http://news.cnet.com/8301-31921_3-57364330-281/judge-americans-can-be-forced-to-decrypt-their-laptops/

Summary: Judge is forcing a woman who is facing fraud charges to decrypt her laptop which she originally refused to do.

Isn't she essentially being forced to provide evidence against herself?

Discuss.

Ianal, but "provide evidence" != "testify". You can be forced to provide dna, for example. The question here is, does providing a crypto secret amount to testimony?

But the real bottom line: don't expect crypto to keep stuff out of a trial.

DNA isn't a bad argument. But at least they're doing the work to get the DNA.

In this case they're forcing her to provide them with plain text evidence against herself. I guess if they just defeated the encryption themselves I'd be okay with it?

Interesting...

If I tell my wife a secret, it cannot generally be subpoenaed.
What if the hard drive belonged to my wife (he asks half-seriously)?

But the real bottom line: don't expect crypto to keep stuff out of a trial.

or be ready to sit in jail on contempt charges.

I don't see how it's any different than forcing you to turn in correspondence or other hard copy documents. It's physical evidence. If it's damning of you, then I guess it served its purpose of evidence......

or be ready to sit in jail on contempt charges.
This will go to SCOTUS, for sure. I cannot see how it can withstand the 4th and 5th Amendment. How can providing a password not be construed as testimony? Be interesting to see and this can have far reaching implications.

that article said they are asking her to decrypt her computer without giving up the password. Another article i read said the woman must give up her password. does it make a difference in how the information is being demanded?


Prosecutors in this case have stressed that they don't actually require the passphrase itself, and today's order appears to permit Fricosu to type it in and unlock the files without anyone looking over her shoulder. They say they want only the decrypted data and are not demanding "the password to the drive, either orally or in written form."

http://technolog.msnbc.msn.com/_news/2012/01/23/10219384-judge-orders-woman-to-give-up-password-to-hard-drive


A federal judge has ruled that a Colorado woman, charged in a mortgage scam case, must turn over the password needed to decrypt her hard drive so that police can view the files on it.

Not much of a difference to me whether she has to give up the password or not. If they force her to provide the files, then it's all the same.

I'm not sure what giving them the password would gain them if they already have all the stuff they want decrypted.

If the police have a warrant for a hard drive, then should the woman be able to withhold the hard drive by destroying or hiding it? How is encrypting the hard drive when the police are knocking on your door any different than other forms of evidence tampering? The court is not coercing the woman to admit guilt, it is coercing the production of already existing evidence. Shielding preexisting evidence does nothing to accomplish the 5th amendment's goals because the evidence was not created under a coercive influence.

Interesting.

Let's say I have a ledger of illicit transactions (which, of course, I don't), and that ledger is written in a code so that I know who the payments came from and went to. Without a key, the police cannot interpret this ledger.

Can I be compelled to decode it for the police? My understanding of the current case law is that I could not be compelled to do so.

I look this as akin to a locked file cabinet. If the police serve a warrant on me, they can demand entry to the cabinet. If I decline to open it or claim to have lost they key, they can force it open. It seems to me this is similar - the police have the encrypted files and are obliged to force them open (break the encryption) if the owner cannot / will not decrypt them.

Just because the government has come up against a cabinet they cannot easily open doesn't mean the rights of the cabinet's owner change.

If the police have a warrant for a hard drive, then should the woman be able to withhold the hard drive by destroying or hiding it? How is encrypting the hard drive when the police are knocking on your door any different than other forms of evidence tampering? The court is not coercing the woman to admit guilt, it is coercing the production of already existing evidence. Shielding preexisting evidence does nothing to accomplish the 5th amendment's goals because the evidence was not created under a coercive influence.

I respectfully differ.

Let's say Fred is a murder suspect. The police cannot obtain a warrant that compels Fred to locate and deliver the murder weapon to them. If he's thrown it in a pond, the Court cannot compel him to show the police where the pond is.

If the files have been thrown in an electronic pond, how is that different?

Matt

How is encrypting the hard drive when the police are knocking on your door any different than other forms of evidence tampering? What if it was encrypted long before the police came knocking?

I keep my drives encrypted, especially on my laptop.

Ianal, but "provide evidence" != "testify". You can be forced to provide dna, for example. The question here is, does providing a crypto secret amount to testimony?

But the real bottom line: don't expect crypto to keep stuff out of a trial.

It really depends on how badly the government wants your butt and how much evidence they already have on you....and, of course, on how sophisticated you are. A sophisticated person who uses the full capability of something like TrueCrypt is going to be very difficult to get digital evidence on.

Now if you're the suspect in a massive terrorism plot, odds are this will be a fairly minor stumbling block in the government's case. A local investigation for something like CP and it's likely to make prosecution difficult, assuming that the contents of the disk contains the evidence that is necessary for conviction.

something like TrueCryptA fantastic program, I've been using it for years.

