Announcement

Collapse
No announcement yet.

Fifth amendment won't protect your password says federal court

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fifth amendment won't protect your password says federal court

    http://arstechnica.com/tech-policy/n...-passwords.ars

    So here's a new question... say you employed steganography, gave them the password, and they decrypted a seemingly benign filesystem.

    If they asked you if there were additional filesystems at deeper steganographic layers, could you plead the fifth?
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]

  • #2
    Re: Fifth amendment won't protect your password says federal court

    This sounds like they are trying to say that your password is not something incriminating thus you can't refuse to enter it. The information it encrypts may be bad for your case but it's not like you're sitting there manually decrypting the files, in which case your 5th amendment rights probably would protect you.

    If you thought of it from the point of view that entering a key is a part of decrypting the files then the act would be equal to him testifying against himself by producing self incriminating evidence. Although this all is just a guess, I'm only really knowledgeable about the 4th.

    Comment


    • #3
      Re: Fifth amendment won't protect your password says federal court

      Rather than pleading the fifth,, wouldn't the first reaction to a question of contents on an encrypted drive be plausible deniability? Granted, deniability of knowledge of the contents, or the encrypted volume itself would depend greatly on the encryption method. However, regardless of method or level of encryption, though it may be unlikely it is not entirely impossible that the owner of the machine in question does not possess the password or key file. Regardless of how questionable the content, be it a backup of a dvd that may be illegal to possess in a certain country when inspected at a border crossing, or hiding porn from the wife, proper encryption is always a good idea, even for data that my be perfectly legal to have, but may be misconstrued by an inspecting party.
      "You have cubed asscheeks?"... "Do you not?"

      Comment


      • #4
        Re: Fifth amendment won't protect your password says federal court

        heh... i wonder what would happen if after all this time in jail, etc. the man just claims that he forgot it.

        actually, THAT would be a wickedly cool crypto algorithm... something that rotates keys or otherwise changes itself automatically every so often, and unless you decrypt the drive at a pre-determined interval to "reset the clock" it will eventually just lock forever.

        inconvenient, yes, but interesting none the less.
        "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
        - Trent Reznor

        Comment


        • #5
          Re: Fifth amendment won't protect your password says federal court

          Originally posted by Deviant Ollam View Post
          heh... i wonder what would happen if after all this time in jail, etc. the man just claims that he forgot it.

          actually, THAT would be a wickedly cool crypto algorithm... something that rotates keys or otherwise changes itself automatically every so often, and unless you decrypt the drive at a pre-determined interval to "reset the clock" it will eventually just lock forever.

          inconvenient, yes, but interesting none the less.
          Yeah, I like that idea, maybe it should do it every 108 minutes and you'd have to enter in 4, 8, 15, 16, 23, & 42.
          A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

          Comment


          • #6
            Re: Fifth amendment won't protect your password says federal court

            Originally posted by Deviant Ollam View Post
            actually, THAT would be a wickedly cool crypto algorithm... something that rotates keys or otherwise changes itself automatically every so often, and unless you decrypt the drive at a pre-determined interval to "reset the clock" it will eventually just lock forever.
            That's simply a crypto version of a deadman's switch. I assumed that it was already present, but a brief search doesn't reveal such a feature.

            If we assume that the authorities are not going to power on your system (so no cron jobs, custom software, or trusted clock source) and instead rely on a copy of the disk image, then how might one implement such a system? The only solutions I can come up with are inconvenient in that you would lose access anytime you had an unplanned system outage. (And if that's the case, you may as well just encrypt your disk image in RAM.)

            (I am assuming here that the authorities take you and your system at roughly the same time. There is no issue if you can assume a delay between capture of the person and then, at a later time, the equipment.)

            Comment


            • #7
              Re: Fifth amendment won't protect your password says federal court

              You guys aren't reading your SAN's News Bites tisk tisk :-)

              --Judge Says Man Must Decrypt Drive
              (February 26 & March 3, 2009)
              A federal judge has ruled that a man suspected of having child
              pornography on an encrypted drive on his laptop computer is not
              protected by the Fifth Amendment. US District Judge William Sessions
              ruled that Sebastien Boucher surrendered those rights when he allowed
              his laptop to be searched the first time, and ordered Boucher to provide
              the court with an unencrypted version of the drive in question. The
              ruling reverses an earlier decision in which a judge ruled that Boucher
              was protected from incriminating himself under the Fifth Amendment. The
              original request from the US department of Justice had been to make
              Boucher surrender his encryption passwords; the appeal asked only that
              he decrypt the drive in view of the grand jury. Boucher's laptop was
              searched in December 2006 while crossing the border into the US from
              Canada. Agents claim to have seen the offending content, then shut down
              the computer. When they tried to access the images after Boucher's
              arrest, they were unable to because of his PGP program.
              http://news.cnet.com/8301-13578_3-10...8.html?tag=pop
              http://www.theregister.co.uk/2009/03...ssword_ruling/
              http://www.wcax.com/Global/story.asp?S=9909241
              [Editor's Note (Liston): It's interesting that by lowering the standard
              from "give us your passwords" to "decrypt the drive" that the DOJ was
              able was able to win on appeal. I'm not sure how the difference in
              approach actually affects the Fifth Amendment issue.
              (Weatherford): "But your Honor, I really did forget the password."]


