Thursday, January 26th 2012
Possible Precedent: Accused Americans Can Be Forced To Decrypt Their Encrypted Data
The Fifth Amendment rules that nobody may be "compelled in any criminal case to be a witness against himself." Or, in other words, one has a right to avoid self-incrimination. Therefore, it's highly significant that Judge Robert Blackburn ordered a Peyton, Colorado woman accused of a being involved in a mortgage scam, to decrypt the hard disc drive of her Toshiba laptop no later than February 21. If not, she would face the consequences, including contempt of court. In a 10-page opinion, the judge wrote, "I find and conclude that the Fifth Amendment is not implicated by requiring production of the unencrypted contents of the Toshiba Satellite M305 laptop computer."
The accused, Ramona Fricosu, is declining to decrypt the laptop, which has been secured withSymantec's PGP Desktop software, which is strong enough to thwart the FBI. She will appeal the ruling, perhaps because it appears that she may be unable to decrypt it for any number of possible reasons, according to her lawyer, which could technically get her off the hook, as people cannot be punished for not doing what they are physically incapable of doing. It's not yet clear what those 'reasons' are.
Requiring a defendant to give up their password is a thorny, unsettled legal issue, with judges in some cases agreeing that they shouldn't have to give up their passwords due to the Fifth Amendment and in other similar cases that they do, with law review articles arguing for either side over the last 15 years. This case might settle this question once and for all. It's important to note that the prosecutors in this case are not asking for the actual password, but simply expect the defendant to type it into the laptop in order to decrypt its contents, which might be the key to getting their way.
So, let's look at this from the defendant's point of view, assuming that the order to decrypt stands and they have actually done what they're accused of. They would be in a lose-lose situation, since they would get punished whether they reveal the decrypted contents or not. What they now have to decide is which option causes them to lose less. In the UK, you can be jailed for two years for not decrypting data when demanded, which might actually be a good compromise for a crime that carries a hefty sentence of say, 10 years or so. Plus, they get the dubious satisfaction of having thwarted the authorities, which might be priceless to them.
There's more detail and analysis on this story over at c|net.
Requiring a defendant to give up their password is a thorny, unsettled legal issue, with judges in some cases agreeing that they shouldn't have to give up their passwords due to the Fifth Amendment and in other similar cases that they do, with law review articles arguing for either side over the last 15 years. This case might settle this question once and for all. It's important to note that the prosecutors in this case are not asking for the actual password, but simply expect the defendant to type it into the laptop in order to decrypt its contents, which might be the key to getting their way.
So, let's look at this from the defendant's point of view, assuming that the order to decrypt stands and they have actually done what they're accused of. They would be in a lose-lose situation, since they would get punished whether they reveal the decrypted contents or not. What they now have to decide is which option causes them to lose less. In the UK, you can be jailed for two years for not decrypting data when demanded, which might actually be a good compromise for a crime that carries a hefty sentence of say, 10 years or so. Plus, they get the dubious satisfaction of having thwarted the authorities, which might be priceless to them.
There's more detail and analysis on this story over at c|net.
96 Comments on Possible Precedent: Accused Americans Can Be Forced To Decrypt Their Encrypted Data
Even from Symantec though, there's no backdoor, as you can see from this article.
Imagine that we had more advanced fMRI's that could read your thoughts. Could you be forced to submit to an fMRI exam? No - no more than you can be compelled to testify.
If you had a journal written in a secret language you invented, could you be forced to decrypt it? I seriously doubt it.
People always talk about their computers as being an extension of their memory, and for good reason - because it is.
I still stand by that there are gov agency's that can open your data like it was a can of beans
Note that I'm not just challenging you on this to be awkward, but it wouldn't surprise me if there was some truth to it and I'd like to know more. :)
en.wikipedia.org/wiki/Data_Encryption_Standard
If it were true and became known that some governments can decrypt anything easily, there would be panic.
It might be true, too.
Oh and the same thing happened with hardware neural nets. In the '80s there was tons of research on them that was so advanced, there is no reason at all there aren't sentient AIs around. Well... There probably are, in a secret government agency somewhere...