TrueCrypt is what I use as well. Good stuff!

The court is not coercing the woman to admit guilt, it is coercing the production of already existing evidence.

This is also how I'm thinking about this.

I respectfully differ.

Let's say Fred is a murder suspect. The police cannot obtain a warrant that compels Fred to locate and deliver the murder weapon to them. If he's thrown it in a pond, the Court cannot compel him to show the police where the pond is.

If the files have been thrown in an electronic pond, how is that different?

Matt


Why is it different?

Because the police believe that specific computer to have evidence pertaining to the case.

I would understand that to be completely different from, "You have to tell us how you committed the murder and where you put the weapons."

If the police believed that a pond on secured property held evidence, a warrant can compel the property owner to unlock the gate to the pond, no? They're not saying, "You have to go fishing in the pond for your murder weapon, or tell us where in the pond you put the murder weapon." They're saying, "We believe that pond has evidence pertaining to a case. Here's the warrant. Unlock it so we can search it."

A warrant can compel a person to unlock their cell phone, no?

A warrant can compel a person to unlock their cell phone, no?

The cops don't really need you to unlock a cell phone. They just plug it into one of a number of sophisticated forensics devices and they own all the data on it. All they need is the right adapter for your data port.

I've not yet seen any info on how effective encryption programs for phones are in regards to that....but that screen lock is worthless from a counter-forensics standpoint. So far the phone hasn't been treated like a locked container or even like a regular computer by the courts. This despite the fact that a modern phone is more like a PC than a phone. The courts are slow to catch up to technology.

If the police have a warrant for a hard drive, then should the woman be able to withhold the hard drive by destroying or hiding it? How is encrypting the hard drive when the police are knocking on your door any different than other forms of evidence tampering? The court is not coercing the woman to admit guilt, it is coercing the production of already existing evidence. Shielding preexisting evidence does nothing to accomplish the 5th amendment's goals because the evidence was not created under a coercive influence.

Isn't it only evidence tampering if you destroy it (or in this case encrypt it) once you know it is named in the warrant? Just because I choose to flush a bunch of stuff down the toilet doesn't make it evidence tampering - that might just be my SOP. I think it is a pretty slippery slope anyway - the prosecutors want everything slanted in their favor. The burden of proof is on the prosecution and up to them to find the evidence, not for me to give it to them.

So I would assume that this is a case where using the "plausible denyability" feature of "hidden volumes" on TruCrypt would come in handy?

Is it weird that this thread has me wanting to download TrueCrypt just see what's it's all about?

I respectfully differ.

Let's say Fred is a murder suspect. The police cannot obtain a warrant that compels Fred to locate and deliver the murder weapon to them. If he's thrown it in a pond, the Court cannot compel him to show the police where the pond is.

If the files have been thrown in an electronic pond, how is that different?

Matt

I don't think your hypothetical is factually similar to this case. Fred would have to have an unbreakable gun case that the police already had in custody, but didn't have the combination, for the hypothetical to be appropriate. In that case, a court might compel the opening of the case if the state had a warrant for its contents. The 5th amendment protects against false positives, it is not a vehicle to hide relevant evidence. The same is true of the attorney-client privilege. In your hypothetical, Fred's attorney could not hide the location of the weapon, nor could he allow Fred to testify that he didn't know where the weapon was located. (This assumes that the attorney has knowledge that Fred knows where the weapon is located.)

Why is it different?

Because the police believe that specific computer to have evidence pertaining to the case.

I would understand that to be completely different from, "You have to tell us how you committed the murder and where you put the weapons."

If the police believed that a pond on secured property held evidence, a warrant can compel the property owner to unlock the gate to the pond, no? They're not saying, "You have to go fishing in the pond for your murder weapon, or tell us where in the pond you put the murder weapon." They're saying, "We believe that pond has evidence pertaining to a case. Here's the warrant. Unlock it so we can search it."

A warrant can compel a person to unlock their cell phone, no?

If the person refuses or claims to be unable to unlock the gate, the police will then circumvent the gate in some fashion. I think the same thing applies here - the onus is on the police to circumvent the encryption if the suspect refuses or is unable to decrypt it.

I think one can draw an analogy between an encrypted file and having dropped a piece of physical evidence in the ocean. Just as one can attempt to use cryptology to decrypt an encrypted file without the key, one could also theoretically search the entire ocean. Can a warrant to search the ocean compel the suspect to reveal the GPS coordinates where they dumped the evidence?

Can a warrant to search the ocean compel the suspect to reveal the GPS coordinates where they dumped the evidence?

No, because now you're telling the person to incriminate themselves with specific information about how they supposedly committed a crime.

Telling to person to decrypt their computer seems completely different to me. The "man" already knows where the evidence is, and why they want it. Not so with, "tell us where you committed the crime and dropped the evidence so we can pick it up."

