Encryption Debate at Mitnick Trial 543
A number of people have written about the latest twist in the Mitnick case. Kevin wants to get his data back, but the government is refusing to do so until he gives them the key. Apparently, the government is unable to crack the encryption that he's got on it - you'd think after having the data for five years, they'd be able to brute-force the darn thing. It's a NYT article - free login required.
Recipe (Score:5)
Seriously now, Kevin has the right not to incriminate himself. This includes not turning over a key. This is all 5th Amendment.. the government is just trying to set a precident here so they can steam-roller it. g'luck, I have a small amount of faith that the supreme court will shoot it down.
Good encryption (Score:5)
Free Kevin(s Data)! (Score:2)
distributed.net (Score:2)
So what encryption did he use? (Score:2)
Inquiring minds want to know.
--LP
Re:What did he use? (Score:2)
http://www.cypherspace.org/~adam/timeline/
If Mitnik used a 1K or 2K keysize (not really uncommon, remember assymetrical keys have to be a lot bigger than symetrical ones), I wouldn't think the feds could crack it. Maybe NSA can but as someone else pointed out, they may not want to let that fact get revealed, even to the Justice Dept.
The federal government is not one big happy family.
A good reason to use steganography (Score:3)
I'd like to suggest a solution to this problem. Let's call it the "Redundant Distributed Network Steganographic File System", mostly because it's an acronym that can't be made into a cute name.
Now, the idea is, everyone gives up some disk space, say 0.5gb, which they make acessible on the Internet. In exchange, they get like 0.1gb of space on the RDNSFS. The filesystem LOOKS like noise, but if you have the right key, you can extract a certain amount of data from it. If you have the wrong key, you get fake data.
Now, the big problem is how to allocate space for someone without giving away that they have data out there somewhere....
Like your "right" not to take a breathalyzer (Score:2)
So the state'll probably do the same thing.
---
Re:Maybe the government CAN decrypt it... (Score:4)
Probably most seriously though, is if the government admitted they could crack the encryption, it would not be good for the government. It would encourage more people to use more heavy-duty encryption. It would put more political pressure on the government to further laxen the export rules, which is not something they would like. By not admitting to being able to crack the encryption (assuming for a moment they really can), they give other people a false sense of security. All in all, it would be a loss for the government to make the admission with very little upside for them.
Hmmmmmm (Score:2)
They can't force him to give up the key. The Fifth Amendment would protect him there. I'm not sure I see how they can legally refuse to return the files.
What if it wasn't encryption that this was over? What if it was just some file in a special format that didn't make any sense to the prosecuters? Could they then say, "We'll give you your file if you tell us what it means?" That's essentially the arguement the government is making.
In any key difference of opinion like this, always remove the controversial bit and see if the argument still holds water. This one doesn't.
---
Re:Goverments Point of View (Score:2)
He's not restricted from giving it to someone else...
Even hackers have friends.
I think the best point made was this: (Score:2)
Just like the authorities need a warrant to search your house, they should also need a warrant to require you to decrypt your data. Of course, in order to get a warrant, you need probable cause that there is something to seize/search. Just because data is encrypted, and just because it's the data of a convicted felon, has NO BEARING on whether the data is of any criminal relevance.
Mark above flamebait. (Score:2)
If I were the (amoral) government. (Score:2)
[Agent Smith] "You want your data back? oh. Sorry, the data on the laptop is gone. Bob tried to install Linux on it."
[Bob] "Whoops, my bad. FIPS didn't like your drives."
[Agent Smith] "You must supply me with the codes to Zion's mainframe now!
Problem solved, no court-case now concerning encryption, especially when they are in such a poor position. I don't like Kevin (for being a punk) but it wouldn't look good for the government if they tried to force the encryption issue now.
--
Gonzo Granzeau
Export of strong encryption (Score:2)
There were a few lines in that article talking about the U.S. relaxing the rules about exporting strong encryption software; this reminded me of a thought I had a while ago:
Netscape Navigator is available freely from the web, and so are other software packages which contain strong encryption software. They do have a warning before you download that if you live outside of North America, you aren't allowed to download it. But that's just like the warnings on porn sites, isn't it? "Click the enter button only if you're 18 or older, otherwise you're violating a bunch of laws." How do they prevent you from downloading the software, check what domain you're downloading from and if it's foreign, then the server doesn't let you have it?
Or is the law barring export of strong encryption pretty much useless and the message on the webpage is just there to cover Netscape's ass?
I'm just curious. Also, forgive me if someone has already asked this, or a flame war has already been fought over this.
-Markus
Rainy days and automatic weapons always get me down.
Re:Recipe (Score:2)
Signall 11 is moderating his own posts.
It isn't possible. Rob has indicated this himself. If you believe I'm using several accounts to moderate myself up, I'd like to point out two fundamental problems with your arguement: a) Assuming your reader profile is the mean (whic is one of the requirements for getting mod points), there's still less than a 1% chance that you'll get points that day. There just aren't many moderator points in the system right now. You wouldn't (statistically) increase your odds much with 5, or even 10 accounts. You'd need atleast 130 to consistently moderate yourself up. Or more. There's over 130,000 accounts in the system right now. You do the math. There's also point b) why would I want to?
Karma Whoring has and will be with us forever, thanks to the stupidity of Rob Malda.
