SoylentNews is people
SoylentNews
from the plead-the-fifth-and-land-in-jail dept.
Another novel application of the All Writs Act is to require suspects to decrypt their hard disks. Refusing to comply landed one suspect in jail without trial. He's been in there for 7 months already.
To me this seems to be a gross perversion of justice. Guilty until proven innocent? I haven't read the All Writs Act, but somehow being detained for 7 months without trial seems like it shouldn't be within the scope of any law -- irrespective of the alleged crime. (Yes, I'm aware of Guantanamo Bay.)
PS: Concerning the alleged crime (child pornography), keep in mind:
The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all.
H. L. Mencken
US editor (1880 - 1956)
(Score: 2) by mendax on Friday April 29 2016, @12:11AM
The law in this instance is pretty inconsistent. Some federal courts have agreed with the assertion that being forced to reveal the password to something is akin to forced self-incrimination, which is barred under the Fifth Amendment as extended to all the states by the Fourteenth Amendment. Other federal courts have gone the other way. I do not think the SCOTUS has spoken on this matter... yet. It's time they do. Perhaps this case will be the one.
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 2) by mendax on Friday April 29 2016, @12:30AM
Ah, I read the article again, this time actually paying attention to it, and it seems that the SCOTUS has spoken on this issue, except it was not a password but a combination lock. It would seem to me that the same reasoning would apply. Again I will repeat, SCOTUS needs to address this issue soon.
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 1) by RobC207 on Friday April 29 2016, @11:00AM
Let's wait until there is an uneven number of Justices on the Court though.
(Score: 4, Interesting) by edIII on Friday April 29 2016, @12:41AM
Indeed. There is no possible way that information, needing to be obtained from a citizens mind, with the possibility of sending that citizen to jail, isn't construed as self-incrimination. The problem is that the government simply cannot adjust to their loss of power. Citizens lose power, citizens lose rights, the government does not.
This is a wake up call for deniable encryption, such as is provided by TrueCrypt. Only with deniable encryption can you give away an apparently working password, but still deny attackers access to the correct one. Apple's FileVault isn't worth shit, nor is anything not providing more than one working password/key.
That would be a very interesting and entertaining debate in front of the judge.
Prosecutor: We didn't find any child porn, or anything incriminating whatsoever! He lied! Punish Him!
Judge: To my knowledge, he gave a password. Can you prove this isn't the correct one?
Prosecutor: No, we cannot. We strongly suspect this though, and have mountains of circumstantial evidence.
Judge: Yeah, that's not enough to prove he gave you an incorrect password.
The only thing stronger than TrueCrypt's containers is OTP, which is provably impossible to show that *any* key is more correct than any other key. More than likely our biggest challenge is just illustrating the math to the judge in both cases.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 3, Interesting) by hemocyanin on Friday April 29 2016, @01:19AM
I'm not sure that is a great idea because if it can be shown that you have revealed part of the information required to decrypt the drive, someone is going to argue that you waived your right to the rest of the information. I don't know how that case would turn out, but trying to trick the Feds or other cops into thinking they have the information needed, seems a risky proposition.
As other's have mentioned, a person can't be compelled to reveal a combination stored in their brain to a combination lock. That should extend to encryption by direct analogy. Eventually we'll find out if that is the case. One thing is certain, iris scans or fingerprint readers, that isn't going to provide any protection against a search: http://blogs.wsj.com/digits/2014/10/31/judge-rules-suspect-can-be-required-to-unlock-phone-with-fingerprint/ [wsj.com]
(Score: 3, Informative) by edIII on Friday April 29 2016, @02:41AM
There is no "rest of the information". The entire drive is encrypted as the outer container. In this outer container you put the honeypot data, or data that you're perfectly okay with revealing to attackers as low-value information. The hidden container protects the real data, and that is accessible via the 2nd key.
Giving the honeypot password should subject you to no data leakage that you're not prepared to accept.
I myself have dozens of containers, each having multiple containers inside it. Almost every single individual container with apparently valuable information, except a few containers for the protected payload. This does come at a cost though, as I spend 100GB to protect 5GB.
I can reveal "all" of the passwords for the visible containers without compromising myself at all.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by jasassin on Friday April 29 2016, @06:40AM
Revealing the honeypot password isn't going to fool the FBI or NSA or probably anybody anymore. Once they have the honeypot password they can simply look at the size of the container and compare it to the size of the truecrypt file. If the truecrypt file is bigger, there's another hidden container. They just keep breaking knuckles (or if you are lucky enough to be in gbay, feed you cock meat sandwiches) until they have passwords to all the hidden containers required to equal the size of the truecrypt file when added to the size of the honeypot container. It's not really hidden if it's taking up disk space.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 0) by Anonymous Coward on Friday April 29 2016, @07:20AM
You have no idea how Truecrypt works, do you?
The Truecrypt file is ALWAYS bigger than the content stored. Your TC container file is set based on the partition size you choose when you created the file initially, adding files into the container will not change the file size.
