Defendant Ordered To Decrypt Laptop Claims She Had Forgotten Password 1009
wiedzmin writes "A Colorado woman that was ordered by a federal judge to decrypt her laptop hard-drive for police last month, appears to have forgotten her password. If she does not remember the password by month's end, as ordered, she could be held in contempt and jailed until she complies. It appears that bad memory is now a federal offense."
The article clarifies that her lawyer stated she may have forgotten the password; they haven't offered that as a defense in court yet.
Stupid law (Score:4, Insightful)
trivial workaround
It worked for gonzales (Score:5, Insightful)
If it works in a congressional hearing investigating potential ethics violations of the Attorney General, why not in a court of law?
Re:It worked for gonzales (Score:5, Funny)
Re:It worked for gonzales (Score:4, Interesting)
Re:It worked for gonzales (Score:5, Insightful)
Then again, he could have pointed out (if he'd known) the flaming irony of The Speaker of the House harping about morals while acting like a complete degenerate himself.
5th Amendment? (Score:5, Insightful)
How can this woman be charged with contempt? Is there precedent in law to ignore the Fifth Amendment [wikipedia.org]?
No person shall... be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
Re:5th Amendment? (Score:5, Insightful)
Yes. The fifth amendment was repealed by the Patriot Act, along with the first and the fourth. Haven't you been paying attention?
Re:5th Amendment? (Score:4, Insightful)
Re:How many Amendments are left ? (Score:5, Insightful)
You mean for the corporation people or the people people?
Re:How many Amendments are left ? (Score:5, Informative)
Goddammit, I'm undoing my mods to post this since you're just blatantly misinformed - and I know you're not the only one. With the exception of a few highly restrictive states like California, New York, New Jersey, Massachusetts, Illinois, and the non-state of D.C., you can own pretty much anything you want (though due to the Hughes amendment, machine guns must be made prior to 1986). It's a common misconception that silencers, real assault rifles (meaning that you can select between semi-auto and full auto and / or burst fire), machine guns, explosives, rocket launchers, etc are illegal in the US. They're not, you simply have to jump through some hoops to get them, but if you can legally buy a gun, you can legally obtain an NFA (read: restricted) item just fine. It just requires more paperwork, a $200 fee to the ATF for a tax stamp certifying that you legally own the item, and waiting a few months for the ATF to drag their feet on processing the paperwork. Silencers are pretty cheap even - it depends on the caliber, but $800 is a pretty common price. Machine gun prices / real assault rifle prices are artificially inflated by the government though due to the post-1986 ban so a gun that should cost about $2,000 will end up costing more like $15,000 due to the artificial scarcity. Hopefully we can get that fixed one of these days....
Oh, as for "No one sane is going to take on anything with a semi-automatic rifle", the majority of the time the military doesn't even flip their rifles (well, usually carbines to be exact) to burst fire / full auto because it's very hard to control and you burn through your ammo a lot faster without being more effective. As for US citizens being able to fight back against the military? The US military has roughly 3 million soldiers (this counts desk jockeys and members of the reserve as well as the coast guard and national guard) and we'll round up and say 1 million police officers / federal agents (again, counting desk jockeys). The LOW estimate for the number of gun owners in the US is 40 million people with about 90 guns in private hands per 100 people in the country (that includes children), so not only is there a large abundance of weapons and ammo in private hands, but private citizens who own guns outnumber the police and military by around 10 to 1. Sure, they have tanks and bombers, but unless they REALLY wanted to destroy their own infrastructure and a lot of non-combatants on their own side, they wouldn't use them (because even if they won, the country would be totally FUBAR'd for decades).
Note: I'm not promoting or hoping for any conflict between citizens and the military - merely stating some facts regarding the number of people on each side (assuming gun owners all sided together) and how well equipped they are.
Re:How many Amendments are left ? (Score:5, Insightful)
In any conflict of such an magnitude, where the US military is outnumbered, things like logistics, troop movements and proper command structure will play a MUCH more important role than what guns the each side has. You can't really argue that a rag-tag militia can compete with a trained army in these aspects.
Now, guerilla warfare is a completelly different matter, of course.
Comment removed (Score:5, Insightful)
Re:How many Amendments are left ? (Score:5, Insightful)
They don't need to "win." The US military isn't going to simply destroy its own entire nation to "win." There only needs to be enough resistance to force the government to significantly change policies, and that would be relatively easy given the level of armament in private hands.
Re:How many Amendments are left ? (Score:5, Insightful)
Isn't it just way simpler to divide the nation into 2 ideological factions and raise enmity between them to avoid a unified front against organized forces?
oh wait...
