Possible Precedent: Accused Americans Can Be Forced To Decrypt Their Encrypted Data

[qubit]

The Fifth Amendment rules that nobody may be "compelled in any criminal case to be a witness against himself." Or, in other words, one has a right to avoid self-incrimination. Therefore, it's highly significant that Judge Robert Blackburn ordered a Peyton, Colorado woman accused of a being involved in a mortgage scam, to decrypt the hard disc drive of her Toshiba laptop no later than February 21. If not, she would face the consequences, including contempt of court. In a 10-page opinion, the judge wrote, "I find and conclude that the Fifth Amendment is not implicated by requiring production of the unencrypted contents of the Toshiba Satellite M305 laptop computer."



The accused, Ramona Fricosu, is declining to decrypt the laptop, which has been secured withSymantec's PGP Desktop software, which is strong enough to thwart the FBI. She will appeal the ruling, perhaps because it appears that she may be unable to decrypt it for any number of possible reasons, according to her lawyer, which could technically get her off the hook, as people cannot be punished for not doing what they are physically incapable of doing. It's not yet clear what those 'reasons' are.

Requiring a defendant to give up their password is a thorny, unsettled legal issue, with judges in some cases agreeing that they shouldn't have to give up their passwords due to the Fifth Amendment and in other similar cases that they do, with law review articles arguing for either side over the last 15 years. This case might settle this question once and for all. It's important to note that the prosecutors in this case are not asking for the actual password, but simply expect the defendant to type it into the laptop in order to decrypt its contents, which might be the key to getting their way.

So, let's look at this from the defendant's point of view, assuming that the order to decrypt stands and they have actually done what they're accused of. They would be in a lose-lose situation, since they would get punished whether they reveal the decrypted contents or not. What they now have to decide is which option causes them to lose less. In the UK, you can be jailed for two years for not decrypting data when demanded, which might actually be a good compromise for a crime that carries a hefty sentence of say, 10 years or so. Plus, they get the dubious satisfaction of having thwarted the authorities, which might be priceless to them.

There's more detail and analysis on this story over at c|net.

View at TechPowerUp Main Site

 

[erocker]

Woman on trial for stealing people's money through a mortgage scam yeah, I'm surprised that her computer wasn't just taken from her for evidence anyways. If she's guilty I hope she is brought to justice.

It's like commiting a crime with a gun, then putting the gun in a lockbox with a security feature. If the gun is in the lockbox, prosecuters are going to want it and what's inside obviously.

 

[Trackr]

Woman on trial for stealing people's money through a mortgage scam yeah, I'm surprised that her computer wasn't just taken from her for evidence anyways. If she's guilty I hope she is brought to justice.

It's like commiting a crime with a gun, then putting the gun in a lockbox with a security feature. If the gun is in the lockbox, prosecuters are going to want it and what's inside obviously.

Yeah, but if you directly compare real life to the internet, you can say that SOPA is right.

I mean, it's only asking for the kind of enforcement online that already exists IRL.

 

[DannibusX]

Yeah, but if you directly compare real life to the internet, you can say that SOPA is right.

I mean, it's only asking for the kind of enforcement online that already exists IRL.

wat

 

[naoan]

Wow, there's actually something symantec GOOD at?

 

[erocker]

wat

The internet is a fantasyland where nothing is real? I have no idea.

 

[Trackr]

The internet is a fantasyland where nothing is real? I have no idea.

Close.

Where nothing is enforced.

If you pirate online, you're not persecuted because it would be infringing on freedom to police the internet.

Where as IRL, if you steal something, the story is much different.

 

[DannibusX]

Oh god. Someone mentioned piracy and theft in the same post. Preemptive linkage to previous discussion on said topic commencing, now:

http://www.techpowerup.com/forums/showthread.php?t=141423

Also, Megaupload was brought down with the DMCA, which already exists for this type of thing. The tools to police the internet exist, and it didn't need any additional restrictions added do it.