Isn't it only evidence tampering if you destroy it (or in this case encrypt it) once you know it is named in the warrant?

That's the way I understood it.

No, because now you're telling the person to incriminate themselves with specific information about how they supposedly committed a crime.

Telling to person to decrypt their computer seems completely different to me. The "man" already knows where the evidence is, and why they want it. Not so with, "tell us where you committed the crime and dropped the evidence so we can pick it up."

It seems to be the encryption key is very similar to the coded ledger example.

The "man" has the ledger, but he can't use it to convict the suspect because he doesn't know what the coded entries mean.

It seems to me that a warrant compelling the suspect to decode the ledger would clearly implicate his 5th Amendment rights.

If the person refuses or claims to be unable to unlock the gate, the police will then circumvent the gate in some fashion. I think the same thing applies here - the onus is on the police to circumvent the encryption if the suspect refuses or is unable to decrypt it.

Or, the police could get a court order to have the gate opened, like they did in this case, and the person would be in contempt if they violated the order, which is the same punishment the woman faces, if she fails to comply with the order.

The cops don't really need you to unlock a cell phone. They just plug it into one of a number of sophisticated forensics devices and they own all the data on it. All they need is the right adapter for your data port.

I've not yet seen any info on how effective encryption programs for phones are in regards to that....but that screen lock is worthless from a counter-forensics standpoint. So far the phone hasn't been treated like a locked container or even like a regular computer by the courts. This despite the fact that a modern phone is more like a PC than a phone. The courts are slow to catch up to technology.

Besides the point. I'm not talking about the most effective TTP's for computer forensics.

From what I understand, a LEO can not make you unlock a smart phone on the spot for evidence under the guise of reasonable suspicion. A warrant would be needed. I feel as if I must be incorrect since you said the courts don't treat them as a locked container...

It seems to be the encryption key is very similar to the coded ledger example.

The "man" has the ledger, but he can't use it to convict the suspect because he doesn't know what the coded entries mean.

It seems to me that a warrant compelling the suspect to decode the ledger would clearly implicate his 5th Amendment rights.

I never knew that about the coded ledger until you brought it up earlier. I'll have to go google that.

The "man" already knows where the evidence is, and why they want it. "

Not trying to be a Dick, but this is an untrue statement - They THINK the evidence is there, but they don't know. Same as the ocean - they think it is there but can't find it. Happy hunting...

It seems to me that a warrant compelling the suspect to decode the ledger would clearly implicate his 5th Amendment rights.

Again, its about reliability of evidence. If the evidence was created before any compulsion, then there is no worry that the evidence is tainted. The applicable text of the amendment reads: "nor shall be compelled in any criminal case to be a witness against himself." If you were forced to tell what was on the hard drive, you would be "compelled . . . to be a witness," but, in this case, the hard drive speaks for itself.

Not trying to be a Dick, but this is an untrue statement - They THINK the evidence is there, but they don't know. Same as the ocean - they think it is there but can't find it. Happy hunting...

Yeah, except for the fact that compelling a person to tell the police where they hid the evidence would be a confession of committing the crime..........

The police are already saying that there's evidence they want and where it is. Turning over evidence is not compelling you to confess. It would still be incumbent upon the prosecution to incriminate the defendant with the evidence.....not so when you tell the cops how you committed a crime, and where you put the evidence.

Again, its about reliability of evidence. If the evidence was created before any compulsion, then there is no worry that the evidence is tainted. The applicable text of the amendment reads: "nor shall be compelled in any criminal case to be a witness against himself." If you were forced to tell what was on the hard drive, you would be "compelled . . . to be a witness," but, in this case, the hard drive speaks for itself.

Ah, but it does not speak for itself in any coherent fashion - until you give up the key.

You're being compelled to provide knowledge to incriminate yourself. The key isn't a physical thing you possess, like DNA, that can be seized (assuming you have it committed to memory and not written down).

Not trying to be a Dick, but this is an untrue statement - They THINK the evidence is there, but they don't know. Same as the ocean - they think it is there but can't find it. Happy hunting...

They have probable cause that the incriminating evidence is in the hard drive, which is all the law requires. The ocean analogy doesn't work because no one controls access to the ocean, so the existence of an object in the ocean tells nothing about its nature. This is why I think the unbreakable suitcase analogy is more appropriate.

Besides the point. I'm not talking about the most effective TTP's for computer forensics.

From what I understand, a LEO can not make you unlock a smart phone on the spot for evidence under the guise of reasonable suspicion. A warrant would be needed. I feel as if I must be incorrect since you said the courts don't treat them as a locked container...

A ruling in California recently gave police powers to search phones if someone is taken into custody or if they impound the car. If the police can legally take it into their possession, as far as I can tell in most jurisdictions they can search the phone. Unless you have the phone fully encrypted they don't really need you for anything in terms of getting at the data.

