1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Possible Precedent: Accused Americans Can Be Forced To Decrypt Their Encrypted Data

Discussion in 'News' started by qubit, Jan 26, 2012.

  1. twilyth Guest

    I don't see how having an indictment would make a difference.
  2. silkstone

    silkstone

    Joined:
    Nov 1, 2008
    Messages:
    2,878 (1.36/day)
    Thanks Received:
    499
    Ok, i don't really know enough about law to continue. However it seems to go against common sense :banghead:

    Why not just get the husband to provide the password and if he doesn't, incarcerate him :nutkick:

    At the end of the day i feel it should go like this -

    The Court: "If you don't give us your password you go to jail"

    The Defendant - "I forgot it"

    The Court - "ok, we can't prove you didn't - you are free to go"
    Last edited: Feb 1, 2012
  3. Horrux

    Horrux

    Joined:
    Jun 2, 2011
    Messages:
    735 (0.63/day)
    Thanks Received:
    124
    That would be good, and much better than what they are doing. I guess what they're actually doing is if she doesn't provide the password, she is held in contempt of court. And what if all this stress actually did make her forget it? And what if all this stress actually did make her forget it AND she's actually innocent?
  4. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,414 (6.27/day)
    Thanks Received:
    3,394
    Location:
    IA, USA
    If it is really that important, they'll hand it off to the NSA and I wouldn't be surprised at all if the NSA has supercomputers that can try trillions of passphrases a second breaking any encryption in a matter of weeks.

    ...the thing is, a petty case like this doesn't exactly qualify for those kinds of resources...
    Crunching for Team TPU
  5. Horrux

    Horrux

    Joined:
    Jun 2, 2011
    Messages:
    735 (0.63/day)
    Thanks Received:
    124
    I would be surprised if an electronic computer - as opposed to a quantum one - would be able to brute force a large key (1024-4096 bit) Eigamal or triple blowfish encryption any time before our sun dies.

    For example, the energy required to flip the bits inside an electronic computer has been calculated and the results speak for themselves: trillions of strong keys a second would require something akin to a large nuclear reactor's energy to be expended inside said computer in order to achieve this. Just imagine the cooling solution. Moreover, breaking a 4096-bit key would require more energy than the sun would provide over its entire lifetime. One single key.

    Just saying.
  6. Steevo

    Steevo

    Joined:
    Nov 4, 2005
    Messages:
    8,178 (2.55/day)
    Thanks Received:
    1,137
    Going at it the wrong way results in that sort of time being needed.


    If we KNOW there is a file with certain properties on the disk, all we need to do is to find it. Once we find it, we have a significant portion of the key.


    For example, we KNOW there is a operating system on the hard drive, and we KNOW we can read the disk in a program byte by byte.

    No matter what you do to certain files they can' be compressed, only rearranged. So we start with a file like autoplay.dll, we know where it resides, its size for the OS installed, and what is is byte for byte as we can compare it.

    Compare it with byte by byte sectors of the HDD, just like a anti-virus scan looks for files, except the beautiful things called rainbow tables are the anti-virus definitions. Once found all we need to do is put it back together in the correct sequence and we then have a part of the key used. In almost any sort of encryption system the storage key is one of one, with a partial of a master key that authorizes the rest of the key to be verified, without it all you would have to do is a dump state when the keys were compared as the actual key would be loaded during that process.
    10 Million points folded for TPU
  7. Kreij

    Kreij Senior Monkey Moderator Staff Member

    Joined:
    Feb 6, 2007
    Messages:
    13,881 (5.04/day)
    Thanks Received:
    5,615
    Location:
    Cheeseland (Wisconsin, USA)
    That's not how encryption works, Steevo.
    There is no "stored" decryption key. The password(s) are input into the algorithms to create keys, hashes and salts, and are run against the encrypted file. Wrong password(s) and decryption fails.

    There are, however, shortcuts that allow decryption methods and keys to be assertained in a LOT less time than "brute force".
  8. twilyth Guest

    Update

    full story

  9. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,414 (6.27/day)
    Thanks Received:
    3,394
    Location:
    IA, USA
    Well dammit. I wanted to see that judge burn. :(
    Horrux says thanks.
    Crunching for Team TPU
  10. Horrux

    Horrux

    Joined:
    Jun 2, 2011
    Messages:
    735 (0.63/day)
    Thanks Received:
    124
    Me too... Any info on what kind of encryption was used on her lappy? Must have been real weak. I mean, I hope so, or no data is secure...
  11. Benetanegia

    Benetanegia New Member

    Joined:
    Sep 11, 2009
    Messages:
    2,683 (1.49/day)
    Thanks Received:
    694
    Location:
    Reaching your left retina.
    It's pretty obvious either Fricosu or her ex-husband provided the key.
  12. twilyth Guest

    I think I read on another forum it was a Symantec product, but I might be thinking of another case, so don't people start ragging on Symantec just on what I'm saying.
  13. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,414 (6.27/day)
    Thanks Received:
    3,394
    Location:
    IA, USA
    In the OP it says Symantec PGP. As Benetanegia said, the defendent blames the co-defendent for providing the password. My guess is that he is going to get a lesser sentence for doing so.
    Crunching for Team TPU
  14. silkstone

    silkstone

    Joined:
    Nov 1, 2008
    Messages:
    2,878 (1.36/day)
    Thanks Received:
    499
  15. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,414 (6.27/day)
    Thanks Received:
    3,394
    Location:
    IA, USA
    As the article twilyth linked said, this case is n a different appeals court (10th) than the one that ruled (11th). 10th appeals court didn't want to hear the case and 11th's ruling does not set precedent for 10th.

    Virtually any court will rule the same as 11th for the reasons the 11th ruled the way it did: forcing to decrypt evidence is the same as forcing testimony which is illegal.
    Crunching for Team TPU
  16. silkstone

    silkstone

    Joined:
    Nov 1, 2008
    Messages:
    2,878 (1.36/day)
    Thanks Received:
    499
    On Wednesday, the Tenth Circuit Court of Appeals let stand a judge's ruling in a Colorado case that the defendant in a mortgage fraud case could be compelled to produce the contents of her encrypted laptop. But on Thursday, the Eleventh Circuit Court of Appeals overturned a Florida contempt of court charge against a suspect in a child pornography case who refused to decrypt the encrypted contents of several hard drives.

    It says the 10th court did hear the case and compelled her to produce the password. The case in the 11th court was a different case.
    FordGT90Concept says thanks.
  17. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,414 (6.27/day)
    Thanks Received:
    3,394
    Location:
    IA, USA
    In any event, it isn't going to be set in stone until it reaches the Supreme Court. It sounds like neither cases are going to get anywhere close to that though.
    Crunching for Team TPU
  18. silkstone

    silkstone

    Joined:
    Nov 1, 2008
    Messages:
    2,878 (1.36/day)
    Thanks Received:
    499
    Yes, it would be interesting to see. I wonder if they compelled the joint defendant to reveal the password or whether it was part of a plea bargain.

    "In previous cases, the courts have held that when the government already knows of the existence of specific incriminating files, compelling a suspect to produce them does not violate the Fifth Amendment's rule against self-incrimination. On the other hand, if the government merely suspects that an encrypted hard drive contains some incriminating documents, but lacks independent evidence for the existence of specific documents, then the owner of the hard drive is entitled to invoke the Fifth Amendment."

    There may be a precedent already regarding this. As many cases have compelled defendants to reveal passwords before.

    Things like this make sense

    "For example, in 2006, a border guard in Vermont examined the contents of a traveler's laptop and found several files that appeared to be child pornography. But when the laptop was closed, the portion of the hard drive containing these files was automatically encrypted, and the government sought to compel the suspect to decrypt the files again. The court ruled that because a government agent had already seen specific incriminating files, compelling the suspect to produce those same files did not violate the Fifth Amendment's privilege against self-incrimination."
  19. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,414 (6.27/day)
    Thanks Received:
    3,394
    Location:
    IA, USA
    But even that 2006 case could have gone to higher courts because instead of the guard's word against the defendant's word, they were "compeling" the defendant to produce self-incriminating evidence that the prosecution did not have access to. Just like this case, they should have had to build a prosecution (using the guard's testimony) against the defendant without it.
    Crunching for Team TPU
  20. silkstone

    silkstone

    Joined:
    Nov 1, 2008
    Messages:
    2,878 (1.36/day)
    Thanks Received:
    499
    I agree that it would be interesting to see what would happen in the supreme court, but it may not be something they are even interested in looking at. Until then, all the courts have is precedent from previous cases and so that is basically how the law stands at the moment.
  21. AphexDreamer

    AphexDreamer

    Joined:
    Jun 17, 2007
    Messages:
    7,085 (2.70/day)
    Thanks Received:
    913
    Location:
    C:\Program Files (x86)\Aphexdreamer\
    If we adopted this logic, then each persons privacy wouldn't be an issue or even a right to protect.

    The thing is she might have some files that are evidence against her but a computer has many types of files and purposes which is why it is an invasion of privacy and why they are probably appealing. Else if they have a warrent she is supposed to let them "in".
    Last edited: Mar 1, 2012
    silkstone says thanks.
  22. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,414 (6.27/day)
    Thanks Received:
    3,394
    Location:
    IA, USA
    Not all business secrets are of the illegal variety. Businesses don't like giving up their private data any more than individuals do.

    For example, even if you never did anything illegal on your computer, how embarrassed would you be if someone seized your computer and rifled through all your browser history, emails, instant message logs, applications, documents, music, and pictures?
    Crunching for Team TPU

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page