The worse that happens? She's pinned down for a while.
The best that happens? They exhaust resources and conclude there is no evidence and she walks.
If they let her off on a technicality, her innocence will never be proven.
For some people that's ok, but it's those type of people who are usually guilty.
For other persons, whom are often innocent, having a clear name and a clear conscience is paramount and they will not rest until exonerated.
Sounds like she's the first type...
I thought the point was to prove someone guilty, not innocent, which should be a given, UNTIL PROVEN GUILTY...
Your post perfectly demonstrates the kind of mentality that makes this world such a shit place most of the time, thanks.
You should run for office, you'd fit right in :toast:
It is simply a delaying tactic in the search for applicable evidence to prove something one way or the other. It is no different than the ploys used by the defense lawyers to stall cases until they can get all their ducks in a row.
Do you not understand the importance of due process? Do you not understand the extreme evils that politicians and "the law" will unleash on innocent people as a result of erosion of due process?
I'll grant you, she probably did it. But when you erode a legal right, it sets a precedent, and I don't care what you say, holding someone prisoner for years while they decrypt the evidence is a breach of rights and due process.
You are demonstrating the great unconsciousness of the masses, allowing "the law", i.e. governments free rein in destroying your rights and liberties. And then some years down the line, those same astonishingly stupid masses will go "how did we get to this hell?". Duh, you were applauding all the way, trading in your freedom for some illusion of "security". Ha.In this case, years or possibly decades in jail on a suspicion makes her a case of guilty until proven innocent. Do you have any idea how long it would take with current tech to decrypt a DriveCrypt++ encrypted volume? 30 years or so, I think, with the strongest supercomputer officially built...
Holding a person in jail for decades waiting for proof is CERTAINLY treating her as guilty until proven innocent. I'm not defending mortgage fraud. I'm defending due process and rights from erosion and the devolution into totalitarianism.Knowing that the algorithms are based on unidirectional mathematics, I can almost guarantee you that no one knows the key. And about the NDAA, it only has to be the merest SUSPICION of ASSOCIATION with, not "terrorists" but "anti-American activities" to allow the military to go in there and indefinitely detain these people without the slightest due process, charges, lawyer, or phone call. In other words, some military personnel only need suspect that the activity might be used to finance some activity that might be called "anti-American", or might constitute in itself an "anti-American" activity to go and arrest.
Have a look here, and please keep in mind that she most likely uses DriveCrypt++ which is over 1334-bit encryption:
en.wikipedia.org/wiki/Brute-force_attack
They estimate that a 256-bit key would take 50,955,671,114,250,072,156,962,268,275,658,377,807,020,642,877,435,085 years to brute-force.
- Factor in an estimated tech progression level of, say, 1 billion times more powerful computers (chop off the 9 digits at the end)
- Then add a few thousand digits at the beginning of the number due to key length... In reality it's probably millions of digits, but I can't be bothered to calculate it, which would be difficult given the humongificiousness of the numbers to begin with.
And you have your estimate.
To me, that's too long a jail time on mere suspicion.
Its just a question of is the expense to find that data worth the result.
M1dg3t, the abuse of the system is no doubt wrong, however the history of guilty until proven innocent has proven far more disastrous for people. I will take a few criminals going free on technicality than living in fear constantly.
As for code-cracking. Even free software will defeat the NSA. I use truecrypt container volumes that are encoded with 3 different algorithms and a key so long I can rarely type it in without making a mistake.
However codes will all be toast if quantum computing ever gets off the ground, so score one for the Luddites there. :D
Ok, analogy here. If you steal something and the government believe that you have got it in your safe, they are within their rights to confiscate your safe and compel you to open it, if you do not you would be obstructing.
Digital, physical, there shouldn't be a difference.
I am no lawyer, but seriously, the law should have provisions for common sense.
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation
Indictment is different?
"Whether a crime is "infamous" is determined by the nature of the punishment that may be imposed, not the punishment that is actually imposed;"
I find this part interesting