(Score: 2) by maxwell demon on Friday April 29 2016, @08:40AM
And now you revealed that you have hidden containers. Sure, you revealed it under a pseudonym, but I'd not bet the three-letter agencies are not able to connect that to your real identity. So good luck if you should ever be in the situation that law enforcement compels you to give up your password. Also, I wonder if there's really no way at all to detect that there are hidden containers (after all, the decryption software has to find them on request).
The Tao of math: The numbers you can count are not the real numbers.
(Score: 3, Interesting) by c0lo on Friday April 29 2016, @03:01AM
If what you revealed is incriminating already, then there's a precedent which may land you in hot waters [wikipedia.org] (see below why it only may).
However, if what you revealed is not incriminating, you aren't in any worse position than before - the prosecution will still have to prove that what remained unencrypted is:
1. meaningful (not just random data) - this applies even if already incriminating evidence was revealed at the prev step of decryption;
2. relevant to the case - probable cause - this applies even if already incriminating evidence was revealed at the prev step of decryption
3. that the defendant has indeed control over the part that is still encrypted.
The point 1 and 2 are exactly what is intended by the "deniable encryption" schemes.
With the note that such schemes may not work as intended under oppressive authoritarian regimes - the ones of "if you have something to hide, you must be guilty" kind - in fact they may make the life worse for the defendant.
Mmmm... wait, what?!?
(- large grin -)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Friday April 29 2016, @07:18AM
It is. It's solid evidence that you have access to the drive.
Then six months later, when they are done brute forcing the encryption, you can't go back and argue "that was a drive I bought off e-bay with the intention of wiping it before using it".
(Score: 2) by c0lo on Friday April 29 2016, @07:57AM
No, you cannot argue is not your drive, but you should be able to argue "Except of what I've already shown you, there's nothing else there that I know of".
If you can't argue that, then your plausibly deniable encryption [wikipedia.org] package doesn't worth a shit.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by tangomargarine on Friday April 29 2016, @02:41PM
Somebody on The Green Site mentioned that this suggests a great way to perform witchhunts: Put a random hard drive in front of a guy and tell him to decrypt it.
Guy: "That isn't my hard drive."
TPTB: "So you're saying you won't decrypt it?"
Guy: "It's not mine. How would I know the key?"
TPTB: "We've been assured by John Smith here that he's 'pretty sure' the drive is encrypted, and yours."
Guy: "Even if it was mine--which it isn't--you're not even sure it's encrypted?"
TPTB: "Your Honor, this man is refusing to cooperate. Throw him in the stockade!"
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 3, Interesting) by Runaway1956 on Friday April 29 2016, @02:25AM
Your scenario sounds alright, on the face of things. However, you need to dig just a little deeper into court room life. In my county, for years, the judge and the prosecutor were members of the same country club. That is, they both owned "summer homes" on the river, and in fact, lived only a couple doors away from each other. They dined together, golfed together, fished together - every thing except slept together, and I can't be certain that they didn't do that too.
Needless to say, the prosecutor was seldom denied any motion, any objection, any suggestion in court. Basically, the judge and the prosecutor spoke with the same mind. Their little party was only upset now and then when an outside lawyer was brought in to handle a case.
(Score: 3, Informative) by Beryllium Sphere (r) on Friday April 29 2016, @07:17PM
Add to that the case(s) from Texas where a judge has given helpful suggestions to the prosecutor in the middle of a trial.
This has links to original sources and a good overview:
http://gritsforbreakfast.blogspot.com/2013/07/texting-while-judging-judge-texted.html [blogspot.com]
This is from a defense attorney so feel free to suspect bias:
http://blog.bennettandbennett.com/2013/01/youre-soaking-in-it/ [bennettandbennett.com]
Then remember that elected judges can lose their jobs if a challenger succeeds in calling them "soft on crime", and that many judges are former prosecutors. It's not unheard of for someone to say "He never stopped being the DA".
This is part of why innocent people plead guilty.
http://www.takepart.com/feature/2015/11/20/houston-drug-war-exonerations [takepart.com]
Even for murder: http://www.alternet.org/civil-liberties/why-innocent-people-plead-guilty-and-often-serve-years-prison-crime-they-didnt [alternet.org]
http://www.nybooks.com/articles/2014/11/20/why-innocent-people-plead-guilty/ [nybooks.com]
Do you think that being a respectable high-paid employed person will protect you? Then read about a CISA whose life was trashed by one liar:
http://www.seattletimes.com/seattle-news/being-homeless-a-struggle-even-with-a-100000-job-offer/ [seattletimes.com]
Just guessing, but the defendant in this article might be in solitary to protect him from other inmates who (go figure) don't like cops. Read up on solitary.
Folks, this system is broken. Write to your elected representatives about sentencing reform, bail reform, indigent defense, and independent oversight of prisons to stop them from getting even worse than they're supposed to be.
