I believe the judge is in error in this case. If the password is written down somewhere and the police and prosecutors locate it during a legal search, then there is no issue and they should be allowed to use that physical evidence in whatever way they wish to advance their case. However, if the password is only stored in a person's memory, then I firmly believe that the court should NOT be allowed to compel an individual to reveal that information.
Well, in Ohio we cannot search cell phones nor view them during the course of an investigation without a warrant. Anything found incident to arrest on cell phones is not admissible in court. If we want to view the address book of a known drug dealers cell phone, we need a warrant.Originally Posted by TCinVA
As of yesterday, we cannot attach GPS tracking devices nor use any GPS information during the course of an investigation without a warrant. They fell short in describing what type of warrant. Lots of assumptions in this thread. Just because we seize it does no mean we can search it. If you have a reasonable expectation of privacy, then more often than not - a warrant will be required.
As for a magic cryptographic USB adapter for Encase computer software to view telephone data, it doesn't exist. Too much CSI.
IANAL, just a dumb computer geek/cop.
Agreed and given the far reaching implications, I bet SCOTUS will hear this one - assuming in federal system already.
Legally? It may not have changed the case at all. Practically it means you can provide a password that allows access to a drive, but a dummy section of the drive you set up with True Crypt that only contains the data you want Johnny Hacker or, as the case may be, Johnny Law to see. When you encrypt a volume it essentially writes "random" appearing data to the entire volume. Meaning that without the key you can't really tell important things about the disk, like how much data it has on it. This means that you can hide a volume within a volume as it will appear to be more random data and it will be exceptionally difficult...if not impossible...for the person examining the drive to tell that there's a volume there.
If you have such a setup then you can provide a password if compelled to do so and it will give access to only a portion of the data on the disk. You appear to have complied with whatever direction was forcing you to hand over a password while the actual dirt is still under wraps and essentially invisible to all but the most sophisticated digital forensics experts...perhaps even to them.
More than likely the technology at stake here was the built in whole-disk encryption function of Windows which decrypts the disk when you log into the operating system. A sophisticated person could have this feature enabled and then dedicate a portion of the hard disk to be a TrueCrypt volume...and then dedicate part of that volume as a hidden volume. If they were careful about how they dealt with the files they could conceivably leave absolutely no trace inside the Windows registry that would hint at the existence of that hidden volume.
Do most people do this? Of course not. Heck, I certainly don't.
...then again, I'm not trying to hide criminal acts.
Last edited by TCinVA; 01-24-2012 at 02:47 PM.
if a group of hackers can hack into the DOJ why cant the police/government, with a warrant, break Symantec's PGP encryption? i would like to think our government would have the resources to do so.
Publicly acknowledging that you can has implications.
It doesn't surprise me to see that it's somewhat inconsistent across the country based on different rulings from different jurisdictions. Eventually the Supremes will settle the question. The folks I know who do this sort of thing get a warrant for everything. They're not fond of the possibility of their evidence being tossed out by a court down the road.
You guys don't have these? I haven't messed with them much, but from what I've seen of them you can pull just about anything off the phone you want. I've never seen an attempt to use one on a partially or fully encrypted phone, though. I would imagine they can't break encryption.As for a magic cryptographic USB adapter for Encase computer software to view telephone data, it doesn't exist. Too much CSI.
The full power of the U.S. government is massive in every possible way. As I said before, if the government wants you bad enough I don't doubt that they have lots of capabilities no one outside the lettered agencies know about. The thing about having top secret access techniques is that if you use them in criminal cases they suddenly become subject to discovery. That would be rather bad news in terms of keeping your capabilities a secret. So those resources are probably only utilized in a very small sub-set of cases with the highest priority...which probably wouldn't be mortgage fraud.
Last edited by TCinVA; 01-24-2012 at 02:50 PM.
It is in the Federal system, and we have two contradictory rulings in two US District Courts.
Matt
Battle Plan (n) - a list of things that aren't going to happen if you are attacked.
Completely different creatures. The hackers didn't actually gain access to the DOJ systems - they just temporarily overloaded a web server hosting the DOJ's public website.
It's kind of akin to covering up the sign in front of a police station - a public nuisance, but not a compromise of the station's security.
Matt
Battle Plan (n) - a list of things that aren't going to happen if you are attacked.
In addition to what everyone else said:
Don't forget that there's a big difference in the capabilities between local, state and federal agencies in their computer forensics/cyber warfare capabilities.
Just because someone represents one level of government doesn't mean they have the uber cool capabilities and expertise that a joint team of US intelligence community members + criminal investigators have when working on terrorism cases under the provisions of FISA.
"Are you ready? Okay. Let's roll."- Last words of Todd Beamer
Reply With Quote