Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

DOJ: We can force you to decrypt that laptop
CNET News ^ | JULY 11, 2011 12:07 AM PDT | Declan McCullagh

Posted on 07/11/2011 10:39:22 AM PDT by Smogger

The Colorado prosecution of a woman accused of a mortgage scam will test whether the government can punish you for refusing to disclose your encryption passphrase. The Obama administration has asked a federal judge to order the defendant, Ramona Fricosu, to decrypt an encrypted laptop that police found in her bedroom during a raid of her home.

Because Fricosu has opposed the proposal, this could turn into a precedent-setting case. No U.S. appeals court appears to have ruled on whether such an order would be legal or not under the U.S. Constitution's Fifth Amendment, which broadly protects Americans' right to remain silent.

In a brief filed last Friday, Fricosu's Colorado Springs-based attorney, Philip Dubois, said defendants can't be constitutionally obligated to help the government interpret their files. "If agents execute a search warrant and find, say, a diary handwritten in code, could the target be compelled to decode, i.e., decrypt, the diary?"

...

"Decrypting the data on the laptop can be, in and of itself, a testimonial act--revealing control over a computer and the files on it," said EFF Senior staff attorney Marcia Hofmann. "Ordering the defendant to enter an encryption password puts her in the situation the Fifth Amendment was designed to prevent: having to choose between incriminating herself, lying under oath, or risking contempt of court."

(Excerpt) Read more at news.cnet.com ...


TOPICS: Crime/Corruption; Front Page News; News/Current Events; Technical
KEYWORDS: 5thamendment; constitution; doj; encryption; fifthamendment; patriotact; policestate
Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100 ... 141-144 next last
To: Doe Eyes
In addition to a password that decrypts the computer, there should be one that zeroizes it.

Wouldn't help. As a forensic computer examiner, I can tell you that the first thing you do, before any examination of the drive, is make a forensic (bit for bit) image of the drive, then place the original in a secure location for safekeeping. All work is done on a copy of the drive, never the original. So even if you had a program that would wipe the drive upon the entry of the incorrect password, only the copy would be wiped, not the original.

61 posted on 07/11/2011 11:27:08 AM PDT by CA Conservative
[ Post Reply | Private Reply | To 8 | View Replies]

To: exit82
:)

OK, I will contribute one thing I learned from reading the book Kingpin.. The Feds can pull your PGP key out of RAM with a little heavy lifting.. The only safe machine is a powered down machine.
62 posted on 07/11/2011 11:27:54 AM PDT by Daus
[ Post Reply | Private Reply | To 53 | View Replies]

To: Daus

That was worth it lol...


63 posted on 07/11/2011 11:28:27 AM PDT by neodad (Don't Tap, Just Drill!)
[ Post Reply | Private Reply | To 45 | View Replies]

To: LonePalm
Personally, I wouldn't bet against NSA.

Nor would I. If they were tasked with decryption of this woman's hard drive I'm betting the NSA has systems that could, by brute force alone, easily break through whatever 128 bit encryption she used.

64 posted on 07/11/2011 11:29:28 AM PDT by Bloody Sam Roberts (If you think it's time to bury your weapons.....it's time to dig them up.)
[ Post Reply | Private Reply | To 11 | View Replies]

To: for-q-clinton
Another password reveals the fake stuff while it deletes and rewrites random data over the real stuff.

There's no way they would be stupid enough not to be working off of a copy of the original drive.

65 posted on 07/11/2011 11:33:04 AM PDT by Darth Reardon (No offense to drunken sailors)
[ Post Reply | Private Reply | To 7 | View Replies]

To: CA Conservative

I wonder if you could use an encryption program that will only work on the original drive? Or at least need to have the same firmware, specs, model #, etc...

Possibly use that info in the encyrption key. So without that it doesn’t work. Or it wipes everything if that info does match :-)

Tell them the only way to get the data is to use the password on the original drive.


66 posted on 07/11/2011 11:33:04 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 61 | View Replies]

To: Darth Reardon

Have a program use the model #, firmware, etc, from the hard drive as part of the key to encrypt the drive. Or detect if they are different and if so...only give the fake stuff (and/or wipe the stuff you want to hide).


67 posted on 07/11/2011 11:34:23 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 65 | View Replies]

To: Smogger

bfl


68 posted on 07/11/2011 11:38:27 AM PDT by pigsmith (Behind the heart of liberalism is a deep hatred of God.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LonePalm
They can probably decrypt that drive in a mater of minutes. This is not about accessing the information on that drive but rather setting precedent such that they can force people to decrypt on demand. They probably went defendant shopping to find a despicable corrupt mortgage broker to help it go their way.

For stuff I really do not want seen by anyone, such as which guns are stored where, I use a IronKey USB drive. First, as long as it is not found plugged into a machine of mine there is deniability that it belongs to me. If it's not mine how could I know the passphrase? Second, they do not have the technology (yet) to break it and if they try it erases everything. I'm actually kind of surprised they continue to allow them to be sold to the public.

69 posted on 07/11/2011 11:44:10 AM PDT by atomic_dog
[ Post Reply | Private Reply | To 11 | View Replies]

To: for-q-clinton
I wonder if you could use an encryption program that will only work on the original drive? Or at least need to have the same firmware, specs, model #, etc...

