Forgot your password?
typodupeerror
Security The Courts Your Rights Online

DOJ: We Can Force You To Decrypt That Laptop 887

Posted by samzenpus
from the show-us-everything dept.
betterunixthanunix writes "A mortgage-fraud case may have widespread implications for criminals who use cryptography to hide evidence. The US Department of Justice is pushing for the defendant to be forced to decrypt her hard drive, claiming that if they cannot force such decryptions, law enforcement will be unable to gather important evidence. The defendant's lawyer and the Electronic Frontier Foundation have made the claim that forcing such a decryption would be a violation of the defendant's fifth amendment right not to self-incriminate. The prosecutor in the case has insisted that the defendant would not be forced to disclose her passphrase, but only to enter the passphrase into a computer to decrypt the drive."
This discussion has been archived. No new comments can be posted.

DOJ: We Can Force You To Decrypt That Laptop

Comments Filter:
  • I don't recall... (Score:3, Insightful)

    by Anonymous Coward on Monday July 11, 2011 @11:52AM (#36721234)

    "I'm sorry, but I don't recall my passphrase. I guess the stress of this case has made me forget it!"

    If it works for the DoJ it should work for us...

  • by TheGratefulNet (143330) on Monday July 11, 2011 @11:52AM (#36721236)

    hey, if you did something wrong and would be going to jail, why the hell help them even more? either way you go to jail, right?

    they won't KILL you if you don't unlock your encr. stream. they will lock you up either way.

    so don't give it to them. you cannot be forced to hang yourself.

    fuck the DOJ.

  • Unfortunately.... (Score:5, Insightful)

    by LordLimecat (1103839) on Monday July 11, 2011 @11:54AM (#36721262)

    From TFA:

    Much of the discussion has been about what analogy comes closest. Prosecutors tend to view PGP passphrases as akin to someone possessing a key to a safe filled with incriminating documents. That person can, in general, be legally compelled to hand over the key. Other examples include the U.S. Supreme Court saying that defendants can be forced to provide fingerprints, blood samples, or voice recordings.

    That sounds like a rather spot on analogy. Sounds like precedent is against her. The argument that the passphrase, itself, is the incriminating self-testimony seems really weak, both because the passphrase is not being required, and because the passphrase is not, in the end, what will incriminate her.

    IANAL, of course.

  • by FoolishOwl (1698506) on Monday July 11, 2011 @11:55AM (#36721278) Journal

    I am no lawyer, but the argument that this is a fifth amendment issue seems strong to me.

    How is allowing the defendant to keep the password private a meaningful concession? The password has no value if the hard drive has been decrypted.

  • by zooblethorpe (686757) on Monday July 11, 2011 @11:55AM (#36721288)

    The prosecutor in the case has insisted that the defendant would not be forced to disclose her passphrase, but only to enter the passphrase into a computer to decrypt the drive."

    That would still seem to violate the 5th amendment. The relevant text is bolded below:

    No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.

    Anyone of more legal background care to comment?

    Cheers,

  • by TheGratefulNet (143330) on Monday July 11, 2011 @11:56AM (#36721296)

    obstruction of justice.

    probably that's what they'd say.

    but which would you rather 'deal with' - that or the fact that they successfully stole your soul? so to speak. forcing someone to unlock their most private journal is a sign of an evil state.

    I am under no obligation to comply with the illegal and unconstitutional wishes of evil leaders or states.

    but you may have hit on something: if they raise the anty and sell the idea to the public that they are now 'forced' to unlock their journals, I do expect to see more 'destroy on tamper' seals on things.

    tit for tat. hey gov, you really want to fight your own people in this way? re-think that, guys. this is not a fight you want with the geek population. we actually outnumber you!

  • Torture anyone? (Score:3, Insightful)

    by aaaaaaargh! (1150173) on Monday July 11, 2011 @11:57AM (#36721310)

    Why do US authorities not just torture people to get the information they need? Wouldn't that be more effective and convenient?

    Oh wait...they already did in Abu Ghraib and Guantanamo...

  • Papers and effects (Score:5, Insightful)

    by Compaqt (1758360) on Monday July 11, 2011 @11:59AM (#36721340) Homepage

    Whoever said that you have to arrange your papers and effects in such a way that the government can understand it?

    Does this also apply to paper documents?

    Are you not allowed to write your thoughts in a coded manner?

    Is it also OK to use euphemisms in your diary?

    Is it the government's position that you also have to interpret your diary for the prosecution?

  • by Dan667 (564390) on Monday July 11, 2011 @12:00PM (#36721362)
    sounds like the best course of action is to say you forgot your passphrase. Problem solved.
  • by Skapare (16644) on Monday July 11, 2011 @12:06PM (#36721462) Homepage
    That's what the 5th Amendment is about ... you don't have to do their work for them.
  • by Nerdfest (867930) on Monday July 11, 2011 @12:15PM (#36721590)
    You shouldn't need to be forced to clear yourself either.
  • by betterunixthanunix (980855) on Monday July 11, 2011 @12:24PM (#36721778)

    The thing about encryption is that it isn't so much a "safe", it's more analogous to a private citizen having their own moon on which to store valuables.

    It is more akin to speaking and writing everything in your own private language, and forcing the police to determine how to translate that language.

  • by xded (1046894) on Monday July 11, 2011 @12:26PM (#36721836)
    Or you may use a plausible deniability [truecrypt.org] system. But in doing that you may want to be reasonably sure that no data leaks [truecrypt.org] exist, or you may find yourself in an even worse position.
  • by chipwich (131556) on Monday July 11, 2011 @12:30PM (#36721878)
    No. Your analogy is part of the problem. The DOJ and Feds have subverted the concept of innocent until proven guilty into If you're not doing anything wrong, then you shouldn't have anything to hide.