Re:How many Amendments are left ? (Score:5, Insightful)
They don't need to "win." The US military isn't going to simply destroy its own entire nation to "win." There only needs to be enough resistance to force the government to significantly change policies, and that would be relatively easy given the level of armament in private hands.
Also understand that the US military is made up of volunteer civilians. Sure, some in the US military will be willing to fire on US citizens, but I seriously doubt that number will be more than half. While I don't expect a lot of grunts shooting their officers, I would expect an awful lot to not return from guard duty.
Let alone (Score:5, Insightful)
the one fact you did not raise.
In any armed uprising in the United States your bound to have many of those military and police on the side of those resisting the government. Having been in the military and know friends still in it, there is America and there is the Government. You serve the later versus foreign enemies, your serve the former at all times.
Re:Let alone (Score:5, Insightful)
Having been in the military and know friends still in it, there is America and there is the Government. You serve the later versus foreign enemies, your serve the former at all times.
Most of the time, when the military is serving the government versus foreign enemies, they're not serving America at all.
Re:How many Amendments are left ? (Score:5, Insightful)
Nineteen hijackers and a couple of middle-aged rich kids with daddy issues managed to drag hundreds of thousands of highly-trained military personnel and a couple trillions dollars into a ten-year conflict that killed thousands of people, sent one country back to the stone age, destabilized another, and undermined the basic constitutional underpinnings of the most powerful country on Earth. And it still isn't even clear who "won." I don't think you can predict these sort of things based purely on the number of things or people on each side.
Re:How many Amendments are left ? (Score:5, Interesting)
You also assume that the police will always be on the side of the government. I don't care who pays me, I'm not killing my grandma!
Re:5th Amendment? (Score:5, Insightful)
[sarcasm] The constitution is a living document. These things were never meant to be taken literally. [/sarcasm]
Re:5th Amendment? (Score:4, Funny)
Saying that, may well find "US Constitution" moved to the Fiction section of your libraries pretty soon.
Re: (Score:3)
I'm not entirely comfortable with the legal precedent of detaining people for refusing to disclose a password. At the same time I can appreciate that providing a password is not, in and of itself, providing witness against himself. The password is in all senses bar existing as a physical object analogous to a key. If a court can require someone to provide a key then it should be able to requi
Re:5th Amendment? (Score:5, Insightful)
That depends how broad you think the 5th amendment is. To quote Justice Stevens:
A defendant can be compelled to produce material evidence that is incriminating. Fingerprints, blood samples, voice exemplars, handwriting specimens, or other items of physical evidence may be extracted from a defendant against his will. But can he be compelled to use his mind to assist the prosecution in convicting him of a crime? I think not. He may in some cases be forced to surrender a key to a strongbox containing incriminating documents, but I do not believe he can be compelled to reveal the combination to his wall safe - by word or deed.
Note that this is from the dissenting opinion in Doe vs US, where the suspect was compelled to sign a form - that in itself contained no factual information - requesting information from foreign banks of any accounts he may be the holder of. The court found that they could, just like they could compel you to provide a handwriting sample.
As for a password, the best idea would be to STFU completely because:
The issue presented in those cases was whether the act of producing subpoenaed documents, not itself the making of a statement, might nonetheless have some protected testimonial aspects. The Court concluded that the act of production could constitute protected testimonial communication, because it might entail implicit statements of fact: by producing documents in compliance with a subpoena, the witness would admit that the papers existed, were in his possession or control, and were authentic. (...) Thus, the Court made clear that the Fifth Amendment privilege against self-incrimination applies to acts that imply assertions of fact.
So unless you acknowledge that you're in (sole or not sole) possession of the password, as this woman apparently did, that in itself will have testimonial value. Even if the prosecution has ample evidence for that anyway, you should be able to invoke the 5th. In this case she may have seriously screwed herself there. If there's no testimonial value, there's not much precedent to say one way or the other. Oh yeah, and don't try to destroy any evidence with booby traps. In the search I found that the SOX act was used in a suspected child porn case:
Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States (...)
Limited to the SOX act? Nope. Destroy evidence and you get up to 20 years in jail. Of course it helps that he stupid fuck admitted to destroying his HDD after the cops came by the first time, but just goes to prove laws will be cross-applied everywhere they can.
Re:5th Amendment? (Score:4, Informative)
Explain which part of that you think is being infringed.
* She isn't testifying in court, so she is not a witness against herself
* Any life, liberty, or property of which she is deprived is explicitly by due process of law
* Her property is not being taken for public use
I think the problem might be that you don't understand your rights. You should read up! Your rights are very important, and you should understand them.
