back to article US court test for rights not to hand over crypto keys

Civil liberties activists have lent their support to a case that will test whether a US citizen can refuse to decrypt personal data on the grounds that it might be self-incriminatory. The case involves allegedly fraudulent real estate transactions. The government wants a Colorado court to compel Ramona Fricosu, who is accused …

COMMENTS

This topic is closed for new posts.
  1. John Smith 19 Gold badge
    Flame

    " suspected possession of child abuse images and related offences is the "main reason" "

    And sounds so much better than "We've no idea what they've been up to and find the old TOTC ploy gets us a warrant no questions asked."

    But self incrimination would seem to be an *obvious* issue with this sort of evidence.

  2. Captain TickTock

    What if...

    you've genuinely lost the encryption keys?

    And how is handing over encyption keys self-incrimination,

    when handing over all paper records in the face of a warrant is not?

    Curious...

    1. Velv
      Holmes

      Further

      Drawing the next logical conclusion, if you hand write your records, surely they cannot be used against you, since it would be self-incriminating?

      I thought not.

      You would still be found guilty if you wrote in French - the Police just need an interpreter. So encrypted is just the same.

      The law is there to protect you from spoken evidence and the catch22 of lying. Any information committed to another medium (little black book, excel, encrypted zip) is not spoken and therefore fair game as evidence, and giving the key is not self-incriminating. If you want to keep it secret, don't write it down!

      1. Anonymous Coward
        Big Brother

        But what if?

        What if you buried your paper records in a secret location known only to yourself? Unless the police get lucky and stumble across your hiding place, to all intents and purposes that document only exists inside your head.

        In that case, you could argue compelling you to reveal its location amounts to self-incrimination.

        The really scary bit is the UK RIPA law that means if you genuinely forget where you put the records or if they never existed in the first place, you're going to jail.

        1. PacketPusher

          They cannot compel you

          I'm pretty sure that they cannot compel you to reveal the location of files or even the existence of the files. It is up to the police to find them once they have the search warrant. If they cannot find them, then they cannot be used against you.

          1. Matt Bryant Silver badge
            Happy

            RE: They cannot compel you

            ".....If they cannot find them, then they cannot be used against you." Ah, but a good prosecutor would show that you tried to hide the files, which can be used to imply guilt in the minds of the jury.

            1. TeeCee Gold badge
              Happy

              Re: RE: They cannot compel you

              And a good Judge would correctly instruct the jury to disregard that as purest speculation on the intentions of the accused when they chose where to store their files.

              Prosecutors always try to get away with all sorts of shit to influence the jury, but then so do defence lawyers. It's just how the adversarial system works......

        2. Mark 65

          RIPA

          The perfect defence is Truecrypt FDE, hidden partition. Do nothing of interest in the outer partition, everything of interest in the hidden one. Compelled to decrypt? Fine. Here officer, have this meaningless shit. Can't prove the hidden partition exists, then you cannot have the key.

          1. Anonymous Coward
            Anonymous Coward

            @Mark 65

            Sorry to burst your bubble, but hidden partitions in Trucecrypt are not actually hidden. Discovering their existence is trivial by diving the registry and/or log files on the host system. If you give the key to the "fake" partition, working out the existence of a hidden partition is simply a matter of TC size - fake partition size. Even the filesystems used can give the game away.

            And, finally, you think TC can't be cracked without the original key? Really, really?

            There are measures that can be taken - but if you are into that level of paranoia as a normal person, then you probably need help.

            1. Robot

              Cracking TrueCrypt

              "And, finally, you think TC can't be cracked without the original key? Really, really?"

              Can you give a link to that information? I refer to cracking TrueCrypt analytically or exploiting an inherent cryptographical weakness, rather than through social engineering or finding shreds of sector data that contain the original key. I mean cracking TrueCrypt "without" the original key, as you said.

            2. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        RE: Further

        Except that an encrypted file system is like a safe with a combination. While the police can use anything against you if they can get into the safe they cannot force you to give them the combination(in the USA). Your example of needing an interpreter is flawed. Since the defendant is the only one that could unlock this data(for example if he/she used a made up language to write down the hypothetical records that you mention) it would be self-incrimination to provide the key(combination to the virtual safe). The SCOTUS(should this case get that far) should hold that an encryption key is equivalent to a combination and therefore a defendant cannot be compelled to give such information to the police.

        1. Jim 59

          Combination

          "Except that an encrypted file system is like a safe with a combination. While the police can use anything against you if they can get into the safe they cannot force you to give them the combination(in the USA"

          Well spoken. However, the encrypted file system is virtually impossible for anyone to get in to (as far as we know). Whereas the authorities can force their way into pretty much any safe. So the "safe" situation is not a true reflection of the "encryption" situation.

          If they authorities can search your house for documents, why should they not be allowed to search your PC for electronic documents ? [I am undecided on the matter, just asking for opinion]. So much that we do is online, anything relevant to anyone's life will be found on their PC these days, and often nowhere else.

        2. danny_0x98

          Warrants

          If the police show probable cause that some of the contents of the may be material to the investigation of the crime and convince a judge who signs a warrant, that safe is going to be opened. Self-incrimination is about using a confession. It's in the US Constitution because kings were quite fond of torturing for admissions. Yes, I get the Guantanamo irony.

      3. Ken Hagan Gold badge

        Re: Further

        "The law is there to protect you from spoken evidence and the catch22 of lying."

        That might be part of the motivation, but this constitution also embeds rights to privacy that annoy authorities and a right to bear arms that exists precisely so that when push comes to shove you can shoot back at the bastards. It seems perfectly possible to me that the authors intended to offer blanket protection to the contents of your head. (In the historical context, governments within living memory had certainly attempted to break open people's head by a variety of means, so even if it wasn't explicitly stated as a motive, the authors would have understood this.)

        That is consistent with the interpretation that you can withhold a combination but not a key. A computer key is just a combination, so I'd expect the courts to side with the laptop owner in cases like this one, unless they want to overturn that previous decision.

    2. Anonymous Coward
      Anonymous Coward

      If you've got something to hide...

      encrypting it and keeping it in your house is the equivalent of locking it into a safe in your living room. Either way, the authorities will want the combination or the encryption key. Obstructing a legal search is presumably a crime anyway. So, if you do that, you are not being *asked* to incriminate yourself: you already have done! (And probably not many juries will believe you can't open your own safe one more time or decrypt your own documents.)

  3. NoneSuch Silver badge
    Meh

    Seems like some coppers in the states...

    ...need some tutoring on Rainbow Tables.

    Much better prosecution evidence anyway if they can brute force the info.

    1. Sam Liddicott

      NOT rainbow tables

      I don't think you understand what rainbow tables are for.

      They are for finding the data that produces a given hash, they are a reverse hash lookup table.

      I don' t think the coppers had a hashed password; the they were probably looking for a password which decrypted a key which decrypts SOMETHING which could be a file, file system or another layer of encrypted something.

      Good look finding a rainbow table for that when you don't even know what any of the intermediate somethings are supposed to look like.

  4. Anonymous Coward
    Anonymous Coward

    This is why we need a constitution in the UK

    So they tell us we have an unwritten constitution but when you consider the abuses of power that have become all too common here it just proves that it isn't worth the paper it's not printed on.

    1. OkKTY8KK5U

      A fine theory, but...

      ...courts in the United States have proven quite adept at interpreting the Constitution to be quite consistent with jackboots. It's better protection than nothing, I guess, but it mostly fails to prevent abuses of power over here, either.

    2. Kevin 43
      Mushroom

      Why?

      we already have one,

      http://en.wikipedia.org/wiki/Magna_Carta

      And it's being constantly erroded.

