is necessary here, just a $100 UPS and
your laptop's own battery.

The problem with all these comments about "what if I give half of my phrase to
a friend?" or "what if I write it in the dust at the entrance to my house and
the FBI wipes it away when they bust in?" is that it doesn't really address
the core issue. There is no technological solution to this situation:

1\. The gov't can just give up on the idea of looking at encrypted drives. Not
likely and possibly bad for society as a whole. I am not able to judge that.

2\. The judge can just refuse to understand that there is no way to decrypt
the drive and hold you in contempt of the court indefinitely at which point
you'll be cursing yourself for not burying the passphrase chiseled into a
stone in your back yard.

3\. The gov't makes it illegal to encrypt drives without giving them the keys.
At best this is done through some kind of third-party escrow service so that
an actual warrant needs to be given before the key is given out. At worst, you
just drop off your encryption keys with the nearest post office.

4\. There is no #4. The judicial system won't just go "well, this guy has an
encrypted drive and we can't get in. Let's just let him go since he clearly
outsmarted us." They either will find something else on you, or compel you to
decrypt the drive.

Like I said, there is no technical solution, only social/behavioral.
Encryption became too sophisticated and there isn't much that we can do
nowadays.

~~~
trotsky
For what it's worth, it's very common for forensics teams to get memory dumps
before the computers are turned off or moved.

~~~
IgorPartola
No problem. With enough money you could set up a dead man switch to erase your
laptop if you step more than 3 feet away from it which is bound to happen if
the FBI drags you away. Or set up a voice recognition system that would listen
for the words "Open up! Police!".

My point is that with all these amateur lawyer "I can outsmart them on a
technicality" schemes I think it needs to be said that you probably don't want
to do any of that. Instead, if you do have something that you feel you don't
want to expose, use whole disk encryption with hidden volumes, duress codes,
etc. but keep your options open. The worst possible scenario to be in is where
the only way to prove that you are innocent (or to enter into a plea bargain)
is to decrypt your drive but some crazy scheme of yours now prevents you from
ever recovering your passphrase.

EDIT: Can someone please explain the downvotes?

~~~
baddox
You can also just, you know, refuse to decrypt the drive. If they're going to
torture you, you're pretty much screwed anyway so you probably don't care
about the data (unless perhaps it contains crucial private information about
friends and family, or business dealings).

------
rhaphazard
A bit torn on the issue and don't have a strong opinion either way. I slightly
lean towards they shouldn't have to hand over the password, but I really thing
courts should try to be flexible (is that even possible?) and go case by case.

Will be looking towards hearing more opinion on the issue.

------
thekevan
I hate that I think I agree with the ruling. If the authorities had a warrant
to someone's house and barricade themselves in so there could be no entry,
we'd hardly give it a second thought that they were violating the warrant.
Refusing to give up a password to an encrypted drive is effectively
barricading your content.

I guess my issue is what they describe as probable cause for issuing the
warrant in the first place.

