back to article US court test for rights not to hand over crypto keys

Civil liberties activists have lent their support to a case that will test whether a US citizen can refuse to decrypt personal data on the grounds that it might be self-incriminatory. The case involves allegedly fraudulent real estate transactions. The government wants a Colorado court to compel Ramona Fricosu, who is accused …

COMMENTS

This topic is closed for new posts.

Page:

Gold badge
Flame

" suspected possession of child abuse images and related offences is the "main reason" "

And sounds so much better than "We've no idea what they've been up to and find the old TOTC ploy gets us a warrant no questions asked."

But self incrimination would seem to be an *obvious* issue with this sort of evidence.

12
0

What if...

you've genuinely lost the encryption keys?

And how is handing over encyption keys self-incrimination,

when handing over all paper records in the face of a warrant is not?

Curious...

9
2
Silver badge
Holmes

Further

Drawing the next logical conclusion, if you hand write your records, surely they cannot be used against you, since it would be self-incriminating?

I thought not.

You would still be found guilty if you wrote in French - the Police just need an interpreter. So encrypted is just the same.

The law is there to protect you from spoken evidence and the catch22 of lying. Any information committed to another medium (little black book, excel, encrypted zip) is not spoken and therefore fair game as evidence, and giving the key is not self-incriminating. If you want to keep it secret, don't write it down!

3
3
Big Brother

But what if?

What if you buried your paper records in a secret location known only to yourself? Unless the police get lucky and stumble across your hiding place, to all intents and purposes that document only exists inside your head.

In that case, you could argue compelling you to reveal its location amounts to self-incrimination.

The really scary bit is the UK RIPA law that means if you genuinely forget where you put the records or if they never existed in the first place, you're going to jail.

5
1

They cannot compel you

I'm pretty sure that they cannot compel you to reveal the location of files or even the existence of the files. It is up to the police to find them once they have the search warrant. If they cannot find them, then they cannot be used against you.

4
0
Silver badge
Happy

RE: They cannot compel you

".....If they cannot find them, then they cannot be used against you." Ah, but a good prosecutor would show that you tried to hide the files, which can be used to imply guilt in the minds of the jury.

0
1
Anonymous Coward

If you've got something to hide...

encrypting it and keeping it in your house is the equivalent of locking it into a safe in your living room. Either way, the authorities will want the combination or the encryption key. Obstructing a legal search is presumably a crime anyway. So, if you do that, you are not being *asked* to incriminate yourself: you already have done! (And probably not many juries will believe you can't open your own safe one more time or decrypt your own documents.)

0
4
Anonymous Coward

RE: Further

Except that an encrypted file system is like a safe with a combination. While the police can use anything against you if they can get into the safe they cannot force you to give them the combination(in the USA). Your example of needing an interpreter is flawed. Since the defendant is the only one that could unlock this data(for example if he/she used a made up language to write down the hypothetical records that you mention) it would be self-incrimination to provide the key(combination to the virtual safe). The SCOTUS(should this case get that far) should hold that an encryption key is equivalent to a combination and therefore a defendant cannot be compelled to give such information to the police.

4
0
Gold badge

Re: Further

"The law is there to protect you from spoken evidence and the catch22 of lying."

That might be part of the motivation, but this constitution also embeds rights to privacy that annoy authorities and a right to bear arms that exists precisely so that when push comes to shove you can shoot back at the bastards. It seems perfectly possible to me that the authors intended to offer blanket protection to the contents of your head. (In the historical context, governments within living memory had certainly attempted to break open people's head by a variety of means, so even if it wasn't explicitly stated as a motive, the authors would have understood this.)

That is consistent with the interpretation that you can withhold a combination but not a key. A computer key is just a combination, so I'd expect the courts to side with the laptop owner in cases like this one, unless they want to overturn that previous decision.

2
1
Silver badge

RIPA

The perfect defence is Truecrypt FDE, hidden partition. Do nothing of interest in the outer partition, everything of interest in the hidden one. Compelled to decrypt? Fine. Here officer, have this meaningless shit. Can't prove the hidden partition exists, then you cannot have the key.

2
0

Combination

"Except that an encrypted file system is like a safe with a combination. While the police can use anything against you if they can get into the safe they cannot force you to give them the combination(in the USA"

Well spoken. However, the encrypted file system is virtually impossible for anyone to get in to (as far as we know). Whereas the authorities can force their way into pretty much any safe. So the "safe" situation is not a true reflection of the "encryption" situation.

If they authorities can search your house for documents, why should they not be allowed to search your PC for electronic documents ? [I am undecided on the matter, just asking for opinion]. So much that we do is online, anything relevant to anyone's life will be found on their PC these days, and often nowhere else.

0
1
Anonymous Coward

@Mark 65

Sorry to burst your bubble, but hidden partitions in Trucecrypt are not actually hidden. Discovering their existence is trivial by diving the registry and/or log files on the host system. If you give the key to the "fake" partition, working out the existence of a hidden partition is simply a matter of TC size - fake partition size. Even the filesystems used can give the game away.

And, finally, you think TC can't be cracked without the original key? Really, really?

There are measures that can be taken - but if you are into that level of paranoia as a normal person, then you probably need help.

2
1
Gold badge
Happy

Re: RE: They cannot compel you

And a good Judge would correctly instruct the jury to disregard that as purest speculation on the intentions of the accused when they chose where to store their files.

Prosecutors always try to get away with all sorts of shit to influence the jury, but then so do defence lawyers. It's just how the adversarial system works......

0
0

Cracking TrueCrypt

"And, finally, you think TC can't be cracked without the original key? Really, really?"

Can you give a link to that information? I refer to cracking TrueCrypt analytically or exploiting an inherent cryptographical weakness, rather than through social engineering or finding shreds of sector data that contain the original key. I mean cracking TrueCrypt "without" the original key, as you said.

1
0
Thumb Up

System Encryption

@Anonymous Coward

The solution to partition encryption is system encryption. And yes, I know the bootloader is still non-encrypted, so either move it off to somewhere else, or use that too in conjunction with a hidden encrypted system partition.

And with a secure enough key, truecrypt can be made safe. If you have an insecure partition, you didn't choose either a good enough key, or key length, or encryption method etc....

0
0

Warrants

If the police show probable cause that some of the contents of the may be material to the investigation of the crime and convince a judge who signs a warrant, that safe is going to be opened. Self-incrimination is about using a confession. It's in the US Constitution because kings were quite fond of torturing for admissions. Yes, I get the Guantanamo irony.

0
0
Meh

Seems like some coppers in the states...

...need some tutoring on Rainbow Tables.

Much better prosecution evidence anyway if they can brute force the info.

0
4

NOT rainbow tables

I don't think you understand what rainbow tables are for.

They are for finding the data that produces a given hash, they are a reverse hash lookup table.

I don' t think the coppers had a hashed password; the they were probably looking for a password which decrypted a key which decrypts SOMETHING which could be a file, file system or another layer of encrypted something.

Good look finding a rainbow table for that when you don't even know what any of the intermediate somethings are supposed to look like.

0
0
Big Brother

first person jailed for failing to hand over encryption keys?

"However, as first reported in The Register back in 2009, the first person jailed for failing to hand over encryption keys to authorities was a schizophrenic software developer initially charged with explosives offences that were later dropped during a police inquiry"

What ever happened to him, is he still locked up ...

http://k-world.me.uk/2009/11/24/uk-jails-schizophrenic-for-refusal-to-decrypt-files/

1
0
Thumb Down

The last I heard

The last I heard anything about him was that he was put in an asylam after he came out of jail. God knows whey he wasn't put in there first. Or whether being in jail made him crazy. Sounds like a little person that doesn't have money for big lawyers.

4
0
Silver badge

Re: first person jailed for failing to hand over encryption keys?

It is a scary story. I did not hear any mention of him being given access to legal advice. If he had such advice, he might have been told that he no longer had an absolute right to silence and that RIPA trumped his EU rights.

Perhaps the US administration may use this case in their ongoing efforts to extradite Gary McKinnon.

0
0
Anonymous Coward

This is why we need a constitution in the UK

So they tell us we have an unwritten constitution but when you consider the abuses of power that have become all too common here it just proves that it isn't worth the paper it's not printed on.

4
1

A fine theory, but...

...courts in the United States have proven quite adept at interpreting the Constitution to be quite consistent with jackboots. It's better protection than nothing, I guess, but it mostly fails to prevent abuses of power over here, either.

6
2
Mushroom

Why?

we already have one,

http://en.wikipedia.org/wiki/Magna_Carta

And it's being constantly erroded.

2
3
Happy

Plus

Act of Settlement, 1701,

Bill of Rights, 1689

and other sources such as (quoted from http://www.historylearningsite.co.uk/british_constitution1.htm)

Laws and Customs of Parliament; political conventions

Case law; constitutional matters decided in a court of law

Constitutional experts who have written on the subject such as Walter Bagehot and A.V Dicey

i.e. evolution over a thousand years, not some big bang freezing the values and context of a particular era and argued about ever since.

5
3
Unhappy

Written constitution?

I recall reading that the formal, written constitution of the late USSR was one of the best in the world.

The USA seems to have more than its share of human rights problems, particularly in regards to the "justice" system. How can the infamous "perp walk" be in accord with rights to a fair trial etc.? Extradition without evidence and a system based on the financial means to defend oneself at law, get medical treatment, progress in politics? I fail to see that the average citizen benefits much. The IR seems to be above all normal considerations. Data Protection? Interesting concept in the USA.

7
1
Pint

Hmmm

I was of the idea that Magna Carta was purely for the Earls and Barons to ensure the ruling monarch could not exceed their power and get too big for their boots, it was not to protect the peasants but that peasants might benefit by it in a round-a-bout sort of way.

5
0

@This is why we need a constitution in the UK

I agree, but only if it is written *without* the "weasel clauses" that allow the Government to effectively negate the protections given.

Eg Article 8 of the European Convention on Human Rights says:

1. Everyone has the right to respect for his private and family life, his home and his correspondence.

But it then goes on to say:

2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

Those exceptions pretty much let the Government say "well, we need to do this for (insert spurious but plausible reason here)" and thus trample all over the rights it's trying to protect.

7
0
Gold badge
WTF?

Re: Written constitution?

In Russia, Constitution has right to amend you!

1
0
Anonymous Coward

Irelavant

It doesn't matter. If it's a common joe, he's going to jail regardless. If it's a big time corporate company or some millionaire republican, they'll walk. plain and simple.

4
1
Silver badge
FAIL

RE: Irelevant (sic)

I suggest you go read up on Pardongate if you seriously think only Republican's get away with anything (http://en.wikipedia.org/wiki/Bill_Clinton_pardons_controversy).

In the meantime, I would suggest the EFF sticks to software patents law.

2
15
Anonymous Coward

Have they tried "passw0rd"?

Or they could just label him an "enemy combatant" and throw him in Guantanamo.

(prepared for downvotes :-) )

0
5
Silver badge
Facepalm

RE: Have they tried "passw0rd"?

"Or they could just label him an "enemy combatant"....." It's a she, not a he, which just goes to show the complete lack of any background reading that went into your post, either on Ramona Fricosu or on the topic of enemy combatants. Don't worry, I'm sure there were a few equally unknowledgeable people that read your post and were stupid enough to actually think it was lulz good.

2
3
Silver badge

Written constitution

The last go at forcing a written constitution on us was written by the marketing department of the EU.

They seem to have lost track of what a constitution was supposed to be there fore.

0
1
Silver badge
Stop

Shielding a criminal, not a "hero".

A few more details on the actual accussations:

"....The third indictment alleges that several financial institutions and homeowners were defrauded in a scheme to buy properties under imminent foreclosure, pocket loan proceeds and then sell the homes without paying the outstanding mortgages....."

So, she's not some beacon of righteousness fighting The Man, she's accused of pretty base fraud. This is the best case the EFF could find to get all whipped up and frothy about? Besides, she is just being asked to decrypt the laptop or provide the key, not to actual read the file contents out loud - neither is an accusation of guilt nor provides the prosecution with a hammer to beat her with, they just make her data available so the prosecution can look through it for a possible hammer, so how is it self-incrimination? It's no different to the police asking her for the key to the office she ran her (crooked) business from. Some of the bleeding hearts at the EFF need to stop and think carefully about the assistance they are giving to those that only want to break the law.

3
12
J 3
Mushroom

Boo hoo...

Poor little frightened person... Suck it up (or go read the Daily Mail). The law is (allegedly, although in practice...) to protect everyone from government arbitrariness, in order to keep the vast majority of non-scum safe. If every now and then a criminal is benefited... Well, collateral damage of a greater good. Or does "collateral damage" only applies to killing innocent brown people, as the term is usually applied in the US?

7
4

Not the case, the principle

EFF are not getting whipped up about the case, they are getting whipped up about the principle.

They can't weigh in until there is a case that addresses a principle - and here is one, so off they go.

Hurrah for the EFF and lets hope they get it established BEFORE some poor sucker ends up in the same position.

9
1

Fair enough, but where does it stop?

I doubt the EFF is going to find a pleasant house marm whose interests involve cats and crochet that needs the protection of the 4th, 5th, and 14th Ammendments. This woman may not be an ideal citizen, but I fully believe that forced disclosure of the keys is essentially compelling her to testify against herself if there is incriminating evidence.

It may not be physical torture á la Star Chamber but the threat of loss of liberty is significant when the threat for non-compliance is jail.

The US Constitution is frequently "tested" by the ignoble defense of shady characters, and I personally am thankful for it. Jurisprudence at work.

8
1
Silver badge
Facepalm

RE: Boo hoo...

It's truly a marvel of devolution that you can type with so many chips on your shoulder!

"Poor little frightened person... " Que? What exactly am I supposed to be frightened of? I'm more concerned that a body I normally support (the EFF) is dressing up as some sort of ACLU in techno drag.

"....or go read the Daily Mail..." Oh dear, you sad little wannabes really need to update your insults to something more 21st century. Or was that because someone hasn't spoonfed you any modern variations yet?

"....The law is (allegedly, although in practice...) to protect everyone from government arbitrariness...." Wrong! The law is there to outline what is criminal behaviour and the punishments that can be applied to those found guilty of said behaviour. The Fifth Amendment to the US Constitution covers a range of issues but also allows a defendent to not answer a question in court whilst under oath if the answer could incriminate them. It is not meant to protect against "government arbitrariness", it was actually intended to protect against extraction of a confession by torture. In application, in the US courts system, it was originally used so that the accused could not be found in contempt if they refused the judge's demand to answer a question. It has subsequently been used by less savoury types to obstruct investigations of a crime. The key is that the accused must be under oath in court to "plead the fifth", which Ms Ficuso plainly is not if it is still at the investigation stage.

Not even going to bother with the racial undertones in your final statement, just too silly for words. Please just grow up.

1
8
Facepalm

You would fail reading comprehension at a primary school

"....The third indictment alleges that several financial institutions and homeowners were defrauded in a scheme to buy properties under imminent foreclosure, pocket loan proceeds and then sell the homes without paying the outstanding mortgages....."

The key word is alleges, I could allege you murdered someone and hid the body, doesn't mean it's true. That is why we have trials and courts, so that people have the right to mount a defence.

As for moaning about why the EFF filing, would you prefer they didn't file the motion and allow precedent to be set? And when you are accused of something that I find distasteful, I can sit and pontificate on how the EFF shouldn't defend the likes of you.

1
0
Boffin

no, actually

you can invoke the fifth amendment at any point when being questioned, you do not have to be under oath. For a more complete explanation of the "Self Incrimination" section of the 5th Amendment, you might take a look at what Findlaw has to say.

http://caselaw.lp.findlaw.com/data/constitution/amendment05/

http://caselaw.lp.findlaw.com/data/constitution/amendment05/07.html

http://caselaw.lp.findlaw.com/data/constitution/amendment05/08.html

http://caselaw.lp.findlaw.com/data/constitution/amendment05/09.html

Then again, I'm sure you're extensive legal background is more authoritative.

3
0
Silver badge
FAIL

RE: You would fail reading comprehension at a primary school

"....The key word is alleges...." Yes, until the trial finishes in a judgement, it is only an alledged crime. But, the evidence available to the public is already pretty strong (she's been identifed by the mortgage vendors as one of the three parties that made the fraudulent loan requests). I'm guessing the prosecution just need the contents of her laptop files to really tie a bow on their case. I'm not saying she shouldn't be allowed to defend her case, just that I don't think the EFF is right to be helping her out.

"....would you prefer they didn't file the motion and allow precedent to be set?...." You also fail to see that if the case fails because the judge simply doesn't like her, then it sets a precedent for use against people you might consider more worthy of the EFF's support.

"....And when you are accused of something that I find distasteful, I can sit and pontificate on how the EFF shouldn't defend the likes of you...." Whilst I'm sure your circle of tinfoil-attired friends encrypt all the mindnumbingly boring informtaion on their laptops, I don't have anything encrypted on mine because I'm a bit more realistic, so no need for the EFF's support.

0
2
Anonymous Coward

Interesting

> but not the combination to a safe in much the same scenario

The EFF might have a strong case here. The prosecution is trying to argue that if you type the number into the keypad of a safe it is protected but if you type the number into the keypad of a laptop it is not. The obvious "solution" seems to be a safe that also serves as (or contains) a SecureID card.

1
0

No, they don't.

Because only lawyers could come up with the absurdity that you can be compelled to provide a key, but not a combination. Common folk everywhere see that for the point of accessibility providing either is functionally equivalent. So if you can be compelled to provide one, you should be compelled to provide the other. And that the same thing applies to encryption as well. Now it might well be that the original decision to compel turning over the key was wrong, but if it is assumed to be right, then the others are just verbal jujitsu to make the law say what your prejudices want it to say, not what it actually says.

3
3

It is absurd

A key IS a combination code, exactly equivalent to a written copy of said code. What happens if I memorize the key pin positions then destroy the physical key?

2
0

the point may be the same

But they are completely different. A key is a physical object, while a combination is an idea, a thought. One can be provided by a search, while the other you must say, write or enter. One you store in your pocket, the other only in your mind.

Down this path is "thought crime," and I'd rather not go there.

3
0
Anonymous Coward

not absurdity

"Because only lawyers could come up with the absurdity that you can be compelled to provide a key, but not a combination."

Actually -- this is not an absurdity. The combination could well only be known by one person. Keys, however can be copied. Duplicated. Or even Mastered.

Point : "give us the key for your safe" versus "give us the combination"

A key is a physical object, where there may be more than one. And likely are more than one. Combinations, although they can be shared could well be only in the mind of one person. I would gather that the differentiation comes from the fact that the manufacturer of said safe could well have a copy, or a master key, thus making the refusal of handing over the key a simple delaying tactic, since the prosecution could apply to have the safe opened by the manufacturer.

Not that ANY safe, once in the hands of any competent law enforcement agency would not be opened using *some* method. Key or not, combination or not. Which effectively moots the entire point of comparing "Safe key/combination" to "encrypted hard drive password"

Brute forcing a decent hard drive encryption routine, given decent salt, decent passphrase, and decent encryption routines could take several years -- even IF you have *really* good compute engines to chomp on the issue.

In most cases a couple of HOURS of work with appropriate welding tools will have that safe open.

2
0
Facepalm

"the" combination?

And what makes you think that there couldn't be more than one combination to a safe, withthe manufacturer able to disclose a "master" or "master reset" combination. Ever had to have a hotel safe unlocked before? [I've seen some that have physical keys that override the combinationand others that have master reset codes).

As for encryption, whether of data streams, volumes or flat files, have you never heard of encryption that has been "backdoored", either through software or hardware implementations?

0
0
Stop

@AC 1550

...but the police could seize the safe and then break the safe and then youre back to square one, where the password to go with the secureid card is being demanded...

0
0
IT Angle

Slippery Slope

The court must make the prosecution prove that the individual not only has access to the files in question, but also has 1. The authority to access the device in question, 2. The ability to access that device with a key, or other form of either digital or physical security token that prevents prosecutors from accessing that information, and 3. Has accessed the device in a directly related matter to the case at hand.

Basically, it should fall on the prosecution to prove that they must have access to the device, and that the individual in question has not only the ability to access the device, but the authority to access that device as well. For example, you couldn't arrest an IT Admin at a company, and ask him to divulge the encryption keys on all of the network computers, since he's not authorized to do such a thing.

The defendant should not have a case for "I don't know the password to the hard drive." before he is ordered to unlock the hard drive.

Also, as another item, the contents of a hard drive should fall under separate pieces of evidence, and should also follow the rules of appropriate search and seizure, requiring a warrant, and documenting the contents thereof. If the case is for child pron, and the search turns up nothing of the sorts, but it turns out he was torrenting the crap out of Walt Disney, the poor fellow shouldn't be liable to be charged with Copyright Infringement instead.

5
0

Page:

This topic is closed for new posts.

Forums

Biting the hand that feeds IT © 1998–2018