Forgot your password?
typodupeerror
Encryption Privacy The Courts Your Rights Online

Defendant Ordered To Decrypt Laptop Claims She Had Forgotten Password 1009

Posted by Unknown Lamer
from the war-on-alzheimer's-patients dept.
wiedzmin writes "A Colorado woman that was ordered by a federal judge to decrypt her laptop hard-drive for police last month, appears to have forgotten her password. If she does not remember the password by month's end, as ordered, she could be held in contempt and jailed until she complies. It appears that bad memory is now a federal offense." The article clarifies that her lawyer stated she may have forgotten the password; they haven't offered that as a defense in court yet.
This discussion has been archived. No new comments can be posted.

Defendant Ordered To Decrypt Laptop Claims She Had Forgotten Password

Comments Filter:
  • by parshimers (1416291) on Tuesday February 07, 2012 @04:32AM (#38950699)

    she revealed that she, and only she, knew the password to the hard drive over the phone. so her claims she "forgot" are not very plausible. if she hadn't done that, i seriously doubt she would be in this predicament.

  • by jcr (53032) <{moc.cam} {ta} {rcj}> on Tuesday February 07, 2012 @04:53AM (#38950805) Journal

    They'd just drill the safe. If you'd hidden the safe and they couldn't find it, they can't legally compel you to say anything that might help them convict you.

    -jcr

  • Would be plausible (Score:5, Informative)

    by gweihir (88907) on Tuesday February 07, 2012 @05:12AM (#38950919)

    The laptop was seized in 2010, the order to decrypt is from 2012. I have passwords long enough that I will have trouble remembering them after 2-3 months of not using them. (Happens very rarely.) Not using them for over a year could well make me unable to remember them at all. So I would consider this a real possibility. Not absolute certain, of course, but credible enough that asserting she does still know the password after not having used it for this long would be an unfair disadvantage to her, as she fundamentally cannot prove she does not remember it.

    Now the way around this for future cases is key-escrow or requiring everybody to write down their passwords, with the attached huge negative effects. In any sane legislation you can just refuse to give a password. I am amazed that in the self-proclaimed "land of the free" this does not seem to be the case and hope this will just turn out to be a judge that does not understand the issue and will get fixed permanently by a higher court.

  • by Totenglocke (1291680) on Tuesday February 07, 2012 @05:35AM (#38951037)

    Goddammit, I'm undoing my mods to post this since you're just blatantly misinformed - and I know you're not the only one. With the exception of a few highly restrictive states like California, New York, New Jersey, Massachusetts, Illinois, and the non-state of D.C., you can own pretty much anything you want (though due to the Hughes amendment, machine guns must be made prior to 1986). It's a common misconception that silencers, real assault rifles (meaning that you can select between semi-auto and full auto and / or burst fire), machine guns, explosives, rocket launchers, etc are illegal in the US. They're not, you simply have to jump through some hoops to get them, but if you can legally buy a gun, you can legally obtain an NFA (read: restricted) item just fine. It just requires more paperwork, a $200 fee to the ATF for a tax stamp certifying that you legally own the item, and waiting a few months for the ATF to drag their feet on processing the paperwork. Silencers are pretty cheap even - it depends on the caliber, but $800 is a pretty common price. Machine gun prices / real assault rifle prices are artificially inflated by the government though due to the post-1986 ban so a gun that should cost about $2,000 will end up costing more like $15,000 due to the artificial scarcity. Hopefully we can get that fixed one of these days....

    Oh, as for "No one sane is going to take on anything with a semi-automatic rifle", the majority of the time the military doesn't even flip their rifles (well, usually carbines to be exact) to burst fire / full auto because it's very hard to control and you burn through your ammo a lot faster without being more effective. As for US citizens being able to fight back against the military? The US military has roughly 3 million soldiers (this counts desk jockeys and members of the reserve as well as the coast guard and national guard) and we'll round up and say 1 million police officers / federal agents (again, counting desk jockeys). The LOW estimate for the number of gun owners in the US is 40 million people with about 90 guns in private hands per 100 people in the country (that includes children), so not only is there a large abundance of weapons and ammo in private hands, but private citizens who own guns outnumber the police and military by around 10 to 1. Sure, they have tanks and bombers, but unless they REALLY wanted to destroy their own infrastructure and a lot of non-combatants on their own side, they wouldn't use them (because even if they won, the country would be totally FUBAR'd for decades).

    Note: I'm not promoting or hoping for any conflict between citizens and the military - merely stating some facts regarding the number of people on each side (assuming gun owners all sided together) and how well equipped they are.

  • by mosb1000 (710161) <mosb1000@mac.com> on Tuesday February 07, 2012 @05:48AM (#38951111)

    No, if they could prove that you knew the password, you could be held in contempt. When you are in court, you are required to present requested evidence. For example, if they know you have the body, you can be compelled to present it. Of course, if they knew you had it, that'd mean they knew where it was, so they wouldn't need to ask for it.

    A better analogy would be legal documents which were lost. They knew you had them at one time, but how can they really prove you still have them? Obviously, you can't produce something if you are no longer in possession of it, and they can't hold you in contempt for that.

  • Re:Obligatory (Score:1, Informative)

    by Anonymous Coward on Tuesday February 07, 2012 @07:27AM (#38951705)

    You'd be surprised how much the anus will stretch. Unless you've seen goatse, but then you'd already know.

  • by FictionPimp (712802) on Tuesday February 07, 2012 @08:39AM (#38952119) Homepage

    We encrypted our employee laptops with truecrypt. The passwords where 10 character and phonetic. I wrote a small database program that allowed us to keep the recovery iso and the password stored for every laptop in case of a problem. We also required them to physically see us to get their password if it was lost.

    After about 6 months of constant streams of people coming in to get their password, suddenly people stopped asking. A week later we started finding passwords taped to the bottom of every laptop we were servicing.

    So in a nut shell 300 people can't remember passwords that are not their wives names, birth dates, or the name of a pet.

  • by shakah (78118) on Tuesday February 07, 2012 @09:11AM (#38952369)

    If they want to detain me, they can use whatever excuse to detain me.

    No, they can't.

    Well, the hazy area that's been with us over the past 10 years or so has been clarified (in case you missed it): http://compliancecampaign.wordpress.com/2012/01/24/u-s-slammed-on-indefinite-detention-torture-and-censorship/ [wordpress.com]

    The justice system may not be perfect, but however much people here bleat about the Western world being run by the SS, it isn't. We have the rule of law...

    That "National Defense Authorization Act" establishes (to parody http://en.wikipedia.org/wiki/Legal_formalism [wikipedia.org]) is a "government of men, not of laws", insofar as a single person (POTUS) can now indefinitely detain any person for any length of time, without review.

  • Re:Use USB dongles! (Score:2, Informative)

    by Anonymous Coward on Tuesday February 07, 2012 @11:27AM (#38954233)

    A solution by someone who has obviously never dealt with the service of a search warrant.

    I spent years as a technical analyst on law enforcement teams dealing with forensics and high tech investigations. I spent considerable time in the lab pouring over forensic data as well as on-site during warrants. So let me explain how these things work.

    In my time doing it, there was only one very common reaction to seeing a gaggle of armed officers and agents at the door - a look of utter confusion and shock. Sometimes there were bodily fluids. In the most rare cases, there were trifectas of the major orifices going all at once. Do not underestimate the gravity of the situation or the reaction of having to face down between 10 and 20 armed men first thing in the morning. No suspect I ever witnessed mustered the intestinal fortitude to play hide-the-evidence or any other games related to it. Some of my investigations were some of the biggest internet tough guys you would think you ever met. You know the guys, "I've got thermite just ready to go if the cops ever some through my door" or "I'm encrypted so well no one will ever get past it". Some of these guys were the first to soil themselves. And the only thermite I ever saw was on training demos.

    But back to the point at hand. The execution of a search warrant is nothing if not systematic. If you are dealing with experienced computer crimes investigators, you will see a very well written and thorough warrant that authorizes the seizure of anything even remotely related to a computer. If your toaster is running some flavor of linux, it will be identified and taken.

    The officers and agents will go through every pocket in every item in every drawer in every dresser and look for the evidence authorized by the court. If it's related to the case, and it's on the warrant, it gets bagged, tagged, and taken. Old USB sticks aren't even second guessed - they're bagged. I've taken old floppies (5 1/4, and larger) when authorized. If there's a suspicion you're running encryption, we may image on site - especially if your system is on and open. But even then, we have methods of seizing a running computer and imaging back at the lab if necessary.

    Once we have everything, it'll go back to the lab. There it will be forensically imaged and the original evidence locked in the evidence locker. Depending on the case and what you've done, we may have old or damaged media taken for clean room recovery and imaging.

    Once the data is compiled, we will begin analysis. Not only are we going to do a the standard stuff, like recovering deleted files, carving for file fragments, doing file signature analysis, keyword searching, and other tests - again based on the limits set forth in the warrant, we'll begin to look for other signs of evidence. Funny enough, it's very rare we have to go too deep. Most suspects have the evidence right out in the open - at least enough to send to the grand jury. But as we dig deeper, we'll begin to look at devices that were connected to the operating system. We'll match up the devices in our possession with the ones recorded by the os. We'll look for behavioral patterns of file movements from the OS to the device and then back. We'll look for traces of programs and files that may be executable.

    If we find encrypted containers, we'll attempt to identify pedigree based on the container contents. Then we'll attack it. We will sometimes use brute force and dictionary attacks, but often times people do stupid things. At some point, they may have written down their password somewhere on paper or even on the system. We'll generate a wordlist from all the media available and use that to attack the system. And you would be surprised how successful that can be.

    But the ones I love are when people go through the trouble of encrypting their data using something like truecrypt or pgp, and they use a monster of a passphrase following all the rules and best practices. They have a passphrase that would take eons

  • Re:5th Amendment? (Score:4, Informative)

    by Myopic (18616) * on Tuesday February 07, 2012 @12:45PM (#38955357)

    Explain which part of that you think is being infringed.

    * She isn't testifying in court, so she is not a witness against herself
    * Any life, liberty, or property of which she is deprived is explicitly by due process of law
    * Her property is not being taken for public use

    I think the problem might be that you don't understand your rights. You should read up! Your rights are very important, and you should understand them.

"And do you think (fop that I am) that I could be the Scarlet Pumpernickel?" -- Looney Tunes, The Scarlet Pumpernickel (1950, Chuck Jones)

Working...