Bail reform alone will save many innocent people. If you can't afford a lawyer or even bail, it's not exactly a free choice when the DA says in effect "Let us give you a criminal record and we'll recommend a sentence of time served, so you get out right away and can see your kids and maybe even keep your job".
(Score: 2) by Common Joe on Friday April 29 2016, @04:12AM
Truecrypt is no longer maintained. Consider Veracrypt, a fork of Truecrypt.
Apparently, I'm not up to speed on all acronyms and had to look this up. For all other commoners who don't want to look it up, OTP refers to "one time pad". (And not "one time password" or "one time pairing".)
And to be blunt, even a one time pad is quite weak in this scenario. Where would the one time pad be kept so that it didn't fall into the hands of law enforcement / the court? It has to be kept somewhere. On the hard drive? Somewhere on the Internet? (Don't forget that "they" are always listening.) Multi-gigabyte one time pads are sure to be noticed and generating a truly random one time pad can be challenging and time consuming. (Not to mention that you have to wipe the original file after you're done encryption leaving you vulnerable at that point in time.)
In theory, one time pads are the strongest form of encryption, but they are cumbersome to use and only best used when sending messages physically (like by thumb drive) or with short text messages. A program like Veracrypt would be best in most computer-related scenarios, though.
(Score: 1, Interesting) by Anonymous Coward on Friday April 29 2016, @04:46AM
Multi-gigabyte one time pads are sure to be noticed
Quite frequently they are in front of you, but you don't recognize them for what they are.
For example, your official DVD copy of the latest horror flick, if ripped and reencoded with very specific parameters, yields a pretty long OTP. The parameters are written down on an old envelope where you calculated the tip at a restaurant; they are disguised as prices of dishes. And you need to use a specific version of a specific ripper - which is not even installed on your PC.
We are swimming in multi-gigabyte media streams. They are all compressed and, as such, look like half-decent random data. If you want to improve that, combine several video streams, each from a unique offset. Your video library is large enough, and even if the offsets are under 1,000,000 each (which is nothing, in bytes, in a DVD), it creates quite a challenge for the courts. Most likely it's not the NSA or CIA who will be after your data, but your local police and your local prosecutor. They can send the file to the FBI, but they cannot send everything that you have in the house, and in all the houses of other people that you have access to.
(Score: 0) by Anonymous Coward on Friday April 29 2016, @07:22AM
That would work for someone like Snowden.
However, for something you need easy access to all the time - such as your porn collection - the one time pad is going to be on something that can be accessed easily.
(Score: 0) by Anonymous Coward on Friday April 29 2016, @12:53PM
Why would you encrypt your porn? Documents, yes. Personal letters, yes. 18 inches vs 18 inches, deserves to be proudly displayed in plaintext :)
(Score: 2) by tangomargarine on Friday April 29 2016, @02:45PM
This entire article is about a guy accused of having child porn and you're asking why someone would encrypt their porn?
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by maxwell demon on Friday April 29 2016, @05:29PM
Why not just use the contents of one of your DVDs unchanged? Thanks to DRM it should look quite random (didn't check that, though), and law enforcement would need to find out (a) that you used a DVD as key, (b) which DVD you used. Works best if you've got a large DVD collection. And a working DVD drive, of course. :-)
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by Anonymous Coward on Friday April 29 2016, @07:15AM
Well, in the same fantasy world, the judge in this case would have said "prove that it's even his hard drive in the first place".
In the real world, providing the false password would be evidence that it IS your hard drive, and suddenly your lawyer has a lot less to work with.
(Score: 0) by Anonymous Coward on Friday April 29 2016, @08:50PM
This kind of "plausible deniability" is only useful when you are lying. One should not have to lie to maintain their right not to incriminate themselves. This puts you in a very bad position, as the act of lying to authorities may itself be a crime or have other consequences. Remain silent.
(Score: 2) by edIII on Sunday May 01 2016, @04:07AM
You misunderstand the term. It provides you the complete inability to determine if I've lied or not, and an answer itself cannot be solely for the purposes of lying.
This method provides you the ability to tell a "truth" without anyway to mathematically prove that a "lie" was said. In other words, I can provide information that meets the requirements every single time without ever putting specific other information at risk.
One way of looking it is about lying or telling the truth, but on an encryption level the term means that you can't discern ciphertext from random noise at all.
As for the plausible part (my motives for having that random noise around my house), I've decided that there exists no true randomness on Earth because specific properties in the core of our planet introduce strong patterns into our entropy. Therefore, I often fill up random hard drives and flash drives with my "raw entropy data" to be studied later, so that one day I can have a Nobel Prize, some money, and the associated math groupies.
I'm the man hoarding entropy. I need help. I can't stop. Please help........ ;)
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Friday April 29 2016, @12:12PM
https://www.youtube.com/watch?v=ibQGWXfWc7c [youtube.com] -- old, but good explanation on the issue.