      1. Anonymous Coward
        Happy

        Plus

        Act of Settlement, 1701,

        Bill of Rights, 1689

        and other sources such as (quoted from http://www.historylearningsite.co.uk/british_constitution1.htm)

        Laws and Customs of Parliament; political conventions

        Case law; constitutional matters decided in a court of law

        Constitutional experts who have written on the subject such as Walter Bagehot and A.V Dicey

        i.e. evolution over a thousand years, not some big bang freezing the values and context of a particular era and argued about ever since.

      2. Anonymous Coward
        Unhappy

        Written constitution?

        I recall reading that the formal, written constitution of the late USSR was one of the best in the world.

        The USA seems to have more than its share of human rights problems, particularly in regards to the "justice" system. How can the infamous "perp walk" be in accord with rights to a fair trial etc.? Extradition without evidence and a system based on the financial means to defend oneself at law, get medical treatment, progress in politics? I fail to see that the average citizen benefits much. The IR seems to be above all normal considerations. Data Protection? Interesting concept in the USA.

        1. TeeCee Gold badge
          WTF?

          Re: Written constitution?

          In Russia, Constitution has right to amend you!

      3. Anonymous Coward
        Pint

        Hmmm

        I was of the idea that Magna Carta was purely for the Earls and Barons to ensure the ruling monarch could not exceed their power and get too big for their boots, it was not to protect the peasants but that peasants might benefit by it in a round-a-bout sort of way.

    3. Graham Marsden

      @This is why we need a constitution in the UK

      I agree, but only if it is written *without* the "weasel clauses" that allow the Government to effectively negate the protections given.

      Eg Article 8 of the European Convention on Human Rights says:

      1. Everyone has the right to respect for his private and family life, his home and his correspondence.

      But it then goes on to say:

      2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

      Those exceptions pretty much let the Government say "well, we need to do this for (insert spurious but plausible reason here)" and thus trample all over the rights it's trying to protect.

  5. Anonymous Coward
    Big Brother

    first person jailed for failing to hand over encryption keys?

    "However, as first reported in The Register back in 2009, the first person jailed for failing to hand over encryption keys to authorities was a schizophrenic software developer initially charged with explosives offences that were later dropped during a police inquiry"

    What ever happened to him, is he still locked up ...

    http://k-world.me.uk/2009/11/24/uk-jails-schizophrenic-for-refusal-to-decrypt-files/

    1. myhandle
      Thumb Down

      The last I heard

      The last I heard anything about him was that he was put in an asylam after he came out of jail. God knows whey he wasn't put in there first. Or whether being in jail made him crazy. Sounds like a little person that doesn't have money for big lawyers.

    2. JohnG

      Re: first person jailed for failing to hand over encryption keys?

      It is a scary story. I did not hear any mention of him being given access to legal advice. If he had such advice, he might have been told that he no longer had an absolute right to silence and that RIPA trumped his EU rights.

      Perhaps the US administration may use this case in their ongoing efforts to extradite Gary McKinnon.

  6. Anonymous Coward
    Anonymous Coward

    Irelavant

    It doesn't matter. If it's a common joe, he's going to jail regardless. If it's a big time corporate company or some millionaire republican, they'll walk. plain and simple.

    1. Matt Bryant Silver badge
      FAIL

      RE: Irelevant (sic)

      I suggest you go read up on Pardongate if you seriously think only Republican's get away with anything (http://en.wikipedia.org/wiki/Bill_Clinton_pardons_controversy).

      In the meantime, I would suggest the EFF sticks to software patents law.

  7. Anonymous Coward
    Anonymous Coward

    Have they tried "passw0rd"?

    Or they could just label him an "enemy combatant" and throw him in Guantanamo.

    (prepared for downvotes :-) )

    1. Matt Bryant Silver badge
      Facepalm

      RE: Have they tried "passw0rd"?

      "Or they could just label him an "enemy combatant"....." It's a she, not a he, which just goes to show the complete lack of any background reading that went into your post, either on Ramona Fricosu or on the topic of enemy combatants. Don't worry, I'm sure there were a few equally unknowledgeable people that read your post and were stupid enough to actually think it was lulz good.