Re: (Score:3)
Re:5th Amendment? (Score:5, Insightful)
You are required to turn over documents, and can be held in contempt for refusing. But, of course, the prosecution has to prove you actually have the documents. If you say you lost them, and they can't prove you didn't, they can't hold you in contempt. To my thinking, the same should apply to decryption passwords. I know I'd hate to have my freedom hang on my ability to remember a password.
Re:5th Amendment doesn't apply (Score:5, Insightful)
This is little different than demanding that someone accused of a murder disclose the location of the body, or be held in contempt of court: you cannot win either way. Therefore, it is unconstitutional, not a "legitimate legal process." Even were it considered such by the legal system - which it is not - it would still be unconstitutional and a violation of civil rights in need of correction.
You might consider it reasonable, but I think the fact it is possible to easily forget something like a password makes it unreasonable even if there were any sound arguments for violating the 5th.
Re:5th Amendment doesn't apply (Score:5, Informative)
No, if they could prove that you knew the password, you could be held in contempt. When you are in court, you are required to present requested evidence. For example, if they know you have the body, you can be compelled to present it. Of course, if they knew you had it, that'd mean they knew where it was, so they wouldn't need to ask for it.
A better analogy would be legal documents which were lost. They knew you had them at one time, but how can they really prove you still have them? Obviously, you can't produce something if you are no longer in possession of it, and they can't hold you in contempt for that.
Re:5th Amendment doesn't apply (Score:5, Interesting)
Yes, but due process includes requiring that the evidence subpoenaed exists and is under the control of the recipient. People forget things all the time. Just ask any helldesk person how frequently people forget passwords, even in cases where they have been duly informed that irrevocable data loss will result. If you've forgotten it, it is not under your control.
There exists no way to prove or disprove a claim that a person does not currently remember something. Even the most advanced (and unproven, non-admissible) technology only claims to be able to say if a person is familiar with something they are actually presented with during the test. Even then we can't say WHY it seems familiar. Given that stress and fear are great blockers of recall, it's quite believable.
I have no idea if the defendant REALLY can't remember the password or not. The only person who could possibly know for sure is the defendant.
Re:5th Amendment doesn't apply (Score:4, Interesting)
To put it another way, suppose there were only two possible documents on the hard drive, one incriminating, the other exonerating. Given only ciphertext for one of those documents, the prosecution cannot say which document was encrypted. Given ciphertext plus a passphrase, the prosecution can make a case that it was the incriminating document (assuming it was). Demanding the passphrase from the defendant is like demanding the defendant explain difficult to understand parts of the document, which is unquestionably demanding that the defendant testify against themselves.
Oh wait, it is involves super-duper-secret-spy-stuff (cryptography) and magical computers, so we are supposed to dispense with logic and rely only on bad metaphors that help the prosecution's case. That poor, poor prosecutor, whose case is weak without violating the fifth amendment.
Poor woman (Score:5, Insightful)
What if... (Score:5, Interesting)
Re:What if... (Score:5, Interesting)
In the UK it works like this: If the prosecution can show that you probably know the password then you can go to jail for up to two years for refusing to give it. The burden of proof appears to be lower than the usual "beyond reasonable doubt" that is normally required, and evidence can be highly circumstantial. For example if you decrypted the data the day before you get arrested they could say you must know it, even if you happened to wipe the key or change the password or just genuinely forgot since. Justice is slow in the UK so it could easily be 6+ months before you are even asked.
The stupidest part is that going to jail for two years and having the conviction expire (so you no longer have to declare it when applying for a job) after a few more years is infinitely preferable to, say, going down for 20 years on terrorism or being put on the Sex Offenders Register for life. It seems almost like a conciliation prize for the police when they have failed to gather any other evidence and would otherwise have to let the suspect go.
Re: (Score:3, Insightful)
My attitude is that you're clearly nuts.
Re:What if... (Score:5, Interesting)
I don't remember any of my passwords. They are muscle memory. If I don't use them, in a week or two they are gone.
Now consider that they took the laptop away from her, preventing her from using it...
Re: (Score:3)
Depending on the type and method of encryption, she could say "Do you know when the last time I needed to know that password was? The last time some asshole law enforcement agency decided to rip the drive out of my laptop and gain unlawful and unjustified access to the data therein!"
Re: (Score:3)
I don't know more than to say, "Contempt charges are different". From what I've read, it's somewhat at the whim of the judge.
Re:What if... (Score:4, Interesting)
Well, usually you're innocent until proven guilty, so I guess they'd have to proof you didn't forget and are actually withholding it.
"Innocent until proven guilty" is all about how court cases are run. There is more than "innocent until proven guilty", there is also the fact that the police has to tell you about your rights, that they can't do illegal searches, and on the other hand that you have to cooperate in searches - which this woman is refusing to do. And there are rules what happens when someone acts against the court rules. Jurors can be jailed in extreme cases. Evidence can be thrown out. And _you_ can go to jail for "contempt of court". There are different rules applying.