              Technically what are they going to do pull your finger nails out?

              xor
              Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

              Comment


              • #8
                Re: Fifth amendment won't protect your password says federal court

                Originally posted by xor View Post
                Sebastien Boucher surrendered those rights when he allowed
                his laptop to be searched the first time
                Ah, I should have read the original article as that bit is quite important. In crossing the border, I agree to be searched as a condition of entry. If the officer finds something, or begins to find something, I have given up my right to call it an illegal search. The court seems to have taken this a step further and is claiming that I have also agreed to aid them in their search and cannot take back this right, either.

                Does anybody know what the consequences are of refusing a search as a United States citizen? Are you detained or turned back? Your government wouldn't lock you out of your country, would they?

                Originally posted by xor View Post
                Technically what are they going to do pull your finger nails out?
                Well that's the real issue and why everyone is suggesting that the accused claim ignorance.

                Comment


                • #9
                  Re: Fifth amendment won't protect your password says federal court

                  Originally posted by xor View Post
                  Technically what are they going to do pull your finger nails out?
                  Judges can hold people in contempt of court for anything, and drop you in jail.

                  Just ask Greg Anderson:
                  url1:
                  Originally posted by url1
                  ... Anderson has long refused to cooperate with the government and spent a year in jail for refusing to testify at Bonds’s grand jury.
                  url2:
                  Originally posted by url2
                  By not testifying, Anderson runs the risk of being sent back to prison.
                  While in jail, you may not be so concerned about what might be pulled out (like nails), so much as what might be stabbed, shoved, cut, sliced, or bluntly bashed, *in*.

                  Of course, your mileage may vary.

                  Contempt of court is a dangerous thing, as your "victim", judge, jury and executioner of task are one in the same. You are, "guilty," until you obey and conform or the judge changes their mind.

                  Comment


                  • #10
                    Re: Fifth amendment won't protect your password says federal court

                    Originally posted by TheCotMan View Post
                    Contempt of court is a dangerous thing, as your "victim", judge, jury and executioner of task are one in the same. You are, "guilty," until you obey and conform or the judge changes their mind.
                    So is contempt forever or are there limits? Since sex crimes carry a virtual life sentence in the case of the alleged sex offender wouldn't you hold out. I also wonder if they made a copy of the hard drive. Technically one could wait long enough to be assured a hardware failure. Stranger things have happened.

                    xor
                    Last edited by xor; March 3, 2009, 19:00.
                    Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                    Comment


                    • #11
                      Re: Fifth amendment won't protect your password says federal court

                      Originally posted by xor View Post
                      So is contempt forever or are there limits? Since sex crimes carry a virtual life sentence in the case of the alleged sex offender wouldn't you hold out. I also wonder if they made a copy of the hard drive. Technically one could wait long enough to be assured a hardware failure. Stranger things have happened.

                      xor
                      There are limits, although it varies by the state, court, etc.
                      Thorn
                      "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                      Comment


                      • #12
                        Re: Fifth amendment won't protect your password says federal court

                        Originally posted by xor View Post
                        wonder if they made a copy of the hard drive. Technically one could wait long enough to be assured a hardware failure.
                        Images of disks are supposed to be created, so that the original evidence remains unaltered, with no tampering. Failure to do this risks cases being tossed out for many reasons. One of which would be that the defense doesn't have access to the same unaltered evidence as was collected at the hypothetical crime scene.

                        This allows reference images to be manipulated and altered, and for files to be un-deleted when possible, in the image and with multi-pass scanning, examine a history of past writes all without altering the original evidence.

                        As for a question on this procedure being followed as policy each and every time? One of the first things many small law enforcement departments seem to cut in a failing economy is their computer crimes division, and investigators of crimes related to technology. With less skilled people doing this work, or skilled people who are over-worked doing this work, the chances for mistakes increases.
                        With fewer people to investigate and enforce computer crime-based laws at the local level, a computer criminals may get away with crimes more often than before unless their crimes draw the attention of a larger law enforcement department that shares jurisdiction over the same space. (State police, or the feds.)
                        Last edited by TheCotMan; March 3, 2009, 19:20.

                        Comment


                        • #13
                          Re: Fifth amendment won't protect your password says federal court

                          I think personally that the US government has way over stepped its boundaries and needs to take a few steps back.

                          Comment


                          • #14
                            Re: Fifth amendment won't protect your password says federal court

                            Originally posted by midnightloner View Post
                            I think personally that the US government has way over stepped its boundaries and needs to take a few steps back.
                            We have a "no politics" rule on the forums because of problems associated with it. We have made an exception to allow discussion of laws and side-effects, or security problems related to laws, or how laws can impact security research and protecting data.

                            If you wish to take part in the discussion of risks associated with laws, feel free to join the thread, but advocating a direction for a government, criticizing a policy outside its relation to security and without constructive suggestions, and simple opinion risks moving this discussion into the "too political" space.

                            We have an on-going discussion on "what is too political" where we try to help people understand what we want to avoid:
                            What is too political?

                            The concession among mods to even allow discussion of laws, security risks, risks to research, and privacy, and work in the security field is a fragile one. Many mods believe it is not possible for us to walk this narrow line, and they may be right. If I lose this argument, we'll end up going back to the old rules with an absolute enforcement of "no politics" :-/

                            Comment

                            Working...
                            X