Re: Judge orders defendant to decrypt PGP-protected laptop
On Tue, 2009-03-03 at 21:33 -0500, Ivan Krsti? wrote: If you give me the benefit of the doubt for having a reasonable general grasp of the legal system and not thinking the judge is an automaton or an idiot, can you explain to me how you think the judge can meet the burden of proof for contempt in this instance? Surely you don't wish to say that anyone using encryption can be held in contempt on the _chance_ they're not divulging all the information; what, then, is the other explanation? The law is not administered by idiots. In particular, the law is not administered by people who are more idiotic than you. You may disagree with them, or with the law, but that does not make them stupid. On the one hand there are (inevitable) differences in profile between a partition that sees daily use and a partition that doesn't. If a forensics squad had a good look at my laptop, they'd see that my (unencrypted) Windows partition has not been booted or used in three years, whereas file dates, times, and contents indicate that one of the other partitions is used daily. If he decrypts a partition that clearly does not get used frequently, and more to the point shows no signs of having been used on a day when it is known that the laptop was booted up, then he is clearly in violation of the order. More to the point, you're arguing about a case where they have testimony from multiple officers who have *SEEN* that the images are on the computer, where both defense and prosecution agree that they do not enjoy fifth-amendment priveleges, and where the testomony of multiple officers gives the partition name (Z drive) in which the images were found. If the decrypted partition does not match in these particulars, and especially if it does not show any evidence of usage while the laptop is known to have been powered up during the initial search, then the defendant is clearly in violation of the order. Now, I think there is a legitimate argument to be made about whether the defendant can be compelled to *use* a key which he has not got written down or otherwise stored anywhere outside his own head. It's generally agreed that people can't be compelled to produce or disclose the existence of memorized keys, but can be compelled to produce or disclose the existence of any paper or device on which a key is recorded. But regardless, if the order to use the key is considered legit, then failure to comply with the order (by using a different or wrong key, unlocking a different volume) is direct violation of a court order. People go to jail for that. Keep in mind that the right to be secure from search and seizure of one's documents has always been subject to due process and court orders in the form of search warrants. The right to privacy is not an absolute right and never has been, and obstructing the execution of a lawfully served warrant is not a viable strategy for staying out of jail. Bear (neither a lawyer, nor, usually, an idiot) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Judge orders defendant to decrypt PGP-protected laptop
On Mar 3, 2009, at 6:38 PM, Perry E. Metzger wrote: So, the court is not going to pay the least attention to your elaborate claims that you just like storing the output of your random number generator on a large chunk of your hard drive. They really don't give a damn about claims like that. Actually they do care. They'll be pissed off that you're wasting their time. You miss the point. Re-read the link I provided that explains how TrueCrypt implements hidden volumes. A hidden TrueCrypt volume is *completely indistinguishable* from empty space in a regular TrueCrypt volume. That's what makes it hidden! As I implied in the 2004 message in the context of political dissidents, a good use for hidden volumes isn't to distract your prosecutor with kittens and sunsets. That's just plain stupid, regardless of whether you're dealing with a US judge or someone whose preferred method of communication involves a pair of pliers and a blowtorch. The idea is to present an alternative but *plausible* set of information that's far less incriminating than the real deal, such as only mildly illegal material or legal material that the owner would still plausibly wish to keep secret for social reasons. I gave you a concrete example: hardcore or fetish porn (legal, but plausibly not the kind of thing whose possession you wish to advertise) provided to investigators to mask a secret volume with kiddie porn. If you give me the benefit of the doubt for having a reasonable general grasp of the legal system and not thinking the judge is an automaton or an idiot, can you explain to me how you think the judge can meet the burden of proof for contempt in this instance? Surely you don't wish to say that anyone using encryption can be held in contempt on the _chance_ they're not divulging all the information; what, then, is the other explanation? -- Ivan Krstić krs...@solarsail.hcs.harvard.edu | http://radian.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Judge orders defendant to decrypt PGP-protected laptop
Perry E. Metzger pe...@piermont.com writes: [Explanation of why courts aren't Turing machines] Very nice explanation. The name I've used for this (attempted) defence is the Rumpelstiltskin defence, for reasons that should be obvious (and at some point I'll get around to finishing the writeup on this, which I get motivated to do every time I see someone advocate the Rumpelstiltskin defence as a strategy to use in court). Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Judge orders defendant to decrypt PGP-protected laptop
Adam Fields wrote: On Tue, Mar 03, 2009 at 12:26:32PM -0500, Perry E. Metzger wrote: Quoting: A federal judge has ordered a criminal defendant to decrypt his hard drive by typing in his PGP passphrase so prosecutors can view the unencrypted files, a ruling that raises serious concerns about self-incrimination in an electronic age. http://news.cnet.com/8301-13578_3-10172866-38.html The privacy issues are troubling, of course, but it would seem trivial to bypass this sort of compulsion by having the disk encryption software allow multiple passwords, each of which unlocks a different version of the encrypted partition. When compelled to give out your password, you give out the one that unlocks the partition full of kitten and puppy pictures, and who's to say that's not all there is on the drive? In this particular case, the border guard already saw the supposedly incriminating documents, but they failed to properly secure the evidence (the picture on the laptop) at that time. When they shut down the laptop, the evidence was locked down by the encryption due to the removal of the encryption key from RAM. Securing digital evidence is a big problem for law enforcement. So, if the defense then discloses a different encryption drive with only kitten and puppy pictures, they will be in very big trouble, as there is already testimony that other files exist. The defense is asked to produce the documents in question. I don't know much about the legal bells and whistles that apply to such a case, but here are some ideas: * Maybe the defense could ask the prosecution to describe which pictures they want to have in particular, and the defense can make a case to just produce those particular pictures. However, the prosecution can probably just demand to produce all files within particular folders, which are easier to recall and more likely to hit something interesting. * Maybe the defense can argue that they lost the password and thus access to the document. They'd better make a convincing argument that they really can not recover it. It would be great if that argument is tied to the police confiscating the equipment. Maybe the password was written in invisible ink on the laptop and needs to be rewritten every day or it washes away... * I wonder if it may not be a better strategy to reveal the password and then argue that the pornography is legal or widely available on the internet, supposing it really is just generic internet porn. OTOH, some material may be legal only in some countries. A couple of consequences: * The safest thing to do is to do a clean operating system install before traveling. * If you use encryption, shut it down before crossing the border. * Computers have too many documents in a single, easily accessible location. If the files were more dispersed, the defense might be able to weasel out by producing fewer documents. Nobody would bring a meter-high stack of porn magazines from Amsterdam in their luggage, but with cheap mass storage it's a different situation. Also, this information is easily explorable by everyone using the file manager. Maybe hierarchical organization is not the best way to store such documents. A searchable database that limits the number of results may offer some protection against stumbling over something interesting. * Online storage may be an attractive solution for border crossing without leaving documents at home. The internet is a big smuggling ring that easily avoids border guards. Marcus - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Judge orders defendant to decrypt PGP-protected laptop
Marcus Brinkmann marcus.brinkm...@ruhr-uni-bochum.de writes: * The safest thing to do is to do a clean operating system install before traveling. If you have an appropriate netbook (about 50% support this, check your manufacturer and model type), unplug the SD card containing the OS image and replace it with the SD card containing the clean install of XP along with Letter to mom.doc and Aunty Edna's 90th birthday.jpg. Once you're at your destination, pull the real SD card from the collection in your camera bag and reinsert it. Takes next to no time at all, and it guarantees there really isn't anything there to be found (including large collections of random noise) in any normal search. Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Judge orders defendant to decrypt PGP-protected laptop
* Stephan Somogyi: At 13:08 -0500 03.03.2009, Adam Fields wrote: When compelled to give out your password Unless I'm misunderstanding the ruling, Boucher is not being compelled to produce his passphrase (like he could under RIPA Section 49 in the UK), but he is being told to produce the unencrypted contents of the drive. Assuming I'm interpreting the ruling correctly, this seems little different than a judge approving a search warrant for a residence, whose execution could produce incriminating evidence that is usable in court. The difference is that having your residence searched does not require active cooperation from you. You don't even have to disclose all your residences which should be searched. Forcing a suspect to decrypt data is rather questionable because it is difficult to draw a line between decrypting, decompressing, selecting, and producing relevant data. FWIW, the case which sparked this thread is rather special because when the laptop was searched at the border, the files were visible to a border guard. I guess this constellation is highly unusual. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Judge orders defendant to decrypt PGP-protected laptop
On Tue, 03 Mar 2009 17:05:32 -0800 John Gilmore g...@toad.com wrote: I would not read too much into this ruling -- I think that this is a special situation, and does not address the more important general issue. In other cases, where alternative evidence is not available to the government, and where government agents have not already had a look at the contents, the facts (and hence perhaps the ruling) would be different. Balls. This is a straight end-run attempt around the Fifth Amendment. The cops initially demanded a court order making him reveal his password -- then modified their stance on appeal after they lost. So he can't be forced to reveal it, but on a technicality he can be forced to produce the same effect as revealing it? Just how broad is this technicality, and how does it get to override a personal constitutional right? Courts very rarely issue broader rulings than they absolutely have to. *Given the facts of this particular case* -- where Federal agents have already seen the putatively-illegal images -- it strikes me as unlikely there will be definitive ruling in either direction. Let me refer folks to Orin Kerr's blog on the original ruling: http://volokh.com/posts/chain_1197670606.shtml . I rarely agree with Kerr; this time, after thinking about it a *lot*, I concluded he was likely correct. I suggest that people read his post (including all the 'click here to see more' links, which seem to require (alas) Javascript) and the precedents cited. It doesn't mean I agree with all of those rulings (I don't), or that I think the courts should rule against Boucher. What I'm saying is that based on precedent and the facts of this case, I think they will. Here's a crucial factual excerpt from Kerr's blog: The agent came across several files with truly revolting titles that strongly suggested the files themselves were child pornography. The files had been opened a few days earlier, but the agent found that he could not open the file when he tried to do so. Agents asked Boucher if there was child pornography in the computer, and Boucher said he wasn't sure; he downloaded a lot of pornography on to his computer, he said, but he deleted child pornography when he came across it. In response to the agents' request, Boucher waived his Miranda rights and agreed to show the agents where the pornography on the computer was stored. The agents gave the computer to Boucher, who navigated through the machine to a part of the hard drive named drive Z. The agents then asked Boucher to step aside and started to look through the computer themselves. They came across several videos and pictures of child pornography. Boucher was then arrested, and the agents powered down the laptop. Also note this text from the original ruling (at http://www.volokh.com/files/Boucher.pdf) supporting Boucher: Both parties agree that the contents of the laptop do not enjoy Fifth Amendment protection as the contents were voluntarily prepared and are not testimonial. See id. at 409-10 (holding previously created work documents not privileged under the Fifth Amendment). Also, the government concedes that it cannot compel Boucher to disclose the password to the grand jury because the disclosure would be testimonial. The question remains whether entry of the password, giving the government access to drive Z, would be testimonial and therefore privileged. The legal issue is very narrow: is entering the password testimonial, and thus protected? Again: both parties agree that the contents of the laptop do not enjoy Fifth Amendment protection as the contents were voluntarily prepared and are not testimonial. Beyond that, Boucher waived his Miranda rights in writing and showed the agent the (I assume) relevant folders. That, coupled with the precedents from Fisher, Hubbell, etc., make it likely, in my non-lawyerly opinion, that the government will prevail. *But* -- I predict that the ruling will be narrow. It will not (I suspect and hope) result in a ruling that the government can always compel the production of keys. (Philosophical aside: I've never been happy with the way the Fifth Amendment has been interpreted. To me, it's about freedom of conscience, rather than freedom from bringing punishment upon oneself. The law supports that in other situations -- the spousal exemption, the priest-penitent privilege, etc. This is why grants of immunity and especially use immunity have always troubled me. I recognize, though, that this is not the way the law works.) So -- I suspect that Boucher is going to lose. The real question is whether the ruling will be narrow, based on these facts, or whether some judge will issue a broad ruling on witholding keys. --Steve
Re: Judge orders defendant to decrypt PGP-protected laptop