Now the fact is that this is her computer, which she used daily for the scam she was running, and which she encrypted to cover her tracks. Forgetting the password seems unlikely.
Re: (Score:3)
I'd claim the same (Score:3)
If I were in her shoes, I'd claim the same thing. However, this is just going to be a justification for when technology let's "the man" truly read your mind to say there was just cause to do so in order to determine whether she really forgot or just pretended to and all the crazy ethical questions/arguments/fights that will ensue. These days I'm doubting ethics and philosophy can possibly keep up with the pace of technology. I hope I'm wrong!
This is why... (Score:5, Funny)
Re:This is why... (Score:5, Funny)
Or, name all of your mundane files things that are totally not-mundane.
Re:This is why... (Score:5, Funny)
I'm interested in location_of_the_body.jpg
Stare Decisis IANAL (Score:5, Interesting)
Let me ask this (and display my ignorance): If I had a safe and a judge ordered it opened, and I claimed I'd lost the key, would I be held in contempt? Or would it just be forced open? Would this ever see the courtroom at all? Can lawful seizure require active participation of the accused?
If I claim to no longer be in possession of a piece of evidence, and don't know were it is, could I be held in contempt? Couldn't I plead the fifth? "You want to convict me? You go find it."
I'm trying to figure out the stare decisis on this topic (equal and consistent application of the law). It just seems so darn inconsistent.
Comment removed (Score:4, Informative)
Re: (Score:3)
What if I build a $50 million safe with walls as thick as a normal house, a hundred different lock mechanisms and all sorts of thinkable measures to protect its content to the point where you would need to pour insane amounts of resources (costing along the lines of the cost of a supercomputer or two) to get into it. Would that mean I should suddenly be held in contempt by default if I forget how to access my safe's contents?
Re:Safes not totally safe (Score:4, Interesting)
Ok, I'll approach the issue from a different direction then. Can a defendant be ordered to take the stand in any case? If the prosecutor wished to establish a timeline, could they force the defendant to testify about events surrounding the crime? Wouldn't anything the prosecutor asked potentially make the defendant "witness against himself"? Is there any question on the stand that a defendant can't plead the fifth to, because it undoubtedly would be used as testimony against him?
Unless you can find a significant exception to the above (and explain it), how can that not extend to criminal discovery? How can someone be compelled to tell a cop where they buy their ammo? Stored their gun? Provide financial records? Can't all of that wind up in court as testimony against you? How can the fifth possibly not apply pre-trial?
If you're still with me, how can a defendant ever be compelled to act against himself in a criminal proceeding? I can see how he might be cajoled or enticed... but court ordered? The very premise seems unconstitutional to me.
Re:Stare Decisis IANAL (Score:5, Interesting)
Encryption creates perfect safes
No it does not. This is a situation where metaphors must absolutely be avoided to protect our rights. Encrypting a document is not the same thing as putting a document in a safe; encrypting a document is encoding it so that the secret key is required for decoding. By demanding the secret key from the defendant, the prosecution is demanding that the defendant tell them how the document should be interpreted. Indeed, one only needs to examine one of the most basic security definitions -- ciphertext indistinguishability -- to see why this is the case (the prosecution cannot show that the ciphertext is an encoding of an incriminating document and not an exonerating document if the cipher meets the indistinguishability definition).
What we are seeing is new technology being used as a justification for undoing our civil rights.
By default.. (Score:3, Insightful)
Re:By default.. (Score:5, Interesting)
not a sterling example (Score:4, Informative)
she revealed that she, and only she, knew the password to the hard drive over the phone. so her claims she "forgot" are not very plausible. if she hadn't done that, i seriously doubt she would be in this predicament.
Re:not a sterling example (Score:5, Insightful)
However, if it was encrypted, I would currently have a legal timebomb sitting on my desk. This is not right and is clearly unconstitutional. Dressing up the matter does not change that.
Comment removed (Score:4, Insightful)
Re:That judge belongs behind bars. (Score:4, Interesting)
Unfortunately The Man can trample all over your rights so long as the judicial branch agrees that the executive is following the intention of the legislative. I am curious, though, about the "smart chip" in my bank card. If I enter my PIN incorrectly three times it locks itself permanently and requires that I get a new card and a new PIN--a security feature (that prevents the banks from losing money). Assuming that The Man says I have to fork over my password--Bill of Rights be damned--if my hard drive encryption has the same "security feature" e.g., after three incorrect tries it eats the private key and renders the drive non-decryptable, can I then be charged with a crime for accidentally (which of course I can't prove) entering the wrong password three times? What if the Feds try a dictionary attack and trigger the three tries before even asking for the password? The information on the drive is completely lost, so holding me in contempt accomplishes nothing, but in the first case I "destroyed evidence" and in the second I basically conspired to destroy evidence, right? Without the evidence, they cannot convict me of the original crime, but would the sentence for destroying evidence (or obstructing justice or whatever) scale with the severity of the alleged crime?
