Skip to comments.DOJ: We can force you to decrypt that laptop
Posted on 07/11/2011 10:39:22 AM PDT by Smogger
The Colorado prosecution of a woman accused of a mortgage scam will test whether the government can punish you for refusing to disclose your encryption passphrase. The Obama administration has asked a federal judge to order the defendant, Ramona Fricosu, to decrypt an encrypted laptop that police found in her bedroom during a raid of her home.
Because Fricosu has opposed the proposal, this could turn into a precedent-setting case. No U.S. appeals court appears to have ruled on whether such an order would be legal or not under the U.S. Constitution's Fifth Amendment, which broadly protects Americans' right to remain silent.
In a brief filed last Friday, Fricosu's Colorado Springs-based attorney, Philip Dubois, said defendants can't be constitutionally obligated to help the government interpret their files. "If agents execute a search warrant and find, say, a diary handwritten in code, could the target be compelled to decode, i.e., decrypt, the diary?"
"Decrypting the data on the laptop can be, in and of itself, a testimonial act--revealing control over a computer and the files on it," said EFF Senior staff attorney Marcia Hofmann. "Ordering the defendant to enter an encryption password puts her in the situation the Fifth Amendment was designed to prevent: having to choose between incriminating herself, lying under oath, or risking contempt of court."
(Excerpt) Read more at news.cnet.com ...
Hey stupids at the DOJ: thanks for letting the world know the limitations of the NSA’s decryption capabilities.
Now, if you'll excuse them, the US Department of Justice has thousands of military weapons to give to the Mexican narco-trafficking cartels.
I don’t recall worked great for Hillary Clinton!
Everyone who knows about encryption know that there are limits to cryptographic attacks, even the NSA’s. And whose to say the government is going to utilize NSA resources on every two- bit criminal with an encrypted hard drive? I would assume they are NOT going to.
Need a whole disk encryption system that allows you to enter two passwords.
One password reveals the real stuff. Another password reveals the fake stuff while it deletes and rewrites random data over the real stuff.
But then that would be tampering with evidence or some other charge. So best to just take the 5th and stay quiet.
This will be an interesting case. What happens if they give you immunity to compel your testimony that the password you provided won’t be used to prove you had access to the machine? They could force your testimony then, no?
I FORGOT..............Steve Martin................
I must have read your mind.
I don't think this says anything one way or the other about NSA's abilities in this arena.
Personally, I wouldn't bet against NSA.
Garde la Foi, mes amis! Nous nous sommes les sauveurs de la République! Maintenant et Toujours!
(Keep the Faith, my friends! We are the saviors of the Republic! Now and Forever!)
LonePalm, le Républicain du verre cassé (The Broken Glass Republican)
I agree. Was Hitlery ever jailed for having a “poor memory?” I’d say it worked fine. She’s still sucking at the public teat.
I’m surprised there haven’t been more of these cases, but then I’m surprised more people don’t take measures to protect their data both in terms of backup and security.
Clearly falls under the Fifth Amendment (assuming we still have one). Legal types will get hung up on what and what doesn’t constitute ‘testimony’ but the Fifth, of course, deals with bearing witness against oneself in or out of court.
I suppose the best defense for anyone in this spot is to simply say ‘I forget the password. I guess we’re both screwed.’
There is already such a thing, and I use it. It’s called a hidden volume, and allows you to enter a password under duress the decrypts only what you want the people strong arming you to see.
I think the last person the Government jailed for having a poor memory was Scooter Libby. But, had he simply not talked, he would never have been convicted.
‘I forgot’ armed robbery was illegal!
No you can't.
You gonna bring back the rack?
The Iron maiden?
Drawing and quartering?
Water boarding that is prohibited from being used on mortal enemies?
Good luck with that.
But it doesn’t delete the stuff you want to hide, does it?
I guess 3 passwords would be best.
1) Just show fake stuff
2) Show real stuff
3) Show fake stuff and delete real stuff
Yeah...what you said!
“The Obama administration has asked a federal judge to order the defendant, Ramona Fricosu, to decrypt an encrypted laptop that police found in her bedroom during a raid of her home.”
Maybe she can say:
“My lawyer and I will gladly submit any questions you have for my laptop computer, and question by question, under my lawyers advice we will make my laptop computer answer any question that will not violate my Fifth Amendment rights. But no, we will not allow you to interrogate my laptop with any lower standard with which you are not allowed to interrogate me.”
Just trying to speak in “legalese” even though I am not totally convinced of that argument myself.
If you’re really paranoid that is the way to do it. I haven’t yet, but maybe someday. I just use truecrypt full disk now, but I guess I can setup a hidden and fake OS in there. Truecrypt calls it ‘plausible deniability’. Well, it’s a part of that whole idea they have.
A few years back I used truecrypt to set up an encrypted drive on my computer to store tax returns, scanned receipts etc. Following the recommendations from the truecrypt instructions I set up a long password (more like a pass paragraph) with upper and lower case letter, numbers and symbols. Worked fine for a couple months, until I fell behind with my receipt scanning and didn’t mess with it for a few weeks, then of course I forgot the password and couldn’t find where I had written it down. So long story short, hours of work down the crapper. I guess if my computer had been confiscated by the feds, I could also be facing jail time for not being able to produce the password. That sure would add insult to injury...
I find this outrageous - there’s no clearer example of self-incrimination short of being compelled a gunpoint to say, “Yeah, I did it” and sign a “confession.”
Of course, one could always have an encryption program that wipes the hard drive if you enter the password incorrectly X number of times (3 or 5 or 10). One could fail to capitalize a letter, or get “fat fingers” or whatever...and good-bye data.
Your reminder of the simple Hillary Clinton defense of “I don’t recall” is a big winner - because they cannot prove otherwise, just as no one could prove that “the world’s smartest woman” remembered none of the multitude of details of what she was being questioned about. They could be very suspicious, but never prove a thing.
I don’t advocate breaking the law (even if the law is violative of the Constitution, as it often is). However, certain parts of the Constitution’s protections of our rights must be inviolate or we are dealing with nothing less than an outright dictatorship. The 5th Amendment protection against self-incrimination is one such. The data on a computer is certainly capable of incriminating a person - hence the reason the DOJ wants to see it - and being compelled to release it CANNOT be permitted. I, too, would rather be in jail on contempt than to release the information. Besides, I don’t put it past prosecutors to falsify what is there to suit their case (evidence tampering is not exactly a new concept), but they can’t do it if they haven’t had access to the data in the first place.
” You gonna bring back the rack?
The Iron maiden?
Drawing and quartering?
Water boarding that is prohibited from being used on mortal enemies? “
“”VIDEO - Handcuffed man repeatedly kicked, beaten, and tasered by police while in handcuffs””
If this was in a book in a foreign language the DOJ would have to hire an interpriter.
When the Feds show up at your house with a search warrant, they can compel your cooperation in unlocking doors and opening safes and such. Demanding a laptop password is little different.
“3) Show fake stuff and delete real stuff”
The problem here is that it’s very complicated to fully erase data from a hard drive so that it cant be reconstructed. Even writing over it does not do the job, as per the DOD.
A better answer would be to simply keep sensitive data on a thumb drive. You can over write that, or you can simply physically destroy it.
You seem to have missed the crucial fundamental question :
Why is it not unconstitutional to selectively enforce a potentially criminal law?
Why were not he First Rapist and his feloneous wife (800 FBI files) also jailed for having really really poor memories?
Type the blue font password, or the red font pass word...
My first response after they found the laptop would be:”Where the hell did that come from?”
Did I read the article correctly to see that the laptop encryption was done with PGP?
#3 might make sense for life-or-death data, but in general, the real key is to make #1 look good and protected enough, and to not leave any trace of #2 being there at all (e.g., hidden via steganography).
So, under duress, I might "reluctantly" provide my password which will "expose" some tax documents or other bank records and some... er... "blue" media files that I didn't want the Mrs. to know about.
Meanwhile, the real critical data is hidden (but still encrypted) in plain sight.
I think I’ll set my encryption password to be “F-off, you DOJ Obambot monkeyslime. You can KMA if you think I am going to give you my password.” And I think I will have a case for wrongful imprisonment...
“When the Feds show up at your house with a search warrant, they can compel your cooperation in unlocking doors and opening safes and such. Demanding a laptop password is little different.”
They can “compel and demand” all they want. They still can’t make you do it. Opening the door keeps them from breaking it down or cutting open a safe. Demanding a password is not the same.
Oh, no problem...we have a backup of it. Try again.
Can’t be, those against Gitmo would be up in arms if such things were happening to suspects held in American’s jail cells. < /sarc >
Hey they can force you to buy health insurance. Why not reveal a password?
Ah, I have it... 'youwankerscouldntcatchtheclapinawhorehouse'. Nope, that's not it either. Try...
Any intelligent investigator will make an image copy of the hard drive before doing anything else.
“I don’t recall (the password).”
Actually it is possible. You just have to write over the data several times. I’ve seen the technique used to get the old data under it and severas writes (It used to be like 7) and no way you’re getting the data back.
Also keep in mind the data is encrypted! So they’d first have to recover what was there...then decrypt it! Good luck with that.
You always buy Evidence Eliminator, or something similar.
If you forget the password to your safe they will just break it open. They can’t “compel” your further then say asking you nicely. You can’t break open encryption like that.
One password lets you in.
The other password shreds the data.
And once you enter the "shred" password, it's too late.