A personal computer, on the other hand, is probably going to require a warrant or consent to search even if it's sitting in the car when the cops impound it.

Why the difference? As I said: Courts move slow compared to tech.

This case seems destined for a review by the Supreme Court. In a similar case, a federal judge in the Eastern District of Michigan ruled that forcing a defendant to disclose an encryption key would be a violation of his 5th Amendment rights. The Court in that relied in part on Doe v. US, specifically:


Compelled testimony that communicates information that may “lead to
incriminating evidence” is privileged even if the information itself is not
inculpatory.

This is a really interesting case, and it seems to me it runs right up against the edge of the 5th Amendment. It will be interesting to see where the pieces fall when it gets to the Supreme Court.

They have probable cause that the incriminating evidence is in the hard drive, which is all the law requires. The ocean analogy doesn't work because no one controls access to the ocean, so the existence of an object in the ocean tells nothing about its nature. This is why I think the unbreakable suitcase analogy is more appropriate.

You are probably correct in regards to the suitcase - my point is that they should have to find the evidence, not have me hand it to them. I think I would be willing to spend some time on contempt charges before I gave them my key. Not that I have anything to hide, just on the principle.

great discussion!

A ruling in California recently gave police powers to search phones if someone is taken into custody or if they impound the car. If the police can legally take it into their possession, as far as I can tell in most jurisdictions they can search the phone. Unless you have the phone fully encrypted they don't really need you for anything in terms of getting at the data.

A personal computer, on the other hand, is probably going to require a warrant or consent to search even if it's sitting in the car when the cops impound it.

Why the difference? As I said: Courts move slow compared to tech.

My understanding of this law is that as long as the phone is on and allows access to the files, then this is the case. The police however can not force you to turn on your phone or open restricted access folders. Your phone is looked at as an open file cabinet in the case of this law.

And to reiterate me question earlier (which may have been poised more like a statement) - how would using the "hidden volume" feature in TrueCrypt have changed this case?

I believe the judge is in error in this case. If the password is written down somewhere and the police and prosecutors locate it during a legal search, then there is no issue and they should be allowed to use that physical evidence in whatever way they wish to advance their case. However, if the password is only stored in a person's memory, then I firmly believe that the court should NOT be allowed to compel an individual to reveal that information.

A ruling in California recently gave police powers to search phones if someone is taken into custody or if they impound the car. If the police can legally take it into their possession, as far as I can tell in most jurisdictions they can search the phone. Unless you have the phone fully encrypted they don't really need you for anything in terms of getting at the data.

A personal computer, on the other hand, is probably going to require a warrant or consent to search even if it's sitting in the car when the cops impound it.

Why the difference? As I said: Courts move slow compared to tech.Well, in Ohio we cannot search cell phones nor view them during the course of an investigation without a warrant. Anything found incident to arrest on cell phones is not admissible in court. If we want to view the address book of a known drug dealers cell phone, we need a warrant.

As of yesterday, we cannot attach GPS tracking devices nor use any GPS information during the course of an investigation without a warrant. They fell short in describing what type of warrant. Lots of assumptions in this thread. Just because we seize it does no mean we can search it. If you have a reasonable expectation of privacy, then more often than not - a warrant will be required.

As for a magic cryptographic USB adapter for Encase computer software to view telephone data, it doesn't exist. Too much CSI.

IANAL, just a dumb computer geek/cop.

I believe the judge is in error in this case. If the password is written down somewhere and the police and prosecutors locate it during a legal search, then there is no issue and they should be allowed to use that physical evidence in whatever way they wish to advance their case. However, if the password is only stored in a person's memory, then I firmly believe that the court should NOT be allowed to compel an individual to reveal that information.
Agreed and given the far reaching implications, I bet SCOTUS will hear this one - assuming in federal system already.

And to reiterate me question earlier (which may have been poised more like a statement) - how would using the "hidden volume" feature in TrueCrypt have changed this case?

Legally? It may not have changed the case at all. Practically it means you can provide a password that allows access to a drive, but a dummy section of the drive you set up with True Crypt that only contains the data you want Johnny Hacker or, as the case may be, Johnny Law to see. When you encrypt a volume it essentially writes "random" appearing data to the entire volume. Meaning that without the key you can't really tell important things about the disk, like how much data it has on it. This means that you can hide a volume within a volume as it will appear to be more random data and it will be exceptionally difficult...if not impossible...for the person examining the drive to tell that there's a volume there.

If you have such a setup then you can provide a password if compelled to do so and it will give access to only a portion of the data on the disk. You appear to have complied with whatever direction was forcing you to hand over a password while the actual dirt is still under wraps and essentially invisible to all but the most sophisticated digital forensics experts...perhaps even to them.