Memories degrade over time (Score:3, Interesting)
Use USB dongles! (Score:3)
If I really had something to hide, I'd use key files on a very old USB dongle (128 MB dongle or so). Truecrypt and Bitlocker support this. Then police will most likely raid your house during this whole action. But even if not, when asked to provide the key I'd simply say "this was in a USB dongle. It was laying on my table, so now you tell me where you've put it after messing up my whole house". Or "I had it with me and after my spontaneous arrest I had no idea where you made me forget it". Police might eventually find the donlge, but if they ask what that is, I'd say "that was some old key, no idea for what or what the decryption password is. The key you are looking for was on a new dongle.
Thing is, it is easy to doubt that you know something. But you can get naked and show that you don't have anything hidden between your legs.
Re:Use USB dongles! (Score:5, Insightful)
And when the filesystem history of your PC shows logs of you inserting that serial-numbered USB key into your PC last week, and using filesystem encryption tools to access it? And sure, you can combat that, but there's always another way to get caught out that you might not have considered. Hell, they can probably tell you the last time you touched the device itself, or inserted it, and into what computer you inserted it by various bog-standard forensic evidence (scratches on the USB connector, fingerprints, etc.).
You don't even know if they haven't been *watching* you insert that USB key by that point (and if they've raided you, there's a good chance they *have* been watching first). They won't tell you that until AFTER you've already denied ever knowing where it was. You've just stamped "guilty" on your own head by being a smartarse.
You can be a smartarse if you really want to, but nothing in the world is clever enough to stop "reasonable doubt" when you play games like that, especially if you're that confrontational. All that will do is make them WANT to put you away rather than plant doubt in their heads.
After a police raid, they'll just have all your possessions. Sure, it'll take a while to catalogue them all but they will. They actually have to. Not only that, they'll know the serial number of every one and maybe even the purchase origin. While you're sitting in an interview room being a smartarse, they're sending out court orders based on your PC and ISP evidence and forensically recording your Slashdot comments (and the above, in the wrong context, could be enough to convict you even in ten years time if that DOES happen!).
You missed the whole point of the article - the US, and the UK, have laws that if they even THINK you really have the key and haven't forgotten it, they'll throw you in a cell until you remember. Be as smart-arse as you like but people have already been convicted and jailed over it because of "reasonable doubt" that they weren't innocent. The law is there, it's written, it's enforceable (whether it's SENSIBLE is another matter and one that takes decades to argue in court) and if they suspect for a moment that you're being a smartarse, they'll use it.
This is how the law works. If you're stopped by a policeman in the UK, he'll pay you zero attention if you're polite, genuine, "I know, officer, I was speeding. It's a fair cop." about it. Start being pricky towards them for no reason and they'll have you for your tyre wear, the rear light, the slightly-covered number plate, look up your insurance, your license, run a check on your name, look through the car for anything you shouldn't have, etc.
It has to be said that it's not an unsuccessful method of law enforcement and anyone with brain enough to be respectful and polite and co-operative will "get away" with things that the idiots who's taking their badge number and threatening them won't. The same applies from the police up to the courts. Hire a good lawyer, be co-operative and polite, play by the rules and you'll get the best result. Be pricky about it and they'll do what they can to dig deeper and inconvenience you.
I can think of ways you could reasonably consider to have good reason to have lots of encrypted USB sticks about that you don't know the passwords too. But being the smartarse will end up with you in jail, whether you "did" anything or not. You can argue about it as much as you like but if the judge takes a dislike to your attitude or methods, they'll put you away at least until your successful appeal.
What do you do? You provide all the information you have and be as co-operative as possible. Why? The laws on that are worded so that co-operation is the better of the two options so that you're *forced* to co-operate or go to jail.
You can argue about self-incrimination, free-speech, etc. afterwards - when the judge KNOWS that you've been 100% co-operative. You can still have evidence stricken, ask for a mis-trial, appeal, etc. but you've been co-ope
Re:Use USB dongles! (Score:5, Insightful)
You can argue about self-incrimination, free-speech, etc. afterwards - when the judge KNOWS that you've been 100% co-operative. You can still have evidence stricken, ask for a mis-trial, appeal, etc. but you've been co-operative and had nothing to hide so when they *DO* find a USB stick that you've never seen before and are demanded to decrypt it, you are much more likely to make them think "Damn, he gave us all the others, even when it incriminated him - maybe he really *doesn't* know this one?".
As long as you've been read your rights, pretty much anything short of a confession at gunpoint is forever. You'll never manage to "undo" anything you've said to the police or in court and everything that tumbled out because you gave them access to everything you know and have will be fully legally admissible. Your whole argument revolves around your belief that they'll actually think you innocent, and not just "well we couldn't convict him on what we wanted, but we can slam him with everything we got".
If they for some fucked up reason think you're involved in terrorism or kiddie porn or organized crime or whatever, do you think that suspicion will go away because you "give" them petty software piracy and having a joint? No, you just handed them enough rope to hang yourself with. That said, yes being a smart ass and trying for a game of wits with the police is a very bad idea, as is getting rude and obnoxious. Politely decline any search without a warrant and that you would not like to answer questions without a lawyer present. Most people just make a bigger mess of everything trying to "prove their innocence" as you seem to suggest.
Re:Use USB dongles! (Score:5, Insightful)
What do you do? You provide all the information you have and be as co-operative as possible. Why? The laws on that are worded so that co-operation is the better of the two options so that you're *forced* to co-operate or go to jail.
I agree that you should be polite and co-operate with the letter of the law, but it's also important to reveal as little information as possible. Even innocuous information can be twisted against you. A prosecutor won't think "Well, this guy was so co-operative and revealed potentially incriminating information he didn't have to, so he's probably innocent." The prosecutor'll think "This information the suspect gave me might convince the jury to convict him." It's a prosecutor's job to prosecute if there's chance of a guilty verdict, and he/she won't mention to the jury you were such a nice guy and revealed something you didn't need to.
"No self-incrimination" (Score:4, Interesting)
I wonder if the "no self-incrimination" clauses could help here.
I am innocent of the allegations.
But my HD contains files which might incriminate me in ways not covered by the claims of prosecution.
By giving the password, I would open myself to prosecution on issues the prosecutor has no clue about.
Therefore I refuse confession that would cause self-incrimination.
Would be plausible (Score:5, Informative)
The laptop was seized in 2010, the order to decrypt is from 2012. I have passwords long enough that I will have trouble remembering them after 2-3 months of not using them. (Happens very rarely.) Not using them for over a year could well make me unable to remember them at all. So I would consider this a real possibility. Not absolute certain, of course, but credible enough that asserting she does still know the password after not having used it for this long would be an unfair disadvantage to her, as she fundamentally cannot prove she does not remember it.
Now the way around this for future cases is key-escrow or requiring everybody to write down their passwords, with the attached huge negative effects. In any sane legislation you can just refuse to give a password. I am amazed that in the self-proclaimed "land of the free" this does not seem to be the case and hope this will just turn out to be a judge that does not understand the issue and will get fixed permanently by a higher court.
Tell them they lost they keyfile... (Score:5, Insightful)
The password is R4ndumbG1bb3r1s# - but I stored the keyfile on megaupload.
30 Rock (Score:3)
Frank: My client has no memory of that.
I encrypt my laptop with rot13 twice. (Score:3, Funny)
Interrogation proof password (Score:5, Funny)
Perhaps her password was "ICantRemember".
Artificially 'age' your secret container. (Score:5, Interesting)
Currently I don't have something, which really need encryption. However, should it ever be necessary I'd modify after each use the timestamps so it looks like the container was last accessed years ago. Within sensible limits, of course. It would be much more believable to have forgotten a password, when the last access was several month ago than when the timestamps says it was accessed last week or even yesterday.
hm (Score:4, Funny)
Hmm. (Score:5, Funny)
I was about to mod your post, but then I realized there's no "Obligatory" option.
Re: (Score:3)
Oh, but there IS [slashdot.org] a way around that!
Re:Obligatory (Score:5, Funny)
Depends on how they use the wrench....
Inside my HD there are two very important files (Score:3, Interesting)
One file is encrypted
The other one in plain text
If the cops / FBI / or whoever wants to confiscate my HD, the clues on how to decrypt that file is in the plain text file
But there is a catch --- Inside the plain text file I have a brief description and ten (10) urls, which are are links to online password generators.
And the brief description is as followed:
"Passkey is constructed from randomized password obtained from the below 10 urls, have a nice day !"
I did that to protect myself.
1. No matter what the jud
Re: (Score:3)
How would you remember it long enough to use them? It seems ... inconvenient.