 

[Rule-R]

Woman on trial for stealing people's money through a mortgage scam yeah, I'm surprised that her computer wasn't just taken from her for evidence anyways. If she's guilty I hope she is brought to justice.

It's like commiting a crime with a gun, then putting the gun in a lockbox with a security feature. If the gun is in the lockbox, prosecuters are going to want it and what's inside obviously.

We had a similar case here in Holland recently. The judge stated that it was proven that the evidence regarding the crime was on the PC/Laptop, thus subpoenad to decrypt it. (Meaning privacy wasnt violated because they knew what was on there)

Probably the laptop was taken for evidence, but they were unable to decrypt it.

When they cant prove the evidence is on the laptop the judge is talkin bollocks and the 5th has to be applied.

 

[xBruce88x]

... I thought that's what warrants were for

edit: If Symantec's software did the encryption... then certainly they could do decryption as well if ordered to.

 

[DannibusX]

They probably do have a warrant for it. Although there's no mention of it in the article.

 

[erocker]

We had a similar case here in Holland recently. The judge stated that it was proven that the evidence regarding the crime was on the PC/Laptop, thus subpoenad to decrypt it. (Meaning privacy wasnt violated because they knew what was on there)

Probably the laptop was taken for evidence, but they were unable to decrypt it.

When they cant prove the evidence is on the laptop the judge is talkin bollocks and the 5th has to be applied.

So, what if this information was stored on a "pen and paper" steel notebook with a lock on it? What's the difference?

 

[Rule-R]

So, what if this information was stored on a "pen and paper" steel notebook with a lock on it? What's the difference?

None, all depends on whether its unmistakably proved that the evidence is in the notebook. (Or on it)

 

[treehouse]

So, what if this information was stored on a "pen and paper" steel notebook with a lock on it? What's the difference?

the difference is they would take a blow torch to the lock and get it opened and then prosecute accordingly. if they cant get to the evidence because of an encrypted hard drive then tough shit, what if she genuinely forgot the password due to stress, there is no way of proving her innocence hence her guilt so look at other ways of prosecuting. if they needed her computer to convict then the case against was never strong in the first place as mortgage scams would ;leave trails all over the place, not just her laptop.

 

[erocker]

If she was smart she would of nuked the drive. Unfortunately, criminals aren't that smart and I'm sure there's other evidence to the crimes she commited. Afterall, it's a mortgage scam.. There are victims.

 

[treehouse]

Unfortunately, criminals aren't that smart

i disagree, SOME criminals are not that smart, just like non criminals

 

[DannibusX]

Well the article is interesting because she's being compelled to decrypt the hard drive, but earlier rulings say that she may not be required to give up the password on 5th Amendment grounds.

I have a solution for her.

Cut off your hands.

 

[ShogoXT]

Warrants allow them to break into and retrieve any evidence they want, but it does not require the defendant to provide the evidence themselves. Such as the police can ask a person to open the door to their house. The person doesnt have to, but the police take no responsibility for broken down doors.

Regardless of what she did, they are asking her to give them self incriminating evidence. Its the prosecutions burden to get it, not hers. Considering what shes charged with it would be wiser to be placed in contempt. Borderline unconstitutional, which is why its in the news.

She can also say she forgot it, or lost the key. There is no way for them to prove otherwise.

 

[treehouse]

Regardless of what she did, they are asking her to give them self incriminating evidence. Its the prosecutions burden to get it, not hers. Considering what shes charged with it would be wiser to be placed in contempt. Borderline unconstitutional, which is why its in the news.

She can also say she forgot it, or lost the key. There is no way for them to prove otherwise.

could not agree more

 

[maarty]

how to change laws ?

People encrypt their data these days and it complicates work for authorities.
So how do they approach this problem:
How do we stop it ?
Let’s take some terrorist security risk or some real criminal ( this case ) and show how danger it is for society.

Worked well with DMCA. Old tricks good tricks !

 

[Deleted member 24505]

If she refuses, it should just be taken as a admission of guilt, if there was nothing on it proving her guilt, she would just give them the data.

