Thursday, January 26th 2012
Possible Precedent: Accused Americans Can Be Forced To Decrypt Their Encrypted Data
The Fifth Amendment rules that nobody may be "compelled in any criminal case to be a witness against himself." Or, in other words, one has a right to avoid self-incrimination. Therefore, it's highly significant that Judge Robert Blackburn ordered a Peyton, Colorado woman accused of a being involved in a mortgage scam, to decrypt the hard disc drive of her Toshiba laptop no later than February 21. If not, she would face the consequences, including contempt of court. In a 10-page opinion, the judge wrote, "I find and conclude that the Fifth Amendment is not implicated by requiring production of the unencrypted contents of the Toshiba Satellite M305 laptop computer."
The accused, Ramona Fricosu, is declining to decrypt the laptop, which has been secured withSymantec's PGP Desktop software, which is strong enough to thwart the FBI. She will appeal the ruling, perhaps because it appears that she may be unable to decrypt it for any number of possible reasons, according to her lawyer, which could technically get her off the hook, as people cannot be punished for not doing what they are physically incapable of doing. It's not yet clear what those 'reasons' are.
Requiring a defendant to give up their password is a thorny, unsettled legal issue, with judges in some cases agreeing that they shouldn't have to give up their passwords due to the Fifth Amendment and in other similar cases that they do, with law review articles arguing for either side over the last 15 years. This case might settle this question once and for all. It's important to note that the prosecutors in this case are not asking for the actual password, but simply expect the defendant to type it into the laptop in order to decrypt its contents, which might be the key to getting their way.
So, let's look at this from the defendant's point of view, assuming that the order to decrypt stands and they have actually done what they're accused of. They would be in a lose-lose situation, since they would get punished whether they reveal the decrypted contents or not. What they now have to decide is which option causes them to lose less. In the UK, you can be jailed for two years for not decrypting data when demanded, which might actually be a good compromise for a crime that carries a hefty sentence of say, 10 years or so. Plus, they get the dubious satisfaction of having thwarted the authorities, which might be priceless to them.
There's more detail and analysis on this story over at c|net.
Requiring a defendant to give up their password is a thorny, unsettled legal issue, with judges in some cases agreeing that they shouldn't have to give up their passwords due to the Fifth Amendment and in other similar cases that they do, with law review articles arguing for either side over the last 15 years. This case might settle this question once and for all. It's important to note that the prosecutors in this case are not asking for the actual password, but simply expect the defendant to type it into the laptop in order to decrypt its contents, which might be the key to getting their way.
So, let's look at this from the defendant's point of view, assuming that the order to decrypt stands and they have actually done what they're accused of. They would be in a lose-lose situation, since they would get punished whether they reveal the decrypted contents or not. What they now have to decide is which option causes them to lose less. In the UK, you can be jailed for two years for not decrypting data when demanded, which might actually be a good compromise for a crime that carries a hefty sentence of say, 10 years or so. Plus, they get the dubious satisfaction of having thwarted the authorities, which might be priceless to them.
There's more detail and analysis on this story over at c|net.
96 Comments on Possible Precedent: Accused Americans Can Be Forced To Decrypt Their Encrypted Data
It's like commiting a crime with a gun, then putting the gun in a lockbox with a security feature. If the gun is in the lockbox, prosecuters are going to want it and what's inside obviously.
I mean, it's only asking for the kind of enforcement online that already exists IRL.
Where nothing is enforced.
If you pirate online, you're not persecuted because it would be infringing on freedom to police the internet.
Where as IRL, if you steal something, the story is much different.
www.techpowerup.com/forums/showthread.php?t=141423
Also, Megaupload was brought down with the DMCA, which already exists for this type of thing. The tools to police the internet exist, and it didn't need any additional restrictions added do it.
Probably the laptop was taken for evidence, but they were unable to decrypt it.
When they cant prove the evidence is on the laptop the judge is talkin bollocks and the 5th has to be applied.
edit: If Symantec's software did the encryption... then certainly they could do decryption as well if ordered to.
I have a solution for her.
Cut off your hands.
Regardless of what she did, they are asking her to give them self incriminating evidence. Its the prosecutions burden to get it, not hers. Considering what shes charged with it would be wiser to be placed in contempt. Borderline unconstitutional, which is why its in the news.
She can also say she forgot it, or lost the key. There is no way for them to prove otherwise.
People encrypt their data these days and it complicates work for authorities.
So how do they approach this problem:
How do we stop it ?
Let’s take some terrorist security risk or some real criminal ( this case ) and show how danger it is for society.
Worked well with DMCA. Old tricks good tricks !
If courts are going to weigh so heavily on circumstance, like with hate crimes, then there's no reason that mentality isn't applicable here as well.
Nearly everything the courts do these days is border line unconstitutional, I doubt anyone is surprised.YesYou would think...Patriot Act, national security and all that jazz.
Anyways, is this really news that pertains to computer technology within the bounds of informing the community of new or changes to existing technology and products/projects(i.e. what TechPower is renowned for)?
Seems more like a moral muse for the general forums.
So, once again, it remains a grey and controversial area and I don't think it will ever be definitively resolved, because decisions have to be made on a case by case basis.You know what's really ridiculous? Crims can fall for their own scams too. I was looking at 419eater (advance fee fraud) a while back and the baiters were nailing the scammers with their own scams! It beggared belief. :laugh: They had photographic evidence, too.
so what the prosecuters could do is decrypt it, maybe they could request someone that have super computer to brute force it or start buying as many radeon/gforce card and build some short of low cost supercomputer with it.
now i know why SOPA could happen in USA, if every one thinking like you then just change your country name to china 2.0 already.
So, back on topic... I can see where the 5th amendment sort of applies here and sort of doesn't. Asking her to either provide or enter her password is potentially a self-incriminating action. However... if she is guilty I hope they find a way to make her rot for it.