Re:Inside my HD there are two very important files (Score:4, Funny)
Because I do not plain to use them
They are "honey-pots" I left for the law-enforcement agents, just in case they are interested in what I have in my HD
Re:Inside my HD there are two very important files (Score:5, Funny)
Well I'm glad that you released your brilliant plan on a public forum where said law enforcement agents surely wouldn't look.
Re: (Score:3, Funny)
Well I'm glad that you released your brilliant plan on a public forum where said law enforcement agents surely wouldn't look.
Maybe he wants law enforcement to think those are just "honey-pots" so they don't try too hard to get at the content.
Re:Inside my HD there are two very important files (Score:4, Interesting)
Well I'm glad that you released your brilliant plan on a public forum where said law enforcement agents surely wouldn't look.
Maybe he wants law enforcement to think those are just "honey-pots" so they don't try too hard to get at the content.
If more people are doing that and the law enforcement agents are meeting more of HD with such files, how are they (law enforcement agents) going to know which files are honey-pots and which files have real juicy data in them ?
Re:Inside my HD there are two very important files (Score:4, Funny)
Hence this bug should be fixed: https://bugs.launchpad.net/ubuntu/+bug/148440 [launchpad.net]
Re:Inside my HD there are two very important files (Score:5, Interesting)
Well I'm glad that you released your brilliant plan on a public forum where said law enforcement agents surely wouldn't look.
The more people set up honey-pots in their HD the more time law enforcement agents are going to waste, only to realize that they ain't gonna get anything useful
It's a "civil disobedience" way - and since it's our HD, we can put any type of files on our HD, right?
Re:Inside my HD there are two very important files (Score:4, Funny)
Shall we post the XKCD comic about the five dollar wrench? Would that be cruel?
Re:Inside my HD there are two very important files (Score:5, Insightful)
I apologize if I'm being slow, but I'm stuck on how the note saying, "I derived my password from material I once got from these 10 sources" is the same as producing the passphrase demanded in a court order.
I mean, otherwise wouldn't the defendant in the article here say, "I know it was 120 characters selected at random from War and Peace", and call it a day? Because I'm getting the sense that an answer like that wouldn't cut it.
Re:Inside my HD there are two very important files (Score:5, Insightful)
Your premise is ridiculous, as the court can reasonably assume that you intended to use said encrypted file, and thus pointing to random password generators for the password doesn't cut it because *you* need the password set to use it. Your solution doesn't accomplish anything other than looking stupid here and probably getting your arse handed to you by a judge.
If you are willing to take the legal ramifications for your "honeypot", then go for it, but don't expect a judge to accept your claim as true and leave you alone.
Re:Inside my HD there are two very important files (Score:5, Insightful)
Their assumption may be worth shit, but "contempt of court" has no upper limit on how long you can be held for.
https://en.wikipedia.org/wiki/H._Beatty_Chadwick [wikipedia.org]
Feel like spending the next 1.5 decades in prison, just to wave your dick at the court? Your call man.
Re:Inside my HD there are two very important files (Score:4, Insightful)
The HD belongs to me. I paid for the HD with my own money. I have the right to store any file in my HD
Many have fallen foul of storing indecent images on their drives. Having the right to store any file is not quite correct.
Re:Inside my HD there are two very important files (Score:5, Insightful)
The judge doesn't ask you information on how you constructed your passkey, he's asking for the passkey itself.
I don't think judges are particularly fond of riddles as answers.
Re:Inside my HD there are two very important files (Score:5, Interesting)
In all of these cases that I have seen, the court always stresses that they are NOT asking for the passphrase. They always make this very clear. They always stress that they are NOT compelling the accused to provide their passphrase, but that they are compelling the accused to provide an (allegedly existent) unencrypted copy of the (alleged) ciphertext on the hard drive.
I don't understand the legal ramifications of asking for the passkey versus asking for the (alleged) unencrypted data, but IANAL. Maybe they think that the passkey encrypts other data besides the data they are interested in, and so asking for the passkey is a stricter requirement than asking for the plain text. I dunno.
Re:Inside my HD there are two very important files (Score:5, Insightful)
Re:Inside my HD there are two very important files (Score:4, Insightful)
'Legally speaking' the judge can hold you in civil contempt if they believe you know the password and refuse to disclose it.
Exactly. Judges have almost no oversight in their ability to use civil contempt. If he doesn't like you, he can throw you in jail for as long as he likes and you have no recourse.
This is a problem, whether we're talking about encryption or baggy pants in court. Jugdes have way too much power. Civil contempt is an end run around our constitutional protections and should be abolished.
Re:Inside my HD there are two very important files (Score:4, Insightful)
B. By providing a plain-text-file with a clear description of where I got the parts of the passwords from, I am, legally speaking, not withholding anything.