... so rather than taking that up with Rob, you're choosing to attack the messenger. Yeah, a boatload of good that'll do!
He could tell them the key is "rm -rf /". (Score:2)
Re:Good encryption (Score:2)
That statement used to strike me as ridiculous. However, in light of a case where the government had 5 years to work with the data while its contents remained relevant, it's hard to argue with the distributed.net effort.
too nit picky (Score:2)
By CARL S. KAPLAN in the cyber law journal of the january 2000 issue of of the ny times tech library.
My little black box. (Score:3)
If I had a little black box that was confiscated, would the argument that it MIGHT be some kind of weapon be ample reason for the law enforcers to not return my black box. To extend this logic, could they confiscate my bank accounts because I MIGHT do something destructive with the money, or that the money MIGHT be the spoils of my previous crime?
You MIGHT have noticed the gratuitous use of a specific word. It's this little word that worries me a great deal about any precedents that may arise from this event.
The Other Nate
Lawyer: uh, no. (Score:5)
You've turned the presumption of innocence sideways. He was convicted; there is no longer a relevant presumption.
He was convicted for stealing electronic information. It takes a stretch of the imagination to think that there is more than a remote chance that the data does not include the fruits of his crime.
The state does *not* have have to prove a connection to each and every apparent proceed of his criminal enterprise--*especially* when there is a simple way to check.
He *has* been convicted, and it defies logic to suggest that that this data isn't part of his crime. *He* now has the burden of proof, not the government.
This is not an erosion; I believe that this is exactly the outcome you would see from a court staffed by the founding fathers. I'm just about all the way out to the extreme on the rights of individuals in the face of the government (just l like the folks who wrote the Constitution and Bill of Rights), but in this case the law is on the government's side.
Copyright versus republication right (Score:2)
The issue isn't one of copying but one of republication, and copyright law doesn't necessarily cover that as it's a separate issue. Even more income for lawyers in that direction, I bet.
Search Warrents for Encrypted Data (Score:2)
The search warrent process has safeguards built in: you have to demonstrate probable cause to a judge to get a warrent. This should include a description of what you hope to find. Trying to go on a "fishing trip" hoping to find something, when you have no idea what is there does not qualify as probable cause. If they can't get a warrent, they have no right to keep the files, but if they do, he should decrypt them.
Also, now that Mitnick is free, why not hand over the key, let the cops decrypt it, have his lawyer seal the evidence, and milk "double jeapordy" for all it's worth. I'm sure that most statues of limitation have surely passed for any possible new crimes that might be demonstrated by the contents.
A leagal reason for the data to (not) be returned (Score:2)
(even shorter: the govenment could take something that was totally irrelivent to a crime, and not return it)
The only reference I could find was this proposed change:
Civil Asset Forfeiture Reform Act (Engrossed in House )[H.R.1658.EH] [loc.gov]
I'm not certain if that's even the correct bill (Damit Jim, I'm an SysAdmin, not a lawyer!), but you get the jist of what I'm getting at. If this got into place, maybe he has a chance at getting the data back. If not, maybe not. {shrug}
Shane
I love the "not really in our possession" bit (Score:2)
So what if there was a plan to take down the entire internet in there? The defense lawyers wanted it -- I don't think the lawyers could have done anything like that, nor Mitnick for that matter, since he was in jail. Even now he couldn't do it because he can't come within a mile of a computer.
I think the prosecution and the judge just hated Mitnick or something, I don't see how any of this can be legal. Why doesn't Mitnick plea this up to the Supreme Court? If this is really a constitutional violation, which it seems to be, that's the place for it.
Does anybody know, was Mitnick even a good hacker? Like, was he revered among his colleagues/peers/whatever? I don't get this entire case, it seems like it didn't occur in the United States. But it was in California, wasn't it? California is its own little universe anyway.
___________________
Why Jon can't read (Score:2)
Jon Johanson : My name is Jon Johanson. I'd like to get a copy of the address book on my PC so I can e-mail my friends and keep them updated on my situation.
government rep. : I'm sorry. We cannot release those files.
JJ : What? Why not?
gr : You use the Linux operating system which is known to be user unfriendly. No one here knows how to use Linux.
JJ : So?
gr : So we decided that since we can't get to the files, we don't know what's in them. They might contain a lethal compuetr virus or something. Until we know what's in them you can't have access to any of them.
JJ : You have got to be kidding me. Is there anything I can do to get around this?
gr : Well, if you're willing to train everyone involved in this trial how to use Linux for free, I'm sure we can make an arrangement after everyone has sucessfully completed the course.
JJ : ARRRRGGGGHHHH!
Disclaimer: If you're offended Jon, I'm sorry.
-----
Want to reply? Don't know HTML? No problem. [virtualsurreality.com]
I don't (Score:2)
Most likely the prosecutors gave Mitnick's boxes a cursory scan, knew enough of what they were doing to recognize that some were encrypted and stopped there. For the rest of the time they have been sitting idle, ie no money being spent.
What I wonder about is how he managed to fit 9G into a couple of laptops 5 years ago?!?!?
Re:I plead the fifth. (Score:2)
Or the government could try yet again to pass legislation that forces all safes to have a special comination that the government can use at will that disengages the booby trap. Just because we all know that that would effectively render the safe useless, doesn't mean that they're not attempting to set some sort of precedent with this case.
