A bid by the US government to force a child porn suspect to surrender his encryption password has sparked fierce debate about whether the move violates constitutional protections against self-incrimination. The case, which is reported here by The Washington Post, is likely the first time a court has waded into the issue. It …
A title is required.
but are we being lied to here.
We were first told that the guard saw file names and witnessed the CP
However we have now also heard that the guard saw cartoon pronz
I think we should call bulls--t until we have more information.
Was it really CP or was it drawings?
Were there really encrypted files or are the police trying to save themselves from a big hole?
What's the real story? What evidence do they really have? Can we have some investigation please.
Two Factor Authentication
>While cracking PGP would seem a pretty tall order, surely using a password
>cracker to throw random passwords at it would stand a fair chance of success,
>given that most non-techie people dont really get the need for complex
My guess is a lot of people in these nefarious circles do understand strong passwords -- and even if they have a weak one, many are smart enough to use two-factor authentication. You probably don't want the 2nd factor to be your fingerprints which you can be forced to provide :D
Yeah, you can rainbow table at the password.
So you use passphrase like, "Whn in th Cours of human vnts it bcoms ncssary for on popl to dissolv th political bands which hav connctd thm with anothr and to assum among th powrs of th arth, th sparat and qual station to which th Laws of Natur and of Natur's God ntitl thm, a dcnt rspct to th opinions of mankind rquirs that thy should dclar th causs which impl thm to th sparation."
Very common phrase, not that tough to memorize, readily available in most libraries or having a book with that phrase in your house isn't attention getting in case you forget it. And deleting the "e"s just make it that much tougher for a rainbow table to be generated since plain words alone aren't enough. That would take one heck of a rainbow table to match.
But that's absolutely useless without knowing the keyfile.
So I open up my favorite ASCII editor and from memory, or just a common history book in my house or any library, type out:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. "
And now let's reverse a couple lines...
"but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue,"
And let's use search-and-replace to get rid of "u" and replace "a" with "xyz734" and finally just sequentially change the 4 in a repeating pattern that's easy to memorize but means simple substitutions alone are not sufficient:
"bt pon probxyx734ble cxyx735se, spported by oxyx736th or xyx737ffirmxyx738tion, xyx739nd pxyx734rticlxyx734rly describing the plxyx733ce to be sexyx732rched, xyx731nd the persons or things to be seized. The right of the people to be secre in their persons, hoses, pxyx734pers, xyx735nd effects, xyx736gxyx737inst nrexyx738sonxyx739ble sexyx734rches xyx733nd seizres, shxyx732ll not be violxyx731ted, xyx734nd no wxyx735rrxyx736nts shxyx737ll isse"
Save it, open the encrypted partition using my password and the keyfile. Then use a shredder program to erase the keyfile -- after all, I know the three simple steps to recreate it in the future.
Oh, and you might even give them plausible deniability and a low-value "win" -- an encrypted partition within and encrypted partition that can not be proven to exist by the standards of a court of law. So you put the child porn you only obtained off the internet in the outer partition, "Blimy, you got me, I give up! Give me my 2 years in jail and 10 years of probation!" Of course the pictures you produced yourself are hidden in the inner encrypted partition you don't tell them about.
Will this save you from active police or intelligence surveillance? Nope. Keyloggers, hidden cameras, etc could all provide the clues they need to figure out what you're doing.
But it will pretty darn well fustrate them if they didn't do the surveillance and are instead relying on you being intimidated to being self incrimination.
The problem is...
...That neither PGP nor GPG has a built-in "wipe the data" command which can be triggered by entering a specific passphrase which is different from the decryption key.
"Oh, you wanted the decryption key? You should have said! I thought you wanted to deprive me of the files, so I gave you the *other* passphrase!"
double encryption is illegal?
I guess I will have to turn myself in for my 2x ROT13 scheme. All the rest of you should as well I can see this whole site is full of postings using it.
Use TruCrypt instead of PGP
In TruCrypt everything is encrypted including directories and directory entries.
What is lacks and is needed is a 2nd password that would trigger an "autodestruct" of the data. That way, "give me the password" would result in the destruction of the data that is encrypted.
Or perhaps a "autounecrypt" of data to all "aaaaaaaaaaaaaa" or random characters with a CRC Error found message.
How do they know the files were encrypted
How do they know that the files are actually encrypted and not just an unencrypted file containing random data (such as some kind of test samples)? In that case there is no decryption key, so now the guy goes to jail for not providing something that doesn't exist.
"If you've got nothing to hide..."
is a really weak argument.
I think that you could be carrying a concealed weapon. If you've got nothing to hide... you should cease wearing clothing from now on just to be on the safe side.
I think you keep your doors and windows locked when you go to work is because you're secretly making bombs for <insert terrorist group here> and you're trying to stop everyone from finding out. If you've got nothing to hide... make sure you leave all of your doors and windows unlocked and open at all times from now on.
I think you may have the details of a terrorist plot concealed in your credit card details. If you've got nothing to hide... then post them immediately so that the rest of us can be sure that you're not hiding something.
I think that you may have secret messages detailing potential terrorist targets in film you're putting together. If you've got nothing to hide... then post everything you've shot so far for Bond22/Harry-Potter-6/Indiana-Jones-4 to YouTube.
I think you've got links to kiddie-porn in the source code for your yet-to-be-released program. If you've got nothing to hide.. then post all of the source code for the current build of the next GTA/Halo/whatever to usenet.