Producing information on how you derived the original password to encrypt the file is not the same as producing the password. The judge is asking you for the password, not for how you derived the password - by playing stupid games like that you are likely to end up in jail for contempt pretty quickly.
You are, quite simply, an idiot.
Re:Inside my HD there are two very important files (Score:5, Interesting)
This wouldn't fly in the UK (under Part III of the Regulation of Investigatory Powers Act (RIPA)).
You forgot? Tough.
You used some honey-pot ruse like this? Tough.
Either you give the key/passphrase to decrypt the file when requested or go to jail. End of discussion.
Sounds like the USA is trying to bring in similar measures via precedent.
Re:Inside my HD there are two very important files (Score:5, Informative)
We encrypted our employee laptops with truecrypt. The passwords where 10 character and phonetic. I wrote a small database program that allowed us to keep the recovery iso and the password stored for every laptop in case of a problem. We also required them to physically see us to get their password if it was lost.
After about 6 months of constant streams of people coming in to get their password, suddenly people stopped asking. A week later we started finding passwords taped to the bottom of every laptop we were servicing.
So in a nut shell 300 people can't remember passwords that are not their wives names, birth dates, or the name of a pet.
Re:Inside my HD there are two very important files (Score:5, Insightful)
In short, your defence when the judge is threatening to find you in contempt will be 'What can I say, your honor? I'm a retard.'
Re:Legally speaking... (Score:4, Interesting)
The punishment for contempt is open ended, and can be whatever the judge wishes. Its already been mentioned, but here is the case of a man jailed for 15 years on contempt of court, based solely on testimony from his ex-wife: https://en.wikipedia.org/wiki/H._Beatty_Chadwick [wikipedia.org]
Re:Inside my HD there are two very important files (Score:5, Insightful)
2 .... But they can't prove either that you didn't forget it. Fuck it was a long password and the Masked grunts startled it out of my Head. Justice works based on PROOF not on beliefs. No proof No crime.
Not any more. You prove your innocence or you are a goddam dirty terrorist.
Re:Inside my HD there are two very important files (Score:4, Insightful)
Your response gives me a chilling effect.
If I want to fill a HDD with random data then I should be able to. It doesn't mean I am a criminal. Nor should it mean that a judge can lock me away for decades.
I have pondered this problem for some time.
Let's say you have a couple of HDD filled with random data, and several large files which are random data, and quite a few medium and small files which are.. random data.
Add to this that if these are truecrypt volumes, then they all have hidden volumes, but not all have files in them, and some will be literally random data.. not encrypted volumes at all.
What can they do? Force you to decrypt hard drives full of random data files which may or may not be valid encrypted volumes?
Force you to decrypt each and every single file which appears in some way to be an encrypted container - regardless if it is actually an encrypted container or not?
If this is the case, then you may as well encrypt and offsite store everything important or have a method for complete concealment so they can't see the files at all. Rubberhose file system or similar perhaps..
Meanwhile, anyone stupid enough to steal my files (thieves, police, or otherwise) can spend all the time they like trying to break into what appears to be encrypted files. If they are lucky, perhaps they will find a file which actually may possibly be an encrypted container and for which may actually have legitimate files in it. I wouldn't count on it though.
The $5 wrench can't work when the files have no key.
Yes, my head will hurt. Price you pay for sticking up for your rights.
If they want to break into my files then they can dedicate the processing time required to do so. Otherwise, the data is private; bugger off.
If they can't get in then it's not my problem. I am willing to 'rot in jail' to prove this point... even if the only outcome is that you can go on living your life without this hassle.
Comment removed (Score:5, Insightful)
Stenography? (Score:5, Funny)
All they have to say is "We believe this file is encrypted using stenography, give us the password"
Yeah, it's those stenographers and their suspicious-looking keyboards. They're bound to be up to no good. It seems like they've infiltrated every court in the land, too.
Re: (Score:3)
Don't this implicate that police now can jail anyone as they like? Just generate a random file and demand that the accused shall provide a "decyption key". If not they can be held and jailed for contempt?
1. It is and always was possible for a police officer to be a criminal, and a criminal police officer could always forge evidence against you. Nothing new.
2. The police would not only have to generate a random file, they would also have to convince a judge to give them a warrant with a good reason to search that particular file; a concrete reason why it would be likely that this file holds evidence. And the reason would have to be good enough not only to convince the judge who signs the warrant, but also
Re: (Score:3)
But since you are in possession of an encrypted file and you won't tell whats in it, you must have done something wrong; search and probing granted...
Re:it is not unusual to forget passwords (Score:5, Insightful)
wish the myth of changing passwords regularly would die.
Re: (Score:3)
The best work-around is to simply use computers that aren't connected to you.
Not an easy thing to do.