  8. Dazed and Confused

    Written constitution

    The last go at forcing a written constitution on us was written by the marketing department of the EU.

    They seem to have lost track of what a constitution was supposed to be there fore.

  9. Matt Bryant Silver badge
    Stop

    Shielding a criminal, not a "hero".

    A few more details on the actual accussations:

    "....The third indictment alleges that several financial institutions and homeowners were defrauded in a scheme to buy properties under imminent foreclosure, pocket loan proceeds and then sell the homes without paying the outstanding mortgages....."

    So, she's not some beacon of righteousness fighting The Man, she's accused of pretty base fraud. This is the best case the EFF could find to get all whipped up and frothy about? Besides, she is just being asked to decrypt the laptop or provide the key, not to actual read the file contents out loud - neither is an accusation of guilt nor provides the prosecution with a hammer to beat her with, they just make her data available so the prosecution can look through it for a possible hammer, so how is it self-incrimination? It's no different to the police asking her for the key to the office she ran her (crooked) business from. Some of the bleeding hearts at the EFF need to stop and think carefully about the assistance they are giving to those that only want to break the law.

    1. J 3
      Mushroom

      Boo hoo...

      Poor little frightened person... Suck it up (or go read the Daily Mail). The law is (allegedly, although in practice...) to protect everyone from government arbitrariness, in order to keep the vast majority of non-scum safe. If every now and then a criminal is benefited... Well, collateral damage of a greater good. Or does "collateral damage" only applies to killing innocent brown people, as the term is usually applied in the US?

      1. Matt Bryant Silver badge
        Facepalm

        RE: Boo hoo...

        It's truly a marvel of devolution that you can type with so many chips on your shoulder!

        "Poor little frightened person... " Que? What exactly am I supposed to be frightened of? I'm more concerned that a body I normally support (the EFF) is dressing up as some sort of ACLU in techno drag.

        "....or go read the Daily Mail..." Oh dear, you sad little wannabes really need to update your insults to something more 21st century. Or was that because someone hasn't spoonfed you any modern variations yet?

        "....The law is (allegedly, although in practice...) to protect everyone from government arbitrariness...." Wrong! The law is there to outline what is criminal behaviour and the punishments that can be applied to those found guilty of said behaviour. The Fifth Amendment to the US Constitution covers a range of issues but also allows a defendent to not answer a question in court whilst under oath if the answer could incriminate them. It is not meant to protect against "government arbitrariness", it was actually intended to protect against extraction of a confession by torture. In application, in the US courts system, it was originally used so that the accused could not be found in contempt if they refused the judge's demand to answer a question. It has subsequently been used by less savoury types to obstruct investigations of a crime. The key is that the accused must be under oath in court to "plead the fifth", which Ms Ficuso plainly is not if it is still at the investigation stage.

        Not even going to bother with the racial undertones in your final statement, just too silly for words. Please just grow up.

        1. Oninoshiko
          Boffin

          no, actually

          you can invoke the fifth amendment at any point when being questioned, you do not have to be under oath. For a more complete explanation of the "Self Incrimination" section of the 5th Amendment, you might take a look at what Findlaw has to say.

          http://caselaw.lp.findlaw.com/data/constitution/amendment05/

          http://caselaw.lp.findlaw.com/data/constitution/amendment05/07.html

          http://caselaw.lp.findlaw.com/data/constitution/amendment05/08.html

          http://caselaw.lp.findlaw.com/data/constitution/amendment05/09.html

          Then again, I'm sure you're extensive legal background is more authoritative.

    2. Sam Liddicott

      Not the case, the principle

      EFF are not getting whipped up about the case, they are getting whipped up about the principle.

      They can't weigh in until there is a case that addresses a principle - and here is one, so off they go.

      Hurrah for the EFF and lets hope they get it established BEFORE some poor sucker ends up in the same position.

    3. multipharious

      Fair enough, but where does it stop?

      I doubt the EFF is going to find a pleasant house marm whose interests involve cats and crochet that needs the protection of the 4th, 5th, and 14th Ammendments. This woman may not be an ideal citizen, but I fully believe that forced disclosure of the keys is essentially compelling her to testify against herself if there is incriminating evidence.

      It may not be physical torture á la Star Chamber but the threat of loss of liberty is significant when the threat for non-compliance is jail.

      The US Constitution is frequently "tested" by the ignoble defense of shady characters, and I personally am thankful for it. Jurisprudence at work.

    4. David Neil
      Facepalm

      You would fail reading comprehension at a primary school

      "....The third indictment alleges that several financial institutions and homeowners were defrauded in a scheme to buy properties under imminent foreclosure, pocket loan proceeds and then sell the homes without paying the outstanding mortgages....."

      The key word is alleges, I could allege you murdered someone and hid the body, doesn't mean it's true. That is why we have trials and courts, so that people have the right to mount a defence.

      As for moaning about why the EFF filing, would you prefer they didn't file the motion and allow precedent to be set? And when you are accused of something that I find distasteful, I can sit and pontificate on how the EFF shouldn't defend the likes of you.

      1. Matt Bryant Silver badge
        FAIL

        RE: You would fail reading comprehension at a primary school

        "....The key word is alleges...." Yes, until the trial finishes in a judgement, it is only an alledged crime. But, the evidence available to the public is already pretty strong (she's been identifed by the mortgage vendors as one of the three parties that made the fraudulent loan requests). I'm guessing the prosecution just need the contents of her laptop files to really tie a bow on their case. I'm not saying she shouldn't be allowed to defend her case, just that I don't think the EFF is right to be helping her out.

        "....would you prefer they didn't file the motion and allow precedent to be set?...." You also fail to see that if the case fails because the judge simply doesn't like her, then it sets a precedent for use against people you might consider more worthy of the EFF's support.

        "....And when you are accused of something that I find distasteful, I can sit and pontificate on how the EFF shouldn't defend the likes of you...." Whilst I'm sure your circle of tinfoil-attired friends encrypt all the mindnumbingly boring informtaion on their laptops, I don't have anything encrypted on mine because I'm a bit more realistic, so no need for the EFF's support.

  10. IceMage
    IT Angle

    Slippery Slope

    The court must make the prosecution prove that the individual not only has access to the files in question, but also has 1. The authority to access the device in question, 2. The ability to access that device with a key, or other form of either digital or physical security token that prevents prosecutors from accessing that information, and 3. Has accessed the device in a directly related matter to the case at hand.

    Basically, it should fall on the prosecution to prove that they must have access to the device, and that the individual in question has not only the ability to access the device, but the authority to access that device as well. For example, you couldn't arrest an IT Admin at a company, and ask him to divulge the encryption keys on all of the network computers, since he's not authorized to do such a thing.

    The defendant should not have a case for "I don't know the password to the hard drive." before he is ordered to unlock the hard drive.

    Also, as another item, the contents of a hard drive should fall under separate pieces of evidence, and should also follow the rules of appropriate search and seizure, requiring a warrant, and documenting the contents thereof. If the case is for child pron, and the search turns up nothing of the sorts, but it turns out he was torrenting the crap out of Walt Disney, the poor fellow shouldn't be liable to be charged with Copyright Infringement instead.

    1. Charles 9

      Second case? Second warrant.

      If, in the process of serving a search warrant for one crime, evidence of another crime turns up, the evidence is noted but left alone while a police officer is instructed to make haste to a judge or magistrate on duty, explain the situation at hand, and obtain a second search warrant, this time for evidence of the second crime. Meanwhile, the officers already there draw out the search. Since they are still present, the evidence cannot be touched since the original search is still in progress. All the officer has to do is come back with the new warrant before they run out of things to search and they're all legal to take the new evidence.

