Fifth amendment won't protect your password says federal court

Re: Fifth amendment won't protect your password says federal court

This sounds like they are trying to say that your password is not something incriminating thus you can't refuse to enter it. The information it encrypts may be bad for your case but it's not like you're sitting there manually decrypting the files, in which case your 5th amendment rights probably would protect you.

If you thought of it from the point of view that entering a key is a part of decrypting the files then the act would be equal to him testifying against himself by producing self incriminating evidence. Although this all is just a guess, I'm only really knowledgeable about the 4th.

Re: Fifth amendment won't protect your password says federal court

Rather than pleading the fifth,, wouldn't the first reaction to a question of contents on an encrypted drive be plausible deniability? Granted, deniability of knowledge of the contents, or the encrypted volume itself would depend greatly on the encryption method. However, regardless of method or level of encryption, though it may be unlikely it is not entirely impossible that the owner of the machine in question does not possess the password or key file. Regardless of how questionable the content, be it a backup of a dvd that may be illegal to possess in a certain country when inspected at a border crossing, or hiding porn from the wife, proper encryption is always a good idea, even for data that my be perfectly legal to have, but may be misconstrued by an inspecting party.

Re: Fifth amendment won't protect your password says federal court

heh... i wonder what would happen if after all this time in jail, etc. the man just claims that he forgot it.

actually, THAT would be a wickedly cool crypto algorithm... something that rotates keys or otherwise changes itself automatically every so often, and unless you decrypt the drive at a pre-determined interval to "reset the clock" it will eventually just lock forever.

inconvenient, yes, but interesting none the less.

Re: Fifth amendment won't protect your password says federal court

Yeah, I like that idea, maybe it should do it every 108 minutes and you'd have to enter in 4, 8, 15, 16, 23, & 42.

Re: Fifth amendment won't protect your password says federal court

That's simply a crypto version of a deadman's switch. I assumed that it was already present, but a brief search doesn't reveal such a feature.

If we assume that the authorities are not going to power on your system (so no cron jobs, custom software, or trusted clock source) and instead rely on a copy of the disk image, then how might one implement such a system? The only solutions I can come up with are inconvenient in that you would lose access anytime you had an unplanned system outage. (And if that's the case, you may as well just encrypt your disk image in RAM.)

(I am assuming here that the authorities take you and your system at roughly the same time. There is no issue if you can assume a delay between capture of the person and then, at a later time, the equipment.)

Re: Fifth amendment won't protect your password says federal court

You guys aren't reading your SAN's News Bites tisk tisk :-)

--Judge Says Man Must Decrypt Drive
(February 26 & March 3, 2009)
A federal judge has ruled that a man suspected of having child
pornography on an encrypted drive on his laptop computer is not
protected by the Fifth Amendment. US District Judge William Sessions
ruled that Sebastien Boucher surrendered those rights when he allowed
his laptop to be searched the first time, and ordered Boucher to provide
the court with an unencrypted version of the drive in question. The
ruling reverses an earlier decision in which a judge ruled that Boucher
was protected from incriminating himself under the Fifth Amendment. The
original request from the US department of Justice had been to make
Boucher surrender his encryption passwords; the appeal asked only that
he decrypt the drive in view of the grand jury. Boucher's laptop was
searched in December 2006 while crossing the border into the US from
Canada. Agents claim to have seen the offending content, then shut down
the computer. When they tried to access the images after Boucher's
arrest, they were unable to because of his PGP program.
http://news.cnet.com/8301-13578_3-10...8.html?tag=pop
http://www.theregister.co.uk/2009/03...ssword_ruling/
http://www.wcax.com/Global/story.asp?S=9909241
[Editor's Note (Liston): It's interesting that by lowering the standard
from "give us your passwords" to "decrypt the drive" that the DOJ was
able was able to win on appeal. I'm not sure how the difference in
approach actually affects the Fifth Amendment issue.
(Weatherford): "But your Honor, I really did forget the password."]


Technically what are they going to do pull your finger nails out?

xor

Re: Fifth amendment won't protect your password says federal court

Ah, I should have read the original article as that bit is quite important. In crossing the border, I agree to be searched as a condition of entry. If the officer finds something, or begins to find something, I have given up my right to call it an illegal search. The court seems to have taken this a step further and is claiming that I have also agreed to aid them in their search and cannot take back this right, either.

Does anybody know what the consequences are of refusing a search as a United States citizen? Are you detained or turned back? Your government wouldn't lock you out of your country, would they?

Well that's the real issue and why everyone is suggesting that the accused claim ignorance.

Re: Fifth amendment won't protect your password says federal court

Judges can hold people in contempt of court for anything, and drop you in jail.

Just ask Greg Anderson:
url1:
url2:
While in jail, you may not be so concerned about what might be pulled out (like nails), so much as what might be stabbed, shoved, cut, sliced, or bluntly bashed, *in*.

Of course, your mileage may vary.

Contempt of court is a dangerous thing, as your "victim", judge, jury and executioner of task are one in the same. You are, "guilty," until you obey and conform or the judge changes their mind.

Re: Fifth amendment won't protect your password says federal court

So is contempt forever or are there limits? Since sex crimes carry a virtual life sentence in the case of the alleged sex offender wouldn't you hold out. I also wonder if they made a copy of the hard drive. Technically one could wait long enough to be assured a hardware failure. Stranger things have happened.

xor

Re: Fifth amendment won't protect your password says federal court

There are limits, although it varies by the state, court, etc.

Re: Fifth amendment won't protect your password says federal court

Images of disks are supposed to be created, so that the original evidence remains unaltered, with no tampering. Failure to do this risks cases being tossed out for many reasons. One of which would be that the defense doesn't have access to the same unaltered evidence as was collected at the hypothetical crime scene.

This allows reference images to be manipulated and altered, and for files to be un-deleted when possible, in the image and with multi-pass scanning, examine a history of past writes all without altering the original evidence.

As for a question on this procedure being followed as policy each and every time? One of the first things many small law enforcement departments seem to cut in a failing economy is their computer crimes division, and investigators of crimes related to technology. With less skilled people doing this work, or skilled people who are over-worked doing this work, the chances for mistakes increases.
With fewer people to investigate and enforce computer crime-based laws at the local level, a computer criminals may get away with crimes more often than before unless their crimes draw the attention of a larger law enforcement department that shares jurisdiction over the same space. (State police, or the feds.)

Re: Fifth amendment won't protect your password says federal court

I think personally that the US government has way over stepped its boundaries and needs to take a few steps back.

Re: Fifth amendment won't protect your password says federal court

We have a "no politics" rule on the forums because of problems associated with it. We have made an exception to allow discussion of laws and side-effects, or security problems related to laws, or how laws can impact security research and protecting data.

If you wish to take part in the discussion of risks associated with laws, feel free to join the thread, but advocating a direction for a government, criticizing a policy outside its relation to security and without constructive suggestions, and simple opinion risks moving this discussion into the "too political" space.

We have an on-going discussion on "what is too political" where we try to help people understand what we want to avoid:
What is too political?

The concession among mods to even allow discussion of laws, security risks, risks to research, and privacy, and work in the security field is a fragile one. Many mods believe it is not possible for us to walk this narrow line, and they may be right. If I lose this argument, we'll end up going back to the old rules with an absolute enforcement of "no politics" :-/