If you think that "if you've got nothing to hide" is a valid argument for compelling people to surrender passwords... the first thing you should try to hide is that you don't really have a brain.
//Paris: Because she shouldn't hide anything. :)
Encrypted Message Number 2
You've downloaded & read my previous message.
Its in Code
Its on "your" hard drive
Now give me the password!
Can't? 2 years in the slammer for you then.
Yay for Miranda Rights!!
"You have the right to remain silent..."
It's not so much an issue of rooting for the bad guy, it's an issue of determining if "the guy" is good, bad, or neither.
and so it goes ...
So child porn and terrorism are the hammer and chisel used to streamline the constitution for smooth executive outcomes these days ...
Hm, where again did all this happen before?
Maybe I check out my grandfathers chest on the attic for his old brown "been there, done that" T-Shirt.
Word of warning from germany, this is ...
Your forgetting several of the pillars of American law. the first is "Innocent until proven guilty", and to support that, we have concepts like the 5th amendment rights, and most importantly burden of proof. the prosecution is tasked with proving the guilt of the defendant. if the defendant we're to hold the burden of proof, then it would be guilty until proven innocent.
the cost of freedom is that you have to occasionally let bad stuff happen, because in order to prevent it, you give away your freedom. to be free you have to take a black-eye every once in a while.
Heh, I can see the RIP being used to great effect by disgruntled spouses wanting to get a bit of revenge on their partner. Just "cat /dev/urandom > /home/gay_child_dog_porn.encrypted_mpeg" and shop em to the cops for an immediate two year prison sentence for not being able to provide a valid decryption key... And you'd get a neat divorce settlement out of it I'd imagine. And best of all it's risk free as you didn't have to go searching the net to find some real CP to plant unencrypted (or a dead hobo to hide in their basement). In fact this really is a convenient way to stich up anyone - be it a rival for promotion/election, the guy who pulled that girl from accounts you fancy, your boss you can get em out of the way risk free in just a couple of mins alone with their computer... Awesome.
@Rafael and the Steves
Bravo Rafael! You made my morning.
Double bravo to Steve and Steve Browne. Lucky we always have guys like you in the crowd.
On a slightly similar note...
I don't know about anyone else, but I am moderately annoyed that criminals (or at least certain types thereof) do not have the right to vote.
Hang on a minute: surely if thieves make up the majority of the population, and they want to vote to make theft legal, what is wrong with that? Democracy is what the majority of the people want (or maybe a slight compromise), and the whole point is that laws are brought about by popular demand, whatever their supposed 'morals' are.
Also, I agree that this case has an eeeevil hidden agenda
First they came for the paedophiles but I...
Then they came for the terrorists but I...
Then they came for Paris Hilton, and the whole IT world started a riot.
PH because she is a child at heart, I mean, mind.
What the F%%^ is A J Stiles on ?
How can that guy in all seriousness suggest that looking at child porn shouldnt be illegal? It should be totally illegal and rightly these people are dealt with by the law. Im not getting into the rights and wrongs of the encryption debate or whether looking at images makes you want to commit the act itself but come on. Thats just mental to suggest that anyone should be allowed to look at CP images. The kids are being abused and put onto the internet for gods sake. A J Stiles, how would you feel if your kid was one of those unfortunate kids ?
Get real cos if you think it shouldnt be illegal to look at CP images you're seriously warped.
Can i go back to thinking of happy things now please ?
"Get real cos if you think it shouldnt be illegal to look at CP images you're seriously warped."
The person looking at the images is not necessarily the person who abused the child in the first place, and he might not be the person who distributed the images either. Sure, the producers (abusers) and the distributors should be prosecuted, but the government has no right to stop people looking at images that they have already in their own possession (whether they had to break the law to obtain those pictures is another matter).
What if someone came up with an absolutely fool proof cryptographic program (for the sake of naming it called it quantum crypto.
Some how this program was linked directly with your brain. The program would ask your brain what the key was and zip the file(s) would be unencrypted. Using some if the people's postings here the government could ask and would have to give access to your brain to decrypt the file. That is about as basic government infringement can get, access to your brain. So, if I am understanding some of the points is that of course if you don't give the key to the government you have every right to commit suicide.
Torture is always an option and I would not go near any water boards for the next 100 years. If you were over on the other side of the pond couldn't you just claim a stroke?
@ Rick Eastwood
There is a world of difference between looking at pictures and abusing children.
If your kid is abused, that's bad. But if your kid has ALREADY been abused and someone else LOOKS AT A PICTURE of your kid being abused, it doesn't make things any worse. (That's the "mediaeval superstition" to which I was referring. A photograph cannot, in practice, convey information to the subject depicted, irrespective of what you believe.)
Supply and demand
If there weren't any people PAYING to look at CP pictures, there would be far fewer CP pictures being taken in the first place.
There are schemes to hide a picture within a picture (using stenography) and then encrypting the result. You have 2 passwords, one of which reveals the "innocent" picture, the other reveals the "real" picture. The trouble with the scheme is that any half-wit cryptoexpert will spot it a mile off (the picture file would be bigger than it needed to be for instance). The same is true for TruCrypt based schemes. There are also various schemes for spotting encrypted files (for instance encrypted files are virtually incompressible)
"double encryption is illegal?"
"I guess I will have to turn myself in for my 2x ROT13 scheme. All the rest of you should as well I can see this whole site is full of postings using it."
Don't you realise that double ROT-13 is simple to crack with todays' powerful CPUs?
I use 16xROT13 as a minimum, and I have plans to move to 256x or even 1024x as my needs for privacy grow.