 

[Jetster]

I thought it was illegal to have encryption software that the gov could not decrypt

 

[newconroer]

Warrants allow them to break into and retrieve any evidence they want, but it does not require the defendant to provide the evidence themselves. Such as the police can ask a person to open the door to their house. The person doesnt have to, but the police take no responsibility for broken down doors.

Regardless of what she did, they are asking her to give them self incriminating evidence. Its the prosecutions burden to get it, not hers. Considering what shes charged with it would be wiser to be placed in contempt. Borderline unconstitutional, which is why its in the news.

She can also say she forgot it, or lost the key. There is no way for them to prove otherwise.

There's also no way to prove intent in a so called 'hate' crime. The person could be a racial gang leader, with no qualms about admitting their views and opinions. Yet we always see the criminal get extra time added to a sentence because we assume or the prosecution 'proves' (it never does) that due to their beliefs, then their crime was fueled with hate(race in this case).

If courts are going to weigh so heavily on circumstance, like with hate crimes, then there's no reason that mentality isn't applicable here as well.

Nearly everything the courts do these days is border line unconstitutional, I doubt anyone is surprised.

If she refuses, it should just be taken as a admission of guilt, if there was nothing on it proving her guilt, she would just give them the data.

Yes

I thought it was illegal to have encryption software that the gov could not decrypt

You would think...Patriot Act, national security and all that jazz.



Anyways, is this really news that pertains to computer technology within the bounds of informing the community of new or changes to existing technology and products/projects(i.e. what TechPower is renowned for)?
Seems more like a moral muse for the general forums.

 

[qubit]

... I thought that's what warrants were for

edit: If Symantec's software did the encryption... then certainly they could do decryption as well if ordered to.

No they couldn't. Not without a back door and putting that in would trash their reputation.

Warrants allow them to break into and retrieve any evidence they want, but it does not require the defendant to provide the evidence themselves. Such as the police can ask a person to open the door to their house. The person doesnt have to, but the police take no responsibility for broken down doors.

Regardless of what she did, they are asking her to give them self incriminating evidence. Its the prosecutions burden to get it, not hers. Considering what shes charged with it would be wiser to be placed in contempt. Borderline unconstitutional, which is why its in the news.

She can also say she forgot it, or lost the key. There is no way for them to prove otherwise.

Exactly, they can't prove otherwise and it's a fair defence.

If she refuses, it should just be taken as a admission of guilt, if there was nothing on it proving her guilt, she would just give them the data.

And then this is true as well. I mean sure, we all care about privacy, but if you were stuck in a cell and letting the feds have a snoop at your private data would get you off the hook, then you'd let the look, wouldn't you? I certainly wood.

So, once again, it remains a grey and controversial area and I don't think it will ever be definitively resolved, because decisions have to be made on a case by case basis.

If she was smart she would of nuked the drive. Unfortunately, criminals aren't that smart and I'm sure there's other evidence to the crimes she commited. Afterall, it's a mortgage scam.. There are victims.

You know what's really ridiculous? Crims can fall for their own scams too. I was looking at 419eater (advance fee fraud) a while back and the baiters were nailing the scammers with their own scams! It beggared belief. They had photographic evidence, too.

 

[wahdangun]

Woman on trial for stealing people's money through a mortgage scam yeah, I'm surprised that her computer wasn't just taken from her for evidence anyways. If she's guilty I hope she is brought to justice.

It's like commiting a crime with a gun, then putting the gun in a lockbox with a security feature. If the gun is in the lockbox, prosecuters are going to want it and what's inside obviously.

no, that was wrong in every way, the prosecuters could obtain a warrant to size the lockbox, but there are no way the prosecuters can request lockbox key from the criminal.


so what the prosecuters could do is decrypt it, maybe they could request someone that have super computer to brute force it or start buying as many radeon/gforce card and build some short of low cost supercomputer with it.

now i know why SOPA could happen in USA, if every one thinking like you then just change your country name to china 2.0 already.