More than likely the technology at stake here was the built in whole-disk encryption function of Windows which decrypts the disk when you log into the operating system. A sophisticated person could have this feature enabled and then dedicate a portion of the hard disk to be a TrueCrypt volume...and then dedicate part of that volume as a hidden volume. If they were careful about how they dealt with the files they could conceivably leave absolutely no trace inside the Windows registry that would hint at the existence of that hidden volume.

Do most people do this? Of course not. Heck, I certainly don't.

...then again, I'm not trying to hide criminal acts.

if a group of hackers can hack into the DOJ why cant the police/government, with a warrant, break Symantec's PGP encryption? i would like to think our government would have the resources to do so.

if a group of hackers can hack into the DOJ why cant the police/government, with a warrant, break Symantec's PGP encryption? i would like to think our government would have the resources to do so.Publicly acknowledging that you can has implications.

Well, in Ohio we cannot search cell phones nor view them during the course of an investigation without a warrant. Anything found incident to arrest on cell phones is not admissible in court. If we want to view the address book of a known drug dealers cell phone, we need a warrant.


It doesn't surprise me to see that it's somewhat inconsistent across the country based on different rulings from different jurisdictions. Eventually the Supremes will settle the question. The folks I know who do this sort of thing get a warrant for everything. They're not fond of the possibility of their evidence being tossed out by a court down the road.



As for a magic cryptographic USB adapter for Encase computer software to view telephone data, it doesn't exist. Too much CSI.


You guys don't have these? (http://www.cellebrite.com/mobile-forensics-products/forensics-products/ufed-ultimate.html) I haven't messed with them much, but from what I've seen of them you can pull just about anything off the phone you want. I've never seen an attempt to use one on a partially or fully encrypted phone, though. I would imagine they can't break encryption.


if a group of hackers can hack into the DOJ why cant the police/government, with a warrant, break Symantec's PGP encryption? i would like to think our government would have the resources to do so.

The full power of the U.S. government is massive in every possible way. As I said before, if the government wants you bad enough I don't doubt that they have lots of capabilities no one outside the lettered agencies know about. The thing about having top secret access techniques is that if you use them in criminal cases they suddenly become subject to discovery. That would be rather bad news in terms of keeping your capabilities a secret. So those resources are probably only utilized in a very small sub-set of cases with the highest priority...which probably wouldn't be mortgage fraud.

Agreed and given the far reaching implications, I bet SCOTUS will hear this one - assuming in federal system already.

It is in the Federal system, and we have two contradictory rulings in two US District Courts.

Matt

if a group of hackers can hack into the DOJ why cant the police/government, with a warrant, break Symantec's PGP encryption? i would like to think our government would have the resources to do so.

Completely different creatures. The hackers didn't actually gain access to the DOJ systems - they just temporarily overloaded a web server hosting the DOJ's public website.

It's kind of akin to covering up the sign in front of a police station - a public nuisance, but not a compromise of the station's security.

Matt

if a group of hackers can hack into the DOJ why cant the police/government, with a warrant, break Symantec's PGP encryption? i would like to think our government would have the resources to do so.

In addition to what everyone else said:

Don't forget that there's a big difference in the capabilities between local, state and federal agencies in their computer forensics/cyber warfare capabilities.

Just because someone represents one level of government doesn't mean they have the uber cool capabilities and expertise that a joint team of US intelligence community members + criminal investigators have when working on terrorism cases under the provisions of FISA.

This will go to SCOTUS, for sure. I cannot see how it can withstand the 4th and 5th Amendment. How can providing a password not be construed as testimony? Be interesting to see and this can have far reaching implications.

The 4th, 5th and 6th amendments are and have been leaking oil for a quite a while. The general public isn't much concerned about it because it doesn't involve them, they would never do such a thing and they don't really like these people who "try to get off on technicalities" hide behind "loopholes" and "just have something to hide anyway". Yet this same public will give them a "fair trial" before they send them to the pen.

The danger of this kind of stuff is that eventually political/legal winds shift and different people are catching instead of pitching.

The public at large wants bad guys in prison. They don't want child molesters and terrorists roaming free because someone didn't get the paperwork just right before trying to get them off the street. Their feelings are perfectly understandable on that topic. They simply don't understand that honest citizens rarely make case law.

The public at large wants bad guys in prison. They don't want child molesters and terrorists roaming free because someone didn't get the paperwork just right before trying to get them off the street. Their feelings are perfectly understandable on that topic. They simply don't understand that honest citizens rarely make case law.

I would say that the nature of the "the paperwork" matters. We certainly have the means to get bad guys in prison, dispensing with the paperwork entirely would facilitate that to a great degree. Like it or not the paperwork is often what stands between the citizen and the unrestrained government. Perhaps the public should be outraged at those police who can't or won't do the paperwork.

Once the public has the experience of the execution of a search warrant on their home, for example, it will and should matter to them, whether or not the process to obtain that warrant, for example, was a legitimate process, a comical farce or a figment of someone's imagination.