--Cycon
Re:Good encryption (Score:2)
The weakness of the DVD encryption is that the actual encryption key is embedded in the DVD players (even in the software ones).
It doesn't matter how strong your encryption protocol is if you leave your keys lying around. Mitnick is evidently not *that* stupid.
Re:Easy way out (Score:2)
The problem is easier to understand if you actually calculate the magnitude of the numbers involved, and then take into account that paralell processing to try (on average) half the combinations would require memory space to store the intermediate numbers (huge, since they involve exponents of the potential keys), and processor space to crunch those numbers in. If Moore's law holds, and we limit the size of our mighty cracking engine to, say, the Moon, even old fashioned PGP 2.x is good for another 20 years at least.
Without a fundamental breakthrough in mathematics, modern encryption is bullet proof on the mathematical level. You have to attack the machines it is done on, or the people who are doing it, to get anywhere at all.
Small wonder our fearless leaders experience "cyberterror" at the thought of free citizens using computers to monitor their legislators' performance, and secure encryption to talk to each other about how to solve the problem of throwing the bastards out of office.
Heh heh heh...
Forcing Mitnick to hand over the key (Score:3)
Now let's say they got in my house and found a book written in Esperanto. Being short of Esperanto translators, they ask me to translate it for them. I say "Never!" or "Neniam!" and pleading my 5th Amendment, keep the contents of the book to myself until the government finds an alternative.
At this point, I draw another parallel to the Zapruder film which the government declared as its property (I'd like to do that) in exchange for proper compensation. So it's not out of bounds for the government to claim domain and walk away. Then the question is one of assessing the value. (As discussed in earlier postings).
I'd let the government compensate me for x amount and then have all of my "Free Kevin" supporters sue under the Freedom of Information Act to make its contents public. Although these may be considered court records entitled to a higher degree of protection, this might be a strategy worth considering.
It really would be great if they spent all this time and money decrypting only to find that the encrypted gig contained alt.binaries.tickleandspankme pictures from way back when!
Re:For those who don't want to register (Score:2)
actually, it was overheard by a relative on talk radio - they then paraphrased it...this would explain my lack of credits.
As far as my intelligence/wit goes, I freely admit that I am ignorrant to many things, but, I do know how to spell 'intelligence'.
he gets it only if... (Score:2)
data is data...right now it's a jumble of bits that's simply unidentifiable by a human. That's how both parties should get the data - then they're equal. If Mitnick decrypts his data, so should the gov't be able to...
This was a legal case, and as much as anyone may be against what happened to Mitnick, certain aspects of the law need to be followed. Would you all be so vehemently against the gov't if this was the case of a real terrorist?
There's no room for "yeah, but he's one of us" when you're arguing about the law...corrupt govt's are really into that...
Forget the 5th, this is about the 4th. (Score:2)
With that in mind, I think the courts will extend the traditional rules that have applied to safes and the like. In this case, they have the right to assume that the encrypted data could be some form of contraband, such as stolen phone codes, proprietary source, etc. Granted, it's five years out of date and probably useless, if that's what it is, but that's beside the point. In this case, it does not constitute an unreasonable seizure for the government to hold something that may be illegal. They can require him to give the key before they hand it over, and they can use the new evidence only if it is relevant to the warrants they had at the time the data was seized. If they should suddenly turn up some evidence that he did some other damaging crack, or if they find child porn or state secrets, their hands are tied by the warrant, and all that data would be inadmissable in any case, resulting in a charge that would never even make it to trial. While it is theoretically possible that the government got a warrant to search for any incriminating evidence, such a warrant would routinely be dismissed, and the evidence ruled inadmissable.
The only way Kevin could be damaged by this is if they turn up evidence of some crack that was mentioned in the warrant, but never prosecuted. If there were charges that were not prosecuted, there was most certainly a provision in his plea agreement effectively closing those charges, as that is sort of the whole point of a plea agreement.
Re:Maybe they already have... (Score:2)
They shouldn't be trying to set precedents, nor should they be trying to make an example - they should be trying to perserve individual human rights.
Perserving individual human rights, that's that they're there for - that's all they're there for.
Too late for Ontario (Score:2)
Pope
Re: 4th & 5th Amendment Issue (Score:2)
I believe that this falls under both the 4th and 5th ammendments. The Supreme Court has already ruled that forcing a person to give up his private papers violates the 5th amendment, and the "unreasonable search" clause of the 4th ammendment.
It would seem to me that this would fall under the category of "private papers".
If you are really interesting in this, you should see Boyd vs US, 116 US 616 (1886) [findlaw.com], which is a really interesting case.
While it could be argued that this doesn't apply in this case, I would ask, was he convicted for the data which resides on that drive? I would say not, for only Kevin knows what is on the drive. Therefore, would not searching the drive be a "fishing expedition" to find additional charges to bring against Kevin? What other reason could the government possibly have for wanting the keys to the data? And if this is the case, or even possibly the case, I would think it is a clear violation of Kevin's 4th and 5th ammendment rights.
The oppinions expressed in this message are my own, and in no way to be considered legal advice.
Re:Lawyer: uh, no. (Score:2)
Also, as a legal issue, it makes no difference whether we plead or was convicted at trial; he is now guilty for all of the laws purposes.
Re:Data back (Score:5)
The data was encrypted, so their was no way to copy it. Or were you asleep when the DVD CCA explained this? ;-)
Piracy? (Score:2)
Re:I plead the fifth. (Score:2)
The 5th Amendment may not apply to physical property (such as a blood sample or a safe) like it does things that are in the defendant's head, but we aren't talking about physical property in this case. I haven't ever heard of a case of someone being ordered to turn over keys, not that there haven't been any. In any case, they'd have to prove that the defendant possessed them, in which case they would have just siezed them the same way they seized the safe. What would be a better example would be the combination to a safe. Again, I'd like to see an example where someone has been ordered to turn over a combination to a safe rather than the authorities just cutting it open.
Perhaps encrypted files could be thought of as a safe. If law enforcement can convince a judge that the encrypted file(s) probably contain evidence of a crime (files from a cracked system) or are criminal themselves (encrypted kiddie porn), they'll get a warrant for Mitnik to provide the key. If he doesn't comply he could be jailed for contempt.
The prosecution made the assertation that the files did indeed contain evidence that they would have liked to have used against Mitnick. If the government could have gotten such a warrant to override Mitnick's 5th amendment rights, they would have done so during the trial, and they didn't. They are, and have been, holding out on the files in order to try to find a back-door way around that. I don't believe that the judge ruled that forcing Mitnick to reveal his key wouldn't be a 5th Amendment violation as much as she ruled that the 5th Amendment didn't apply directly in this case (which I would personally disagree with) because the file wasn't being used as evidence against Mitnick.
If you're thinking, "yeah but with a safe they could just jackhammer it open," think of it as a boobytrapped safe. The court could require someone to disable the boobytraps.
However, since these files aren't a physical thing per-se, that argument just doesn't really apply. Nobody would be in any kind of physical danger brute forcing encrypted files open.
Re:A good way to use steganography (Score:2)
Re:Lawyer: uh, no. (Score:2)
However, if you are stopped in an illegal search, and they find and confiscate an illegal gun, they can't use that illegal gun, but they'll never get it back. Or in your case, if the warrant was illegally obtained, you couldn't get the drugs back, but they couldn't prosecute you.
Get over it (Score:2)
Mitnick robbed companies, guys. He isn't entitled to the data. Legally, he's not even entitled to a computer. His parole would be revoked seven ways to Sunday if he were to actually use whatever encrypted things he had, and I don't see any reason for giving it back.
--
presumption of innocence, self incrimination (Score:5)
This is widely believed but for good or for bad, it is not true. You are entitled to the presumption of innocence in court, i.e. before the judge and jury at your trial. However, the rest of the system is entitled to presume you guilty with reasonable suspicion. That's why the police can get warrants to search, that's why they can arrest you and that's why they can hold you in jail if they think you are harmless but probably will run away.
I think morally and as a courtesy it is nice for the public at large to also give you a presumption of innocence, but it's clear that the only way to run the bureaucracy is pretty much they way that it is run.
I am not familiar with the Mitnick case specifics, but it is quite common for defendants to give up the right not to self incriminate as part of a plea-bargain. If he agreed to cooperate, for example, then I can see both sides of this dispute.
Also, it is interesting: encryption brings up a question that does not exist in meatspace so new law might be required: we don't give burglary tools back to burglars. Encrypted files have this weird property that you can hold them in your hands but not be able to tell what they are. I believe that if the government offers him immunity from any new prosecution, that he may not claim the right not to self incriminate because he would not be. Then it becomes a privacy issue and there really is very little law protecting actual privacy.
Hello. (Score:4)
Thanks,
The US Government
Re:Lawyer: uh, no. (Score:3)
This seems to lead to an arbitrary abuse of government confiscatory power whereby they may take my stuff and convict me of misdemeanors asking me to prove that my stuff is rightly mine.
Given the fact that no evidence has been admitted which shows that this encrypted data actually contains stolen documents it would seem that this case is similar to the stolen bannana case. As I understand it was never even entered into evidence so no court of law deemed that this encrypted data was in fact what he stole.
Maybe the government CAN decrypt it... (Score:5)
Paranoid ramblings from a paranoid person... but after all, isn't that what the Mitnick case is all about, setting precedents?
Re:Government incompetance, or caution? (Score:2)
But the government made no attempt to open the box. In court, they attempted to get Mitnick to give up the key by claiming that if they couldn't have the box's contents, they didn't have to give him them to him either. (this is true) Now they're just jerking him around because they don't like the defiance he showed by refusing to open it.
He should have made an off-site backup.. (Score:5)
Or maybe he did.
--------
"I already have all the latest software."
Why he can't use it anyway? (Score:2)
Or maybe they should just offer him amunity for the from anything in the data for the data. At least this way he can feel safe from the contents and goverment can feel safe from him.
They could also buy it form him I am suspect he has a price. I of course could wrong but it would be worth a try. (probebly cost less that the computer time to crack it.)
Anyway it may all just be randum bits
Re:Recipe (Score:4)
This has nothing to do with not incriminating himself. This is a lot closer to withholding evidence. This is probably one of the reasons his case took so long to come to trial (well, it never really did, but you get the point). They had the evidence, but couldn't proceed until the got it decrypted. It's kinda like saying "You think I killed the guy? Well, I do know where his body is, but I won't tell you." You could bury evidence under a city so deep it would take the government 5 years to get to. Should they let you go until they get down there? Not if they have enough evidence to arrest you in the first place and they know where it is. It's better for you to tell them where it is if you want a speedy trial.
I plead the fifth. (Score:2)
Doesn't he just have to say, 'I refuse to give you my key on the grounds that it may incriminate me?'
There is no way they can force him to give it up due to fifth amendment protection, then it becomes a right of siezure/ownership issue
John
Re:I wonder... (Score:2)
Re:I wonder... (Score:2)
I tend to believe that the government had not really bothered to break the encryption. But then, even if they could, they would most certainly keep it a secret.
--
BluetoothCentral.com [bluetoothcentral.com]
A site for everything Bluetooth. Coming soon.
Re:Lawyer: uh, no. (Score:4)
Sure, Kevin Mitnick was convicted (or at least plead guilty) so his penalty could quite legally have included the government not returning his files. However, as I understand it, his punishment does not say anything of the kind. This might be an oversight of the government but they can't increase his sentence once alreay convicted can they?
In a normal theft case isn't the thief specifically charged with turning over certain items? Or am I just completly full of it? Regardless of whether he is convicted of a crime or not as long as his conviction says nothing about the data isn't this an entierly new case which must be tried seperatly and hence the burden of proof once again rests on the government?
Please tell me why im wrong
Legal References (Score:5)
First off, the standard disclaimer: IANAL. But I can use Google to find and read what Lawyers have already written.
Item 1 [mit.edu]:
A. Michael Froomkin, Associate Professor, University of Miami School of Law writes in his article "The Metaphor is the Key": Simply putting something into a safe does not, however, ensure that it is beyond the law's reach. It is settled law that a criminal defendant can be forced to surrender the physical key to a physical safe, so long as the act of production is not testimonial.{706} Presumably a similar rule compelling production would apply to a criminal defendant who has written down the combination to a safe on a piece of paper. There appears to be no authority on whether a criminal defendant can be compelled to disclose the combination to a safe that the defendant has prudently refrained from committing to writing, and in Fisher v. United States,{707} the Supreme Court hinted that compelling the disclosure of documents similar to a safe's combination might raise Fifth Amendment problems.{708} Perhaps the combination lock problem does not arise because the police are able to get the information from the manufacturer or are simply able to cut into the safe. These options do not exist when the safe is replaced by the right algorithm. Although brute-force cryptography is a theoretical possibility,{709} neither safe cracking, nor number crunching, nor an appeal to the manufacturer is a practical option when the armor is an advanced cipher. The recently released Federal Guidelines for Searching and Seizing[Page 872]Computers{710} suggest that "[i]n some cases, it might be appropriate to compel a third party who may know the password (or even the suspect) to disclose it by subpoena (with limited immunity, if appropriate)."{711}
(The numbers are footnotes to specific cases)
Item 2 [cwis.kub.nl]:
The Crypto and Self-Incrimination FAQ simply lists (for America... it also covers a few other countries): "The Fifth Amendment of the Bill of Rights reads: "No person (...) shall be compelled in any criminal case to be a witness against himself". The Supreme Court has restricted this to giving evidence "of a testimonial or communicative nature". ". It also lists several cases that apply.
--
Evan --
Lawyer: the speech/property split (Score:4)
You're close. Let me elaborate (hmm, how could you possibly stop me?)
Speech cannot be coerced, but "attributes" can. You can't be forced to give information, but you can be forced to provide a blood sample, a handwriting sample, or even to repeat a phrase in a lineup (I've never heard of this used for anything other than identification by a witness. I can't back it up, but I believe that that's about as far as it can go).
So here he can be forced to turn over the data, but he can't be forced to communicate the code. However, if perhaps there were sensors on the keyboard to verify identity, he could probably be required to type a *particular* code.
But as you and others are suggesting, the fifth amendment only applies to him surrendering the code--it has nothing to do with getting back the data, which would be a fourth amendment issue.
Options (Score:2)
Optionally they can just wipe the hardware completely. It's not like they give drugs, weapons, and such back to people when they let them out. If Mitnick isn't willing to demonstrate that the material on the drives is legit, then the assumption that it's illegit isn't too far off base. Or just stomp all over the drive with some nice little random garbage. It's not like he can demonstrate any actual damage since he's the only one who knows what's on there.
Re:A good reason to use steganography (Score:2)
Best twist: use steganography to hide your stuff in political cartoons and post them on your web page for all to see. For best effect, make the cartoons be about freedom of speech on the internet, right to privacy, etc. -- whatever will make them look the worst if they take your system (along with the pages) and won't give it back.
Just for fun, you should also occupy most of your free disk space with files of random bits named *.crypt. (nuclear_secrets.crpyt, ez_cracks.crypt, DeCSS.crypt, mayor_with_underage_girl.crpyt, etc.), if only to help the NSA justify a bigger computer budget for next year....
Tangential thought...
Shouldn't it be possible to encrypt your data in such a way that the real key decrypts your real data, but a second bogus key "decrypts" some meaningless drivel (a diary or something) out of the same binary file?
Surely someone is already doing that.
--
It's October 6th. Where's W2K? Over the horizon again, eh?
Mitnick's Book (Score:3)
Encryption is our best weapon for freedom. (Score:3)
None of this would happen if people assumed that some things are not government's business. Instead, the assumption is that everything is.
Mitnicks lawyers have a valid point (Score:2)
On the other side the argument boils down to fifth amendment rights: Mitnick's lawyers immediately objected to this condition on the grounds that it would force him to waive his Fifth Amendment right against self-incrimination to obtain evidence he needed and that he had a legal right to see. the judge shot this down hard. But from my point of view, I think he would have been in deeper poop if he allowed the files to be decrypted. Hence he would have been contributing to his own demise.
On a side note, with all the MIPS the government has, I think it's odd that they seem to have never broken his homemade encryption scheme. Maybe they should outsource the job to some Norwegian teenagers.
Never knock on Death's door:
Re:For those who don't want to register (Score:2)
someone please correct me if I'm wrong.
Re:Lawyer: uh, no. (Score:4)
To give an (hopefully) ludicrious example, let's assume that the disk also contains hundreds of encrypted kiddie porn pictures. He was never charged with possession of such pictures, never even suspected of possessing them, and has surrendered no presumption of innocence regarding possession of such pictures. Yet turning over his encryption key would inevitable result in prosecution for possession of contraband material.
IMHO (and highly non-legal one), I think it's reasonable for the feds to demand the encryption key to be confident that "criminal tools" aren't returned to Mitnick. At the same time, I think they are crazy to expect anyone to agree to that without a blanket immunity against the material being used in further persecution... sorry, prosecution. And that may be precisely the point - to make an offer which looks reasonable in a 12-second sound bite in the evening news, but which could never be accepted in the real world.
Clever? (Score:2)
Yeah, it's clever I keep important data encrypted, just like it's clever I send letters in envelopes, and it's clever I don't go handing out my credit card number to every doofus who can run a packet sniffer.
"For all we know, it could be plans to take down a computer system."
Forgetting that any computer that needs to be secure would 1) not mix executables and data (like Microsoft's DocBomb (tm) technology), and 2) would likely also not have an internet (or other network) connection period, which would render it safe from simple overflow attacks.
This level of technological imcompotence coupled with the luddite level of gut reaction stupidity makes me glad I don't live in the United States of America.
Freedom? What freedom?
---
Re:Lawyer: uh, no. (Score:2)
NYTimes is 100% free (Score:2)
Send the word to the privacy paranoid, NYTimes is safe territory now. :)
Re:presumption of innocence, self incrimination (Score:2)
>I believe that if the government offers him
>immunity from any new prosecution, that he may
>not claim the right not to self incriminate
>because he would not be.
You are correct. This came up a few times with the assorted Clinton issues, for example. This would certainly be a way to force him to surrender the key. [But this doesn't mean that he's entitled to get the data back.]
And btw, a memory failure that is not credible *can* and usually is prosecuted as perjury.
Re:I plead the fifth. (Score:3)
5th Amendment doesn't keep people from being required to provide a blood sample for DNA and I'm pretty sure it doesn't keep them from being required to turn over keys to a safe if the court issues a warrant.
Perhaps encrypted files could be thought of as a safe. If law enforcement can convince a judge that the encrypted file(s) probably contain evidence of a crime (files from a cracked system) or are criminal themselves (encrypted kiddie porn), they'll get a warrant for Mitnik to provide the key. If he doesn't comply he could be jailed for contempt.
If you're thinking, "yeah but with a safe they could just jackhammer it open," think of it as a boobytrapped safe. The court could require someone to disable the boobytraps.
Re:could it be a NY Times or a Govt Troll? (Score:2)
A laptop capable of running a useful algorithm?
My C64 could do strong encryption.
Encryption may have become more POPULAR lately...
but some VERY strong algorithms have existed for 10 years or more.
A day to encrypt one doc? Think about this.
I can encrypt a doc in 5 seconds.
For it to take a day, say, half a day, 12 hours, I would have to say... computers would have to be 8640 times faster today than they were in 1994.
Re:What good would it be anyway... (Score:2)
I *am* a lawyer, but not a US-trained one... (Score:2)
Personally, I tend to agree with Gerald Lynch's opinion. The entire idea behind criminal discovery in the States and the UK is that all documentary evidence the prosecution has, used or not, is to be revealed to the other side and the defence has no such quid pro quo obligation. Therefore, unless the state can show a clear reason why the encrypted files should not be released, there is no reason to refuse.
The state's argument in this case is disingenuous - claiming that because it's encrypted it's not really in their possession - and I'm surprised the Judge didn't give them a good bollocking for that. Imagine encrypted data as items in a locked box. You may not be in possession of the items inside the locked box because you do not have the key (and therefore no knowledge or opportunity for inspection), but you're definitely in possession of the box itself.
A better approach would have been to attempt to obtain a warrant to get the decryption key from Mitnick. Taking the locked box metaphor forward, approach a judge, show probable cause that the contents of the box may be evidence of a crime, and then get the search warrant to "open the box". That preserves the Fourth Amendment procedural safeguards. Of course, if the state can't show probable cause, that's their own bad luck.
Re:Easy way out (Score:2)
I think that would be the rub for them.
Option 1 : Use mighty clock cycles to read what some cracker has on his already seized machine while he sits in jail.
.or.
Option 2 : Use mighty clock cycles to hear what terrorists/crackers "in the wild" are planning.
Limited resources being the name of the game, I know where I want my tax dollars, and, I think, so do (spooky voice) They.
Re:Recipe (Score:5)
Re:wouldn't getting his data back violate his paro (Score:2)
And recall, giving it back means putting it legally into his posession. Perhaps just given to his lawyer.
And his use of computers is not absolutely forbidden by law. He can, as with all parole cases, do things at the discretion of the parole officer. The parole conditions are more guidelines for the parole officer than anything else.
Why is their stupidity a legal issue? (Score:5)
How is *that* relevant -- suppose they confiscated a physical device from you which they were unable to understand -- would you be forced to explain it before it was returned to you?
For all we know your honor, this mysterious cylindrical object could be a weapon -- it makes an ominous vibrating noise when powered up!
Re:What did he use? (Score:2)
actually encrypting a password has absolutely nothing to do with how long it would take to brute force it... the only thing that matters is key bit length
to a crypto program 'hellomynameisbob' is no different from 'af@#$Akfda$!#*%^'.... brute forcing has nothing to do with the readability of a key/pass
and this got moderated up??
oh well... /. intelligence is lowereing greatly
Data back (Score:3)
How much of a chance is there of being some sort of dangerous data? Credit card lists? Incriminating files? They might have legal grounds to keep the original (evidence in a criminal case), but it can very easily be argued he can have a copy because the original evidence is not modified in any way.
Re:Recipe (Score:2)
>property (i.e. the encrypted data)?
As the proceeds of a crime of which he has been lawfully committed. Burglars don't get what they stole back either.
>IANAL
but I am
>Suppose I commit a violent crime and in the
>process steal a gun. During my arrest, the
>government finds a safe that they cannot open
>(for either legal or technical reasons). In fact,
>they cannot even determine if anything is in the
>safe. It could contain the gun I stole (that
>they never recovered) or it could be my
>(perfectly legal) tax filings.
If your tax filings are perfectly legal, you don't want them to see them--they'll show your income from criminal acts
The IRS doesn't care how you get your money, as long as you hand over their cut. Some hookers hire accountants to keep track of thier earnings to avoid problems with the IRS . . .
Re:Lawyer: wrong analogy (Score:2)
We're not talking about seizure of assets *used* in a crime; we're talking about the *fruits* of the crime.
btw, a banana is an herb, nto a fruit, or so they told us at the Hawaiin botanical grrdins . . .
Lawyer: probation (Score:2)
Probation (parole in this case, i believe) cannot be imposed upon the court, but is agreed to by the criminal. It is a release of the wrondoer on terms and conditions. A universal term is a waiver of search & seizure rights; an agreement to be searched at any time.
On the other hand, events prior to probation generally aren't at issue in whether the probation/parole is violated or not, so this just wouldn't matter.
Re:Lawyer: uh, no. (Score:2)
>the HDD was stolen, they dont.
The blindfold on Lady Justice aside, the law need not ignore common sense. Given that he was convicted of stealing the data, it is flatly unreasonable to believe that it is not on that hard drive.
Given that, the only way that he can make a claim for the return of the physical drive is if all stolen date is wiped beyond recovery--and I'm not sure that that standard can be met.
Re:Lawyer: uh, no. (Score:2)
His right to have the government produce the data before trial relies on the possibility of the government using it against him. While it remains encrypted beyond the government's reach, it has no evidentiary value, and thus there is nothing for him to defend against.
*if* it really has evidentiary value that could help in the defense, it is a document subject to the warrant, and the government is entitled to see it too, having been lawfully seized. The law does not tolerate absurdities, and letting him have the evidence in the hands of the other party yet still deny the other party its use would be an absurdity.
Also, the moment it is rendered readable, he would be obligated to turn that data over, or be subject to very strong sanctions--particularly, those for destroying evidence, which causes it to be construed as having the worst possible meaning for the party who destroyed it.
Re:Recipe (Score:2)
Besides, the government _is_ in posession of the evidence. No one said it would be easy for them though. When it is made so, deliberately, we call that a police state.
To me this seems more like withholding evidence than incriminating yourself. You're not being forced to testify that you did something wrong. It's the equivalent to the Watergate tapes. Nixon was forced to turn over the tapes, but didn't turn over them all. If he had encrpted the tapes before he turned them over it would have been the same thing. If you withhold evidence it is illegal. If you refuse to answer questions (other than what is covered by the 5th amendment) you are held in comptempt of court. you can and usually will be held until you comply, because that is the only way to make people comply.
What your saying is if you hide the evidence well enough, you should be found not guilty. I don't know about you, but just because someone disposes of a body so no one can find it doesn't make them any less guilty of murder.
correction: attributs *cannot* (Score:2)
Re:If they really wanted it they WOULD get it (Score:2)
send 20,000 volts through his fat ass.. that'll get him talking
Uh, he'd be quite dead if there was any amperage behind that. Besides that, you must not have seen the interview with him on 60 Minutes last Sunday. It appears that Kevin has lost a considerable amount of weight in prison, as he looked fairly fit in the interview.
As for using torture techniques, sure, they could do that. But luckily they tend to be fairly cautious when it comes to that sort of thing because they don't want a lot of negative publicity or to stir too much general sympathy for the convicts if that sort of thing leaked out. Generally they seem more inclined to do things like putting people in with other inmates that are trouble makers so that they can maintain plausable deniability (WE didn't do it, it was his evil cellmate!).
