U.S. Court Extends Fifth Amendment to Encrypted Data

 Pages PREV 1 2 3 4 5 6 NEXT
 

Matthew94:
I hope they do this in the UK too, as far as I know they can force you to unencrypt your data.

Couldn't you just say you don't know how or don't know the password?
They can't prove you know or don't know it.
If they ask you hod you accessed it, you say you had it written on a piece of paper and lost it.

Just asking. :D

Matthew94:
I hope they do this in the UK too, as far as I know they can force you to unencrypt your data.

You already have a specific set of laws saying they can. Called RIPA

http://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act_2000

nice to see the law catching up with the tech. Now.. i wonder whats on the fbi data bases lol

albino boo:

If you are ordered by a court to produce a printed document you shred it not only are you guilty of contempt the shred document can be put together and used in evidence against you. Why should the process of encryption be treated any different from shredding? It is also clear that he was ordered to by a court after due process. The FBI didn't walk and demand he decrypt without a warrant is the same way that they bugged Rod Blagojevich phone. Why should it be treated any different, in both cases due process occurred. In encryption case he actually knew that and order was beginning potentiality made against him and had an opportunity defend himself in court which is more than Rod Blagojevich had. Why should data held on disk have greater legal protection than the same information held on paper or the same information exchanged by spoken word?

But encrypted data does get the same legal protection as other documents. A court can't just order someone to turn over documents that might not even exist, that would be like ordering someone to make up false evidence just to incriminate themselves. In this case the FBI seized his computers with a warrant, but they don't know that there is actually any evidence in the encrypted volumes, if anything at all. All they know is that he is using Truecrypt.

Aardvark Soup:

DVS BSTrD:
I find the FBI's decryption abilities far more contemptible than this guy's refusal to surrender the information.

How is it contemptible that the FBI aren't able to pull of something (cracking TrueCrypt assuming that the key is unknown) nobody on the planet has every succeeded to do yet?

Hmmmm... Considering TrueCrypt offers AES encryption in 128, 192 and 256 bit flavours and with current tech brute force cracking (trying every possible combination) 256 bit AES would take longer than the lifespan of the Universe, apparently the FBI suck because they've don't have a pocket universe where time flows a million+ times faster in which they've built a planet sized quantum supercomputer. The US taxpayers should be up in arms over the FBI's horrendous lack of foresight and inability to break the laws of physics at will.

My basic thought on the subject is that the goverment should be able to force people to decrypt files gained during a legitimate search. I understand why a lot of the anti-goverment, anti-law enforcement sorts on these forums will disagree, but the bottom line here is that to do otherwise is to basically say it's okay to commit crimes a long as you can hide the evidence well enough that the police can't access it.

I understand the bit with the 5th Amendment, but it's really a semantics game, and is definatly violating the spirit in which it was intended. I think it was Thomas Jefferson who mentioned that the Constitution/Bill Of Rights needed to be redone every 19 year or so, and this kind of shows why ours dearly needs an update as this is so far out of context to what that law had in mind and the spirit in which it was intended as to be ridiculous.

I'd point out that coded documents and such were not unknown to our founding fathers even that early, and when they captured guys like whits (British Loyalists) they didn't just say "oh well, I guess we can't break the code and prove anything, so we'll let it go" no, they tortured the guy until he decrypted it or died. It's been a while but I've read some stuff about how ruthless our founding fathers are and what their intent was, never mind when I took Criminal Justice and read about the early days of US law enforcement which was closer to the intent. I don't think we should go all the way back to that level of barbarity, but someone pleading the 5th Amendment here shouldn't work or be taken seriously. Someone needs a thump in the head.

Simply put if common sense eludes everyone, they should probably put it into law that legal seizure of data includes access to that data. Meaning any protection this guy had to protect his privacy/property was overruled by the warrent. It's not "self incrimination" as the information was already theirs. Either the person decrypts the data for analysis and the trial continues, or he suffers the full weight of the accusations against them. Basically if it's someone involved in a real estate scam and the records key to the whole thing are encrypted and the person refuses to provide that information, the trial proceeds as if the documents reinforced the most beneficial case to the prosecutor. This would motivate people to cooperate because even if found guilty they are not nessicarly going to be nailed by the worst possible interpetation of the data and accordingly suffer maximum penelties.

To put it into perspective if you were the victim of say a real estate scam, like the lady mentioned above (the secondary case, not the primary one the article is about) is accused of, I doubt you'd be in support of her getting away with it because she protected her records too well for the cops. As far as I'm concerned if a Judge already approved a warrent (which can be difficult to get in the US) that's good enough for me.

I'm not making some half arsed "only the guilty need to fear" arguement here, because I'm big on pivacy as a general principle. It's all about context with the computers having already been seized legally under warrent, and the case apparently going to court. This isn't the police randomly snooping through computers or anything, it's a stupid technicality based on an antiquidated law to which it is out of context to, being used to avoid the repercussions of crimes.

I mean you can't even really argue unrelated data, because in general such searches are limited by scope. If they saw open a computer for real estate charges and find kiddie porn, as much as I'd like to see the person charged, I'd imagine the limited scope of the warrent (to seek out information related to... ) would probably prevent it from being used. Of course then again I don't know how that applies to data, it's been a while. If it would allow them to be prosecuted I wouldn't much care mind you, as I've always thought warrents and search and seizure laws limited the police too much. One of the reason why our country is so frakked up is we play too many games letting the guilty go free, and get away with stupid crap.

Hm...I use TrueCrypt...so, yay?
Nice to know that the software actually works!
And, no: I only crypt stuff that's really important to me. Nothing criminal.

albino boo:

dobahci:
This is a great day for all who value the right to data privacy.

And great day for fraudsters, drug dealers, corrupt politicians, the various mobs, hit men, the Ku Klux clan, the Aryan nation and the other terrorist groups out there. So if Enron had just encrypted all their data they could have walked away scot free after defrauding ten of thousands of poeple. Rod Blagojevich should have sent an encrypted email instead of selling Obama's senate seat on the phone and he wouldn't be doing 14 years and the democratic process would have been for sale. But hey data privacy is way more important than protecting the democratic process.

"They who can give up essential liberty to obtain a little temporary safety deserve neither"- Benjamin Franklin

Binnsyboy:

Andy Chalk:

albino boo:
But hey data privacy is way more important than protecting the democratic process.

You could make the same argument for warrantless phone taps, searches without any sort of probable cause and pretty much anything else. How far are you willing to go in the name of security? What are you willing to sacrifice?

Well, I'm a bit on edge about this ruling, as it particularly is something that has so much criminal potential. Plus your day to day lay-person doesn't encrypt your computer, which pretty well separates this from phone tapping.

My computer (and hard drives) are encrypted by TrueCrypt as well (with a strong password) and I'm your day to day lay-person. Except maybe a bit of pirated material (which isn't much) i have nothing illegal on my computer. No child porn or anything.

Don't make assumptions about what the "average" person does. Plenty of people who have done nothing wrong encrypts their computer. It protects your data in the case of theft. Also, encryption is becoming rapidly available to the everyman. Not only are several laptop-companies (ASUS, HP, Fujitsu Siemens) offering laptops with encryption capabilities (for example through BitLocker, which comes with the Ultimate/Enterprise-editions of Windows 7, or sometimes their own encryption software), but even hard-drive or SSD-companies build in encryption into their products. For example Intels SSD series has built in hardware-based encryption which can be activated and then requires a password before the drive can be used. It's readily available to the everyman who buys their SSD's (i have an Intel 320 series SSD myself, although i don't use the Encryption there in favor of TrueCrypts protection).

Encryption is becoming very common, including for your everyday-man.

Also...

I can't help but have a slight fear that arrest rates on child pornographers will probably take a drop after this. Hopefully it won't be too bad, and while I'm not particularly incensed by this, I hope other things of this ilk don't happen. I'd say we're just on the line.

You, and some other people, also seem to be misunderstanding what this ruling means. You see, even if the court had ruled against the man, the FBI would still not be able to decrypt the files without his help. Sure, they would be able to throw him in jail for not decrypting the files (contempt for court), but they still wouldn't be able to prove that there was actually something illegal on the computers/hard drives until they are actually decrypted. So all that would succeed doing is putting a possibly innocent man (or woman) in jail.

In addition, this would open up for innocent people being thrown to jail for not decrypting content they are unable to decrypt (on the basis that the court BELIEVES they are able to decrypt it, even if they are not). This could be the result of having forgotten the password (unlikely, but possible), lost the keyfiles for the encrypted content (much more likely) or simply not having been the person who encrypted the stuff in the first place (also a possibility).

Imagine the following scenario: The FBI arrests you and confiscates some computers from your home because they believe you have committed some sort of digital crime. One of the computers confiscated actually belongs to someone else (could be a friend who left it there), but the FBI believes despite your claims that it belongs to you. It's encrypted, so the feds ask the court to order you to decrypt it. You testify that you cannot decrypt it because it's not yours. The court doesn't believe you, and jails you for contempt of court. This is the type of can you'll be opening if people cannot invoke the 5th amendment in these cases.

Constitutional rights are there for a good reason.

Athinira:

In addition, this would open up for innocent people being thrown to jail for not decrypting content they are unable to decrypt (on the basis that the court BELIEVES they are able to decrypt it, even if they are not). This could be the result of having forgotten the password (unlikely, but possible), lost the keyfiles for the encrypted content (much more likely) or simply not having been the person who encrypted the stuff in the first place (also a possibility).

You forgot to mention the possibility that empty space on a drive (perhaps left by securely deleting a file) might be mistaken for encrypted data.

What would have happened if he just claimed he didn't know HOW to decrypt his data?

Marcus Thomas:
You forgot to mention the possibility that empty space on a drive (perhaps left by securely deleting a file) might be mistaken for encrypted data.

For the sake of argument, we are assuming that it's conclusively proven that the encrypted content exists and can be located (even if it's not decryptable).

Olrod:
What would have happened if he just claimed he didn't know HOW to decrypt his data?

If someone knows how to encrypt data, they also know how to decrypt them.

The problem here, as mentioned in my first post, is if the accused denies being the owner/user of the electronic equipment, and therefore denies being the one who encrypted it. The court, if capable of overruling the 5th amendment, will then have to decide whether or not that's a plausible explanation.

If the police can prove, however, that the equipment belongs to the accused, then that excuse won't last him in court.

Athinira:

Marcus Thomas:
You forgot to mention the possibility that empty space on a drive (perhaps left by securely deleting a file) might be mistaken for encrypted data.

For the sake of argument, we are assuming that it's conclusively proven that the encrypted content exists and can be located (even if it's not decryptable).

From the opinion filed by the EFF:
"In his testimony on cross-examination by Doe, however, McCrohan
conceded that, although encrypted, it was possible that the hard drives contain
nothing."

I think this means that in this particular case only the use of encryption has been proven, not the existence of any encrypted files.

Therumancer:
Simply put if common sense eludes everyone, they should probably put it into law that legal seizure of data includes access to that data. Meaning any protection this guy had to protect his privacy/property was overruled by the warrent. It's not "self incrimination" as the information was already theirs.

If you decrypt any data seized during a search, you admit to:
- Knowing of the data
- Being a user of the medium the data was located on
- Being the one who encrypted the data

That's self-incrimination in every aspect.

If encrypted data was all the FBI had to go on against this guy, then they had nothing to begin with. Sounds more like a case of the Feds trying to shortcut their way to a quick and easy arrest without breaking a sweat. They don't do it all the time, but the fact that they do some of the time still makes them smell worse than the Kardashian household.
I call this a legit argument. There are plenty of other ways to bring down someone than blackmailing them into decrypting their own files.

albino boo:

dobahci:
This is a great day for all who value the right to data privacy.

And great day for fraudsters, drug dealers, corrupt politicians, the various mobs, hit men, the Ku Klux clan, the Aryan nation and the other terrorist groups out there. So if Enron had just encrypted all their data they could have walked away scot free after defrauding ten of thousands of poeple. Rod Blagojevich should have sent an encrypted email instead of selling Obama's senate seat on the phone and he wouldn't be doing 14 years and the democratic process would have been for sale. But hey data privacy is way more important than protecting the democratic process.

That's giving a lot of ignorant and unimaginative people a lot of credit there, friend. Consider that Blagojevich was of the mind that he was above the law at the time and the justice system wouldn't bother itself to deal with a matter like that. He still carries that attitude even after getting caught and found guilty. I would imagine Enron did secure a lot of their files. It was the stuff that was unsecured that got them busted, stuff that would have done them no good if they did secure it.
It doesn't matter what you encrypt, there is going to be plenty of other evidence to be found to nail your ass to the wall if you are guilty. As I stated at the start, the feds were looking for a short cut and got themselves stomped to the curb again.

Marcus Thomas:

Athinira:

Marcus Thomas:
You forgot to mention the possibility that empty space on a drive (perhaps left by securely deleting a file) might be mistaken for encrypted data.

For the sake of argument, we are assuming that it's conclusively proven that the encrypted content exists and can be located (even if it's not decryptable).

From the opinion filed by the EFF:
"In his testimony on cross-examination by Doe, however, McCrohan
conceded that, although encrypted, it was possible that the hard drives contain
nothing."

I think this means that in this particular case only the use of encryption has been proven, not the existence of any encrypted files.

He conceded to the hard drives being encrypted, meaning they was encrypted and can therefore be considered encrypted content. Whether they hard drives CONTAIN something is an entirely different matter, but it's conclusive that they are encrypted. It's perfectly possible to have an encrypted empty drive or partition.

Athinira:

He conceded to the hard drives being encrypted, meaning they was encrypted and can therefore be considered encrypted content. Whether they hard drives CONTAIN something is an entirely different matter, but it's conclusive that they are encrypted. It's perfectly possible to have an encrypted empty drive or partition.

Yes, but producing the contents of the encrypted drives is testifying to the existence and contents of those drives, and that part is what the court ruled as protected by the fifth amendment.

Marcus Thomas:

albino boo:

If you are ordered by a court to produce a printed document you shred it not only are you guilty of contempt the shred document can be put together and used in evidence against you. Why should the process of encryption be treated any different from shredding? It is also clear that he was ordered to by a court after due process. The FBI didn't walk and demand he decrypt without a warrant is the same way that they bugged Rod Blagojevich phone. Why should it be treated any different, in both cases due process occurred. In encryption case he actually knew that and order was beginning potentiality made against him and had an opportunity defend himself in court which is more than Rod Blagojevich had. Why should data held on disk have greater legal protection than the same information held on paper or the same information exchanged by spoken word?

But encrypted data does get the same legal protection as other documents. A court can't just order someone to turn over documents that might not even exist, that would be like ordering someone to make up false evidence just to incriminate themselves. In this case the FBI seized his computers with a warrant, but they don't know that there is actually any evidence in the encrypted volumes, if anything at all. All they know is that he is using Truecrypt.

Small but rather important point they do make orders to turn over to the police any document relevant and failure to produce a document in a tax case for instance that supports your case means that you are the that case against you is proved. I.E you make a claim for expenses and you cant produce any evidence of the expenditure you risk criminal prosecution for fraud. THERE IS NO DIFFERENCE, it just supports your own personal prejudices. All you guys hate fox news but you are no different, as long something attunes with your own prejudices you do not give a dam about how illogical or extreme the consequences of the thing you support.

Marcus Thomas:

Athinira:

He conceded to the hard drives being encrypted, meaning they was encrypted and can therefore be considered encrypted content. Whether they hard drives CONTAIN something is an entirely different matter, but it's conclusive that they are encrypted. It's perfectly possible to have an encrypted empty drive or partition.

Yes, but producing the contents of the encrypted drives is testifying to the existence and contents of those drives, and that part is what the court ruled as protected by the fifth amendment.

I would say that producing the contents of the encrypted drives is testifying to your knowledge and ownership of the existence and contents of the drives, which is slightly different.

In most cases where encryption software (or hardware) is in use, It's perfectly possible to determine if something is encrypted. It's the fact that decrypting the contents links you to it that's in question.

So in fact, it's very far from the point you originally argued (that empty space could be mistaken for encrypted content). It's two entirely seperate issues.

albino boo:

Small but rather important point they do make orders to turn over to the police any document relevant and failure to produce a document in a tax case for instance that supports your case means that you are the that case against you is proved. I.E you make a claim for expenses and you cant produce any evidence of the expenditure you risk criminal prosecution for fraud. THERE IS NO DIFFERENCE, it just supports your own personal prejudices. All you guys hate fox news but you are no different, as long something attunes with your own prejudices you do not give a dam about how illogical or extreme the consequences of the thing you support.

But in this case the defendant is not making an unsubstantiated claim, instead the burden of proof lies with the prosecution. How can they compel him to turn over documents if they can't even prove they exist?

Athinira:

I would say that producing the contents of the encrypted drives is testifying to your knowledge and ownership of the existence and contents of the drives, which is slightly different.

In most cases where encryption software (or hardware) is in use, It's perfectly possible to determine if something is encrypted. It's the fact that decrypting the contents links you to it that's in question.

So in fact, it's very far from the point you originally argued (that empty space could be mistaken for encrypted content). It's two entirely seperate issues.

His use of encryption has been proven by this point, but TrueCrypt is designed in such a way that without the password(s) the encrypted data is indistinguishable from random junk. So the examiner's claim that that he had over 5 TB of encrypted data cannot be proven without the password(s).

Marcus Thomas:

Athinira:

I would say that producing the contents of the encrypted drives is testifying to your knowledge and ownership of the existence and contents of the drives, which is slightly different.

In most cases where encryption software (or hardware) is in use, It's perfectly possible to determine if something is encrypted. It's the fact that decrypting the contents links you to it that's in question.

So in fact, it's very far from the point you originally argued (that empty space could be mistaken for encrypted content). It's two entirely seperate issues.

His use of encryption has been proven by this point, but TrueCrypt is designed in such a way that without the password(s) the encrypted data is indistinguishable from random junk. So the examiner's claim that that he had over 5 TB of encrypted data cannot be proven without the password(s).

The installation of Truecrypt + 5 TB of random data is enough for the court to make the safe assumption that the "random data" is encrypted. Especially if TrueCrypt is installed in boot-mode (where it is stored in the first track of the hard drive, which indicates System Encryption).

Whether they are encrypted by him or if he is even capable of decrypting it - and whether or not he can be ruled to so - is entirely separate issues. But since there is no crime involved with simply using encryption, there is nothing wrong with the court assuming (based on the indications) that the equipment is encrypted. If encryption itself was a crime, the situation would of course be different.

Also, while the developers have done a very good job, material encrypted with TrueCrypt DOES in fact have some distinguishing features that can support the suspicion of encryption being employed, especially if there is talk of encrypted containers (files), rather than encrypted partitions/drives/systems since these files have some giveaways (related to size and the method in which those random data are generated).

Also, if TrueCrypt is employed on an SSD, the use of the TRIM-command makes it fairly easy to determine if the drive is encrypted, even if it just looks like random data. The only thing that is secret there is a hidden operating systems, because TrueCrypt specifically blocks the TRIM-command while a hidden operating system is in use to keep it a secret.

Athinira:

Therumancer:
Simply put if common sense eludes everyone, they should probably put it into law that legal seizure of data includes access to that data. Meaning any protection this guy had to protect his privacy/property was overruled by the warrent. It's not "self incrimination" as the information was already theirs.

If you decrypt any data seized during a search, you admit to:
- Knowing of the data
- Being a user of the medium the data was located on
- Being the one who encrypted the data

That's self-incrimination in every aspect.

However, I do not think the spirit of the law was intended to prevent this.

To me, it all comes down to an antiquidated law, that is being used neither in the context in which it was created, or updated for current technologies, being abused to create a loophole.

See, the founding fathers probably would have just tortured the guy until he broke the code or died. Like it or not their intent and practices were nothing like ours. I don't believe in doing something that barbaric, but I *DO* believe in a case where the property was already seized legally that the person should be made to either break the code or suffer the full penelties for whatever they were accused of with no chance of reprieve or reduction (ie they can't chooe later to decrypt the files in hopes of a lesser sentence once convicted this way).

That's by no means nice, but it's one of those cases where I feel this is a ridiculous technicality and by this point in the game (item seized, already at trial) access to that data is a right of the court. I feel the victims of crimes have rights, and basically saying that someone involved in a real estate scam being able to get away with whatever they did if their data can't be decrypted is ridiculous. That's pretty much declaring open season for white collar criminals to exploit anyone they want do if their ecryption is powerful enough.

Lesser of evils and all of that.

The intent of the fifth amendment is to prevent someone from having to give verbal testimony against themself. Largely because being on trial for one crime does not nessicarly give you immunity to others. Basically if you witness a murder, but did so in the process of burglerizing the house the murder took place in, you could refuse to testify because in doing so you'd effectively get youself arrested for crimes you hadn't been caught performing. You can't lock someone in jail for refusing to confess to an unrelated crime.

As this involves seized property I believe that protection is effectively already in place. The scope of the search probably includes what kind of data they are after, a computer is a likely hiding place. If your in for say a real estate scam, but there is evidence of other crimes on that system, but nothing about the real estate scam, by decrypting it the scope of the serch would prevent you from being held liable for that crime.

It's one of those situations where the spirit of the law and examples of it's enforcement by those who invented it are overlooked in favor of it's wording, allowing for a lot of technicalities. The Constitution and Bill Of Rights were never intended to be in force in their current forms for this long, and the wording was not all that carefully phrased because it was not intended to stand the test of time or be applied to issues and situations two centuries down the line. Yes it's amazing how well these documents hold up nowadays, but it's equally amazing how poorly they apply to current issues and situations, especially as they get further afield from their original intent.

While it doesn't apply to this directly, look at freedom of religion for example. The original idea was pretty much intended to prevent warfare between Catholics and Protestants or the persecution of freemasons. Not to protect say witches, satanists, cultists, or those who practice a religion like Islam based in theocratic cultures that currently want the destruction of the country. In fact, the founding father actively encouraged hunting down those practicing "pagan" religions like witchcraft and satanism. The idea of them intending it to be protected by that law is utterly ridiculous.

A lot of people might dislike this point, but the idea was that with the constitution being changed and updated every 19 years or so, exceptions and revisions to the core concepts could be added. Such as specifying what religions could be considered free, excepting religions and religious cultures opposed to the US, and similar things. That was the basic idea.

Likewise, understand that a lot of the current social issues are a non-issue. See people will say there is nothing in the constitution specifying the primacy of American culture within the US. BUT at the same time the founding fathers felt there was no need, and a lot of the people with subcultures causing a problem in the US were not even considered fully human by this nation of slave owners. China and India were far off and not considered a factor, blacks were slaves, etc... The idea being that civil liberties could be adjusted to protect the country and it's core people as time changed. These guys were not paragons of tolerance.

Now don't misunderstand, I like a lot of the progress we've made, and I don't think we should bring back slavery, or witch hunts, or other assorted things. I simply think we need to modernize things and remove a lot of the stupidity, and that includes a lot of civil protections that provide technicalities to hide behind when they shouldn't be able to. While Islam and profiling it/singling it out is a big issue under freedom of religion for example, we've had all kinds of crazy incidents with cults hiding behind freedom of religion to brainwash people, run rape prisons in sealed compounds, and put rattlesnakes in baby cribs, and everything else. Obviously we need to put some serious limits on that, and those screaming it's against the intent of the constitution, should be laughed at because well.. the INTENT of the constitution was quite differant as shown by it's actual practice early
on as I explained. Basically, freedom of religion should not put someone beyond criticism, protect them from investigation, bring about special considerations because of faith, or let the people do stupid crap like pass around rattlesnakes to test whether god wants them or their kids to live. Basically liberals who think that freedom of religion should count as a passcard to do nearly anything, especially if your not christian, and that anyone or anything should be allowed to be turned into a religion, are absolutly insane. When we have a country where you can become an ordained minister in a legal sense like 30 minutes, and with the right preparation start your own religion dedicated to worshipping a utility pole as the god of lightning... there is a problem. A point proven by all the joke religions people start and occasionally exploit the existance of for "lulz".

Athinira:

The installation of Truecrypt + 5 TB of random data is enough for the court to make the safe assumption that the "random data" is encrypted. Especially if TrueCrypt is installed in boot-mode (where it is stored in the first track of the hard drive, which indicates System Encryption).

Whether they are encrypted by him (or if he is even capable of decrypting it, and whether or not he can be ruled to so, is entirely separate issues. But since there is no crime involved with simply using encryption, there is nothing wrong with the court assuming (based on the indications) that the equipment is encrypted.

Also, while the developers have done a very good job, material encrypted with TrueCrypt DOES in fact have some distinguishing features that can support the suspicion of encryption being employed, especially if there is talk of encrypted containers (files), rather than encrypted partitions/drives/systems since these files have some giveaways.

Also, if TrueCrypt is employed on an SSD, the use of the TRIM-parameter makes it fairly easy to determine if the drive is encrypted, even if it just makes it look like random data. The only thing that is secret there is a hidden operating systems, because TrueCrypt specifically blocks the TRIM-parameter when a hidden operating system is in place to keep it a secret.

While it would be reasonable to expect this guy to have some amount of encrypted data, the prosecution seems to have the idea that he has used every last bit of these drives capacity. If he were to turn over content that was smaller that the expected 5TB they might think he was withholding information from them, and if he did withhold some content there would be difficulty proving that.

Therumancer:
However, I do not think the spirit of the law was intended to prevent this.

To me, it all comes down to an antiquidated law, that is being used neither in the context in which it was created, or updated for current technologies, being abused to create a loophole.

See, the founding fathers probably would have just tortured the guy until he broke the code or died. Like it or not their intent and practices were nothing like ours. I don't believe in doing something that barbaric, but I *DO* believe in a case where the property was already seized legally that the person should be made to either break the code or suffer the full penelties for whatever they were accused of with no chance of reprieve or reduction (ie they can't chooe later to decrypt the files in hopes of a lesser sentence once convicted this way).

And this practice your advocating is, to me, the signs of antiquidated laws (or rather, antiquidated customs from a time where humans were barbarians).

You seem to make out a lot about what the "founding fathers" intended with the amendments they passed, but fact is most of these amendments are "timeless", meaning that they are rather common sense whether we are talking the 17th, 18th, 19th, 20th, 21st or 22nd century. Are you honestly going to claim that the 13th amendment doesn't stand the test of time? The 14th? The 15th? The 1st? The 4th? You might think that the 5th amendment makes no sense in the digital world, but my last response to you makes in fact makes it perfectly clear why it makes sense. Like i said, decrypting contents is a testimonial act that acknowledges that you have control over the encrypted mediums. The 5th amendment does exactly what it's supposed to do.

Like i also mentioned in an earlier post, this opens up a big tuna-can of ways that an innocent person can be convicted. If a person claims that they can't decrypt a drive, and the court doesn't believe them, then they might send an innocent person to jail for contempt of court. There are plenty of reasons why someone might not be able to decrypt a seized drive. Forgotten password (unlikely, but not impossible, especially if it's a long court case and the accused hasn't had access to the mediums in a long time. It could also be that the password was written down, but lost during the search), lost keyfile (more likely than forgotten password. Some encrypted content requires keyfiles), or even claiming that the encrypted mediums isn't or wasn't under their control (either because the equipment doesn't belong to them, or they let someone else use it).

Your proposals are violating the very basic court principles that for centuries (both inside and outside the United States) have kept innocent people from going to jail. That is more antiquidated than the laws you are accusing of the same. If courts start making assumptions to the left and right about encrypted content that the accused refuses to (or worst case scenario, are unable to) decrypt, then people are gonna start going to jail for crimes they did not commit. The prosecution can basically claim the encrypted files contain whatever they dream up, and the accused will just have to swallow it. That's not how a 'justice' system works.

In fact, by that logic, we might also start prosecuting people for not confessing. After all, what's the difference between evidence that you can't get to on a hard drive, and evidence you can't get to in a persons mind ('evidence' in this case being what the prosecution CLAIMS are there, but they can't prove are there). Someone also made a comparison earlier to a handwrittendiary written in code seized during a search. If the prosecution can start claiming that you know what it means, and then prosecute you for not revealing it (despite your claim to not know what it means), then that is again not fair legal proceedings.

The ideal solution is the solution that is still in place today: That the prosecution gathers evidence from other sources (aka. through standard solid police work) and use that to prosecute their case. That is the basic principle of how law systems worked before encryption (and after the exclusion of torture and coercion). After all, something must have led them to the accused in the first place, so in most cases they will be able to dig something up. Yes, sometimes guilty people walk. That's a price we have to pay to keep innocent people out of jail. People who are truly guilty typically screw up again at a later stage, so there will always be a second chance to get them there, but there is no way to redeem the years an innocent man has lost in prison because of terrible court procedures.

Redlin5:
I wonder what it is like up here in Canada...

From what I remember of a book I borrowed from a friend who is doing law, it is pretty much the same (it goes against our rights and whatnot) but it is more apparent than in the states. Basically, the same thing will happen (you won't have to decrypt your stuff) but with less dancing around through the courts.
But I think it is circumstantial, like if they already know what is on your hard drives... I'll have to see if I can find that book again.

And off I go to download TrueCrypt.

A man's laptop is his property, his cut of cyberspace. If you want to search it with a warrant, FINE, but he's not showing you the gun cabinet, the secret hooch compartment, the illegal immigration tunnel, or the dead bodies hidden behind a wall of if-then statements. As with all things in a court of law, the prosecution must discover these things as per their empowerment to do so. No findy drugs? No have drug charges. No find incriminating data? No can make case on them. A locked computer that they can't figure out on their own may as well be the same as finding no axe, no blood, and no victim. You no haz evidence.

Athinira:

Therumancer:
However, I do not think the spirit of the law was intended to prevent this.

To me, it all comes down to an antiquidated law, that is being used neither in the context in which it was created, or updated for current technologies, being abused to create a loophole.

See, the founding fathers probably would have just tortured the guy until he broke the code or died. Like it or not their intent and practices were nothing like ours. I don't believe in doing something that barbaric, but I *DO* believe in a case where the property was already seized legally that the person should be made to either break the code or suffer the full penelties for whatever they were accused of with no chance of reprieve or reduction (ie they can't chooe later to decrypt the files in hopes of a lesser sentence once convicted this way).

And this practice your advocating is, to me, the signs of antiquidated laws (or rather, antiquidated customs from a time where humans were barbarians).

You seem to make out a lot about what the "founding fathers" intended with the amendments they passed, but fact is most of these amendments are "timeless", meaning that they are rather common sense whether we are talking the 17th, 18th, 19th, 20th, 21st or 22nd century. Are you honestly going to claim that the 13th amendment doesn't stand the test of time? The 14th? The 15th? The 1st? The 4th? You might think that the 5th amendment makes no sense in the digital world, but my last response to you makes in fact makes it perfectly clear why it makes sense. Like i said, decrypting contents is a testimonial act that acknowledges that you have control over the encrypted mediums. The 5th amendment does exactly what it's supposed to do.

Like i also mentioned in an earlier post, this opens up a big tuna-can of ways that an innocent person can be convicted. If a person claims that they can't decrypt a drive, and the court doesn't believe them, then they might send an innocent person to jail for contempt of court. There are plenty of reasons why someone might not be able to decrypt a seized drive. Forgotten password (unlikely, but not impossible, especially if it's a long court case and the accused hasn't had access to the mediums in a long time. It could also be that the password was written down, but lost during the search), lost keyfile (more likely than forgotten password. Some encrypted content requires keyfiles), or even claiming that the encrypted mediums isn't or wasn't under their control (either because the equipment doesn't belong to them, or they let someone else use it).

Your proposals are violating the very basic court principles that for centuries (both inside and outside the United States) have kept innocent people from going to jail. That is more antiquidated than the laws you are accusing of the same. If courts start making assumptions to the left and right about encrypted content that the accused refuses to (or worst case scenario, are unable to) decrypt, then people are gonna start going to jail for crimes they did not commit. The prosecution can basically claim the encrypted files contain whatever they dream up, and the accused will just have to swallow it. That's not how a 'justice' system works.

In fact, by that logic, we might also start prosecuting people for not confessing. After all, what's the difference between evidence that you can't get to on a hard drive, and evidence you can't get to in a persons mind ('evidence' in this case being what the prosecution CLAIMS are there, but they can't prove are there). Someone also made a comparison earlier to a handwrittendiary written in code seized during a search. If the prosecution can start claiming that you know what it means, and then prosecute you for not revealing it (despite your claim to not know what it means), then that is again not fair legal proceedings.

The ideal solution is the solution that is still in place today: That the prosecution gathers evidence from other sources (aka. through standard solid police work) and use that to prosecute their case. That is the basic principle of how law systems worked before encryption (and after the exclusion of torture and coercion). After all, something must have led them to the accused in the first place, so in most cases they will be able to dig something up. Yes, sometimes guilty people walk. That's a price we have to pay to keep innocent people out of jail. People who are truly guilty typically screw up again at a later stage, so there will always be a second chance to get them there, but there is no way to redeem the years an innocent man has lost in prison because of terrible court procedures.

Again, we're dealing with a situation where by the time the case has gone to court the evidence in question has already been picked up through due search and seizure. The court has the right to that information, and if the person refuses to decrypt it they are impeding the investigation.

It is highly unlikely that something would be deemed relevent and have a person pleading the 5th if it was unaccesible to them to begin with. To be seized it's going to be a computer routinely used by the accused for business puirposes or whatever.

I understand your reasoning here, I just happen to disagree with it. My point about the founding fathers is simply that these laws are NOT timeless, and they even said so themselves. I think it was Thomas Jefferson who mentioned the bit about re-doing the constitution every 19 years.

The differance is you don't care if the criminals get away, largely because your not a victim in a case like this. In my case I tend to side more with the victims and law enforcement. A big part of why is simply because all anti-police paranoia aside, the system just doesn't have the resources to throw everyone in jail, or waste it's time screwing with people on a power trip. It has no active desire to put innocent people in jail for the lulz.

In most cases with the 5th Amendment it's dealt with by offering immunity for things unrelated to the crime in question, and that is part of what lets it work. But in a case like a real estate scam you can't provide immunity to that kind of evidence.

As far as police work goes, again, the point is that the police work lead to the files on that system.

I consider simply finding the person guilty for not cooperating in that case and ending it right there a perfectly reasonable and civilized alternative.

As far as forgetting the password or being unable to enter the data, that's not a 5th Amendment plea, the 5th stands on it's own without justification or saying why your making the plea. See if someone said "I can't do it" that would have to be evaluated on it's own merits situation by situation, but on it's own saying "well I won't open that because it will incriminate me and I know this" (the 5th) that is something entirely differant.

while he may be right to hace a choice, he is still hingering and investigation. thats like if a robber is runing though your yard and you wont let police chase you because they cant enter without court order. i though this was an article about SOPA rage and how SOPA would legally put people who encrypt thier internet connection to jail but apparently this is something unrelated, so im raving.

Therumancer:

I consider simply finding the person guilty for not cooperating in that case and ending it right there a perfectly reasonable and civilized alternative.

I consider that to be extremely barbaric. The concept of innocent until proven guilty is pretty timeless.

Therumancer:
Again, we're dealing with a situation where by the time the case has gone to court the evidence in question has already been picked up through due search and seizure. The court has the right to that information, and if the person refuses to decrypt it they are impeding the investigation.

There is a difference between "impeding an investigation" and "refusing to help an investigation".

By that logic, not confessing to a crime you have committed, you are also impeding an investigation. You are currently moving from your original argument here (which was that people were hiding behind a technicality, an argument i would dispute, but you still made it) to the point of arguing that people have to prove their own innocence rather than being proven guilty.

Therumancer:
It is highly unlikely that something would be deemed relevent and have a person pleading the 5th if it was unaccesible to them to begin with. To be seized it's going to be a computer routinely used by the accused for business puirposes or whatever.

Not really. When a search and seizure is conducted at a property, the police (or whoever is conducting the search) typically takes all material they suspect might be relevant, and then they later sort out what they consider irrelevant. Encrypted content can, at best, make police suspect that something relevant is located there, but being unable to decrypt it makes that a guessing game.

Also, you seem to be under the impression that a person somehow needs an excuse for pleading the 5th. That couldn't be further from the truth. A person doesn't need an "excuse" to plead the 5th. Pleading the 5th doesn't mean you have anything to hide. Like the supreme once court said in a case: "One of the 5th Amendment's basic functions is to protect innocent men who otherwise might be ensnared by ambiguous circumstances. Truthful responses of an innocent witness, as well as those of a wrongdoer, may provide the government with incriminating evidence from the speakers own mouth."

In a country where lying the police is a felony (which, may i remind you, can also involve being convicted for telling the police the truth in cases where the police might have evidence suggesting you're lying, even if that evidence is mistaken), you don't need an excuse to exercise your right to silence.

If you have never watched it before, i recommend the YouTube video in the spoiler below. It explains very well why you should pretty much ALWAYS take the 5th if the police approaches you, even if you're innocent as an angel and have nothing to hide. You don't need an excuse to use no words besides "I want a lawyer", and that goes both for talking to the police and keeping silent in court as well.

Therumancer:
I understand your reasoning here, I just happen to disagree with it. My point about the founding fathers is simply that these laws are NOT timeless, and they even said so themselves. I think it was Thomas Jefferson who mentioned the bit about re-doing the constitution every 19 years.

Many of them are timeless. I won't dispute that some of them might be a bit ridiculous by modern standards (the right to having a gun in your home, for example. I'm not one of the anti-gun fanatics, but i do believe that a law permitting people to have a weapon should be a normal law that are easier to change, and not a constitutional law), but several of the amendments (prohibiting slavery, illegal searches etc.) are rather timeless unless you predict that the USA will be the United Dictatorship of America in the near future.

But anyway, returning to the topic at hand, i see no convincing evidence in your argument that the 5th Amendment needs an update.

The examples in the video above (not to mention the THOUSANDS of other cases where testimony of innocent people have sent them to jail for crimes they did not commit because they didn't take the 5th) showcase well enough why the 5th is a basic necessity, and why it still fulfills its purpose. You see, the way the 5th is worded leads me to believe that it wasn't just invented to prevent confessions induced by coercion and torture. The quote from the Supreme Court in my last paragraph shows very well that the courts have a fine understanding of what the Amendment is meant to accomplish.

In the case of encryption, the 5th plays a very specific role, because dealing with encrypted content in court cases (in the way that you want them to deal with it) has some very specific problems. First of all, until decrypted, you cannot prove that the content on the encrypted drive has any relevance to the case. But second, and most importantly of all, you cannot in any way prove that someone (the accused) is capable of decrypting the drive to begin with (until they actually do so).

You cannot prove that they know the password (or knew it at one point, in case they have forgotten) or have access to the keyfile necessary to encrypt the drives or files that are encrypted. You might also not be able to prove that they are (were) the users of the encrypted content. Hell, in some cases you might not be able to prove that they are the owner of the content (even in some cases if they are the owner of the equipment). A person cannot be held in contempt of court if they are unable to comply with a judges order.

You are basically arguing that if a case involves encrypted content, the accused is guilty until they prove themself innocent by decrypting content they might not even be able to decrypt in the first place (because ultimately, any case involving encrypted content IS going to be a guessing game about whether or not the accused can actually decrypt the content). Suffice to say, that isn't in any way an appropriate way for a modern legal system to work.

Also, on the subject of "forgetting the password", i would like to give you a point of reference. As mentioned earlier in this thread, i use TrueCrypt myself. My Password, while not entirely 100% random, consists of upper and lowercase-letters, numbers and special characters and is almost 40 (!!) characters long (to prevent bruteforcing). I use the password around every third day on average, and i have a VERY good memory, which means that I'm unlikely to forget it in a hurry. Should i have my computers seized, however (for whatever reason), and they came to me and wanted me to decrypt my content maybe a year or more after i used that password last time (because court cases take so f*****g long), even i wouldn't be able to guarentee that I'd remember it.

I should mention btw, in this regard, that the 5th Amendment DOES have a special exception that can make it void in the regards to Encryption, and that's the Foregone Conclusion Doctrine that states that the provision of information is not subject to the Fifth Amendment privilege against self-incrimination when the existence and location of information are known to the government, and the act of providing the evidence adds little or nothing to the Governments case. In those exceptions, the government can still compel a suspect to produce the contents of an encrypted drive (and has done so in the past). In the link provided, the defendant (Sebastian Boucher) had already showed some of the content of the encrypted drive before the court trial to ICE agents and had admitted to possession of the computer, the the Foregone Conclusions denied him the protection of the 5th Amendment. The constitution isn't exactly as "out of time" as you would have us believe :o)

Therumancer:
The differance is you don't care if the criminals get away, largely because your not a victim in a case like this. In my case I tend to side more with the victims and law enforcement. A big part of why is simply because all anti-police paranoia aside, the system just doesn't have the resources to throw everyone in jail, or waste it's time screwing with people on a power trip. It has no active desire to put innocent people in jail for the lulz.

And this is why theory differs so much from reality. In theory, the system has no active desire to put innocent people in jail, yes. In reality, the rules for the system still allows it to happen on a daily basis in the United States. In the US, the police are allowed to lie to you and (verbally) intimidate you into confessing to a crime, whether you did do anything criminal or not, and every day people who don't take the 5th DO confess to crimes they did not commit. Sometimes these are smaller things that results in a fine. Sometimes people go to jail for it.

The system might not have an active desire to let things be that way, but you know what they say: The road to hell is paved with good intentions.

In that regard btw, it's great that you side with the "victims" of crime. What about the people that are sent innocently to jail? They aren't "victims" or what? :o)

Therumancer:
In most cases with the 5th Amendment it's dealt with by offering immunity for things unrelated to the crime in question, and that is part of what lets it work. But in a case like a real estate scam you can't provide immunity to that kind of evidence.

And, as the name implies, the immunity is an OFFER. The defendant can still decide to reject it and keep their mouth shut, in which case the prosecution will have to fall back on the remainder of their evidence.

Defendant usually only take up such an offer when the rest of the evidence against them can be considered to weigh heavily in favor of the prosecution, and they by taking the offer can somehow help their case. In the case of encryption, if the prosecution so desperately need to get the content decrypted, then chances are that the rest of their evidence is thin. In that case, the offer is unlikely to be the better decision.

That the prosecution often tries to "cheat" the legal system by offering immunity for revealing the password (but not immunity for the content that the password might be used to decrypt) is also just laughable. THAT, my friend, is the true meaning of hiding behind technicalities (by trying to circumvent the legal rights of the defendant using semantics).

So in short...

Therumancer:
I consider simply finding the person guilty for not cooperating in that case and ending it right there a perfectly reasonable and civilized alternative.

...there is a good reason that suspects/defendants are not required to cooperate with the police: Because INNOCENT people have gone to jail for that several times through history for "cooperating" with police.

You can try to twist it any way you like, but history has shown that the ability to deny speaking with or helping the police (if you're a suspect) is a NECESSARY right if the goal of the 'justice' system is to disperse actual justice. The amount of innocents that have been jailed on account of not exercising their rights is staggering, and i see no convincing argument to take those rights away from them. Especially not the 5th. I once again recommend watchin the video above. There are some interesting statistics about how many people have gone to jail for not taking the 5th (especially during earlier times where racism caused black people to be tried en masse for crimes they did not commit, and many went to jail on confessions).

Andy Chalk:
An investigation into the unspecified but presumably criminal activities of a Florida man

Oh yes, please do presume he is guilty of something before any conviction of such. What else would a free country have you do!

Marcus Thomas:

Therumancer:

I consider simply finding the person guilty for not cooperating in that case and ending it right there a perfectly reasonable and civilized alternative.

I consider that to be extremely barbaric. The concept of innocent until proven guilty is pretty timeless.

Well, not really, actually that's a very western concept.

What's more this has nothing to do with that, this all about the rules of evidence really.

Basically, at this level we're talking about whether or not evidence that has been obtained in an approved search, and which is capable of proving a suspect guilty of crimes they committed, can be used in court if the accused can protect the evidence in such a way that the court cannot access it.

I'm saying that this is a stupid semantic arguement that is directly opposed to the spirit of the law, your saying you don't care. We disagree. But then again it's a touchy subject which is why it's newsworthy.

See, I think the problem is that your anti-goverment to the point where you want every tool and loophole you can use to defend yourself. I'm more concerned with the victims and getting the criminals off the street.

I'll also go so far as to say that I think you and the people like you, are one of the reasons why the country is such a mess right now, and why we have all these bankers and white collar criminals running roughshod over everyone, and things like the Occupy Wall Street Movement. The kind of defense your advocating is exactly how people like that manage to commit crimes and then avoid being held accountable for them due to being able to hire high priced lawyers to make semantic arguements for them. Right now this is exactly the kind of legal wrangling we need to step down on hard.

I can't help but think your tune would change if someone had scammed you out of a house or something, been caught red handed, and then got away with it because they were simply able to afford encryption the goverment can't break. If this stands it's a free pass for anyone who can afford enough digital protection to engage in any kind of scam they want. I have an issue with that.

 Pages PREV 1 2 3 4 5 6 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here