On Tue, 03 Mar 2009 12:26:32 -0500 Perry E. Metzger pe...@piermont.com wrote: Quoting: A federal judge has ordered a criminal defendant to decrypt his hard drive by typing in his PGP passphrase so prosecutors can view the unencrypted files, a ruling that raises serious concerns about self-incrimination in an electronic age. http://news.cnet.com/8301-13578_3-10172866-38.html I would not read too much into this ruling -- I think that this is a special situation, and does not address the more important general issue. To me, this part is crucial: Judge Sessions reached his conclusion by citing a Second Circuit case, U.S. v. Fox, that said the act of producing documents in response to a subpoena may communicate incriminating facts in two ways: first, if the government doesn't know where the incriminating files are, or second, if turning them over would implicitly authenticate them. Because the Justice Department believes it can link Boucher with the files through another method, it's agreed not to formally use the fact of his typing in the passphrase against him. (The other method appears to be having the ICE agent testify that certain images were on the laptop when viewed at the border.) Sessions wrote: Boucher's act of producing an unencrypted version of the Z drive likewise is not necessary to authenticate it. He has already admitted to possession of the computer, and provided the government with access to the Z drive. The government has submitted that it can link Boucher with the files on his computer without making use of his production of an unencrypted version of the Z drive, and that it will not use his act of production as evidence of authentication. In other cases, where alternative evidence is not available to the government, and where government agents have not already had a look at the contents, the facts (and hence perhaps the ruling) would be different. --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Judge orders defendant to decrypt PGP-protected laptop
On Tue, Mar 03, 2009 at 12:26:32PM -0500, Perry E. Metzger wrote: Quoting: A federal judge has ordered a criminal defendant to decrypt his hard drive by typing in his PGP passphrase so prosecutors can view the unencrypted files, a ruling that raises serious concerns about self-incrimination in an electronic age. http://news.cnet.com/8301-13578_3-10172866-38.html The privacy issues are troubling, of course, but it would seem trivial to bypass this sort of compulsion by having the disk encryption software allow multiple passwords, each of which unlocks a different version of the encrypted partition. When compelled to give out your password, you give out the one that unlocks the partition full of kitten and puppy pictures, and who's to say that's not all there is on the drive? Is there any disk encryption software for which this is common practice? -- - Adam ** Expert Technical Project and Business Management System Performance Analysis and Architecture ** [ http://www.adamfields.com ] [ http://workstuff.tumblr.com ] ... Technology Blog [ http://www.aquick.org/blog ] Personal Blog [ http://www.adamfields.com/resume.html ].. Experience [ http://www.flickr.com/photos/fields ] ... Photos [ http://www.twitter.com/fields ].. Twitter [ http://www.morningside-analytics.com ] .. Latest Venture [ http://www.confabb.com ] Founder - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Judge orders defendant to decrypt PGP-protected laptop
Adam Fields cryptography23094...@aquick.org writes: The privacy issues are troubling, of course, but it would seem trivial to bypass this sort of compulsion by having the disk encryption software allow multiple passwords, each of which unlocks a different version of the encrypted partition. This sort of thing has been discussed for a long time, but I doubt that would work in practice. Law is not like software. Judges operate on reasonableness, not on literal interpretation. If it was reasonably obvious that you were using software like that and probably not cooperating, the judge would just throw you in jail for contempt of court anyway. When compelled to give out your password, you give out the one that unlocks the partition full of kitten and puppy pictures, and who's to say that's not all there is on the drive? Well, it should be clear that any such scheme necessarily will produce encrypted partitions with less storage capacity than one with only one set of cleartext. You can't magically store 2N bytes in an N byte drive -- something has to give. It should therefore be reasonably obvious from partition sizes that there is something hidden. In any case, unless you're really very energetic about it, it will be obvious from things like access times and other content clues (gee, why is there nothing in the browser cache from the current year?) that what is there is not the real partition you use day to day. Perry -- Perry E. Metzgerpe...@piermont.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Judge orders defendant to decrypt PGP-protected laptop
At 13:08 -0500 03.03.2009, Adam Fields wrote: When compelled to give out your password Unless I'm misunderstanding the ruling, Boucher is not being compelled to produce his passphrase (like he could under RIPA Section 49 in the UK), but he is being told to produce the unencrypted contents of the drive. Assuming I'm interpreting the ruling correctly, this seems little different than a judge approving a search warrant for a residence, whose execution could produce incriminating evidence that is usable in court. There is a chasm of difference between being compelled to produce keys, which could be subsequently reused with other encrypted material, and being compelled to produce specific unencrypted data, which is much more narrowly scoped and therefore less intrusive. s. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Judge orders defendant to decrypt PGP-protected laptop