Possibly use that info in the encyrption key. So without that it doesn’t work. Or it wipes everything if that info does match :-)

Tell them the only way to get the data is to use the password on the original drive.

Well, as a professional, the way I would handle this situation is I would still make the image of the original drive and save it to a secure location. If I absolutely had to use the original drive for the decryption to work, I would do so. If the attempt at decryption corrupted or erased the data, I would just re-image the drive with the original data and try again. As long as the hash values of the original drive and the image match, the courts will accept it as a true copy of the original for evidence purposes...

70 posted on 07/11/2011 11:45:57 AM PDT by CA Conservative
[ Post Reply | Private Reply | To 66 | View Replies]

To: chesley
"I quit because it was just too much trouble considering I’m pure as the driven snow, and nothing illegal is on my computer

Jesus? Is that you?? Why the long wait to return to us?

71 posted on 07/11/2011 11:46:38 AM PDT by Soothesayer9
[ Post Reply | Private Reply | To 57 | View Replies]

To: apillar

Password suggestion for Christians...
...though anyone can use the idea....

I use memory verses. These usually contain all the elements required for most pw’s. For instance...

Joh 3:16FGslttwtHghobStwbiHwnpbhel

Which is all of John 3:16, using just the first letter of each word and capitalizes proper nouns, names and titles.

Works great for me, they are tough to crack, easy use and build my Bible memory skills.


72 posted on 07/11/2011 11:53:33 AM PDT by woollyone ("The trouble with socialism is you run out of other people's money to spend." Margaret Thatcher)
[ Post Reply | Private Reply | To 22 | View Replies]

To: for-q-clinton

“Actually it is possible.”

Yes I know... I headed up a DOD project 20 years ago to do exactly that. Government agencies were unable to take advantage of warranties on their disk drives when they had classified data on them. We wrote the software to wipe the drives. In those days, disk mechs were over $1000.

The software was certified by the DOD, but wasn’t used much because it took way to long to scrub a drive. (many hours) Plus you often had to replace the pc board on the drive to even run it. The final solution ended up being to remove the top cover and remove the plasters and physically destroy them.


73 posted on 07/11/2011 11:54:59 AM PDT by babygene (Figures don't lie, but liars can figure...)
[ Post Reply | Private Reply | To 47 | View Replies]

To: musicman
LOL!

Or call the IRS help line.

74 posted on 07/11/2011 11:55:57 AM PDT by Publius6961 (My world was lovely, until it was taken over by parasites.)
[ Post Reply | Private Reply | To 51 | View Replies]

To: Rockingham

If that’s true, why serve the warrant at all. The judge could just compel the suspect to surrender evidence at the nearest police station.


75 posted on 07/11/2011 11:57:06 AM PDT by moehoward
[ Post Reply | Private Reply | To 27 | View Replies]

To: Smogger

I’ve read the article and there is nothing even remotely accurate about being able to “force” the user to divulge the pass legally. If they want to do that, they have to eliminate the 5th. Plain and simple (which of course won’t happen).

I am betting that somewhere along the way, the defendant in question let it slip that she actually KNEW the password. LE agents are good at getting you to slip up in conversation on the front porch (that is, those who have never seen the “dont talk to cops” lecture). If any LE agents are at your door, ask for a warrant, and then plead the fifth (assuming you have to stay while they search, otherwise I would leave).


76 posted on 07/11/2011 12:00:05 PM PDT by Soothesayer9
[ Post Reply | Private Reply | To 1 | View Replies]

To: CA Conservative

True, BUT you still need to decrypt it and the only key you get from me deletes the data you think is there while giving you the phony stuff.

So how could you even tell if you got everything or not?


77 posted on 07/11/2011 12:00:21 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 70 | View Replies]

To: CA Conservative
before any examination of the drive, is make a forensic (bit for bit) image of the drive, then

Is the software to make complete bit by bit copies of a hard drive available to anybody?

78 posted on 07/11/2011 12:00:21 PM PDT by Publius6961 (My world was lovely, until it was taken over by parasites.)
[ Post Reply | Private Reply | To 61 | View Replies]

To: Bloody Sam Roberts
Nor would I. If they were tasked with decryption of this woman's hard drive I'm betting the NSA has systems that could, by brute force alone, easily break through whatever 128 bit encryption she used.

Perhaps, there is an (yet unknown) attack that could be used that would "break" the encryption in less time then a brute forcing, say the entire AES256 keyspace, but it would probably still take years.

The longest The largest successful publicly-known brute force attack against any block-cipher encryption was been against a 64-bit RC5 key by distributed.net, and took 1,757 days, 58,747,597,657 work units and about 330,000 GPU equipped PC's.

79 posted on 07/11/2011 12:05:57 PM PDT by Smogger
[ Post Reply | Private Reply | To 64 | View Replies]

To: Publius6961
Is the software to make complete bit by bit copies of a hard drive available to anybody?

Yes, dd or dcfldd for starters. There are other programs as well.

80 posted on 07/11/2011 12:07:46 PM PDT by DaisyCutter
[ Post Reply | Private Reply | To 78 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100 ... 141-144 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson