

Colorado woman must unencrypt hard drive - jamesbritt
http://www.washingtonpost.com/business/technology/colo-woman-must-turn-over-computer-hard-drive-after-appellate-court-refuses-to-get-involved/2012/02/22/gIQA7K6jSR_story.html

======
billpg
I misread that as "colocated woman".

(Edit: This comment made sense before the title was edited.)

~~~
jamesbritt
Yes, my apologies. After I read your comment I no longer read the "Colo." as
an abbreviation for a state; now it instantly meant "colocated." :(

My thanks to whomever fixed it.

------
grecy
Wow, that raises so many interesting questions / loopholes / stupid scenarios.

1\. What if I encrypt the drive twice? Sure, I'll decrypt the first layer,
then they can have the "contents" of that.

2\. What are the legal implications if I've "encrypted" something written
down? i.e. replaced every letter with the next letter in the alphabet. Do I
have to decrypt that?

3\. What are the legal implications if I've written things down in another
language, known only to me - can I be forced to translate it? I would think a
nice defense here is to say they can have the disk, it's just in another
language, which is their problem.

4\. Further to point 3. what if I have the info on a drive with a File System
that only I can read/write? Do I have to give them the tools to read the file
system?

5\. Similar to point 4, I write my own custom binary file format that only I
know how to read/write - again, do I have to describe the file format?

This is about to get crazy.

~~~
Arelius
As a response to #1, I'm pretty sure that wouldn't hold up. Unless they
specifically state that she will "Run the XXX Algorithm on the drive" It's
probably legally sound that she has to fully decrypt all the data.

#2 probably holds similarly. The remaining ones are just getting more
ridiculous.

------
rottencupcakes
This is simply a terrible title for this article.

------
zalew
"Federal prosecutors argue that not allowing the government access to
encrypted computers would make it impossible to prosecute crimes such as
terrorism, child exploitation and drug trafficking"

good old 'think of the children'

~~~
superppl
That line just bugs me on so many levels. Why can't they prosecute those cases
without having the data on someone's laptop? What can someone have on a laptop
that can be so important that without it it becomes impossible to convince a
jury?

Honestly, I think if the prosecution is unable to move forward without that
data, then they had no hope in the first place.

~~~
ceol
I disagree. In cases of fraud, logs, emails, and spreadsheets could all be
used to guarantee a case— especially if it's the online variety.

From my understanding, you're basically asking for the prosecution to
prosecute a murder case but not allow them to use the murder weapon— with the
person's prints on it— as evidence.

------
drucken
Unless the US specifically has laws about not revealing passwords, all this
couple have to do is claim they forgot it.

Even if that failed, the most the judge can add to their charge is contempt of
court...

This is clearly a fishing expedition (unlike, allegedly, the cited border
child pornography case) by government agencies AND the justice system trying
to set a precedent for searches without existing hard evidence of a crime.

------
RexRollman
I would refuse to decrypt the drive, even though it would be contempt, but
everyone has to decide for themselves what battles are worth fighting.

~~~
grecy
I wonder what the penalty for contempt is?

let's say it's a high-profile murder case, and they need the info on the drive
to make it stick. Without the drive, there is no case. If the defendant gives
over the key, they get 25-life, what's the penalty for contempt?

~~~
Miner49er
In Colorado, it looks like the maximum sentence for contempt is 6 months. In
Wyoming (my state), the max is 90 days or a $500 fine. I would choose
contempt.

~~~
Jetlag
Every 6 months (or 90 days) the judge hauls you in to court and orders you to
give up your password until one of you breaks.

~~~
RexRollman
I know there was a guy who spent years in jail on a contempt charge related to
his divorce (the ex-wife claimed he has lots of money hidden about). I'll see
if I can find a link for it.

EDIT: Here it is: <http://www.post-gazette.com/pg/09192/983301-454.stm>

------
Sukotto
How is this different than being forced to unlock something like a filing
cabinet or empty your pockets, or open the storage locker as part of a police
investigation?

this is investigating a specific crime. It's not like being forced to decrypt
when the police are fishing for a reason to bust you. (or NYC's stop-and-frisk
emptying of your pockets which I firmly oppose)

~~~
Arelius
Should we all be storing our hard drives in a lockable vault, such that we can
get the legal protection that physically sealing it would do?

~~~
Sukotto
No. My point is that search warrants should cover decrypting your digital data
in exactly the same way that they allow the police to search your home, your
office, your storage locker, your safe, etc.

~~~
maxerickson
Why not treat cryptography as a novelty?

A nice outcome is that it avoids all the issues surrounding guessing whether
the key to the random bits even exists, and what form it takes, and whether
there is more than one key, and so on.

------
thoughtsimple
I have many encrypted files that I do not know the password to. The passwords
are in an encrypted keychain that I do know the password to. If I delete the
keychain, there is no way that I will be able to decrypt those files.

What would happen if the courts ordered me to decrypt a file where I no longer
have access to the password?

------
revelation
For all anyone can prove, its random data. What are they going to do next time
I safely erase a file? Throw me in jail for contempt because I can't magically
turn the random data into incriminating evidence?

~~~
Arelius
The decrypted data could be random, but afaik, encrypted data does have
patterns that are evident of encrypted data.

~~~
keeperofdakeys
Usually this is only in the form of a header on the block device. Dm-crypt on
linux has a mode called 'plain'. This uses the sector number and
passphrase/keyfile to generate a unique encryption key for each sector. This
means there is no meta-data, and corruption of any physical sectors map
directly to the unencrypted block device. In this case, it does look just like
random data.

------
duncan_bayne
Steganography FTW, here. "Here you go, I've decrypted my hard drive. Now,
somewhere in my gigs of cat photos and music lie the documents you're looking
for. Have fun."

------
jrockway
This is far from over. There is still the matter of "I forgot". (No, the judge
might not like that, but on the other hand, if she did actually forget...)

------
halefx
Future solution: Create a killswitch password that completely erases specific
directories when used.

~~~
Arelius
This would hardly solve the problem. By the time they would have you decrypt,
they would have made a disk image of the drive in question. When you enter the
killswitch, they could simply restore, and request that you try again, not to
mention that that is then suddenly better evidence against you.

The best solution seems that it may be nested encrypted partitions. ala, the
trucrypt solution: <http://www.truecrypt.org/docs/?s=hidden-volume>

~~~
halefx
Or Deniable Encryption: <http://en.wikipedia.org/wiki/Deniable_encryption>

------
gm
What encryption software is this woman using?

------
drivebyacct2
If it were possible to prove that I didn't remember the password to my
encrypted drive, would I be violating some law that I could get into trouble
for?

~~~
pluies_public
It would be akin to say "this safe? I lost the keys.", wouldn't it? I don't
know what's the standard way of dealing with that either though.

~~~
maxerickson
Depending on what was inside of it, they would just have someone open it.