On Tue, Mar 03, 2009 at 01:20:22PM -0500, Perry E. Metzger wrote: Adam Fields cryptography23094...@aquick.org writes: The privacy issues are troubling, of course, but it would seem trivial to bypass this sort of compulsion by having the disk encryption software allow multiple passwords, each of which unlocks a different version of the encrypted partition. This sort of thing has been discussed for a long time, but I doubt that would work in practice. Law is not like software. Judges operate on reasonableness, not on literal interpretation. If it was reasonably obvious that you were using software like that and probably not cooperating, the judge would just throw you in jail for contempt of court anyway. I don't see how it would be reasonably obvious, especially if lots of disk encryption packages started offering multiple partitions as a transparent option. All you'd see is a bunch of random bits on the disk and a password prompt. They ask you for the password, you put up a fight, and then ultimately relent and give it to them when they insist. When compelled to give out your password, you give out the one that unlocks the partition full of kitten and puppy pictures, and who's to say that's not all there is on the drive? Well, it should be clear that any such scheme necessarily will produce encrypted partitions with less storage capacity than one with only one set of cleartext. You can't magically store 2N bytes in an N byte drive -- something has to give. It should therefore be reasonably obvious from partition sizes that there is something hidden. I don't see how you could tell the difference between a virtual 40GB encrypted padded partition and 2 virtual 20GB ones. Many virtual disk implementations will pre-allocate the space. Is there some reason why filling the empty space with random garbage wouldn't mask the fact that there were actually multiple partitions in there? There's no law that says your empty disk space has to actually be empty. (Yet.) In any case, unless you're really very energetic about it, it will be obvious from things like access times and other content clues (gee, why is there nothing in the browser cache from the current year?) that what is there is not the real partition you use day to day. I think we're talking about a straight data storage partition here. It doesn't seem to hard to have something touch random files on a regular basis. Regardless, that seems like a weak complaint - all you have to do is log into the other partition once a week and use it to browse cuteoverload or something. But, most importantly, you haven't given a good reason not to offer this as a standard option. Maybe it wouldn't work, but maybe it would. -- - Adam ** Expert Technical Project and Business Management System Performance Analysis and Architecture ** [ http://www.adamfields.com ] [ http://workstuff.tumblr.com ] ... Technology Blog [ http://www.aquick.org/blog ] Personal Blog [ http://www.adamfields.com/resume.html ].. Experience [ http://www.flickr.com/photos/fields ] ... Photos [ http://www.twitter.com/fields ].. Twitter [ http://www.morningside-analytics.com ] .. Latest Venture [ http://www.confabb.com ] Founder - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Judge orders defendant to decrypt PGP-protected laptop
Adam Fields cryptography23094...@aquick.org writes: Well, it should be clear that any such scheme necessarily will produce encrypted partitions with less storage capacity than one with only one set of cleartext. You can't magically store 2N bytes in an N byte drive -- something has to give. It should therefore be reasonably obvious from partition sizes that there is something hidden. I don't see how you could tell the difference between a virtual 40GB encrypted padded partition and 2 virtual 20GB ones. The judge doesn't need to know the difference to beyond any doubt. If the judge thinks you're holding out, you go to jail for contempt. Geeks expect, far too frequently, that courts operate like Turing machines, literally interpreting the laws and accepting the slightest legal hack unconditionally without human consideration of the impact of the interpretation. This is not remotely the case. I'll repeat: the law is not like a computer program. Courts operate on reasonableness standards and such, not on literal interpretation of the law. If it is obvious to you and me that a disk has multiple encrypted views, then you can't expect that a court will not be able to understand this and take appropriate action, like putting you in a cage. Perry -- Perry E. Metzgerpe...@piermont.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Judge orders defendant to decrypt PGP-protected laptop
On 2009-03-03, Stephan Somogyi wrote: There is a chasm of difference between being compelled to produce keys, which could be subsequently reused with other encrypted material, and being compelled to produce specific unencrypted data, which is much more narrowly scoped and therefore less intrusive. That is also why multi-level security and/or steganography exist. And why, eventually, every court order will mandate randomization of all data that wasn't decryptable. And why people will design stealthy methods of signaling to their disk that such deletion orders are to be disrespected. And why such drives will be forthwith banned. Et cetera, ad nauseam. So it goes. -- Sampo Syreeni, aka decoy - de...@iki.fi, http://decoy.iki.fi/front +358-50-5756111, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Judge orders defendant to decrypt PGP-protected laptop
With regards to alternative runtime decryptions, recall ... http://people.csail.mit.edu/rivest/Chaffing.txt The claim is that the approach is neither encryption nor steganography. Cheers, Scott - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Judge orders defendant to decrypt PGP-protected laptop
On Tue, 03 Mar 2009 13:53:50 -0500 Perry E. Metzger pe...@piermont.com wrote: Adam Fields cryptography23094...@aquick.org writes: Well, it should be clear that any such scheme necessarily will produce encrypted partitions with less storage capacity than one with only one set of cleartext. You can't magically store 2N bytes in an N byte drive -- something has to give. It should therefore be reasonably obvious from partition sizes that there is something hidden. I don't see how you could tell the difference between a virtual 40GB encrypted padded partition and 2 virtual 20GB ones. The judge doesn't need to know the difference to beyond any doubt. If the judge thinks you're holding out, you go to jail for contempt. Geeks expect, far too frequently, that courts operate like Turing machines, literally interpreting the laws and accepting the slightest legal hack unconditionally without human consideration of the impact of the interpretation. This is not remotely the case. I'll repeat: the law is not like a computer program. Courts operate on reasonableness standards and such, not on literal interpretation of the law. If it is obvious to you and me that a disk has multiple encrypted views, then you can't expect that a court will not be able to understand this and take appropriate action, like putting you in a cage. Indeed. Let me point folks at http://www.freedom-to-tinker.com/blog/paul/being-acquitted-versus-being-searched-yanal -- which was in fact written by a real lawyer, a former prosecutor who is now a law professor. --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Judge orders defendant to decrypt PGP-protected laptop
At 02:45 PM 3/3/2009 -0500, Steven M. Bellovin wrote: On Tue, 03 Mar 2009 13:53:50 -0500 Perry E. Metzger pe...@piermont.com wrote: I'll repeat: the law is not like a computer program. Courts operate on reasonableness standards and such, not on literal interpretation of the law. If it is obvious to you and me that a disk has multiple encrypted views, then you can't expect that a court will not be able to understand this and take appropriate action, like putting you in a cage. Indeed. Let me point folks at http://www.freedom-to-tinker.com/blog/paul/being-acquitted-versus-being-searched-yanal -- which was in fact written by a real lawyer, a former prosecutor who is now a law professor. Thanks Steve. As you know, of course, IAARL. And I know and have worked with Paul. I don't normally do me-too posts, and I don't normally post to this list at all; but I do want to me too this. I've been pointing folks to Paul's piece since the day (a weeks ago) he first published it, it's well worth reading. -Jim James S. Tyre jst...@jstyre.com Law Offices of James S. Tyre 310-839-4114/310-839-4602(fax) 10736 Jefferson Blvd., #512 Culver City, CA 90230-4969 Co-founder, The Censorware Project http://censorware.net Policy Fellow, Electronic Frontier Foundation http://www.eff.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Judge orders defendant to decrypt PGP-protected laptop
On Mar 3, 2009, at 1:08 PM, Adam Fields wrote: Is there any disk encryption software for which this is common practice? In terms of fairly widely used software, yes, TrueCrypt offers hidden volumes: http://www.truecrypt.org/docs/?s=hidden-volume I asked the same original question on this list in 2004, and some other software is mentioned in the replies: http://www.mail-archive.com/cryptography@metzdowd.com/msg02169.html -- Ivan Krstić krs...@solarsail.hcs.harvard.edu | http://radian.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Judge orders defendant to decrypt PGP-protected laptop
On Mar 3, 2009, at 1:53 PM, Perry E. Metzger wrote: If it is obvious to you and me that a disk has multiple encrypted views, then you can't expect that a court will not be able to understand this and take appropriate action, like putting you in a cage. Why do you think it'd be obvious to you and me that a disk has multiple encrypted views? Contempt carries a burden of proof. If the guy has two encrypted volumes, one with a bunch of hardcore adult porn and the other with a bunch of kiddie porn, how does his unlocking the first one give you a 'preponderance of evidence' that he's obstructing justice or disobeying the court? It becomes a he-said-she-said with the CBP agent, your word against his. -- Ivan Krstić krs...@solarsail.hcs.harvard.edu | http://radian.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Judge orders defendant to decrypt PGP-protected laptop