    By setting up your analogy with the statement that there is a dead body in the trunk, you've already presumed guilt, nothing any civilized society should be doing.

    What kind of a crime can be committed where the only access to incriminating evidence lies in the mind of the accused? We're entering a dangerous era of thought-crime. Why doesn't the DOJ just apply some random permutation on the data so that it generates some unrelated and arbitrary but incriminating documents?


    TL;DR - Law enforcement should either do better detective work to find evidence without relying on the accused to provide it, or save taxpayer money, cut the whole "democracy" shenanigans, and just use false or forced confessions.
  • by Anonymous Coward on Monday July 11, 2011 @12:31PM (#36721906)
    Geeks tend to think that logical technicalities will work in the legal system. In reality, they tend not to.

    A judge will look at the logic, the evidence, and your reputation/disposition and make a judgment about how credible your explanation really is. If this is some old encrypted file you haven't accessed in years, the judge will probably give you the benefit of the doubt. If you've had a documented injury and medical witnesses testify that memory loss is common in such cases, the judge will not impose sanctions on you. But if this is an encrypted volume that you clearly accessed frequently, and had every intention of accessing in the future, the judge will likely not be persuaded into believing that conveniently you forgot the password for no particular reason. Your story will be even less credible if you're a nerd or geek who has a reputation for paying attention to details, remembering minutia, and setting up a properly secured system. It is simply not credible to claim that you forgot the password (without a good explanation). It's possible, conceivable... but not likely and certainly not an iron-clad defense.

    Judges do not take kindly to BS explanations, and will probably find you to be in contempt of the court.

    I'm not saying that this is right or how the law ought to be. I'm just saying that thinking up conceivable excuses is a far cry, in our modern legal system, from actually evading a court request.
  • by haystor (102186) on Monday July 11, 2011 @12:42PM (#36722138)

    If only judges dealing with lying politicians took the same dim view. The "I don't recall" defense works particularly well for politicians, even under oath.

  • Contempt of Court (Score:5, Insightful)

    by bsDaemon (87307) on Monday July 11, 2011 @12:52PM (#36722304)

    I hope the defendant doesn't give in. Personally, I'd rather sit in jail on contempt of court charges than go to big boy prison for whatever the state were investigating me for. At least with the contempt of court charges, I run the chance of becoming a cause celeb for standing up for principles, which is way better than being convicted of a crime.

    I got into an argument about this very case with my (non-American) girlfriend the other day. She honestly doesn't get the fifth amendment and assumes that anyone who invokes it is basically admitting guilt, which isn't the case. She's from central America. You would think that people down in that part of the world would have some recent memory of unjust laws. Just because something is the law, doesn't make it right, and it is better for all of us that we keep the fifth amendment intact for cases when the law is not just than to violate it just so that someone can get convicted of fraud, murder or anything else.

  • by Znork (31774) on Monday July 11, 2011 @12:54PM (#36722340)

    According to TFA, yes, you can be obliged to hand over the key.

    With regards to encryption it's an old problem that's solved by using multiple pass keys; the one you hand over decrypts something reasonably embarrassing like your tranny porn collection, while the real key decrypts the actual material you want to hide.

    So trying to force people into divulging encryption keys is just asinine; it will merely lead to widespread adoption of readily available methods to defeat it while failing to accomplish the desired goal.

  • by zill (1690130) on Monday July 11, 2011 @01:06PM (#36722574)
    A little known fact about encryption is that it's impossible to prove which password is "correct" unless checksums are used. For example, ASE-256 uses a key length of 256 bits, which means there are 2^256 or 1.15792089×10^77 possible keys. Given any encrypted file, there are 1.15792089×10^77 ways of decrypting it. Depending on the password, it might come out as the complete works William Shakespeare, child pornography, complete gibberish, or your original files. As long as checksums are not embedded in the encryption system, it's impossible to prove that you provided a "wrong" password.

    If suspected evidence is locked in safe, the suspect can be forced to divulge the combination of the safe. This is not violation of the 5th amendment because it is the contents of the safe that is incriminatory; there is nothing discriminating about the combination of the safe itself. Whether you divulge the combination of not, the contents of the safe and whether it is incriminating evidence or not, does not change.

    However the situation is completely different with encryption. Depending on which key you provide, the outcome of the decryption could be literally anything, as demonstrated above. The password itself, then, becomes the incriminating evidence, which is why passwords should fall under the protection of the 5th amendment.

    Digital encryption is still a relatively new technology so I don't blame the judges and lawmakers for not understanding this. Hopefully these technically incorrect key disclosure laws will be repealed.
  • by element-o.p. (939033) on Monday July 11, 2011 @01:24PM (#36722968) Homepage

    ...and yes, once he had a warrant he could compel you to type in your password, in the same way he could compel you to open your safe.

    Well...that's still to be determined by the courts.

  • by s73v3r (963317) <s73v3rNO@SPAMgmail.com> on Monday July 11, 2011 @01:31PM (#36723130)

    The Fifth Amendment wouldn't stop you from the contents of a safe for which a search warrant was obtained, so I don't see why it would be any different for an encrypted drive.

    Remember, you're not being asked to incriminate yourself. You're being asked to produce an unencrypted version of a drive that is already known to exist, just like you would be asked to provide the contents of a safe that is known to exist. How you actually go about doing this (letting the DOJ crack open the safe, or giving them the password) is irrelevant.

  • by VGPowerlord (621254) on Monday July 11, 2011 @01:33PM (#36723162)

    In addition to what anyGould said, pleading the fifth will likely be used against you in court.

    I probably don't need to mention that pleading the fifth makes you look guilty as hell.

Karl's version of Parkinson's Law: Work expands to exceed the time alloted it.

Working...