Hacker Newsnew | comments | show | ask | jobs | submit login

> In plain English: Does this mean an encrypted hard drive CANNOT be decrypted by law enforcement and the contents of the drive cannot be used in court to convict?

Not exactly. It means that the defendant does not (currently) have to provide the decryption key in cases where law enforcement has had no luck accessing the volume via other means.

Not all encryption schemes are created equal, and in many cases, law enforcement will attempt to circumvent or retrieve the key otherwise (i.e. volatile memory, disk controllers, etc).




So a sufficiently strong method of encryption (one that is proven to be not time or resource efficient) is enough to protect your hard drive from law enforcement eyes?

-----


To an extent, yes.

If the prosecution simply suspects there to be incriminating evidence on the encrypted drive, however strongly, then compelling you to decrypt the drive would be "testimonial". After the decryption, they'd have evidence they didn't have (or at least didn't know of) before the decryption. That's effectively testifying against yourself, and thus subject to 5th Amendment protection.

If, OTOH, the government already specifically knows that you have incriminating data on an encrypted drive, this test doesn't seem to apply, per my reading. It's not "testimonial" for you to decrypt the drive, as they already know the evidence exists, and that it's on the encrypted drive. The plaintext doesn't give them anything they don't already know about.

An interesting question in all this is the disposition of additional evidence, beyond the stuff they already knew about, in such a case. Contrived example: if John Doe is compelled to decrypt his laptop to provide the prosecution with evidence they already knew about in an embezzlement case, and they happened also to find child porn (which they had no reason to suspect the existence of, and weren't searching for) on the drive, does that mean new charges?

-----


If, OTOH, the government already specifically knows that you have incriminating data on an encrypted drive, this test doesn't seem to apply, per my reading. It's not "testimonial" for you to decrypt the drive, as they already know the evidence exists, and that it's on the encrypted drive. The plaintext doesn't give them anything they don't already know about.

How can one know something exists if they don't have it? They can be "pretty sure", but they can't "know". Therefore, providing the encryption passphrase is always testimonial. (Mumble, mumble, something about a radioactive cat...)

-----


How can one know something exists if they don't have it?

I don't think the distinction the court is making here is particularly epistemological. The question isn't even directly about the specific evidence on the encrypted drive. It's about whether the act producing said evidence, itself, would be testimonial. If the prosecution "knows" you have this evidence, however — legally, of course — they came by that knowledge, then the act of producing it isn't testimonial. If they don't know of specific evidence, OTOH, then compelling you to produce any evidence you might have would be.

If, for example, you were dumb enough to admit to a third party that you keep the map showing where you buried the bodies on an encrypted drive, that person's testimony might be sufficient. Worse, you might have let slip that's where the data is while being interrogated. Or maybe the Customs agent saw a file named "XYZ Company Fraud.xls" the last time you came back from overseas, and now you're being prosecuted for defrauding XYZ Co. There are countless ways for the man to come by knowledge of the existence of a specific piece of evidence.

-----


In the case of child porn, how about network logs from your ISP? Would this be enough? There's no way they can be sure that the images are stored on your disk. But digital traces are logged all over the place, so this is a very relevant point.

-----


Look at the first comment by Jon Shields (on volokh.com, not here), addressing exactly that aspect of US v Fricosu (a prior recent case where the defendant was ordered to turn over a decrypted copy of the disk).

They had wiretaps of Fricosu admitting to someone else that specific information existed on his laptop. Although the prosecution did not have the plaintext documents that Fricosu was referring to, his admission over the phone was deemed enough for it to be a foregone conclusion that the documents existed on his laptop, and therefore the court could order Fricosu to decrypt.

Quoting footnote 27 of Fricosu: [In the wiretap transcript], Friscosu essentially admitted every testimonial communication that may have been implicit in the production of the unencrypted contents.

-----


The suspect could have told about it to somebody, or somebody (like informant) could have seen it sometime ago, or maybe even gave it to him while working undercover, or they could have observed the suspect receiving the file while working on the specific computer (i.e. via wiretap or by observing the connections on the sending side or while in transit). Of course, there's no proof that between that and current moment something didn't happen and the file wasn't deleted - but at least if it was not, the fact that it existed would not be news. That's like if I give somebody a secret document and he puts it in the safe, then the fact that he has the document in the safe is not news to me - even though in the meantime somebody could have broken into the safe and stolen it, for example, so I can't be 100% sure it's actually there.

-----


So basically, prosecutors need to lie (or get someone to lie on their behalf, aka an informant). And since they have immunity, there's strong incentive to do so, right?

I don't see how this ends well for We, the People.

-----


It really depends. If the police have some corroborating evidence that you have records of all your illegal arms dealing (or whatever) on your encrypted drive then the court can still compel you to decrypt it. At that point you can decrypt it or refuse/feign that you've forgotten (risking of contempt of court).

-----


Well, from reading the opinion it seems that one important factor was that basically the government's position was "we don't know if there's hidden encrypted data here, and if there is we don't know if that data is relevant to the case". So keep that in mind when interpreting this.

-----


even further, the prosecution has not indicicated a specific file or location he expects to find, based on other evidence, on the drive.... and the court is deciding that amounts to a fishing expedition. they want to see his decrypted drive because it might contain evidence... not because they are very certain it had a key piece.

even more important, although brief, is that by decrypting the drive the defendant would be automatically admitting he had control over the drive and its contents... something otherwise arguable on an unenecrypted drive, meaning he woud be testifying against himself for any illegal material found, even. if unrelated to thecase.

-----




Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: