U.S. Court Extends Fifth Amendment to Encrypted Data

 Pages PREV 1 2 3 4 5 6 NEXT
 

Bertinan:
You can clear out bank accounts, steal credit card information, hire a hitman, whatever you want now.

So should we go back to the old days when hitmen kept a written record of their activities which they kept under their beds so it would be easy for the police to find?

Realitycrash:
can someone PLEASE explain to me what the 5:th Ammendment is all about? Because after reading this, I imagined a scenario.
Imagine that there is a man that the feds know of suspect, that have a trigger locked in a small box. If the trigger is not pressed within 24 hours, a bomb goes off somewhere, and a lot of people get killed. The feds know suspect this, they have the man, he knows how to open the box, but he denies that there is a trigger in the box (though he confirms that there is something illegal in there, and that he can open the box, but he won't, because it would "incriminate himself"). The feds can not open the box without the bomb going off, nor can they find the bomb within 24 hours.
So, even though the man admits that he is hiding something illegal, and the feds have very strong evidence for thinking that this might be the trigger, they really can't force the man to open the box?

I fixed it for you.

Most countries have something similar. It's the right to remain silent.

The court can compel your man to open the box, as he has already admitted that he can, but it cannot compel him to reveal any information which resides in his brain.

Suppose you are suspected of an assault that occurred on a particular street. You are innocent, but you were walking down that particular street at the time the assault took place. If you told the police this fact, that would "incriminate yourself", even though you are innocent. It would be a piece of evidence they could use against you in a trial. You would be foolish to reveal this information to the police, and it would be wrong for a government to have the power to compel someone to reveal such information. By "pleading the fifth" you might seem to admit that there is some information that incriminates you (makes you appear guilty), but that does not imply any actual guilt. The Fifth Amendment is intended to protect the innocent from being compelled to incriminate themselves (make themselves appear guilty).

To apply a similar logic to the encryption argument, if I have an encrypted document on my computer all about how I really, really hate a particular person, and then one day this person turns up floating in the river with a bullet in his head, I'm sure as hell not going to want the police to be able to read that document.

Or if I keep a traditional, pen and paper diary, and in the entry for April 19th, I have written "JC" (using initials is a form of encryption), and on April 19th John Connor turns up in a similar river/bullet-based predicament, I am not going to want to tell the police that "JC" stands for John Connor. Of course if "JC" actually stood for Jackie Chan I would be happy to tell the police that.

Thyunda:
Privacy is overrated when it starts interfering with the justice system.

This isn't about privacy at all.

Thyunda:
People need to respect the police.

In the same way that we need to respect tigers.

'Never trust a copper' is 70s talk. I like to think we've come past that. If the officer asks 'what's in the box', you open the box. The law enforcement has a job to do. An important job.

And if law enforcement is investigating me, it's going to have to do that job without my help.

"Always trust a copper" is just as stupid as "never trust a copper".

The police are (mostly) honest people. The problem is they are honestly following a procedure that says: 1. Gather evidence. 2. Is there enough evidence to press charges? 3. If yes, press charges. There is no room for an officer to say, well, yesss... but I think we've got the wrong guy. If there's enough evidence, the charges get pressed, whether the police think he's guilty or not.

That procedure will and does lead to charges being pressed against innocent people every day.

If you disagree, then perhaps you'd like to explain to the class, in your own words, why, if at all, you think we need a criminal court system with juries of our peers.

Thyunda:
Now let's not bring in the faults of the legal system here

The faults of the legal system are the only reason this thread exists. If the legal system was faultless, there would be nothing to discuss here.

what,s there to prevent you from making a kill switch?
somebody with childporn can easily delete all the data or destroy the storage medium.
or maybe a master key that unencrypts all forms of data.

oktalist:

Bertinan:
You can clear out bank accounts, steal credit card information, hire a hitman, whatever you want now.

So should we go back to the old days when hitmen kept a written record of their activities which they kept under their beds so it would be easy for the police to find?

Realitycrash:
can someone PLEASE explain to me what the 5:th Ammendment is all about? Because after reading this, I imagined a scenario.
Imagine that there is a man that the feds know of suspect, that have a trigger locked in a small box. If the trigger is not pressed within 24 hours, a bomb goes off somewhere, and a lot of people get killed. The feds know suspect this, they have the man, he knows how to open the box, but he denies that there is a trigger in the box (though he confirms that there is something illegal in there, and that he can open the box, but he won't, because it would "incriminate himself"). The feds can not open the box without the bomb going off, nor can they find the bomb within 24 hours.
So, even though the man admits that he is hiding something illegal, and the feds have very strong evidence for thinking that this might be the trigger, they really can't force the man to open the box?

I fixed it for you.

Most countries have something similar. It's the right to remain silent.

The court can compel your man to open the box, as he has already admitted that he can, but it cannot compel him to reveal any information which resides in his brain.

Suppose you are suspected of an assault that occurred on a particular street. You are innocent, but you were walking down that particular street at the time the assault took place. If you told the police this fact, that would "incriminate yourself", even though you are innocent. It would be a piece of evidence they could use against you in a trial. You would be foolish to reveal this information to the police, and it would be wrong for a government to have the power to compel someone to reveal such information. By "pleading the fifth" you might seem to admit that there is some information that incriminates you (makes you appear guilty), but that does not imply any actual guilt. The Fifth Amendment is intended to protect the innocent from being compelled to incriminate themselves (make themselves appear guilty).

To apply a similar logic to the encryption argument, if I have an encrypted document on my computer all about how I really, really hate a particular person, and then one day this person turns up floating in the river with a bullet in his head, I'm sure as hell not going to want the police to be able to read that document.

Or if I keep a traditional, pen and paper diary, and in the entry for April 19th, I have written "JC" (using initials is a form of encryption), and on April 19th John Connor turns up in a similar river/bullet-based predicament, I am not going to want to tell the police that "JC" stands for John Connor. Of course if "JC" actually stood for Jackie Chan I would be happy to tell the police that.

Thyunda:
Privacy is overrated when it starts interfering with the justice system.

This isn't about privacy at all.

Thyunda:
People need to respect the police.

In the same way that we need to respect tigers.

'Never trust a copper' is 70s talk. I like to think we've come past that. If the officer asks 'what's in the box', you open the box. The law enforcement has a job to do. An important job.

And if law enforcement is investigating me, it's going to have to do that job without my help.

"Always trust a copper" is just as stupid as "never trust a copper".

The police are (mostly) honest people. The problem is they are honestly following a procedure that says: 1. Gather evidence. 2. Is there enough evidence to press charges? 3. If yes, press charges. There is no room for an officer to say, well, yesss... but I think we've got the wrong guy. If there's enough evidence, the charges get pressed, whether the police think he's guilty or not.

That procedure will and does lead to charges being pressed against innocent people every day.

If you disagree, then perhaps you'd like to explain to the class, in your own words, why, if at all, you think we need a criminal court system with juries of our peers.

Thyunda:
Now let's not bring in the faults of the legal system here

The faults of the legal system are the only reason this thread exists. If the legal system was faultless, there would be nothing to discuss here.

If you had nothing to hide, the investigation could write you off and go elsewhere. But if you insist on hiding it, you're only delaying it. But, then, I guess you can get away with anything as long as you encrypt the evidence.

Athinira:

reonhato:
i know the password to my mums computer because i have to fix it all the time, does not mean i know what the contents are.

...and similarly, being in possession of a computer with encrypted contents doesn't mean you know what the password for that content are :o)

reonhato:
this is a simply case of a deliberate attempt at hiding evidence and refusing to hand it over. it should not be protected any more then shredding papers.

No, no and no.

First of all, nothing is hidden. The police have access to the data, they just don't have the knowledge of how to read it. Shredding papers is DESTRUCTION of data. An entirely different thing. Destructed things can't necessarily be reconstructed, and those papers can therefore be irrecoverably lost. Decrypted data can ALWAYS be recovered if someone knows how to do it.

Second of all, you assume beforehand it's evidence. Until the content is actually decrypted, you don't know if it was just random data, of if there was actually something of interest to the case.

Thirdly, you don't know if anyone is "refusing" anything. Until the data actually gets decrypted, you cannot conclusively prove that the defendant is actually capable of decrypting the data to begin with. The law states that you cannot be held in contempt of court for not doing something you are incapable of doing.

.

Since you decided to bring in the example with you knowing your moms password, allow me to extend your example:
Imagine that your mom gives you her computer since she has gotten a new one. A few months later, the feds knock on your door with a search warrant because they believe to have evidence that there are illegal content on your computer (or maybe they believe you are tax frauding and wants to seize any documents that could be relevant, including digital ones). On your computer they find a file of random data (from back when your mom had the computer), which they suspect is an encrypted file.

Now first, they demand you decrypt it. You deny being able to decrypt it, stating that it's a leftover file from when your mom was the proprietor. The feds talk to your mom, but she says she forgot the password (or maybe she isn't sure what file they mean or can't remember) since it's some months since she used the computer.

Now, by your logic, the feds can now charge both you and your mom for withholding evidence, even though they cannot conclusively prove that the file is actually an encrypted file, or that either of you actually know (remembers) a valid password for the file.

And once again, i will remind you that real criminals CAN and WILL cheat the feds with a hidden volume, one which you cannot prove the existence of.

but he did not refuse to do it based on not knowing how, he refused based on the 5th amendment. it is perfectly reasonable to assume that he knows how.

the idea that i am assuming it is evidence is wrong. i am assuming the investigators have reason to believe it is evidence. just like when they have reason to believe you are in possession of drugs they can get a warrant and search your house, they should be allowed to get a warrant to get access to the encrypted information.

they have reason to believe the encrypted info is evidence, they have reason to believe the man knows how to decrypt it. the man refusing to give them that information is breaking the law, the same way the druggie is breaking the law if he refuses to let the police search his house.

as for your example. simply dating the file would be enough evidence to see whos it is and who should be charged.

Athinira:

Thyunda:
Well this is just plain silly. What's he got on his hard drive that he doesn't want the FBI to see? He should have been put away for deliberate obstruction of justice. If you're threatened with a jail sentence, and all you have on your hard drive is a couple of embarrassing files, then surely you'd just let the FBI in?

Jesus, more people who doesn't understand how encryption works, nor the law.

First of all, there is a difference between "obstruction of justice" and "refusing to help". Refusing to help police build a case against yourself is not the same as obstruction of justice. You have NO obligation to help them, and giving that helping them is counter-intuitive to your case, why would you?

Second of all, as mentioned in my earlier posts, you cannot beat encryption. Ever. Hidden volumes means that encryption can cheat investigators, and they have no way to prove otherwise.

Thyunda:
Privacy is overrated when it starts interfering with the justice system.

The man is innocent until proven guilty. To jail someone for "Obstruction of justice" (even though, as i explained, refusing to decrypt something isn't obstruction of justice), you first have to prove that there are justice to be dispersed in the first place. If the man is innocent (which is the governments job to prove that he isn't, and he isn't obliged to help them), then there is no justice to be dispersed.

Also i almost don't even want to touch terrible your logic is. By that argument, the government should install cameras in EVERY home in the United States so they could spy on us. Then they would be able to solve almost every case of domestic violence, robbery etc. Sounds like a good idea to you? :o)

Notice how you keep mentioning hidden volumes. Which I mentioned in my post.

Then the rest was just ranting, providing no discernible arguments yet providing analogies for it.

reonhato:

Athinira:

reonhato:
i know the password to my mums computer because i have to fix it all the time, does not mean i know what the contents are.

...and similarly, being in possession of a computer with encrypted contents doesn't mean you know what the password for that content are :o)

reonhato:
this is a simply case of a deliberate attempt at hiding evidence and refusing to hand it over. it should not be protected any more then shredding papers.

No, no and no.

First of all, nothing is hidden. The police have access to the data, they just don't have the knowledge of how to read it. Shredding papers is DESTRUCTION of data. An entirely different thing. Destructed things can't necessarily be reconstructed, and those papers can therefore be irrecoverably lost. Decrypted data can ALWAYS be recovered if someone knows how to do it.

Second of all, you assume beforehand it's evidence. Until the content is actually decrypted, you don't know if it was just random data, of if there was actually something of interest to the case.

Thirdly, you don't know if anyone is "refusing" anything. Until the data actually gets decrypted, you cannot conclusively prove that the defendant is actually capable of decrypting the data to begin with. The law states that you cannot be held in contempt of court for not doing something you are incapable of doing.

.

Since you decided to bring in the example with you knowing your moms password, allow me to extend your example:
Imagine that your mom gives you her computer since she has gotten a new one. A few months later, the feds knock on your door with a search warrant because they believe to have evidence that there are illegal content on your computer (or maybe they believe you are tax frauding and wants to seize any documents that could be relevant, including digital ones). On your computer they find a file of random data (from back when your mom had the computer), which they suspect is an encrypted file.

Now first, they demand you decrypt it. You deny being able to decrypt it, stating that it's a leftover file from when your mom was the proprietor. The feds talk to your mom, but she says she forgot the password (or maybe she isn't sure what file they mean or can't remember) since it's some months since she used the computer.

Now, by your logic, the feds can now charge both you and your mom for withholding evidence, even though they cannot conclusively prove that the file is actually an encrypted file, or that either of you actually know (remembers) a valid password for the file.

And once again, i will remind you that real criminals CAN and WILL cheat the feds with a hidden volume, one which you cannot prove the existence of.

but he did not refuse to do it based on not knowing how, he refused based on the 5th amendment. it is perfectly reasonable to assume that he knows how.

the idea that i am assuming it is evidence is wrong. i am assuming the investigators have reason to believe it is evidence. just like when they have reason to believe you are in possession of drugs they can get a warrant and search your house, they should be allowed to get a warrant to get access to the encrypted information.

they have reason to believe the encrypted info is evidence, they have reason to believe the man knows how to decrypt it. the man refusing to give them that information is breaking the law, the same way the druggie is breaking the law if he refuses to let the police search his house.

as for your example. simply dating the file would be enough evidence to see whos it is and who should be charged.

It's not the same way.

A more similar analogy would be that the feds has a warrant to search your house and the person allows them to search for it but refuses to help them find the item.

Redlin5:
I wonder what it is like up here in Canada...

Well they dont currently even need a warrant to monitor our internet usage, only to force a ip to provide them access if the ip does not volunteer it. Based on that I would wager we would be forced to decrypt anything they asked us too.

Tubez:

reonhato:

Athinira:

...and similarly, being in possession of a computer with encrypted contents doesn't mean you know what the password for that content are :o)

No, no and no.

First of all, nothing is hidden. The police have access to the data, they just don't have the knowledge of how to read it. Shredding papers is DESTRUCTION of data. An entirely different thing. Destructed things can't necessarily be reconstructed, and those papers can therefore be irrecoverably lost. Decrypted data can ALWAYS be recovered if someone knows how to do it.

Second of all, you assume beforehand it's evidence. Until the content is actually decrypted, you don't know if it was just random data, of if there was actually something of interest to the case.

Thirdly, you don't know if anyone is "refusing" anything. Until the data actually gets decrypted, you cannot conclusively prove that the defendant is actually capable of decrypting the data to begin with. The law states that you cannot be held in contempt of court for not doing something you are incapable of doing.

.

Since you decided to bring in the example with you knowing your moms password, allow me to extend your example:
Imagine that your mom gives you her computer since she has gotten a new one. A few months later, the feds knock on your door with a search warrant because they believe to have evidence that there are illegal content on your computer (or maybe they believe you are tax frauding and wants to seize any documents that could be relevant, including digital ones). On your computer they find a file of random data (from back when your mom had the computer), which they suspect is an encrypted file.

Now first, they demand you decrypt it. You deny being able to decrypt it, stating that it's a leftover file from when your mom was the proprietor. The feds talk to your mom, but she says she forgot the password (or maybe she isn't sure what file they mean or can't remember) since it's some months since she used the computer.

Now, by your logic, the feds can now charge both you and your mom for withholding evidence, even though they cannot conclusively prove that the file is actually an encrypted file, or that either of you actually know (remembers) a valid password for the file.

And once again, i will remind you that real criminals CAN and WILL cheat the feds with a hidden volume, one which you cannot prove the existence of.

but he did not refuse to do it based on not knowing how, he refused based on the 5th amendment. it is perfectly reasonable to assume that he knows how.

the idea that i am assuming it is evidence is wrong. i am assuming the investigators have reason to believe it is evidence. just like when they have reason to believe you are in possession of drugs they can get a warrant and search your house, they should be allowed to get a warrant to get access to the encrypted information.

they have reason to believe the encrypted info is evidence, they have reason to believe the man knows how to decrypt it. the man refusing to give them that information is breaking the law, the same way the druggie is breaking the law if he refuses to let the police search his house.

as for your example. simply dating the file would be enough evidence to see whos it is and who should be charged.

It's not the same way.

A more similar analogy would be that the feds has a warrant to search your house and the person allows them to search for it but refuses to help them find the item.

no a more similar analogy would be that the feds have a warrant to search your house, they find a suspicious box but it is locked, around your neck is a key the same size as the lock for the box, they ask for it and you wave it in their face and say no.

reonhato:

Tubez:

reonhato:

but he did not refuse to do it based on not knowing how, he refused based on the 5th amendment. it is perfectly reasonable to assume that he knows how.

the idea that i am assuming it is evidence is wrong. i am assuming the investigators have reason to believe it is evidence. just like when they have reason to believe you are in possession of drugs they can get a warrant and search your house, they should be allowed to get a warrant to get access to the encrypted information.

they have reason to believe the encrypted info is evidence, they have reason to believe the man knows how to decrypt it. the man refusing to give them that information is breaking the law, the same way the druggie is breaking the law if he refuses to let the police search his house.

as for your example. simply dating the file would be enough evidence to see whos it is and who should be charged.

It's not the same way.

A more similar analogy would be that the feds has a warrant to search your house and the person allows them to search for it but refuses to help them find the item.

no a more similar analogy would be that the feds have a warrant to search your house, they find a suspicious box but it is locked, around your neck is a key the same size as the lock for the box, they ask for it and you wave it in their face and say no.

No its not the same, since the feds have access to the information. You shouldn't be required to translate for them.

And honestly I do not see why anyone should be required to hand over the key (Of course then you would have to accept that feds would try to open it with other means and you should expect the safe to be broken into and you shouldn't be able to whine that they broke something).

DVS BSTrD:
I find the FBI's decryption abilities far more contemptible than this guy's refusal to surrender the information.

I'm going to have to ask you to restrain yourself.

albino boo:

And great day for fraudsters, drug dealers, corrupt politicians, the various mobs, hit men, the Ku Klux clan, the Aryan nation and the other terrorist groups out there. So if Enron had just encrypted all their data they could have walked away scot free after defrauding ten of thousands of poeple. Rod Blagojevich should have sent an encrypted email instead of selling Obama's senate seat on the phone and he wouldn't be doing 14 years and the democratic process would have been for sale. But hey data privacy is way more important than protecting the democratic process.

And think about all the criminals already protected by the fifth amendment! I mean, all a criminal has to do is take the stand and not incriminate himself!

And due process? Man, that shit puts millions of criminal on the streets again! Think about all the criminals we could catch if we stopped requiring things like probable cause and enforcing Miranda rights.

Yeah, I can see a bit of a problem here with the FBI wanting to force people to decrypt data.

Yet at the same time, encrypting your data obviously means that you have something to hide and some damn good reason to put a good enough encryption that the FBI can't solve it. Either that, or you have way too much time on your hands. I can understand avoiding self-incrimination, but is there really so much sensitive data that you're willing to hide from the FBI that you're going to call the Constitution out on them? I know that's what it's there for, but is it really worth the trouble?

I support this. It is no different than physical property. If the police have a search warrant for your property you don't have to give them the key. They can, however, kick the door down to get in. This is the same thing. You don't have to decrypt the data for them but they can break it themselves.

reonhato:
no a more similar analogy would be that the feds have a warrant to search your house, they find a suspicious box but it is locked, around your neck is a key the same size as the lock for the box, they ask for it and you wave it in their face and say no.

Funny that you should touch this aspect. You see, The Supreme Court has already ruled on this issue several times in regards to opening Safe deposit boxes during a search and seizure. Their ruling is that the police can only compel you to give them physical keys to a safe (if you are in possession of those keys), but that they cannot compel you to reveal the combination to a safe.

A password to encrypted content is a hundred times closer to a combination than a physical key, and barring the Foregone Conclusion, that information is therefore testimonial and protected by the 5th Amendment.

reonhato:
but he did not refuse to do it based on not knowing how, he refused based on the 5th amendment. it is perfectly reasonable to assume that he knows how.

No it's not. It's not "perfectly reasonable" to assume such things when you gambling with peoples freedom (or possibly lives) in the justice system.

Also, refusing based on not knowing how and refusing based on the 5th Amendment aren't mutually exclusive. Someone can take the 5th first, and then if a court rules that the 5th doesn't apply, they can still claim afterwards that they don't know how to open it (taking the 5th doesn't imply that you have to acknowledge to be able to open it, so it's perfectly possible to take up that position afterwards).

The 5th Amendment wasn't invented so that the courts could just go "Oh he isn't talking, so he probably knows something". That's not how it works, and choosing to take the 5th Amendment and not talking is not a freeride for either the police nor the courts to just go fabricate facts they can't find themself.

reonhato:
the idea that i am assuming it is evidence is wrong. i am assuming the investigators have reason to believe it is evidence. just like when they have reason to believe you are in possession of drugs they can get a warrant and search your house, they should be allowed to get a warrant to get access to the encrypted information.

Physical items can often be linked to a person during the seizure. Digital information on the other hand can only be linked by analyzing it's nature. Since there is no way to analyze the nature of something that's encrypted, you can't link it to the defendant. For all you know, the encrypted information might as well be a file created by a piece of software that the defendant knows nothing about, in which case they can't decrypt it. It could also be a file from a massive file transaction that occured between the defendant and someone else at some point. It could be that the computer was bought used and the defendant hasn't formatted it, and the file isn't his. It could be that the file isn't encrypted but is just a chunk of random data (no way to tell the difference without decrypting it). The possibilities are endless.

And that's the core of the problem: You cannot prove that a defendant can actually decrypt something you want them to decrypt. And you cannot by law force them to reveal information regarding the encryption because the 5th Amendment protects their right to remain silent. So all you have left is guesswork, and guesswork doesn't hold up in court.

reonhato:
they have reason to believe the encrypted info is evidence, they have reason to believe the man knows how to decrypt it.

No and no.

They have no reason to believe the encrypted info (if it's encrypted content in the first place) is evidence and that the guy can decrypt it. They have a suspicion. That's it. Suspicion and "Reason to Believe" are two entirely different things, and suspicion alone is not enough. You need to have SOMETHING.

In the Sebastian Boucher case, for example, the court put weight on the fact that Boucher had made the mistake of already showing ICE Agents some of the child pornography that was on his encrypted drive. That was enough for the court to invoke the Foregone Conclusion, and compel Boucher to show his decrypted drive. But if all you have is a bunch of random data you suspect MIGHT be encrypted and you suspect the defendant MIGHT be able to decrypt (emphasis on "suspect" and "might" in both cases), that's not enough. And even if you know if someone is able to decrypt it, the foregone conclusion is only invoked if the information you are looking for is well-known and not of vital importance to making the case (meaning that the could would likely be a successful prosecution without the information=. Otherwise the 5th shuts out all attempts of compelling someone to decrypt it.

reonhato:
the man refusing to give them that information is breaking the law, the same way the druggie is breaking the law if he refuses to let the police search his house.

That's funny, because the court disagrees. But i guess you are the supreme authority on this kind of stuff?

/irony

You can prove that a house belongs to someone, and therefore that they have the capability of letting the police in if the police have a warrant (especially easy to prove if they are at home when the police arrives). You can't, however, necessarily prove that something is encrypted information in the first place, and that someone has the ability to decrypt it (even if it resides on their equipment). In addition, you cannot by the 5th Amendment force someone to give up information. Someone earlier made the good comparison of helping the police translate some text they found in your home during a seizure. You're not obliged to do that, just as you aren't obliged to help them read the contents of an encrypted drive.

So no, the man refusing to decrypt something is not breaking the law.

reonhato:
as for your example. simply dating the file would be enough evidence to see whos it is and who should be charged.

No.

It's standard for encryption software to not modify the timestamp of encrypted files, so therefore the only thing a timestamp will tell you is when the file was last copied (possibly created, but that depends on the operating system and software used to handle files), and it's impossible to tell when the file was last used. Also, this only works for files, not encrypted partitions.

You go to court and call that "evidence" and they will laugh in your face, plain and simple.

ThunderCavalier:
Yet at the same time, encrypting your data obviously means that you have something to hide and some damn good reason to put a good enough encryption that the FBI can't solve it. Either that, or you have way too much time on your hands.

The notion that "if you're not doing nothing wrong, then you have nothing to hide" is screwy logic which could be used to justify pretty much any kind of privacy-invading measure taken by the government. Privacy isn't just meant to protect people who "have something to hide", it's meant to protect everyone.

As for having too much time on your hands, it doesn't take much time at all to encrypt something, especially if the encryption software is already in place. If you already had set up whole-drive encryption to begin with, then the work is basically done for you. The average person can easily access encryption strong enough to defeat the FBI (or pretty much any other government agency) thanks to the work of the EFF and certain key individuals back in the 90s.

Athinira:

Funny that you should touch this aspect. You see, The Supreme Court has already ruled on this issue several times in regards to opening Safe deposit boxes during a search and seizure. Their ruling is that the police can only compel you to give them physical keys to a safe (if you are in possession of those keys), but that they cannot compel you to reveal the combination to a safe.

A password to encrypted content is a hundred times closer to a combination than a physical key, and barring the Foregone Conclusion, that information is therefore testimonial and protected by the 5th Amendment.

and they are just as wrong on that one as they are on this one. if they have enough evidence to believe you know the combination or the password it should be illegal to deny them entry.

No it's not. It's not "perfectly reasonable" to assume such things when you gambling with peoples freedom (or possibly lives) in the justice system.

Also, refusing based on not knowing how and refusing based on the 5th Amendment aren't mutually exclusive. Someone can take the 5th first, and then if a court rules that the 5th doesn't apply, they can still claim afterwards that they don't know how to open it (taking the 5th doesn't imply that you have to acknowledge to be able to open it, so it's perfectly possible to take up that position afterwards).

The 5th Amendment wasn't invented so that the courts could just go "Oh he isn't talking, so he probably knows something". That's not how it works, and choosing to take the 5th Amendment and not talking is not a freeride for either the police nor the courts to just go fabricate facts they can't find themself.

peoples freedoms need a limit. when you are under investigation for criminal activity your freedoms need to take a hit for the good of society. if you are innocent then you have nothing to fear, and helping will only get your "freedom" back faster.

how do you know why the 5th amendment was included. your constitution interpretations have changed over time and is hardly concrete. the 1st and 2nd amendments are perfect examples of how certain things that are unconstitutional can be still done by the government and how big money and idiots can influence decisions.

Physical items can often be linked to a person during the seizure. Digital information on the other hand can only be linked by analyzing it's nature. Since there is no way to analyze the nature of something that's encrypted, you can't link it to the defendant. For all you know, the encrypted information might as well be a file created by a piece of software that the defendant knows nothing about, in which case they can't decrypt it. It could also be a file from a massive file transaction that occured between the defendant and someone else at some point. It could be that the computer was bought used and the defendant hasn't formatted it, and the file isn't his. It could be that the file isn't encrypted but is just a chunk of random data (no way to tell the difference without decrypting it). The possibilities are endless.

And that's the core of the problem: You cannot prove that a defendant can actually decrypt something you want them to decrypt. And you cannot by law force them to reveal information regarding the encryption because the 5th Amendment protects their right to remain silent. So all you have left is guesswork, and guesswork doesn't hold up in court.

like i have already said, i am assuming they have enough evidence to warrant what they wanted to do, after all they did get a court order to do it before it was overturned.

That's funny, because the court disagrees. But i guess you are the supreme authority on this kind of stuff?

/irony

You can prove that a house belongs to someone, and therefore that they have the capability of letting the police in if the police have a warrant (especially easy to prove if they are at home when the police arrives). You can't, however, necessarily prove that something is encrypted information in the first place, and that someone has the ability to decrypt it (even if it resides on their equipment). In addition, you cannot by the 5th Amendment force someone to give up information. Someone earlier made the good comparison of helping the police translate some text they found in your home during a seizure. You're not obliged to do that, just as you aren't obliged to help them read the contents of an encrypted drive.

So no, the man refusing to decrypt something is not breaking the law.

only some courts, and its not as if your country has a great track record in making good court decisions.

having the information in a different language is not the same. it is not a deliberate attempt to hide the evidence

No.

It's standard for encryption software to not modify the timestamp of encrypted files, so therefore the only thing a timestamp will tell you is when the file was last copied (possibly created, but that depends on the operating system and software used to handle files), and it's impossible to tell when the file was last used. Also, this only works for files, not encrypted partitions.

You go to court and call that "evidence" and they will laugh in your face, plain and simple.

so they can only tell that the file was created before or after my mother stopped using the computer and gave it to me, o geez i wonder how that could possible be evidence on the owner of the file.

albino boo:

dobahci:
This is a great day for all who value the right to data privacy.

And great day for fraudsters, drug dealers, corrupt politicians, the various mobs, hit men, the Ku Klux clan, the Aryan nation and the other terrorist groups out there. So if Enron had just encrypted all their data they could have walked away scot free after defrauding ten of thousands of poeple. Rod Blagojevich should have sent an encrypted email instead of selling Obama's senate seat on the phone and he wouldn't be doing 14 years and the democratic process would have been for sale. But hey data privacy is way more important than protecting the democratic process.

You fail completely to see the more subtle and frightening implications in this.

By requiring him to decode a drive, the prosecution are presuming without having proven that
1) The hard drive contains real data
2) The data that may exist is incriminating and / or at least subject to the subpoena
3) That he was the one who placed the data on the disk, and not someone else
4) And that therefore, he would know the password and also
5) He hasn't forgotten or lost the password

Essentially, if he decodes the drive he has proven the entire case the prosecution would otherwise have to prove to a jury. It's like the court ordering him to prove himself guilty and then jailing him for failing to do so.

This violates far more then the fifth amendment. This violates the presumption of innocence.

The above is analogous to accusing a man of murder and then jailing him for contempt of court for 'failing to show where he buried the body' without having yet proved a murder case.

Or, for that matter, accusing someone of witchcraft and drowning them to prove they are not a witch.

ThunderCavalier:
Yeah, I can see a bit of a problem here with the FBI wanting to force people to decrypt data.

Yet at the same time, encrypting your data obviously means that you have something to hide and some damn good reason to put a good enough encryption that the FBI can't solve it. Either that, or you have way too much time on your hands. I can understand avoiding self-incrimination, but is there really so much sensitive data that you're willing to hide from the FBI that you're going to call the Constitution out on them? I know that's what it's there for, but is it really worth the trouble?

Don't you see? The guy didn't admit "Oh yeah, all the proof of my crimes is on that drive there, lol BUT IM NOT GONNA DECRYPT IT! U MAD BROS"

He remained silent.

Who knows what's on those drives? Who knows if there's any data at all, and if there is who knows if it's actually his data and who knows if he actually remembers the password?

It is exactly the same as if the feds suspected you hid all your child porn in a basement somewhere, but they can't prove it. All they have is a photo of you going into an unmarked basement in your career as a removalist. And then the court ordered you to 'produce the porn you hid in the basement', even though you actually never had any child porn, you were just moving an old suitcase at one of your jobs.

And then by your argument, you said "wow man, you must have something to hide if you're hiding shit in basements".

Unless you admitted you hid child porn, the burden of proof lies with the prosecution to prove their case, not you!

reonhato:
and they are just as wrong on that one as they are on this one. if they have enough evidence to believe you know the combination or the password it should be illegal to deny them entry.

You disagreeing with how the system works does not mean they are "wrong".

Also, you still fail to see that it's very hard to actually FIND evidence that someone knows the password. It's a very hard thing to prove, and if you loosen the rules for how much "evidence" (read: guesswork) is required to conclude that the defendant is capable of decrypting the information, then all you're going to do is send innocent people to jail when you hit upon cases where the people DON'T know how to decrypt the data.

Not to mention one more time that criminals can still cheat the system by using hidden volumes. It's literally IMPOSSIBLE to prove that a hidden volume exists without a confession. Criminals can keep data in hidden volumes and law enforcement would NEVER find it (or even any indication that it exists). So once again it will be a case of criminals just getting smarter, while the rights of regular people take another hit.

reonhato:
peoples freedoms need a limit. when you are under investigation for criminal activity your freedoms need to take a hit for the good of society.

Yes, but peoples rights also need to be protected to prevent wrongful prosecution. The 5th Amendment is one of the core rights in that regard. The amount of people who have been wrongfully convicted because they didn't take the 5th Amendment are staggeringly high.

Imprisoning innocent people is not for the good of society. That is why people have these rights to begin with.

reonhato:
if you are innocent then you have nothing to fear, and helping will only get your "freedom" back faster.

Wrong. When you are under criminal investigation, especially in the US, you always have something to fear. Go ask any defense attorney how this works (or watch the video i linked a hundred times in this thread by now).

Even if you are innocent of what they are charging you with, they might find something else that is either illegal or in a greyzone area and nail you for it (courtesy of the stupid juror system), as well as the ridiculous amount of confusing laws the US have which often works by point of reference to other regulations (that sometimes even involves people being able to be prosecuted for breaking foreign countries laws inside of the US).

Like mentioned in the video, it's very simple: Everything you say can be used against you, not for you.

reonhato:
how do you know why the 5th amendment was included. your constitution interpretations have changed over time and is hardly concrete.

Because it's common knowledge for anyone who has actually bothered reading the history of the Amendment and how courts (especially the Supreme Court) have interpreted the Amendment through time, setting precedence for later court cases.

reonhato:
the 1st and 2nd amendments are perfect examples of how certain things that are unconstitutional can be still done by the government and how big money and idiots can influence decisions.

You're confusing "interpretation" with "corruption" now. They are unrelated.

reonhato:
like i have already said, i am assuming they have enough evidence to warrant what they wanted to do, after all they did get a court order to do it before it was overturned.

And it was overturned for good reason.

Having enough evidence to believe someone may be involved in criminal activity, and having evidence that someone might be able to decrypt something (if it's even encrypted data to begin with) are entirely unrelated.

reonhato:
only some courts, and its not as if your country has a great track record in making good court decisions.

By "my country", I'm assuming you mean the United States. I hate to disappoint you, but I'm actually from Denmark. I study US Law as a hobby because the United States is a country with great influence that stretches far beyond their own borders.

And yes, the US Justice System has been known through times to make some bad decisions. That's why we have appeals, and the United States Supreme Court are known for taking many factors into account and making some very qualified decisions (although even they have made mistakes through time). One of the great things about appeals is that the court can take into account how the case went in the lower courts, which makes it possible to spot obvious mistakes or oversights, and allows them to get a clearer picture of the case. The United States Supreme Court are known to be especially rigorous about enforcing civil rights and ensure that no rights were broken during a trial.

reonhato:
so they can only tell that the file was created before or after my mother stopped using the computer and gave it to me, o geez i wonder how that could possible be evidence on the owner of the file.

...because they can't tell if you also used the computer BEFORE your mom gave it to you (like you said, you know her password). They also can't tell if anyone else used the computer, which can include other users or even hackers/botnets. In fact, encrypted files on a hard drive might even be caused by Ransomware.

There was a case here in Denmark once were a man was arrested for having child pornography on his computer. Fortunately for him, the police were able to determine that the computer was infected with a computer virus designed to download and distribute child pornography. The mans life was still partially ruined (his wife had to ask their children if he had ever touched them while he was imprisoned. The entire neighborhood mistrusted him even after he was proven innocent, meaning that had to move to another part of the country). Imagine that police hadn't been able to find that virus and just jumped to the conclusion that he was the distributor.

And this is why the courts would laugh at you. Your definition of what constitutes "evidence" are nothing but hunches and wild guesswork based on ignorance and lack of knowledge. If you ran the court system in the United States, half the population would be imprisoned by now :o)

You pull people into a court room for criminal prosecution, you need REAL evidence (as in "really really convincing" evidence). Even with the higher standards of what constitutes evidence that the courts hold over your (lackluster) standards, innocent people still get jailed.

Thyunda:
If you had nothing to hide, the investigation could write you off and go elsewhere. But if you insist on hiding it, you're only delaying it. But, then, I guess you can get away with anything as long as you encrypt the evidence.

Except that this is not how it works. If you are suspected of a crime that you didn't commit and tell the police the truth:
- They're neither inclined nor obliged to believe you, even if you tell the truth
- There may still be evidence that points to you (maybe not enough to prosecute you, but enough to still make you a person of interest). The investigation isn't simply going to "move on" just because you come clean.

Also, even telling the truth can get you into trouble.

Let me give you an example:
Let's say a man was stabbed to death on the street outside of your house one night. You tell the police the truth: that you were home that night, but you were sleeping and didn't hear or see anything.

Everything you say to the police can only be used against you but not for you. Therefore, if the police suspects you might have done it, the prosecution in this case isn't going to care one bit about you telling them that you were sleeping and didn't see or hear anything. What they ARE going to care about, however, is the fact that you admitted to being home, and therefore in proximity of the murder (meaning you had opportunity). Now, this fact alone isn't enough to convict you, but if the police have some other evidence or material that points towards you (perhaps the victim was your neighbor, and you had recently had a dispute or something which would provide motive), then by telling them the truth you have given them the second half of the puzzle, enough to get a conviction.

By taking the 5th and remaining silent, it might not be possible for the police to prove you were in proximity of the murder, and therefore they can't prove you had opportunity. Remaining silent is ALWAYS your best bet in the states.

I'll just link this one more time. It explains ALL the problems you can run into by telling the police the truth instead of remaining silent, even if you're innocent (start at 13:30 if you are only interested in knowing how innocent people can get in trouble).

Realitycrash:
Okey, I'm not from the US, so can someone PLEASE explain to me what the 5:th Ammendment is all about? Because after reading this, I imagined a scenario.
Imagine that there is a man that the feds know of, that have a trigger locked in a small box. If the trigger is not pressed within 24 hours, a bomb goes off somewhere, and a lot of people get killed. The feds know this, they have the man, he knows how to open the box, but he denies that there is a trigger in the box (though he confirms that there is something illegal in there, and that he can open the box, but he won't, because it would "incriminate himself"). The feds can not open the box without the bomb going off, nor can they find the bomb within 24 hours.
So, even though the man admits that he is hiding something illegal, and the feds have very strong evidence for thinking that this might be the trigger, they really can't force the man to open the box?
Really...?
I mean, really?

the 5th ammendment basically means a person can be force to incrimante themselves(the legal wording is much longer but thats the condenssed version).
For instance guy A is being interrgatoed by the cops and is forced by the cops to to turn over say a key to a lock box assuming he doesn't say anything illegal(if he did i'm pretty sure the cops could just go ahead and get a warrent) he could claim the 5th ammendment and cops wouldn't be able to force him to open it. (they could presuade him to open it but not force him to open it). Also in your situation the feds(FBI i assume) would either A get a warrent and force it open with some sort of power tool (drill, cutting torch or so on) or b claim "proabale cause" after all he did say something illegal was in the lock box which(to my understanding) is proable cause to get it open they may not be able to physically force to open it(i.e. put a gun to his head and tell to open) but they'll just mostly like grab a power drill to get the box open.

CM156:

albino boo:

dobahci:
This is a great day for all who value the right to data privacy.

And great day for fraudsters, drug dealers, corrupt politicians, the various mobs, hit men, the Ku Klux clan, the Aryan nation and the other terrorist groups out there. So if Enron had just encrypted all their data they could have walked away scot free after defrauding ten of thousands of poeple. Rod Blagojevich should have sent an encrypted email instead of selling Obama's senate seat on the phone and he wouldn't be doing 14 years and the democratic process would have been for sale. But hey data privacy is way more important than protecting the democratic process.

"No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation"

That's really what this is about. People's constitutional rights against being forced to incriminate themselves.

But hey: catching criminals is more important than protecting the Constitution and the Bill of Rights. That's why the feds don't need a warrant to search houses.

Oh wait!

Yeah, but this would be akin to the feds getting a warrant to search your house, but not being able to get in because you had a really sweet indestructible front door, and then being told that asking you to unlock the vault for them is self incrimination.

You can't just copy-paste the 5th amendment to this case as written because it creates, effectively, the scenario above.

You need to realize there are crimes, and will continue to be crimes invented in the future as more and more of our day to day lives are done online, that are possible to do entirely on a computer.

Not allowing the police to be able to search your computer even with a warrant, is, again, exactly the same saying that if you had a good enough lock on your front door, the police are out of luck.

This isn't some case of warrant-less wiretapping or invasion of privacy. Your computer isn't your brain, it's evidence.

Can I hide evidence of my wrongdoing in a really awesome safe, and when they can't enter the safe, get away with a crime? Because that's basically what this is.

Daemonate:
You fail completely to see the more subtle and frightening implications in this.

By requiring him to decode a drive, the prosecution are presuming without having proven that
1) The hard drive contains real data
2) The data that may exist is incriminating and / or at least subject to the subpoena
3) That he was the one who placed the data on the disk, and not someone else
4) And that therefore, he would know the password and also
5) He hasn't forgotten or lost the password

Essentially, if he decodes the drive he has proven the entire case the prosecution would otherwise have to prove to a jury. It's like the court ordering him to prove himself guilty and then jailing him for failing to do so.

This violates far more then the fifth amendment. This violates the presumption of innocence.

The above is analogous to accusing a man of murder and then jailing him for contempt of court for 'failing to show where he buried the body' without having yet proved a murder case.

Or, for that matter, accusing someone of witchcraft and drowning them to prove they are not a witch.

Um, a police investigation doesn't presume you're innocent. It's gathering evidence to prove you're guilty.

Saying that looking for evidence is a violation of presumption of innocence basically makes the whole justice system entirely useless. The world created by what you're presupposing means that police officers can only do anything about a crime if they happen to see it by pure chance.

For your murder analogy, it'd be more similar to a man having his basement sealed off with some magically indestructible door, and the police having a warrant to look in that basement, and you being told "Too bad, your warrant is useless because this door is really, really sweet".

The fact of that matter is, that your way of doing things effectively means that, if a criminal is even REASONABLY intelligent, no crime against him can ever, ever, ever be prosecuted, no matter how blatant or no matter how good a warrant to search for evidence the police gets.

As the quoted person pointed out, something like Enron would had been impossible to prosecute if the Enron executives just downloaded TrueCrypt.

Damien Granz:
Yeah, but this would be akin to the feds getting a warrant to search your house, but not being able to get in because you had a really sweet indestructible front door, and then being told that asking you to unlock the vault for them is self incrimination.

You can't just copy-paste the 5th amendment to this case as written because it creates, effectively, the scenario above.

And you can't just copy paste a fictious real-world scenario (or rather, science-fictional scenario, since you fabricated a door that doesn't exist).

But let me pick your example apart.

The reason your example doesn't hold up is because unlike encrypted content, your house carries a name-tag and can positively identified. Encrypted content does not carry a name tag even if it resides on your computer, (because it can have been created by previous users, various software including Ransomware or even hackers/botnets, and therefore it cannot be safely assumed it was encrypted by you and that you are capable of decrypting it or even knows what it contains). In addition, it might not even be possible to even identify it as encrypted content since it looks like random data. A seized hard drive filled with random data might be an encrypted container, or it might be a hard drive that have been securely erased (overwritten several time).

The reason the feds can get a warrant for your house is because, well, it's YOUR house, and it can be safely established that you control it and are responsible for what's inside, as well as you have the means to open it. Encrypted data, however, is not necessarily something you control, evne if they reside on your equipment, and it cannot be positively proven that it's even encrypted data to begin with.

Terrible analogy is terrible.

Damien Granz:
You need to realize there are crimes, and will continue to be crimes invented in the future as more and more of our day to day lives are done online, that are possible to do entirely on a computer.

And you need to realize that criminals can still get away with this by using hidden volumes. It's impossible to prove the existence of a hidden encryption volume, so even if courts could compel people to give up encryption keys, criminals could still use hidden volumes and escape justice.

It's an impossible system to beat.

Damien Granz:
Not allowing the police to be able to search your computer even with a warrant, is, again, exactly the same saying that if you had a good enough lock on your front door, the police are out of luck.

The police being unable to understand the data on the computer does not mean they are unable to search it. Maybe not all of the content is encrypted. Maybe the encryption uses a weak password that they can crack. Like someone else said earlier: If the police search your home and find a diary written in a code language, it's not your job to translate it for them, therefore aiding in the investigation against you (and at the same time, indirectly admitting that you wrote the coded text).

And like i said, unlike your front door, encryption does not carry a name-tag. A court can't grant a warrant to 'your' encrypted content if it's not within your control. It can't grant a warrant for encrypted data either if it's not encrypted data to begin with (which might not be possible to ascertain).

Damien Granz:
This isn't some case of warrant-less wiretapping or invasion of privacy. Your computer isn't your brain, it's evidence.

...which doesn't imply in any way that it's your job to help the government understand the data on the computer.

It's the prosecutions job to use the evidence they have available, not yours. If they can't read or understand the evidence: tough luck.

But interestingly, since you brought up the subject of wiretapping, i would like to remind you that another thing the government are unable to do is wiretap encrypted phone-conversations, like for example a Skype-conversation. It's a product of the digital age. The prosecution just have to deal with it.

Damien Granz:
Can I hide evidence of my wrongdoing in a really awesome safe, and when they can't enter the safe, get away with a crime? Because that's basically what this is.

If they can't prove that the safe exists to begin with or it's even yours, then it's a moot point at any rate.

And like i said, hidden volumes still beats the system. To use your ridiculous real-world analogies, a hidden volume is like having a safe that you can teleport into another dimension. Not only can the government not get into it, but they also cannot prove that it exists in any way possible unless you confess to it existing. It's an impossible system to beat (beyond resorting to torture), so the government will just have to deal with it. It's that simple.

Damien Granz:
Yeah, but this would be akin to the feds getting a warrant to search your house, but not being able to get in because you had a really sweet indestructible front door, and then being told that asking you to unlock the vault for them is self incrimination.

Actually, it's more akin to the feds finding the journal I keep written in a code and then demanding I translate what's written. Big difference.

Athinira has already explained why they're not the same to you. And Athinira: I'm impressed with how well you know case law. My hat is off to you.

Well, I'm an American and that IS how that law works...so good I guess.

Athinira:
And like i said, hidden volumes still beats the system. To use your ridiculous real-world analogies, a hidden volume is like having a safe that you can teleport into another dimension. Not only can the government not get into it, but they also cannot prove that it exists in any way possible unless you confess to it existing. It's an impossible system to beat (beyond resorting to torture), so the government will just have to deal with it. It's that simple.

According to a Forensic Data Analysist I know, there are certain 'markers' to look for which can in turn uncover data footprints indicating a hidden volume exists... however, it's a fairly time intesive process, can have varying levels of 'success' and even when it works 100% (which is rare) it still leaves you with the problem of dealing with it... suffice to say that it's a lot of effort for very little return so it's rarely done.

To go with the transdimensional safe analogy, it's like using a bunch of diffrerent detection equipment to find, at best, a safe shaped distortion/anomoly BUT nothing else like how to get to it or open it.

RhombusHatesYou:
According to a Forensic Data Analysist I know, there are certain 'markers' to look for which can in turn uncover data footprints indicating a hidden volume exists... however, it's a fairly time intesive process, can have varying levels of 'success' and even when it works 100% (which is rare) it still leaves you with the problem of dealing with it... suffice to say that it's a lot of effort for very little return so it's rarely done.

To go with the transdimensional safe analogy, it's like using a bunch of diffrerent detection equipment to find, at best, a safe shaped distortion/anomoly BUT nothing else like how to get to it or open it.

If your friend is talking about being able to analyze the "free space" on the encrypted container, and determining that the free space - which should look like random data - isn't totally random, then that is actually a flaw in the encryption algorithm being used not making encrypted data look entirely like random data (aka. patterns are visible). The problem can be solved by using a different algorithm that doesn't have that vulnerability. TrueCrypt itself not only supports 3 different encryption algorithms (AES, Twofish, Serpent), but allows those to be used in cascade (meaning you use several algorithms to encrypt the data), so switching to a different algorithm is easy. However, i have yet to hear about any of those three algorithms having that particular weakness. It's worth noting btw, that if that weakness actually exists, it would not only allow you to discover if there is a secret volume, but it would then also allow you to discover if the REAL (outer) container is either encrypted or just random data (which i have also yet to hear about happen).

I think you need to ask your friend to explain himself. Of all the cryptoanalytical attacks i have read or heard about, i have never heard about one being able to discover secret volumes, nor have i heard about one that on the technical level allows you to determine that a container encrypted with modern encryption algorithms isn't random data.

Unless the encryption algorithm suffers from the mentioned vulnerability, the only way to technically discover a hidden volume (assuming you have the password to the non-hidden part of the volume) is to check what sectors have changed in the file/partition between uses of the hidden volume. If you, as the attacker, are able to do cryptoanalysis on a truecrypt container with a hidden volume BETWEEN uses of the hidden volume, you will be able to see that sectors in the "free space" of the outer volume (which actually isn't free space, but rather the hidden volume) have changed, which means that there is either a hidden volume, or that someone overwrote the "free space" at some point and then deleted the content afterwards. But like i said, that requires you to have physical access to the encrypted container TWICE, and it has to be between uses of the hidden volume.

I suspect, however, that what your friend might be talking about is in fact an outdated weakness. Older versions of TrueCrypt had a flaw that potentially allowed a hidden volume to be discovered (i can't remember if it was just a hidden volume or a hidden operating system). This was fixed around 2-3 years ago. I don't know the specifics of the vulnerability, but from my understanding, it was related to TrueCrypt, not the algorithms used.

Edit:
Another possibility is that your friend is talking about mounting a hidden volume using a non-hidden operating system. When you use a file system browsing files in windows, windows might leave traces of what files you've used, seen or interacted with on the computer, including those on a hidden volume. This is a security flaw within the operating system, not in the encryption software or algorithm.

The solution in that case is to use a hidden operating system (by the same principle as hidden volumes), and only ever mount hidden volumes when using the hidden operating system. Since the "traces" of the hidden volumes being mounted or only left inside the hidden operating system, they cannot be located without access to the hidden operating system (which itself is impossible to prove exists). This, btw, is detailed in the TrueCrypt documentation of Security Requirements for Hidden Volumes.

Btw, please feel free to link this post to your friend. I would love to hear his comments on this :-)

albino boo:

If you are ordered by a court to produce a printed document you shred it not only are you guilty of contempt the shred document can be put together and used in evidence against you. Why should the process of encryption be treated any different from shredding?

That's only if you shred the document AFTER it's subpoenaed/demanded. If you shred it before there are any proceedings, you haven't committed destruction of evidence nor contempt of court. Otherwise, paper shredders would be illegal.

It is also clear that he was ordered to by a court after due process.

So if he was arrested, arraigned, and dragged into court, then the judge demanded that he confess, that's okay? No, because the right against self incrimination is part of due process, and this court has decided that you are wrong when you say that.

Damien Granz:

CM156:

albino boo:

And great day for fraudsters, drug dealers, corrupt politicians, the various mobs, hit men, the Ku Klux clan, the Aryan nation and the other terrorist groups out there. So if Enron had just encrypted all their data they could have walked away scot free after defrauding ten of thousands of poeple. Rod Blagojevich should have sent an encrypted email instead of selling Obama's senate seat on the phone and he wouldn't be doing 14 years and the democratic process would have been for sale. But hey data privacy is way more important than protecting the democratic process.

"No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation"

That's really what this is about. People's constitutional rights against being forced to incriminate themselves.

But hey: catching criminals is more important than protecting the Constitution and the Bill of Rights. That's why the feds don't need a warrant to search houses.

Oh wait!

Yeah, but this would be akin to the feds getting a warrant to search your house, but not being able to get in because you had a really sweet indestructible front door, and then being told that asking you to unlock the vault for them is self incrimination.

You can't just copy-paste the 5th amendment to this case as written because it creates, effectively, the scenario above.

You need to realize there are crimes, and will continue to be crimes invented in the future as more and more of our day to day lives are done online, that are possible to do entirely on a computer.

Not allowing the police to be able to search your computer even with a warrant, is, again, exactly the same saying that if you had a good enough lock on your front door, the police are out of luck.

This isn't some case of warrant-less wiretapping or invasion of privacy. Your computer isn't your brain, it's evidence.

Can I hide evidence of my wrongdoing in a really awesome safe, and when they can't enter the safe, get away with a crime? Because that's basically what this is.

Daemonate:
You fail completely to see the more subtle and frightening implications in this.

By requiring him to decode a drive, the prosecution are presuming without having proven that
1) The hard drive contains real data
2) The data that may exist is incriminating and / or at least subject to the subpoena
3) That he was the one who placed the data on the disk, and not someone else
4) And that therefore, he would know the password and also
5) He hasn't forgotten or lost the password

Essentially, if he decodes the drive he has proven the entire case the prosecution would otherwise have to prove to a jury. It's like the court ordering him to prove himself guilty and then jailing him for failing to do so.

This violates far more then the fifth amendment. This violates the presumption of innocence.

The above is analogous to accusing a man of murder and then jailing him for contempt of court for 'failing to show where he buried the body' without having yet proved a murder case.

Or, for that matter, accusing someone of witchcraft and drowning them to prove they are not a witch.

Um, a police investigation doesn't presume you're innocent. It's gathering evidence to prove you're guilty.

Saying that looking for evidence is a violation of presumption of innocence basically makes the whole justice system entirely useless. The world created by what you're presupposing means that police officers can only do anything about a crime if they happen to see it by pure chance.

For your murder analogy, it'd be more similar to a man having his basement sealed off with some magically indestructible door, and the police having a warrant to look in that basement, and you being told "Too bad, your warrant is useless because this door is really, really sweet".

The fact of that matter is, that your way of doing things effectively means that, if a criminal is even REASONABLY intelligent, no crime against him can ever, ever, ever be prosecuted, no matter how blatant or no matter how good a warrant to search for evidence the police gets.

As the quoted person pointed out, something like Enron would had been impossible to prosecute if the Enron executives just downloaded TrueCrypt.

Yes, and you are in no way required to assist the police in incriminating yourself. "looking for evidence" is quite fine. Happens all the time. "assuming that evidence unproved to exist in fact exists, and then ordering the accused to magically produce it for you" is not.

Once again, you don't understand the degree to which the real-world analogy differs from the cryptographic situation.
To make your magic door analogy fit the situation, you'd have to include the fact that the basement is a basement in a house with many people in it, all of whom had access to it. Who put the magic door on the basement? Who has the key? How do you know there's anything inside since you can't get in? If there does happen to be stuff inside, who does it belong to? How do you know it's the accused's?

Actually it's potentially worse, as in the case of a potential hidden volume, the magic door and it's basement are *invisible* to human detection, and its existence is a rumour or a guess to start with.

If the cops happen to find the key and the basement, they are free to open the door, but if they don't find the basement, let alone its key, how is it up to the maybe totally innocent person to find a way to do it for them? Especially since as far as the court knows, it may well be physically impossible to do so. Then you're left imprisoning people because the DA feels frustrated at being bad at his job.

Athinira:
I would love to hear his comments on this :-)

Talked to him earlier tonight about it over a bottle of whiskey... he said most of the stuff I'd recalled was old stuff we'd talked about ages ago and I should shut my hole if I'm not going to stay up to date on shit, then threw an ice cube at my head and reminded me that with good modern crypto systems the only potential flaw was the people using them.

He did say that there is one theoretical weakness in modern cryptosystems and that's that they make the encrypted data too... 'too random' is what my mate said. That the sheer lack of any pattern becomes statistically anomalous... Of course that's only useful for identifying potentially encrypted blocks of data and even getting that far is a massive and expensive undertaking which is why it's only a theoretical weakness... much to the disappointment of unemployed statisticians everywhere, I guess. Not to mention it would still leave the problem of decrypting the data.

reonhato:

Tubez:

reonhato:

but he did not refuse to do it based on not knowing how, he refused based on the 5th amendment. it is perfectly reasonable to assume that he knows how.

the idea that i am assuming it is evidence is wrong. i am assuming the investigators have reason to believe it is evidence. just like when they have reason to believe you are in possession of drugs they can get a warrant and search your house, they should be allowed to get a warrant to get access to the encrypted information.

they have reason to believe the encrypted info is evidence, they have reason to believe the man knows how to decrypt it. the man refusing to give them that information is breaking the law, the same way the druggie is breaking the law if he refuses to let the police search his house.

as for your example. simply dating the file would be enough evidence to see whos it is and who should be charged.

It's not the same way.

A more similar analogy would be that the feds has a warrant to search your house and the person allows them to search for it but refuses to help them find the item.

no a more similar analogy would be that the feds have a warrant to search your house, they find a suspicious box but it is locked, around your neck is a key the same size as the lock for the box, they ask for it and you wave it in their face and say no.

No, the proper analogy would be that the safe had a combination lock, and the police know you know the combo and want to force you to tell them. SCOTUS has ALREADY ruled that the police cannot force anyone to give up a lock combination.

Tipsy Giant:
I love that 'The Founding Fathers' knew about computing and encryption when they wrote the constitution!
Any chance your old document could be slightly irrelevant to a modern day problem *Cough*Bible*Cough*

All computer encryption is is a cipher. Technically it's less secure than a book cipher, especially given the number of books published these days. They for damned sure knew about the existence of ciphers and there's no exception for them in the constitution.

Athinira, doesn't the finding in United States v. Fricosu contravert some of what you claim? Not that case specifically perhaps, but parts of the line of logic and precedent used to produce the finding?

For example: "...the defendant's production was not necessary to authenticate the drive because he had already admitted possession of the computer..." http://www.wired.com/images_blogs/threatlevel/2012/01/decrypt.pdf

Especially in this particular case, however, what would have been the court's response to a claim by Ms. Friscou that she could not remember, and/or had lost/destroyed the only written copy of, the password needed to decrypt?

Perhaps I am reading it wrong, but then just admitting one possessed / owned a device at some point in time would be then halfway to determining foregone conclusion and the requirement of producing the contents? Surely this does not take into account accidental or malicious intrusion, misuse by another, content stored.

I have personal experience with this as I once knew of someone who received a disk from another person, supposedly blank, which turned out to have questionable content. They could not be sure where the content originated from, and the other party claimed no knowledge of the content (it was from a business machine several years old, which many people had access to), so they destroyed the disks.

If for example, they had instead failed to inspect the disks and yet blithely installed them in their computer, which they freely admitted ownership of, could they have been compelled to grant access to files that they did not know existed, that did not belong to them, and that they may have had no physical way to produce (if they required a password to view)?

CM156:

albino boo:

dobahci:
This is a great day for all who value the right to data privacy.

And great day for fraudsters, drug dealers, corrupt politicians, the various mobs, hit men, the Ku Klux clan, the Aryan nation and the other terrorist groups out there. So if Enron had just encrypted all their data they could have walked away scot free after defrauding ten of thousands of poeple. Rod Blagojevich should have sent an encrypted email instead of selling Obama's senate seat on the phone and he wouldn't be doing 14 years and the democratic process would have been for sale. But hey data privacy is way more important than protecting the democratic process.

"No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation"

That's really what this is about. People's constitutional rights against being forced to incriminate themselves.

But hey: catching criminals is more important than protecting the Constitution and the Bill of Rights. That's why the feds don't need a warrant to search houses.

Oh wait!

Well first we have to have context. ie what system is this part of and its criminal justice system , because we dont have a an inquisitorial system but an adversarial one. ie its about making a case not about finding out the truth of what happened, its a parallel to the right of silence and the presumption of innocence, because the police are not looking to find the truth but put forward a case to be tried.

Now we have systems were law enforcement can acquire evidence to make a case through other invasions of privacy, wire taps, surveillance, mail interception etc but there is currently no law for providing encryption, there is for bank details and all other records.

why?

well American Law is basically English law that is where it was imported from and that is basically from the Magna Carter which was written in 1215.

and there's the problem. 1215 they didn't have the internets back then so there isn't a law for it. Its how our systems work , and just like all the other technological advances that allow criminals to operate outside of the reach of the law it will get legislation added to it now its become a problem. a good example would be how the rules changed when pre paid cell phones revolutionised the drug and organised crime.

This current case has nothing to do with the problems of self incrimination and is nothing to do with why you have the 5th amendment this is a guy hiding evidence behind a loop hole in the law.

Its no victory for freedom and liberty its a win for the criminal side, the danger to liberty is what happens next, the bill that closes this loophole will be put forward to give the law enforcement agencies the power to acquire evidence . the risk being its too far reaching.

so really the people that love freedom of speech and liberty should be worried about this because it now means some aspect of those rights needs to go to allow the law to function.

zumbledum:

CM156:

albino boo:

And great day for fraudsters, drug dealers, corrupt politicians, the various mobs, hit men, the Ku Klux clan, the Aryan nation and the other terrorist groups out there. So if Enron had just encrypted all their data they could have walked away scot free after defrauding ten of thousands of poeple. Rod Blagojevich should have sent an encrypted email instead of selling Obama's senate seat on the phone and he wouldn't be doing 14 years and the democratic process would have been for sale. But hey data privacy is way more important than protecting the democratic process.

"No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation"

That's really what this is about. People's constitutional rights against being forced to incriminate themselves.

But hey: catching criminals is more important than protecting the Constitution and the Bill of Rights. That's why the feds don't need a warrant to search houses.

Oh wait!

Well first we have to have context. ie what system is this part of and its criminal justice system , because we dont have a an inquisitorial system but an adversarial one. ie its about making a case not about finding out the truth of what happened, its a parallel to the right of silence and the presumption of innocence, because the police are not looking to find the truth but put forward a case to be tried.

Now we have systems were law enforcement can acquire evidence to make a case through other invasions of privacy, wire taps, surveillance, mail interception etc but there is currently no law for providing encryption, there is for bank details and all other records.

why?

well American Law is basically English law that is where it was imported from and that is basically from the Magna Carter which was written in 1215.

and there's the problem. 1215 they didn't have the internets back then so there isn't a law for it. Its how our systems work , and just like all the other technological advances that allow criminals to operate outside of the reach of the law it will get legislation added to it now its become a problem. a good example would be how the rules changed when pre paid cell phones revolutionised the drug and organised crime.

This current case has nothing to do with the problems of self incrimination and is nothing to do with why you have the 5th amendment this is a guy hiding evidence behind a loop hole in the law.

Its no victory for freedom and liberty its a win for the criminal side, the danger to liberty is what happens next, the bill that closes this loophole will be put forward to give the law enforcement agencies the power to acquire evidence . the risk being its too far reaching.

so really the people that love freedom of speech and liberty should be worried about this because it now means some aspect of those rights needs to go to allow the law to function.

I believe Athinira has already addressed your issues. But follow me on this thought experiment: I, in fact, keep a journal of sorts. I write in a weird series of symbols that equate to code. I don't have a key written down anywhere because there isn't one. The rules on what I use keep changing. Let's suppose the feds have a warrant for my house for some unrelated charge. They find this journal. Can they demand I translate it or give them a key (which, as I've said, doesn't exist, because the context and syntax rules keep changing)? They've already pointed out how a physical object and something stored in the mind are not quite the same.

Simple yes or no question: can the feds force me to translate what I wrote, for them to build a case against me? Y/N

The answer, according to case law, is no. They're allowed the data. I don't have to, however, help them make sense of it. And before you try bringing up the safe analogy, note that it's already been shown how that isn't the same.

onus probandi falls with the DA.

CM156:

zumbledum:

CM156:

"No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation"

That's really what this is about. People's constitutional rights against being forced to incriminate themselves.

But hey: catching criminals is more important than protecting the Constitution and the Bill of Rights. That's why the feds don't need a warrant to search houses.

Oh wait!

Well first we have to have context. ie what system is this part of and its criminal justice system , because we dont have a an inquisitorial system but an adversarial one. ie its about making a case not about finding out the truth of what happened, its a parallel to the right of silence and the presumption of innocence, because the police are not looking to find the truth but put forward a case to be tried.

Now we have systems were law enforcement can acquire evidence to make a case through other invasions of privacy, wire taps, surveillance, mail interception etc but there is currently no law for providing encryption, there is for bank details and all other records.

why?

well American Law is basically English law that is where it was imported from and that is basically from the Magna Carter which was written in 1215.

and there's the problem. 1215 they didn't have the internets back then so there isn't a law for it. Its how our systems work , and just like all the other technological advances that allow criminals to operate outside of the reach of the law it will get legislation added to it now its become a problem. a good example would be how the rules changed when pre paid cell phones revolutionised the drug and organised crime.

This current case has nothing to do with the problems of self incrimination and is nothing to do with why you have the 5th amendment this is a guy hiding evidence behind a loop hole in the law.

Its no victory for freedom and liberty its a win for the criminal side, the danger to liberty is what happens next, the bill that closes this loophole will be put forward to give the law enforcement agencies the power to acquire evidence . the risk being its too far reaching.

so really the people that love freedom of speech and liberty should be worried about this because it now means some aspect of those rights needs to go to allow the law to function.

I believe Athinira has already addressed your issues. But follow me on this thought experiment: I, in fact, keep a journal of sorts. I write in a weird series of symbols that equate to code. I don't have a key written down anywhere because there isn't one. The rules on what I use keep changing. Let's suppose the feds have a warrant for my house for some unrelated charge. They find this journal. Can they demand I translate it or give them a key (which, as I've said, doesn't exist, because the context and syntax rules keep changing)? They've already pointed out how a physical object and something stored in the mind are not quite the same.

Simple yes or no question: can the feds force me to translate what I wrote, for them to build a case against me? Y/N

The answer, according to case law, is no. They're allowed the data. I don't have to, however, help them make sense of it. And before you try bringing up the safe analogy, note that it's already been shown how that isn't the same.

onus probandi falls with the DA.

Simple answer is NO. as you say it is for the prosecution to prove (im English i assume DA is district attorney? which i am also assuming is the same sort of thing as the CPS crown prosecution service)

Im not sure the law is exaclty mirrored but im speaking about UK law here, if they say executed a warrant to search your premises and found unrelated things they would have the right to take them and fresh prosecutions would arise based on that evidence, if they find white powder they can test it for cocaine. find a gun they can run it against ballistic records, find evidence of tax fraud or whatever anything illegal or for illegal use they can take and use, they wouldnt have the right to make you say you were guilty of anything it is still for them to prove in each case.
we agree totally this is all fine correct and as it should be.

My point is there is a test drugs , firearms, financial reports, you can run checks on bank statements financial records etc but there is no system for encryped data. if you had these items in a safe you would have to open it , behind a locked door you would have to open it. it is wrong for them to demand you provide any incriminating evidence but they do have the right of access. and thats why this case stuck there is a clear conflict. but they do still have the right to know what that data says if they have the warrant. the means to identify the possible infraction of law rested solely within the accused's power. and that is the bit i suspect that will get altered.

The likely outcome of this is a change to the way encryption is allowed and companies that provide encryption will have to provide keys to de crypt it under warrant to.

That was my point, the case was right but the law is currently wrong there is no system to acquire the information without violating the 5th amendment. But the 5th like the right to silence and burden of proof are there to make it fair. Not to provide immunity. and thats what will change.

so as i say this is no victory for freedom but a warning that the laws about to get upgraded and those freedoms will be eroded.

zumbledum:

CM156:

zumbledum:

Well first we have to have context. ie what system is this part of and its criminal justice system , because we dont have a an inquisitorial system but an adversarial one. ie its about making a case not about finding out the truth of what happened, its a parallel to the right of silence and the presumption of innocence, because the police are not looking to find the truth but put forward a case to be tried.

Now we have systems were law enforcement can acquire evidence to make a case through other invasions of privacy, wire taps, surveillance, mail interception etc but there is currently no law for providing encryption, there is for bank details and all other records.

why?

well American Law is basically English law that is where it was imported from and that is basically from the Magna Carter which was written in 1215.

and there's the problem. 1215 they didn't have the internets back then so there isn't a law for it. Its how our systems work , and just like all the other technological advances that allow criminals to operate outside of the reach of the law it will get legislation added to it now its become a problem. a good example would be how the rules changed when pre paid cell phones revolutionised the drug and organised crime.

This current case has nothing to do with the problems of self incrimination and is nothing to do with why you have the 5th amendment this is a guy hiding evidence behind a loop hole in the law.

Its no victory for freedom and liberty its a win for the criminal side, the danger to liberty is what happens next, the bill that closes this loophole will be put forward to give the law enforcement agencies the power to acquire evidence . the risk being its too far reaching.

so really the people that love freedom of speech and liberty should be worried about this because it now means some aspect of those rights needs to go to allow the law to function.

I believe Athinira has already addressed your issues. But follow me on this thought experiment: I, in fact, keep a journal of sorts. I write in a weird series of symbols that equate to code. I don't have a key written down anywhere because there isn't one. The rules on what I use keep changing. Let's suppose the feds have a warrant for my house for some unrelated charge. They find this journal. Can they demand I translate it or give them a key (which, as I've said, doesn't exist, because the context and syntax rules keep changing)? They've already pointed out how a physical object and something stored in the mind are not quite the same.

Simple yes or no question: can the feds force me to translate what I wrote, for them to build a case against me? Y/N

The answer, according to case law, is no. They're allowed the data. I don't have to, however, help them make sense of it. And before you try bringing up the safe analogy, note that it's already been shown how that isn't the same.

onus probandi falls with the DA.

Simple answer is NO. as you say it is for the prosecution to prove (im English i assume DA is district attorney? which i am also assuming is the same sort of thing as the CPS crown prosecution service)

Im not sure the law is exaclty mirrored but im speaking about UK law here, if they say executed a warrant to search your premises and found unrelated things they would have the right to take them and fresh prosecutions would arise based on that evidence, if they find white powder they can test it for cocaine. find a gun they can run it against ballistic records, find evidence of tax fraud or whatever anything illegal or for illegal use they can take and use, they wouldnt have the right to make you say you were guilty of anything it is still for them to prove in each case.
we agree totally this is all fine correct and as it should be.

My point is there is a test drugs , firearms, financial reports, you can run checks on bank statements financial records etc but there is no system for encryped data. if you had these items in a safe you would have to open it , behind a locked door you would have to open it. it is wrong for them to demand you provide any incriminating evidence but they do have the right of access. and thats why this case stuck there is a clear conflict. but they do still have the right to know what that data says if they have the warrant. the means to identify the possible infraction of law rested solely within the accused's power. and that is the bit i suspect that will get altered.

The likely outcome of this is a change to the way encryption is allowed and companies that provide encryption will have to provide keys to de crypt it under warrant to.

That was my point, the case was right but the law is currently wrong there is no system to acquire the information without violating the 5th amendment. But the 5th like the right to silence and burden of proof are there to make it fair. Not to provide immunity. and thats what will change.

so as i say this is no victory for freedom but a warning that the laws about to get upgraded and those freedoms will be eroded.

You are aware that a law cannot simply override the constitution, correct? You need a constitutional amendment to do so. That's the way we do things around here. If SCOTUS says "The fifth amendment protects incripted data", you can't pass a law to get around it.

Also, we have a rather different set of laws here. So there's that. If the cops find a safe at my house that has a key, I'm required to produce it. Case law exists in this matter. If it's a code safe, I don't have to open it. Slightly different, but they make a world of difference in case law.

 Pages PREV 1 2 3 4 5 6 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here