I'm willing to admit to a certain degree of jadedness, it's the nature of the business, I wish my more of my shooting friends (literally-not a vague slap at people here) saw the danger of an eroding 4th & 5th as much as the 2nd. During my next jury selection I will encounter a large pool of politically like minded (to my beliefs) people who are exactly as I describe. Most respectfully, some honest people do make case law, more so innocent people often make case law, some of those after they are dead.

In addition to what everyone else said:

Don't forget that there's a big difference in the capabilities between local, state and federal agencies in their computer forensics/cyber warfare capabilities.

Just because someone represents one level of government doesn't mean they have the uber cool capabilities and expertise that a joint team of US intelligence community members + criminal investigators have when working on terrorism cases under the provisions of FISA.

Use of cyber-warfare cutting edge stuff in a regular criminal case will expose it.

I have the right as defense counsel to question how the info was obtained and to put the tech on the stand.

If it's a question of the data, I have the duty to make sure the data wasn't planted on the defendant's computer, so I want full disclosure.

Sources & Methods exposed...

If PGP encryption is being cracked like an egg shell by JTTF Cyper Warfare on a realtime basis, they would be happy to tell the FBI so they can use it in a mortgage fraud case.

NOT

Use of cyber-warfare cutting edge stuff in a regular criminal case will expose it.

I have the right as defense counsel to question how the info was obtained and to put the tech on the stand.

If it's a question of the data, I have the duty to make sure the data wasn't planted on the defendant's computer, so I want full disclosure.

Sources & Methods exposed...

If PGP encryption is being cracked like an egg shell by JTTF Cyper Warfare on a realtime basis, they would be happy to tell the FBI so they can use it in a mortgage fraud case.

NOT

:-)

There's a huge difference between what, say, the NSA's wonks art Ft. Meade can do and what your local Sheriff's office can do.

It would be an interesting cross-examination, though...

Atty: Please state your name for the Court.
Wit: John Smith
Atty: Who do you work for?
Wit: I can't answer that due to security classification.
Atty: What do you do for a living?
Wit: I can't answer that due to security classification.
etc, etc, etc....

(It would never happen, of course, but it would be amusing)

It doesn't surprise me to see that it's somewhat inconsistent across the country based on different rulings from different jurisdictions. Eventually the Supremes will settle the question. The folks I know who do this sort of thing get a warrant for everything. They're not fond of the possibility of their evidence being tossed out by a court down the road.



You guys don't have these? (http://www.cellebrite.com/mobile-forensics-products/forensics-products/ufed-ultimate.html) I haven't messed with them much, but from what I've seen of them you can pull just about anything off the phone you want. I've never seen an attempt to use one on a partially or fully encrypted phone, though. I would imagine they can't break encryption.



The full power of the U.S. government is massive in every possible way. As I said before, if the government wants you bad enough I don't doubt that they have lots of capabilities no one outside the lettered agencies know about. The thing about having top secret access techniques is that if you use them in criminal cases they suddenly become subject to discovery. That would be rather bad news in terms of keeping your capabilities a secret. So those resources are probably only utilized in a very small sub-set of cases with the highest priority...which probably wouldn't be mortgage fraud.No, we just image the phones and run through Encase.

:-)

There's a huge difference between what, say, the NSA's wonks art Ft. Meade can do and what your local Sheriff's office can do.

It would be an interesting cross-examination, though...

Atty: Please state your name for the Court.
Wit: John Smith
Atty: Who do you work for?
Wit: I can't answer that due to security classification.
Atty: What do you do for a living?
Wit: I can't answer that due to security classification.
etc, etc, etc....

(It would never happen, of course, but it would be amusing)

Actually, the cool stuff must be divulged if tried in a stateside criminal court.....which is why we tend to not do that stuff anymore. During the trials of those involved in the 1993 World Trade Center bombing (the Blind Shiekh and Ramzi Yousef specifically, IIRC), intelligence materials had to be released and made public for the reasons Mitchell touched on in his last post. Other incidents would be the trial of Zacarias Moussaoui and the East Africa Embassy bombing trials. In doing so, we willfully compromised the USIC and said sensitive material was found in possession of upstanding persons like Osama Bin Laden....

This is a pretty tricky problem.

Let's imagine you have a magically impregnable room in your house locked with a magical door that can be opened only by speaking a magic word.

You're implicated in a crime and a warrant is issued for the search of your home. If you didn't have the magic door, there's no question that the police could and would search that room.

Can a court compel you to utter the magic word to open the magic door to the magic room?

At a fundamental level, courts are not supposed to require you to provide verbal or written communication against your will. However, exceptions already exist. You can be required to provide voice or handwriting exemplars, even if those exemplars force you to say/write exactly what you're being accused of saying/writing in the commission of a crime. For example, in a line up you may be compelled to say, "Give me your wallet" so the victim can try to identify you.

