In this case the passphrase existed in the location where the laptop was seized but in the intervening months, or in the act of seizing it, the phrase was destroyed. Thus it is the responsibility of the cops who seized it that the passphrase is no longer retrievable, and thus it is the government's fault the data is impossible to decrypt.
I'm sure there's an even better way to accomplish something similar that I'm not thinking of, where the phrase is kept handy, but only obvious to you so that you know how to derive it, but the simple act of serving a search warrant will eliminate the phrase by rearranging the key elements.
Then in court you can testify honestly to exactly how you looked up the phrase, but the government would have no way to recreate it.
The problem with all these comments about "what if I give half of my phrase to a friend?" or "what if I write it in the dust at the entrance to my house and the FBI wipes it away when they bust in?" is that it doesn't really address the core issue. There is no technological solution to this situation:
1. The gov't can just give up on the idea of looking at encrypted drives. Not likely and possibly bad for society as a whole. I am not able to judge that.
2. The judge can just refuse to understand that there is no way to decrypt the drive and hold you in contempt of the court indefinitely at which point you'll be cursing yourself for not burying the passphrase chiseled into a stone in your back yard.
3. The gov't makes it illegal to encrypt drives without giving them the keys. At best this is done through some kind of third-party escrow service so that an actual warrant needs to be given before the key is given out. At worst, you just drop off your encryption keys with the nearest post office.
4. There is no #4. The judicial system won't just go "well, this guy has an encrypted drive and we can't get in. Let's just let him go since he clearly outsmarted us." They either will find something else on you, or compel you to decrypt the drive.
Like I said, there is no technical solution, only social/behavioral. Encryption became too sophisticated and there isn't much that we can do nowadays.
Take a look at this one: http://www.youtube.com/watch?v=erq4TO_a3z8
The problem with an encrypted drive is that they know it's there.
My point is that with all these amateur lawyer "I can outsmart them on a technicality" schemes I think it needs to be said that you probably don't want to do any of that. Instead, if you do have something that you feel you don't want to expose, use whole disk encryption with hidden volumes, duress codes, etc. but keep your options open. The worst possible scenario to be in is where the only way to prove that you are innocent (or to enter into a plea bargain) is to decrypt your drive but some crazy scheme of yours now prevents you from ever recovering your passphrase.
EDIT: Can someone please explain the downvotes?
But RAM isn't instantly wiped when turned off. The capacitors take some time to discharge, and it is possible to quickly snatch a RAM stick and put it in a device that will preserve its content and allow to read it later on.
If the strategy you propose becomes more prevalent, law officiers will adapt.
As will the encryption software. Good luck dumping my L1 cache.
One example is what TrueCrypt calls plausible deniability. Your drive has an encrypted volume which initially appears to be completely random data (like all well-encrypted data). You have two decryption keys: an "innocent one" and the "real one." If asked or compelled to decrypt your drive, you decrypt it with the innocent one, and it becomes something innocent (like a bare operating system with no personal info). Obviously, the "real key" reveals your real operating system which you actually use, and thus contains personal information.
The kicker is, without the real key, not only can they not see your personal information, but it's physically impossible to even prove that there's another key which decrypts different data on the drive.
>> I'm not sure if they fixed it since then.
Maybe you could find out and post something useful.
This is basically saying that if you mount a hidden partition, you may leak information via things like browser cache that ends up getting saved to unencrypted areas. On the other hand, this says nothing about the case where you have the full drive encrypted and boot a different OS if you mount the hidden partition via the bootloader.
In fact that is exactly what defense is saying would be the next argument coming from them.
One can claim they forgot the password. The judge might not believe them, so they can just slap contempt of court charges one after another? What the person has actually forgot the password? How can they prove that they forgot something.
> Then in court you can testify honestly to exactly how you looked up the phrase, but the government would have no way to recreate it.
Not a bad idea in theory. However if the judge/jury can be convinced that you set up your password retrieving system specifically so that a search would destroy the password, they can still slap obstruction and contempt charges on you. I think that is the problem -- inability to convince the judge that you can't decrypt vs that you don't want to....
Obviously, there are many cases where it seems extremely unlikely to us that someone has just forgotten his/her password, but as far as I'm concerned that does not constitute proof. (Otherwise, I think this would be one of those cases where people can get convicted just for being not very smart.)
> Not a bad idea in theory. However if the judge/jury can be convinced that you set up your password retrieving system specifically so that a search would destroy the password, they can still slap obstruction and contempt charges on you. I think that is the problem -- inability to convince the judge that you can't decrypt vs that you don't want to....
Except that one could argue that you have been using this system for a long time (as you have) in case people who were not authorized to use your computer stole it. They can't prove you've set up this system specifically to disrupt their case.
This doesn't solve the problem when law enforcement simply asks you to hand over your computer, of course, but when they come stomping through the door and take away your stuff, you can say "neener-neener, you should've just asked." (I suggest not using those exact words.)