Possible Precedent: Accused Americans Can Be Forced To Decrypt Their Encrypted Data

[twilyth]

I don't see how having an indictment would make a difference.

 

[silkstone]

I don't see how having an indictment would make a difference.

Ok, i don't really know enough about law to continue. However it seems to go against common sense

Why not just get the husband to provide the password and if he doesn't, incarcerate him

At the end of the day i feel it should go like this -

The Court: "If you don't give us your password you go to jail"

The Defendant - "I forgot it"

The Court - "ok, we can't prove you didn't - you are free to go"

 

[Horrux]

Ok, i don't really know enough about law to continue. However it seems to go against common sense

Why not just get the husband to provide the password and if he doesn't, incarcerate him

At the end of the day i feel it should go like this -

The Court: "If you don't give us your password you go to jail"

The Defendant - "I forgot it"

The Court - "ok, we can't prove you didn't - you are free to go"

That would be good, and much better than what they are doing. I guess what they're actually doing is if she doesn't provide the password, she is held in contempt of court. And what if all this stress actually did make her forget it? And what if all this stress actually did make her forget it AND she's actually innocent?

 

[FordGT90Concept]

Yes they do. Strong encryption is just that - strong. And if you're thinking of back doors from the likes of Symantec, then there's always open source solutions, which definitely won't have it.

Even from Symantec though, there's no backdoor, as you can see from this article.

If it is really that important, they'll hand it off to the NSA and I wouldn't be surprised at all if the NSA has supercomputers that can try trillions of passphrases a second breaking any encryption in a matter of weeks.

...the thing is, a petty case like this doesn't exactly qualify for those kinds of resources...

 

[Horrux]

If it is really that important, they'll hand it off to the NSA and I wouldn't be surprised at all if the NSA has supercomputers that can try trillions of passphrases a second breaking any encryption in a matter of weeks.

...the thing is, a petty case like this doesn't exactly qualify for those kinds of resources...

I would be surprised if an electronic computer - as opposed to a quantum one - would be able to brute force a large key (1024-4096 bit) Eigamal or triple blowfish encryption any time before our sun dies.

For example, the energy required to flip the bits inside an electronic computer has been calculated and the results speak for themselves: trillions of strong keys a second would require something akin to a large nuclear reactor's energy to be expended inside said computer in order to achieve this. Just imagine the cooling solution. Moreover, breaking a 4096-bit key would require more energy than the sun would provide over its entire lifetime. One single key.

Just saying.

 

[Steevo]

I would be surprised if an electronic computer - as opposed to a quantum one - would be able to brute force a large key (1024-4096 bit) Eigamal or triple blowfish encryption any time before our sun dies.

For example, the energy required to flip the bits inside an electronic computer has been calculated and the results speak for themselves: trillions of strong keys a second would require something akin to a large nuclear reactor's energy to be expended inside said computer in order to achieve this. Just imagine the cooling solution. Moreover, breaking a 4096-bit key would require more energy than the sun would provide over its entire lifetime. One single key.

Just saying.

Going at it the wrong way results in that sort of time being needed.


If we KNOW there is a file with certain properties on the disk, all we need to do is to find it. Once we find it, we have a significant portion of the key.


For example, we KNOW there is a operating system on the hard drive, and we KNOW we can read the disk in a program byte by byte.

No matter what you do to certain files they can' be compressed, only rearranged. So we start with a file like autoplay.dll, we know where it resides, its size for the OS installed, and what is is byte for byte as we can compare it.

Compare it with byte by byte sectors of the HDD, just like a anti-virus scan looks for files, except the beautiful things called rainbow tables are the anti-virus definitions. Once found all we need to do is put it back together in the correct sequence and we then have a part of the key used. In almost any sort of encryption system the storage key is one of one, with a partial of a master key that authorizes the rest of the key to be verified, without it all you would have to do is a dump state when the keys were compared as the actual key would be loaded during that process.

 

[Kreij]

That's not how encryption works, Steevo.
There is no "stored" decryption key. The password(s) are input into the algorithms to create keys, hashes and salts, and are run against the encrypted file. Wrong password(s) and decryption fails.

There are, however, shortcuts that allow decryption methods and keys to be assertained in a LOT less time than "brute force".

 

[twilyth]

Update

full story

Colorado federal authorities have decrypted a laptop seized from a bank-fraud defendant, mooting a judge’s order that the defendant unlock the hard drive so the government could use its contents as evidence against her.

The development ends a contentious legal showdown over whether forcing a defendant to decrypt a laptop is a breach of the Fifth Amendment right against compelled self incrimination.

The authorities seized the encrypted Toshiba laptop from defendant Ramona Fricosu in 2010 with valid court warrants while investigating alleged mortgage fraud, and demanded she decrypt it. Colorado U.S. District Judge Robert Blackburn ordered the woman in January to decrypt the laptop by the end of February. The judge refused to stay his decision to allow Fricosu time to appeal.

 

[FordGT90Concept]

Well dammit. I wanted to see that judge burn.

 

[Horrux]

Well dammit. I wanted to see that judge burn.

Me too... Any info on what kind of encryption was used on her lappy? Must have been real weak. I mean, I hope so, or no data is secure...

 

[Benetanegia]

It's pretty obvious either Fricosu or her ex-husband provided the key.

 

[twilyth]

Me too... Any info on what kind of encryption was used on her lappy? Must have been real weak. I mean, I hope so, or no data is secure...

I think I read on another forum it was a Symantec product, but I might be thinking of another case, so don't people start ragging on Symantec just on what I'm saying.

 

[FordGT90Concept]

In the OP it says Symantec PGP. As Benetanegia said, the defendent blames the co-defendent for providing the password. My guess is that he is going to get a lesser sentence for doing so.

 

[silkstone]

I thought the appeals court ruled on this: http://arstechnica.com/tech-policy/...ctions-can-apply-to-encrypted-hard-drives.ars

They ruled in pretty much the common sense way and the way i thought was correct in my earlier posts.

 

[FordGT90Concept]

As the article twilyth linked said, this case is n a different appeals court (10th) than the one that ruled (11th). 10th appeals court didn't want to hear the case and 11th's ruling does not set precedent for 10th.

Virtually any court will rule the same as 11th for the reasons the 11th ruled the way it did: forcing to decrypt evidence is the same as forcing testimony which is illegal.

 

[silkstone]

As the article twilyth linked said, this case is n a different appeals court (10th) than the one that ruled (11th). 10th appeals court didn't want to hear the case and 11th's ruling does not set precedent for 10th.

Virtually any court will rule the same as 11th for the reasons the 11th ruled the way it did: forcing to decrypt evidence is the same as forcing testimony which is illegal.

On Wednesday, the Tenth Circuit Court of Appeals let stand a judge's ruling in a Colorado case that the defendant in a mortgage fraud case could be compelled to produce the contents of her encrypted laptop. But on Thursday, the Eleventh Circuit Court of Appeals overturned a Florida contempt of court charge against a suspect in a child pornography case who refused to decrypt the encrypted contents of several hard drives.

It says the 10th court did hear the case and compelled her to produce the password. The case in the 11th court was a different case.

 

[FordGT90Concept]

In any event, it isn't going to be set in stone until it reaches the Supreme Court. It sounds like neither cases are going to get anywhere close to that though.

 

[silkstone]

Yes, it would be interesting to see. I wonder if they compelled the joint defendant to reveal the password or whether it was part of a plea bargain.

"In previous cases, the courts have held that when the government already knows of the existence of specific incriminating files, compelling a suspect to produce them does not violate the Fifth Amendment's rule against self-incrimination. On the other hand, if the government merely suspects that an encrypted hard drive contains some incriminating documents, but lacks independent evidence for the existence of specific documents, then the owner of the hard drive is entitled to invoke the Fifth Amendment."

There may be a precedent already regarding this. As many cases have compelled defendants to reveal passwords before.

Things like this make sense

"For example, in 2006, a border guard in Vermont examined the contents of a traveler's laptop and found several files that appeared to be child pornography. But when the laptop was closed, the portion of the hard drive containing these files was automatically encrypted, and the government sought to compel the suspect to decrypt the files again. The court ruled that because a government agent had already seen specific incriminating files, compelling the suspect to produce those same files did not violate the Fifth Amendment's privilege against self-incrimination."

 

[FordGT90Concept]

But even that 2006 case could have gone to higher courts because instead of the guard's word against the defendant's word, they were "compeling" the defendant to produce self-incriminating evidence that the prosecution did not have access to. Just like this case, they should have had to build a prosecution (using the guard's testimony) against the defendant without it.

 

[silkstone]

I agree that it would be interesting to see what would happen in the supreme court, but it may not be something they are even interested in looking at. Until then, all the courts have is precedent from previous cases and so that is basically how the law stands at the moment.

 

[AphexDreamer]

If she refuses, it should just be taken as a admission of guilt, if there was nothing on it proving her guilt, she would just give them the data.

If we adopted this logic, then each persons privacy wouldn't be an issue or even a right to protect.

The thing is she might have some files that are evidence against her but a computer has many types of files and purposes which is why it is an invasion of privacy and why they are probably appealing. Else if they have a warrent she is supposed to let them "in".

 

[FordGT90Concept]

Not all business secrets are of the illegal variety. Businesses don't like giving up their private data any more than individuals do.

For example, even if you never did anything illegal on your computer, how embarrassed would you be if someone seized your computer and rifled through all your browser history, emails, instant message logs, applications, documents, music, and pictures?