Re:IRS and the Fifth Admendment (Score:2)
(I really couldn't tell you if he was right or not, and given that I haven't cared enough to look for ten years, it's not likely that I'm going to do it now . .
Re:Lawyer: uh, no. (Score:2)
- If your are convicted of banana theft, you don't get the banana back
- Also, you don't get tools for lawbreaking back. If you take a radar detector into someplace where radar detectors are illegal, you maybe able to convince the cops you didn't know it was illegal and to let you off, but you don't get the radar detector back (after all, to take it back at this point would convict you
:-). If someone slips cocaine in your luggage, you could convince the customs agents that you didn't know it was there and maybe no-one will ever be charged or convicted, but that doesn't mean they'll put the cocaine back in your bags and send you on your way.- To bring this back to the car example, a vehicle modified for smuggling counts as a tool for lawbreaking -- even something as simple as pulling back the door panel and dropping in a few packs of smokes means you can lose your car forever
The murkiness in this case comes from the fact that the cops don't know for sure whether the banana or the radar detector are in the car or not.========
Government incompetance, or caution? (Score:2)
Or
The government very well could have decrypted the files, but wishes to avoid a potential
counter-suit where Kevin would claim that his personal privacy was invaded by the cracking
of the files, especially if there is damaging information contained therein.
That may sound a little far-fetched, but in today's court system, is it really that hard
to believe? Instead, the government may wish to avoid any
possibility of a counter-suit by attempting to first get Kevin's key and open the files
with no legal questions. I view this as a case of warranted search and
seizure. I don't know the privacy laws involved in this, so if someone knows if there
is any time when an individual can refuse to turn over documents to the courts, it would
be helpful to know. Otherwise, if the encrypted documents were
confiscated, they should have every right to seeing what's in them before giving them back.
ThE iLlUsTrIoUs IdIoTt
Tired of evil empires ruling you?
The Source is with you!
DoLinux.org [dolinux.org]
Re:Lawyer: uh, no. (Score:2)
Anyway, he was in jail that long without trial because he explicitly waived his right to a speedy trial. As it was his choice, there's no durress.
It's not Mitnick per se, precedent matters (Score:3)
Of course, this gets silly quickly - there could be off-shore datahubs that existed just to hold copies of people's private, encrypted data, such that if Big Brother ever came knocking, you knew that your data was out there for you to retrieve, even if you could not get the physical drive storing your data...
Then laws would get passed, continuing the "whack-a-mole," that would make this activity illegal. Then another method to keep your data and not let Big Brother have it would be made. And then that would become illegal. Repeat ad nauseum.
(My views, not my company's. I'm guessing you knew that.)
Re:Lawyer: uh, no. (Score:4)
The material was seized due to a warrant and the belief that it was part of a criminal act. He has been convicted of that act. The data is *what* he's been convicted of stealing. If there are parts of the data that are not stolen, he has the means to get them back.
To put it another way, the problem is that the property in question isn't his--he stole it from someone else, and isn't entitled to that portion of the data any more than a crack dealer is entitled to get his inventory back.
Re:Well, technically... (Score:2)
The short of it is; any errors in the ciphertext will show up in the plaintext in a predictable manner. You'd have to garble the whole ciphertext to make it look like you had the wrong key. Any single-bit error will only affect one block and one bit (one whole block gets destroyed and one bit in the next block). This is a pretty obivous signature, and would be usable in court.
Question (Score:4)
If yes, then there is no reason by which Mitnick's data can be held.
If no, the government could keep it under "reasonable suspicion" or "danger to the public", then the government should have the right to withhold the data.
Re:You bastards are all alike (Score:2)
And if he'd bothered to look around, or was even vaguely familiar with my other postings, he'd know that I"m pritty far out on the fringe (I'd maintain the last step before the nuts) on the side of the individual in the face of the awesome power of the state.
That said, Mitnick is a thug trying to manipulate the system. This is not about civil liberties, but an attempt to cloak criminal behavior in the dressings of liberty, and relying on knee-jerk reactions from folks who lack enough backround information or legal education to make an informed conclusion--a more serious version of the petitions to ban dihydrous oxide as a dangerous substance and the like.
Re:Good encryption (Score:5)
Never knock on Death's door:
What did he use? (Score:3)
Anyone know what program he used? was it PGP? was PGP even around 5 years ago?
Joseph Elwell.
The retarded government position supports stego (Score:3)
Thus, if one "hides" their encrypted information, using strgonagraphy,in a file or series of files, and those files appear to be readable, the government would have no reason to hold the files.
Be that as it may, I believe the government has no right to keep property just because they do not know what it is. The burden is on the sholders of the state to prove that the information is some sort of contraband. This is just another example of the government giving individual rights a wink before cracking the whip to show who is master.
BTW, "plans for taking down a system" should be covered under "free speech".
Nice try....Judge already said no though (Score:4)
Mitnick's lawyers immediately objected to this condition on the grounds that it would force him to waive his Fifth Amendment right against self-incrimination to obtain evidence he needed and that he had a legal right to see. The judge rejected this point and repeated her ruling.
It seems that the right not to incriminate yourself is solely testimony based from what I have read. So your writings can be used to incriminate you in a court of law...even if they are private (i.e. a journal). It seems the government is treating the files like property (i.e. it can be searched/seized) instead of testiomony.