I wonder about this: What if the key to the encryption is written on a dozen seemingly random notes on yellow sticky notes in your office full of yellow sticky notes? Or, it is composed of the last letter on each page of a series of innocuous looking documents, such that the government might seize the documents but naturally in the process of doing so, scramble the documents order rendering the password irretrievable. Or its some combination of words from a book, or some other innocuous piece of material that they'd simply ignore and that would be thrown out after they left. The one FBI raid I'm directly familiar with involved them seizing the computers and even the phones, but not the desks or the phone books, etc.
In this case the passphrase existed in the location where the laptop was seized but in the intervening months, or in the act of seizing it, the phrase was destroyed. Thus it is the responsibility of the cops who seized it that the passphrase is no longer retrievable, and thus it is the government's fault the data is impossible to decrypt.
I'm sure there's an even better way to accomplish something similar that I'm not thinking of, where the phrase is kept handy, but only obvious to you so that you know how to derive it, but the simple act of serving a search warrant will eliminate the phrase by rearranging the key elements.
Then in court you can testify honestly to exactly how you looked up the phrase, but the government would have no way to recreate it.
Sure. You could do even better: keep your computer on at all times and keep everything you do in RAM. No encryption is necessary here, just a $100 UPS and your laptop's own battery.
The problem with all these comments about "what if I give half of my phrase to a friend?" or "what if I write it in the dust at the entrance to my house and the FBI wipes it away when they bust in?" is that it doesn't really address the core issue. There is no technological solution to this situation:
1. The gov't can just give up on the idea of looking at encrypted drives. Not likely and possibly bad for society as a whole. I am not able to judge that.
2. The judge can just refuse to understand that there is no way to decrypt the drive and hold you in contempt of the court indefinitely at which point you'll be cursing yourself for not burying the passphrase chiseled into a stone in your back yard.
3. The gov't makes it illegal to encrypt drives without giving them the keys. At best this is done through some kind of third-party escrow service so that an actual warrant needs to be given before the key is given out. At worst, you just drop off your encryption keys with the nearest post office.
4. There is no #4. The judicial system won't just go "well, this guy has an encrypted drive and we can't get in. Let's just let him go since he clearly outsmarted us." They either will find something else on you, or compel you to decrypt the drive.
Like I said, there is no technical solution, only social/behavioral. Encryption became too sophisticated and there isn't much that we can do nowadays.
No problem. With enough money you could set up a dead man switch to erase your laptop if you step more than 3 feet away from it which is bound to happen if the FBI drags you away. Or set up a voice recognition system that would listen for the words "Open up! Police!".
My point is that with all these amateur lawyer "I can outsmart them on a technicality" schemes I think it needs to be said that you probably don't want to do any of that. Instead, if you do have something that you feel you don't want to expose, use whole disk encryption with hidden volumes, duress codes, etc. but keep your options open. The worst possible scenario to be in is where the only way to prove that you are innocent (or to enter into a plea bargain) is to decrypt your drive but some crazy scheme of yours now prevents you from ever recovering your passphrase.
You can also just, you know, refuse to decrypt the drive. If they're going to torture you, you're pretty much screwed anyway so you probably don't care about the data (unless perhaps it contains crucial private information about friends and family, or business dealings).
For chain of custody etc. you always need to make a master copy and sign/hash it and then work off of a copy. If you tried to do forensics on the actual computer as seized you'd be busy destroying disk & memory evidence as you worked.
That is fine for working on it (and having taken computer forensics classes at college something I am intimately familiar with), however it no longer needs to be done on location. The device can safely be removed without requiring a tech to go out to the location.
This is probably good enough for most cases, where ham-fisted cops will pull the plug to seize the computer.
But RAM isn't instantly wiped when turned off. The capacitors take some time to discharge, and it is possible to quickly snatch a RAM stick and put it in a device that will preserve its content and allow to read it later on.
If the strategy you propose becomes more prevalent, law officiers will adapt.
> I'm sure there's an even better way to accomplish something similar that I'm not thinking of
One example is what TrueCrypt calls plausible deniability. Your drive has an encrypted volume which initially appears to be completely random data (like all well-encrypted data). You have two decryption keys: an "innocent one" and the "real one." If asked or compelled to decrypt your drive, you decrypt it with the innocent one, and it becomes something innocent (like a bare operating system with no personal info). Obviously, the "real key" reveals your real operating system which you actually use, and thus contains personal information.
The kicker is, without the real key, not only can they not see your personal information, but it's physically impossible to even prove that there's another key which decrypts different data on the drive.
"In a paper published in 2008 and focused on the then latest version (v5.1a) and its plausible deniability, a team of security researchers led by Bruce Schneier states that Windows Vista, Microsoft Word, Google Desktop, and others store information on unencrypted disks, which might compromise TrueCrypt's plausible deniability. The study suggested the addition of a hidden operating system functionality; this feature was added in TrueCrypt 6.0. When a hidden operating system is running, TrueCrypt also makes local unencrypted filesystems and non-hidden TrueCrypt volumes read-only to prevent data leaks. The security of TrueCrypt's implementation of this feature was not evaluated because the first version of TrueCrypt with this option had only recently been released."
It clearly states that it did not evaluate the security plausible deniability of the 'hidden OS' feature.
This is basically saying that if you mount a hidden partition, you may leak information via things like browser cache that ends up getting saved to unencrypted areas. On the other hand, this says nothing about the case where you have the full drive encrypted and boot a different OS if you mount the hidden partition via the bootloader.
In fact that is exactly what defense is saying would be the next argument coming from them.
One can claim they forgot the password. The judge might not believe them, so they can just slap contempt of court charges one after another? What the person has actually forgot the password? How can they prove that they forgot something.
> Then in court you can testify honestly to exactly how you looked up the phrase, but the government would have no way to recreate it.
Not a bad idea in theory. However if the judge/jury can be convinced that you set up your password retrieving system specifically so that a search would destroy the password, they can still slap obstruction and contempt charges on you. I think that is the problem -- inability to convince the judge that you can't decrypt vs that you don't want to....
> One can claim they forgot the password. The judge might not believe them, so they can just slap contempt of court charges one after another? What the person has actually forgot the password? How can they prove that they forgot something.
Shouldn't the court be the one proving stuff? Having to prove you have forgotten your password is like being guilty before being proven innocent.
Obviously, there are many cases where it seems extremely unlikely to us that someone has just forgotten his/her password, but as far as I'm concerned that does not constitute proof. (Otherwise, I think this would be one of those cases where people can get convicted just for being not very smart.)
> Not a bad idea in theory. However if the judge/jury can be convinced that you set up your password retrieving system specifically so that a search would destroy the password, they can still slap obstruction and contempt charges on you. I think that is the problem -- inability to convince the judge that you can't decrypt vs that you don't want to....
Except that one could argue that you have been using this system for a long time (as you have) in case people who were not authorized to use your computer stole it. They can't prove you've set up this system specifically to disrupt their case.
This doesn't solve the problem when law enforcement simply asks you to hand over your computer, of course, but when they come stomping through the door and take away your stuff, you can say "neener-neener, you should've just asked." (I suggest not using those exact words.)
The problem here is that you have to convince people you're telling the truth. If there are any number of stenographic techniques at your disposal, and only way to confirm whether you're being honest is if the drive decrypts, then unless that occurs it can't be easily determined whether you were giving a good faith answer or not.