A password, like a voice exemplar, is not itself evidence of a crime. As many in this thread have already pointed out, plenty of law abiding folks encrypt their computers just as we lock our doors and safes. Therefore, providing access to encrypted information -- after a warrant for that information has already been issued -- is no different than providing access to a locked building. If you stand in front of the building and refuse to let the police in, you'll be arrested.

Now getting back to our example of the magical door, a court might not require you to divulge the magic word. Instead, the court might allow you to whisper the word out of earshot of the police, giving them access to the room for their search while still maintaining the room's security in the future. This is what happened in the case in question: the court did not force the defendant to reveal the password, simply to enter it out of view of the police so they could access the computer. She did not have to divulge anything in her memory, she simply had to unlock the door for the police.

Encryption has reached a point that it effectively allows the average person (and therefore the average criminal) to hide evidence from the police and flout the authority of a warrant. That's what this case is about. Should you be able to prevent the government from accessing materials even after a warrant has been legally obtained and served?

Can one of you legal types comment on this:

A guy was involved in a grand jury investigation. The court wanted information about overseas bank accounts, and he used the 5th. The courts compelled him to sign a directive which authorized the release of bank account information, the overseas banks would not do it without authorization from the customer.


...the Government filed a motion with the Federal District Court for an order directing petitioner to sign a consent directive, without identifying or acknowledging the existence of any account, authorizing the banks to disclose records of any and all accounts over which he had a right of withdrawal. The court denied the motion, concluding that compelling petitioner to sign the form was prohibited by the Fifth Amendment. The Court of Appeals disagreed and reversed. On remand, the District Court ordered petitioner to execute the consent directive, and, after he refused, found him in civil contempt. The Court of Appeals affirmed.

SCOTUS Opinion:


Because the consent directive is not testimonial in nature, we conclude that the District Court's order compelling petitioner to sign the directive does not violate his Fifth Amendment privilege against self-incrimination. Accordingly, the judgment of the Court of Appeals is affirmed.

http://www.law.cornell.edu/supremecourt/text/487/201

This is a pretty tricky problem.

Let's imagine you have a magically impregnable room in your house locked with a magical door that can be opened only by speaking a magic word.

You're implicated in a crime and a warrant is issued for the search of your home. If you didn't have the magic door, there's no question that the police could and would search that room.

Can a court compel you to utter the magic word to open the magic door to the magic room?

At a fundamental level, courts are not supposed to require you to provide verbal or written communication against your will. However, exceptions already exist. You can be required to provide voice or handwriting exemplars, even if those exemplars force you to say/write exactly what you're being accused of saying/writing in the commission of a crime. For example, in a line up you may be compelled to say, "Give me your wallet" so the victim can try to identify you.

A password, like a voice exemplar, is not itself evidence of a crime. As many in this thread have already pointed out, plenty of law abiding folks encrypt their computers just as we lock our doors and safes. Therefore, providing access to encrypted information -- after a warrant for that information has already been issued -- is no different than providing access to a locked building. If you stand in front of the building and refuse to let the police in, you'll be arrested.

Now getting back to our example of the magical door, a court might not require you to divulge the magic word. Instead, the court might allow you to whisper the word out of earshot of the police, giving them access to the room for their search while still maintaining the room's security in the future. This is what happened in the case in question: the court did not force the defendant to reveal the password, simply to enter it out of view of the police so they could access the computer. She did not have to divulge anything in her memory, she simply had to unlock the door for the police.

Encryption has reached a point that it effectively allows the average person (and therefore the average criminal) to hide evidence from the police and flout the authority of a warrant. That's what this case is about. Should you be able to prevent the government from accessing materials even after a warrant has been legally obtained and served?

OK - so how would the court handle the earlier mentioned "Coded Ledger"? Can they compell you to provide them the code to decipher it?

A guy was involved in a grand jury investigation. The court wanted information about overseas bank accounts, and he used the 5th. The courts compelled him to sign a directive which authorized the release of bank account information, the overseas banks would not do it without authorization from the customer.

The "testimonial" distinction allows certain information to be compelled, if the information isn't "testimony." This is how most of the carve outs discussed in this thread are treated. Something generally won't be "testimony" if it doesn't give the gov't additional information that could implicate the accused. In the case of the bank accounts and the computer hard drive, the government could already prove "control," which is the only fact that could be proven by showing that a person knew a password or had access to bank accounts. This is also what distinguishes these cases from one where the gov't attempted to compel production of the murder weapon. If the gov't doesn't have the weapon, then the it cannot prove control, so compelling an accused to produce the weapon would be "testimony" because it would prove control over the weapon.

The "testimonial" distinction allows certain information to be compelled, if the information isn't "testimony." This is how most of the carve outs discussed in this thread are treated. Something generally won't be "testimony" if it doesn't give the gov't additional information that could implicate the accused. In the case of the bank accounts and the computer hard drive, the government could already prove "control," which is the only fact that could be proven by showing that a person knew a password or had access to bank accounts. This is also what distinguishes these cases from one where the gov't attempted to compel production of the murder weapon. If the gov't doesn't have the weapon, then the it cannot prove control, so compelling an accused to produce the weapon would be "testimony" because it would prove control over the weapon.

Aren't the un-encrypted files used to execute the Mortgage Fraud the murder weapon in this case? You are being compelled to produce the incriminating evidence that they can't find.

When looking at criminal procedure rights, courts implicitly weigh how a change will affect false negatives (guilty party goes free) and false positives (innocent party is wrongly affected). Our system has a significant preference for reducing false positives, which increases false negatives. If this is kept in mind when evaluating the Fifth Amendment right to not be compelled to be a witness against yourself, only those statements that can produce false positives will generally be protected. The danger of compelled testimony is that, under pressure, an accused might give unreliable testimony that leads to a false positive. But, where the only "testimony" is preexisting physical evidence inside an encrypted hard drive, no danger of creating a false positive exists unless giving the password is the only evidence that the person had control over the hard drive. The court recognized this in its opinion by limiting compulsion only to those cases where control of the hard drive is not disputed.

When looking at criminal procedure rights, courts implicitly weigh how a change will affect false negatives (guilty party goes free) and false positives (innocent party is wrongly affected). Our system has a significant preference for reducing false positives, which increases false negatives. If this is kept in mind when evaluating the Fifth Amendment right to not be compelled to be a witness against yourself, only those statements that can produce false positives will generally be protected. The danger of compelled testimony is that, under pressure, an accused might give unreliable testimony that leads to a false positive. But, where the only "testimony" is preexisting physical evidence inside an encrypted hard drive, no danger of creating a false positive exists unless giving the password is the only evidence that the person had control over the hard drive. The court recognized this in its opinion by limiting compulsion only to those cases where control of the hard drive is not disputed.

I see...so what would the court find in the event that the encrypted hard drive was external and not connected to the lap top (and in a different location) during the serving of the warrant?

If the drive is located in a place identified in the warrant, and the drive itself is encompassed within the scope of the warrant, it wouldn't matter that it was external, I'm guessing.

If the drive is in another building not covered by the immediate warrant then the fact that it may have once been connected is meaningless. Though it's highly likely that the authorities would attempt to locate it and get a warrant for it once they knew of its existence and relevance.

Related update: disclosing crypto keys == testimony

http://volokh.com/2012/02/23/eleventh-circuit-finds-fifth-amendment-right-against-self-incrimination-not-to-decrypt-encyrpted-computer/

Related update: disclosing crypto keys == testimony

http://volokh.com/2012/02/23/eleventh-circuit-finds-fifth-amendment-right-against-self-incrimination-not-to-decrypt-encyrpted-computer/

Note that this opinion isn't inconsistent with the opinion discussed earlier in this thread. In this case, the government didn't actually know if any files indicating criminal activity were located on the hard-drive.

Related update: disclosing crypto keys == testimony

http://volokh.com/2012/02/23/eleventh-circuit-finds-fifth-amendment-right-against-self-incrimination-not-to-decrypt-encyrpted-computer/

Interesting... If allowed to stand, it would become possible for criminals to use free, easy-to-use software to encrypt evidence forever.
I could argue both sides of this one.

Thanks for posting.

Note that this opinion isn't inconsistent with the opinion discussed earlier in this thread. In this case, the government didn't actually know if any files indicating criminal activity were located on the hard-drive.

True. IANAL, but I think there are still a few important unresolved questions. For one, if the government knows the evidence they'd like to extract, and the defendant gives access to the disk, could any additional evidence be collected off the disk, above and beyond what the government already knew was there? This whole scenario is ripe for gaming by savvy criminal lawyers. Personally, I play with various encryption constantly, and am always forgetting the keys I used - would I be held in contempt if I couldn't produce the keys?

I do a lot less work as a legal expert these days than I used to, but the technicalities are still pretty interesting.

This may be one of the best discussions I've ever read on the web. While some of the analogies mentioned have been a little far flung, the speculation has been minimal and the opinions pretty dang informative! Thank you guys a ton... not to mention that material and mechanics lab was getting pretty dull until I pulled up this bad boy. :)

Apparently the feds managed to get into the laptop of the woman in the mortgage fraud case.

Did they crack it with their ub3r-l33t haxxorz skill? With a top secret back door into the encryption the NSA secretly inserted into the Windows code?

Nope. They got the password from a co-defendant.

So the moral of this story is that human nature is inevitable.

So the moral of this story is that human nature is inevitable.

http://imgs.xkcd.com/comics/security.png