Ivan Krstić krs...@solarsail.hcs.harvard.edu writes: On Mar 3, 2009, at 1:53 PM, Perry E. Metzger wrote: If it is obvious to you and me that a disk has multiple encrypted views, then you can't expect that a court will not be able to understand this and take appropriate action, like putting you in a cage. Why do you think it'd be obvious to you and me that a disk has multiple encrypted views? Contempt carries a burden of proof. If the guy has two encrypted volumes, one with a bunch of hardcore adult porn and the other with a bunch of kiddie porn, how does his unlocking the first one give you a 'preponderance of evidence' that he's obstructing justice or disobeying the court? It becomes a he-said-she-said with the CBP agent, your word against his. Again, you seem to be operating under the common geek misperception that courts operate like Turing machines, precisely and literally executing precisely defined legal concepts. They do not work that way. Courts work much more the way the high school vice principal who put you on detention for three weeks for throwing a snowball worked -- even though he didn't see you throw one, he just saw you were the only person in the general vicinity, even though it was all patently unfair since he had no proof by your lights. The law's idea of what sufficient evidence means is not what you, as a geek, think sufficient evidence means. For example, perhaps to you, beyond a reasonable doubt means something like there is no way you couldn't be guilty, while to a court it means nothing like that -- it means that an ordinary person (that is, not a geek, not a professional defense attorney, not a mystery novel addict) wouldn't have serious doubts about guilt. Not no doubts -- just no serious ones. The law is used to people trying to weasel out of trouble -- people have been trying to weasel out of trouble since the year 100,000 BC. Criminals were trying far more elaborate schemes to get out from under trouble than you will ever think of back in ancient Mesopotamia. You're not going to find something new that impresses a real court. Take a real common case. Someone is mugged by two people. One of them shoots the victim and neither will say which of them did it. You, the geek who thinks the law is a Turing machine, assume that neither can go to jail for murder. In the case of each criminal, you assume, there is a reasonable doubt as to whether or not the other guy did it. 50/50 is a way reasonable doubt! Well, that's not how the real legal system works. In the real legal system, the court will happily put both people in jail for murder even though there is only one bullet in the victim so only one person could have pulled the trigger. That's routine, in fact, never mind how unfair that seems to you. (The charge of felony murder exists precisely so that they don't need to know who pulled the trigger. As I said, they're used to people trying to weasel out of trouble.) But but! you scream, there has to be a reasonable doubt there! Only one of them could have done it, clearly one person is in jail unfairly, they both have to go free! -- well, that's the difference between you and a lawyer. The lawyer doesn't see this as unreasonable. The court system is not a Turing machine. Back to our topic: if the software can handle multiple hidden encrypted volumes and there is unaccounted for space and the volume you decrypt for them has nothing but pictures of bunnies and sunsets and hasn't been touched in a year, I think you're going to jail for contempt if the judge has ordered you to fork over the files. But!!! you insist, they don't have proof that I'm doing something qua proof, they just a strong suspicion! Why, it could be anything in that giant pool of random bits on the rest of the drive! How do they *know* it isn't just random bits? How do they *know* I don't just look at bunnies and sunsets and haven't opened that partition in a year? You only think that will protect you because you don't understand the legal system. You see, you're making this assumption that most people would call assuming the judge is an idiot. Judges take a very dim view of people playing them for fools, just like high school vice principals, and again, the legal system is not a Turing machine. The judge's superiors on the appeals court will take a similar view because they were once trial judges and don't like when judges are played for fools either. So, the court is not going to pay the least attention to your elaborate claims that you just like storing the output of your random number generator on a large chunk of your hard drive. They really don't give a damn about claims like that. Actually they do care. They'll be pissed off that you're wasting their time. If you believe otherwise, go right ahead, but as I said, the jails are filled with people who have tried very elaborate strategies for avoiding prison only to discover courts don't care. The courts are used to people not wanting to
Re: Judge orders defendant to decrypt PGP-protected laptop
To more fully quote Adam's question: When compelled to give out your password, you give out the one that unlocks the partition full of kitten and puppy pictures, and who's to say that's not all there is on the drive? Is there any disk encryption software for which this is common practice? On Tue, Mar 03, 2009 at 05:37:40PM -0500, Ivan Krsti?? wrote: In terms of fairly widely used software, yes, TrueCrypt offers hidden volumes: http://www.truecrypt.org/docs/?s=hidden-volume Hidden volumes are interesting, but TrueCrypt's specific implementation (one hidden volume per decoy container) fails to address the case in which an adversary has knowledge of the hidden volume, which is where I think Adam's question was going. If they do, no amount of decoy data is going to convince them that what they seek has been divulged, and they will continue to compel until they have what they want. To defend against such an attack, one would need two hidden volumes: one for decoy data and the other for the real data. There are still problems with that approach (such as how the adversary gained knowledge of a hidden volume in the first place), but it should satisfy the switch-for-puppies defense. No software I know of does this by default. RB - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Judge orders defendant to decrypt PGP-protected laptop
