Forgot your password?
typodupeerror
Encryption Privacy The Courts Your Rights Online

Defendant Ordered To Decrypt Laptop Claims She Had Forgotten Password 1009

Posted by Unknown Lamer
from the war-on-alzheimer's-patients dept.
wiedzmin writes "A Colorado woman that was ordered by a federal judge to decrypt her laptop hard-drive for police last month, appears to have forgotten her password. If she does not remember the password by month's end, as ordered, she could be held in contempt and jailed until she complies. It appears that bad memory is now a federal offense." The article clarifies that her lawyer stated she may have forgotten the password; they haven't offered that as a defense in court yet.
This discussion has been archived. No new comments can be posted.

Defendant Ordered To Decrypt Laptop Claims She Had Forgotten Password

Comments Filter:
  • What if... (Score:5, Interesting)

    by bgibby9 (614547) on Tuesday February 07, 2012 @04:15AM (#38950607) Homepage
    she honestly can't remember the password. How the hell are they going to rule on that???
  • Stare Decisis IANAL (Score:5, Interesting)

    by gd2shoe (747932) on Tuesday February 07, 2012 @04:21AM (#38950637) Journal

    Let me ask this (and display my ignorance): If I had a safe and a judge ordered it opened, and I claimed I'd lost the key, would I be held in contempt? Or would it just be forced open? Would this ever see the courtroom at all? Can lawful seizure require active participation of the accused?

    If I claim to no longer be in possession of a piece of evidence, and don't know were it is, could I be held in contempt? Couldn't I plead the fifth? "You want to convict me? You go find it."

    I'm trying to figure out the stare decisis on this topic (equal and consistent application of the law). It just seems so darn inconsistent.

  • by Taco Cowboy (5327) on Tuesday February 07, 2012 @04:26AM (#38950659) Journal

    One file is encrypted

    The other one in plain text

    If the cops / FBI / or whoever wants to confiscate my HD, the clues on how to decrypt that file is in the plain text file

    But there is a catch --- Inside the plain text file I have a brief description and ten (10) urls, which are are links to online password generators.

    And the brief description is as followed:

    "Passkey is constructed from randomized password obtained from the below 10 urls, have a nice day !"

    I did that to protect myself.

    1. No matter what the judge ordered me to do, I point to that plain text file

    2. I know I can never convince anyone that I forgot the passkey, so I won't tell them that. But I still have an escape clause --I simply can't remember a passkey which was made up from 10 randomized password generator by 10 different online password generators

  • Re:What if... (Score:5, Interesting)

    by AmiMoJo (196126) <mojoNO@SPAMworld3.net> on Tuesday February 07, 2012 @04:31AM (#38950693) Homepage

    In the UK it works like this: If the prosecution can show that you probably know the password then you can go to jail for up to two years for refusing to give it. The burden of proof appears to be lower than the usual "beyond reasonable doubt" that is normally required, and evidence can be highly circumstantial. For example if you decrypted the data the day before you get arrested they could say you must know it, even if you happened to wipe the key or change the password or just genuinely forgot since. Justice is slow in the UK so it could easily be 6+ months before you are even asked.

    The stupidest part is that going to jail for two years and having the conviction expire (so you no longer have to declare it when applying for a job) after a few more years is infinitely preferable to, say, going down for 20 years on terrorism or being put on the Sex Offenders Register for life. It seems almost like a conciliation prize for the police when they have failed to gather any other evidence and would otherwise have to let the suspect go.

  • Re:What if... (Score:4, Interesting)

    by gnasher719 (869701) on Tuesday February 07, 2012 @04:48AM (#38950773)

    Well, usually you're innocent until proven guilty, so I guess they'd have to proof you didn't forget and are actually withholding it.

    "Innocent until proven guilty" is all about how court cases are run. There is more than "innocent until proven guilty", there is also the fact that the police has to tell you about your rights, that they can't do illegal searches, and on the other hand that you have to cooperate in searches - which this woman is refusing to do. And there are rules what happens when someone acts against the court rules. Jurors can be jailed in extreme cases. Evidence can be thrown out. And _you_ can go to jail for "contempt of court". There are different rules applying.

    Now the fact is that this is her computer, which she used daily for the scam she was running, and which she encrypted to cover her tracks. Forgetting the password seems unlikely.

  • by Taco Cowboy (5327) on Tuesday February 07, 2012 @04:51AM (#38950789) Journal

    Well I'm glad that you released your brilliant plan on a public forum where said law enforcement agents surely wouldn't look.

    The more people set up honey-pots in their HD the more time law enforcement agents are going to waste, only to realize that they ain't gonna get anything useful

    It's a "civil disobedience" way - and since it's our HD, we can put any type of files on our HD, right?

  • by Taco Cowboy (5327) on Tuesday February 07, 2012 @04:55AM (#38950821) Journal

    Well I'm glad that you released your brilliant plan on a public forum where said law enforcement agents surely wouldn't look.

    Maybe he wants law enforcement to think those are just "honey-pots" so they don't try too hard to get at the content.

    If more people are doing that and the law enforcement agents are meeting more of HD with such files, how are they (law enforcement agents) going to know which files are honey-pots and which files have real juicy data in them ?

  • by sjames (1099) on Tuesday February 07, 2012 @05:02AM (#38950857) Homepage

    Yes, but due process includes requiring that the evidence subpoenaed exists and is under the control of the recipient. People forget things all the time. Just ask any helldesk person how frequently people forget passwords, even in cases where they have been duly informed that irrevocable data loss will result. If you've forgotten it, it is not under your control.

    There exists no way to prove or disprove a claim that a person does not currently remember something. Even the most advanced (and unproven, non-admissible) technology only claims to be able to say if a person is familiar with something they are actually presented with during the test. Even then we can't say WHY it seems familiar. Given that stress and fear are great blockers of recall, it's quite believable.

    I have no idea if the defendant REALLY can't remember the password or not. The only person who could possibly know for sure is the defendant.

  • by jholyhead (2505574) on Tuesday February 07, 2012 @05:04AM (#38950865)
    ...so if they throw her in jail for contempt, then doesn't the likelihood of her being able to remember the password decrease over the time of her incarceration, and with it, her ability to comply with the judges orders? If she rides it out for a few months, then isn't her inability to recall her password more credible? I think what this case demonstrates, is the need for a duress password. Enter it and bam. Unrecoverably locked. Then it would be for the prosecution to prove that you deliberately destroyed evidence.
  • by SharpFang (651121) on Tuesday February 07, 2012 @05:07AM (#38950887) Homepage Journal

    I wonder if the "no self-incrimination" clauses could help here.

    I am innocent of the allegations.
    But my HD contains files which might incriminate me in ways not covered by the claims of prosecution.
    By giving the password, I would open myself to prosecution on issues the prosecutor has no clue about.
    Therefore I refuse confession that would cause self-incrimination.

  • Re:By default.. (Score:5, Interesting)

    by spintriae (958955) on Tuesday February 07, 2012 @05:30AM (#38951011)
    The concept of innocent until proven guilty is widely misunderstood. It is the obligation of the jury to presume innocence. Nobody else. Not the prosecution. Not the police. Not the accuser. If it were their obligation, nobody would be charged with anything ever.
  • by gd2shoe (747932) on Tuesday February 07, 2012 @05:39AM (#38951067) Journal

    Ok, I'll approach the issue from a different direction then. Can a defendant be ordered to take the stand in any case? If the prosecutor wished to establish a timeline, could they force the defendant to testify about events surrounding the crime? Wouldn't anything the prosecutor asked potentially make the defendant "witness against himself"? Is there any question on the stand that a defendant can't plead the fifth to, because it undoubtedly would be used as testimony against him?

    Unless you can find a significant exception to the above (and explain it), how can that not extend to criminal discovery? How can someone be compelled to tell a cop where they buy their ammo? Stored their gun? Provide financial records? Can't all of that wind up in court as testimony against you? How can the fifth possibly not apply pre-trial?

    If you're still with me, how can a defendant ever be compelled to act against himself in a criminal proceeding? I can see how he might be cajoled or enticed... but court ordered? The very premise seems unconstitutional to me.

  • Re:What if... (Score:5, Interesting)

    by GryMor (88799) on Tuesday February 07, 2012 @06:03AM (#38951199)

    I don't remember any of my passwords. They are muscle memory. If I don't use them, in a week or two they are gone.

    Now consider that they took the laptop away from her, preventing her from using it...

  • by Tanuki64 (989726) on Tuesday February 07, 2012 @06:58AM (#38951537)

    Currently I don't have something, which really need encryption. However, should it ever be necessary I'd modify after each use the timestamps so it looks like the container was last accessed years ago. Within sensible limits, of course. It would be much more believable to have forgotten a password, when the last access was several month ago than when the timestamps says it was accessed last week or even yesterday.

  • by lucidlyTwisted (2371896) on Tuesday February 07, 2012 @07:22AM (#38951677)

    This wouldn't fly in the UK (under Part III of the Regulation of Investigatory Powers Act (RIPA)).
    You forgot? Tough.
    You used some honey-pot ruse like this? Tough.
    Either you give the key/passphrase to decrypt the file when requested or go to jail. End of discussion.

    Sounds like the USA is trying to bring in similar measures via precedent.

  • Re:Maybe it was ... (Score:3, Interesting)

    by raynet (51803) on Tuesday February 07, 2012 @07:36AM (#38951767) Homepage

    I wonder if you can be charged with destruction of evidence before you have been informed by the court etc that some thing you have is evidence.

  • by fearofcarpet (654438) on Tuesday February 07, 2012 @07:47AM (#38951835)

    Unfortunately The Man can trample all over your rights so long as the judicial branch agrees that the executive is following the intention of the legislative. I am curious, though, about the "smart chip" in my bank card. If I enter my PIN incorrectly three times it locks itself permanently and requires that I get a new card and a new PIN--a security feature (that prevents the banks from losing money). Assuming that The Man says I have to fork over my password--Bill of Rights be damned--if my hard drive encryption has the same "security feature" e.g., after three incorrect tries it eats the private key and renders the drive non-decryptable, can I then be charged with a crime for accidentally (which of course I can't prove) entering the wrong password three times? What if the Feds try a dictionary attack and trigger the three tries before even asking for the password? The information on the drive is completely lost, so holding me in contempt accomplishes nothing, but in the first case I "destroyed evidence" and in the second I basically conspired to destroy evidence, right? Without the evidence, they cannot convict me of the original crime, but would the sentence for destroying evidence (or obstructing justice or whatever) scale with the severity of the alleged crime?

  • by bsane (148894) on Tuesday February 07, 2012 @08:42AM (#38952141)

    The punishment for contempt is open ended, and can be whatever the judge wishes. Its already been mentioned, but here is the case of a man jailed for 15 years on contempt of court, based solely on testimony from his ex-wife: https://en.wikipedia.org/wiki/H._Beatty_Chadwick [wikipedia.org]

  • by FictionPimp (712802) on Tuesday February 07, 2012 @08:46AM (#38952177) Homepage

    You also assume that the police will always be on the side of the government. I don't care who pays me, I'm not killing my grandma!

  • by BetterSense (1398915) on Tuesday February 07, 2012 @09:10AM (#38952357)
    Actually you are wrong, in an (apparently) legally-important way.

    In all of these cases that I have seen, the court always stresses that they are NOT asking for the passphrase. They always make this very clear. They always stress that they are NOT compelling the accused to provide their passphrase, but that they are compelling the accused to provide an (allegedly existent) unencrypted copy of the (alleged) ciphertext on the hard drive.

    I don't understand the legal ramifications of asking for the passkey versus asking for the (alleged) unencrypted data, but IANAL. Maybe they think that the passkey encrypts other data besides the data they are interested in, and so asking for the passkey is a stricter requirement than asking for the plain text. I dunno.
  • by betterunixthanunix (980855) on Tuesday February 07, 2012 @09:35AM (#38952619)
    This is not a matter of "producing" the documents -- the prosecution has them, in the form of an encrypted hard drive. This is a matter of helping the prosecution decypher the documents.

    To put it another way, suppose there were only two possible documents on the hard drive, one incriminating, the other exonerating. Given only ciphertext for one of those documents, the prosecution cannot say which document was encrypted. Given ciphertext plus a passphrase, the prosecution can make a case that it was the incriminating document (assuming it was). Demanding the passphrase from the defendant is like demanding the defendant explain difficult to understand parts of the document, which is unquestionably demanding that the defendant testify against themselves.

    Oh wait, it is involves super-duper-secret-spy-stuff (cryptography) and magical computers, so we are supposed to dispense with logic and rely only on bad metaphors that help the prosecution's case. That poor, poor prosecutor, whose case is weak without violating the fifth amendment.
  • by betterunixthanunix (980855) on Tuesday February 07, 2012 @10:05AM (#38952987)

    Encryption creates perfect safes

    No it does not. This is a situation where metaphors must absolutely be avoided to protect our rights. Encrypting a document is not the same thing as putting a document in a safe; encrypting a document is encoding it so that the secret key is required for decoding. By demanding the secret key from the defendant, the prosecution is demanding that the defendant tell them how the document should be interpreted. Indeed, one only needs to examine one of the most basic security definitions -- ciphertext indistinguishability -- to see why this is the case (the prosecution cannot show that the ciphertext is an encoding of an incriminating document and not an exonerating document if the cipher meets the indistinguishability definition).

    What we are seeing is new technology being used as a justification for undoing our civil rights.

  • by Beelzebud (1361137) on Tuesday February 07, 2012 @12:41PM (#38955301)
    Or Reagan saying "I do not recall" during the Iran-Contra trial. But that was serious, so of course no one today really remembers it.

All this wheeling and dealing around, why, it isn't for money, it's for fun. Money's just the way we keep score. -- Henry Tyroon

Working...