I would not read too much into this ruling -- I think that this is a special situation, and does not address the more important general issue. In other cases, where alternative evidence is not available to the government, and where government agents have not already had a look at the contents, the facts (and hence perhaps the ruling) would be different. Balls. This is a straight end-run attempt around the Fifth Amendment. The cops initially demanded a court order making him reveal his password -- then modified their stance on appeal after they lost. So he can't be forced to reveal it, but on a technicality he can be forced to produce the same effect as revealing it? Just how broad is this technicality, and how does it get to override a personal constitutional right? If the cops bust down your door and you foolishly left your computer turned on, are they entitled to make you reveal your encryption passwords anytime later, because your encrypted drive was accessible when they ran in screaming at your family and shooting your dog? Suppose they looked it over and typed a few things to the screen? Suppose they didn't? Suppose they used a fancy power-transfer plug to keep it running as they walked it out the door, but they tripped and dropped it and it powered off? That's a technicality, isn't it? Don't forget, this is a nuisance case. It's about a harmless Canadian citizen who's a permanent US resident, who crossed the Canadian border with his laptop. A guy smart enough to encrypt his drive. On the drive, among other things, was a few thousand porn images downloaded from the net. Legal porn. The border guards, who had no business even looking at his laptop's contents, trolled around in it until they found some tiny fraction of the images that (they allege) contained underage models. (How would *he* know the ages of the models in random online porn? Guess he'd better just store no porn at all, whether or not porn is legal. That's the effect that the bluenoses who passed the child porn laws want, after all.) That's the crime being prosecuted here. This isn't the Four Horsemen's torture-the-terrorist-for-the-password hostage situation where lives are at stake and the seconds are ticking away. This is a pointless search containing the only evidence of a meaningless censorship non-crime. If the feds can force you to reveal your password in this hick sideshow, they can force it anytime. Suppose the guy had powered off his laptop rather than merely foolishly suspending it. If the border guards had DRAM key recovery tools that could find a key in the powered-down RAM, but then lost the key or it stopped working, would you think he should later be forced to reveal his password? Suppose they merely possessed DRAM key recovery software, but never deployed it? Hey, we claim that you crossed the border with that key in decaying RAM; fork over that password, buddy! Don't give them an inch, they'll take a mile. Drug users can now not safely own guns, despite the Second Amendment. Not even guns locked in safes in outbuildings, because the law passed against using a gun in a drug crime has been expanded by cops and judges to penalize having a gun anywhere on the property even though it was never touched, and even when the only drug crime was simple possession. Five year mandatory minimum sentence enhancement. (Don't expect NRA to help -- their motto is screw the criminals, leave us honest people alone. That's no good when everybody's a criminal, especially the honest people like this guy, who had nothing to hide from the border guards and helped them search his laptop.) Sessions wrote: Boucher's act of producing an unencrypted version of the Z drive... There is no such document as an unencrypted version of the Z drive. It does not exist. It has never existed. One could in theory be created, but that would be the creation of a new document, not the production of an existing one. The existing one is encrypted, and the feds already have it. I'm still trying to figure out what the feds want in this case if the guy complies. They'll have a border guard testify that he saw a picture with a young teen in it? They'll show the jury a picture of a young teen, but won't authenticate it as a picture that came off the hard drive? It can just be any random picture of a young teen, that could've come from anywhere? How will that contribute to prosecuting this guy for child porn? Maybe they're just bored from training themselves by viewing official federal child porn images (that we're not allowed to see), or endlessly searching gigabytes of useless stuff on laptops. Instead they want the thrill of setting a precedent that citizens have no right to privacy in their encrypted hard drives. Let's not help them by declaring this guy's rights forfeit on a technicality. John - The Cryptography Mailing List