    2. Anonymous Coward
      WTF?

      @IceMage

      You're kidding right? If the cops are searching my house on a warrant for suspicion of stolen goods and find my pot crop growing in the back room they sure as hell aren't just going to leave it there...

      1. Anonymous Coward
        Mushroom

        we ain't in Kansas anymore ....

        In the UK, highly likely. In the US no way. No US judge would allow evidence of pot growing into a court if the warrant was issued for stolen goods. 4th Amendment is taken seriously. In fact I doubt you could get a warrant for "stolen goods" - far too vague. Appeal courts are very hard on loosely drafted warrants, and have been known to throw them out - usually meaning the conviction is overturned.

        There *are* exceptions - and I guess federal agencies feel less fettered by such niceties.

        To those griping about the flaws in the US constitution - you may have a point - but it still stands as an explicitly binding statement that the states power over the citizen is not absolute, and needs control. Sadly, there is no document *anywhere* in the British political system which does the same.

        1. Anonymous Coward
          Mushroom

          title required

          Wrong, like so many arguments about the magna carta, we do have documents that explictly detail the curtailment of the governments power against the people.

          Those documents are the centuries of case law & judgements that our judicial system has created.

          Which is a much better system allowing change to happen when society changes rather than some musty old document setting in stone a type of society no longer in existence

          1. Anonymous Coward
            Mushroom

            But since the Magna Carta has no legal standing

            it may as well be a copy of next Sundays NoTW (and that's before I ask "which version ?"

            The problem with Britains "ethereal" constitution - and one which Coke, Dicey et al couldn't have seen coming - is that because it's "unwritten" and uncodified, it can be pissed over from a great height, by concerted and cynical manouvring of parliament.

            Which is *exactly* what has happened over the past few years.

  11. Anonymous Coward
    Anonymous Coward

    Interesting

    > but not the combination to a safe in much the same scenario

    The EFF might have a strong case here. The prosecution is trying to argue that if you type the number into the keypad of a safe it is protected but if you type the number into the keypad of a laptop it is not. The obvious "solution" seems to be a safe that also serves as (or contains) a SecureID card.

    1. Tom 13

      No, they don't.

      Because only lawyers could come up with the absurdity that you can be compelled to provide a key, but not a combination. Common folk everywhere see that for the point of accessibility providing either is functionally equivalent. So if you can be compelled to provide one, you should be compelled to provide the other. And that the same thing applies to encryption as well. Now it might well be that the original decision to compel turning over the key was wrong, but if it is assumed to be right, then the others are just verbal jujitsu to make the law say what your prejudices want it to say, not what it actually says.

      1. Oninoshiko

        the point may be the same

        But they are completely different. A key is a physical object, while a combination is an idea, a thought. One can be provided by a search, while the other you must say, write or enter. One you store in your pocket, the other only in your mind.

        Down this path is "thought crime," and I'd rather not go there.

      2. Chris 244

        It is absurd

        A key IS a combination code, exactly equivalent to a written copy of said code. What happens if I memorize the key pin positions then destroy the physical key?

      3. Anonymous Coward
        Anonymous Coward

        not absurdity

        "Because only lawyers could come up with the absurdity that you can be compelled to provide a key, but not a combination."

        Actually -- this is not an absurdity. The combination could well only be known by one person. Keys, however can be copied. Duplicated. Or even Mastered.

        Point : "give us the key for your safe" versus "give us the combination"

        A key is a physical object, where there may be more than one. And likely are more than one. Combinations, although they can be shared could well be only in the mind of one person. I would gather that the differentiation comes from the fact that the manufacturer of said safe could well have a copy, or a master key, thus making the refusal of handing over the key a simple delaying tactic, since the prosecution could apply to have the safe opened by the manufacturer.

        Not that ANY safe, once in the hands of any competent law enforcement agency would not be opened using *some* method. Key or not, combination or not. Which effectively moots the entire point of comparing "Safe key/combination" to "encrypted hard drive password"

        Brute forcing a decent hard drive encryption routine, given decent salt, decent passphrase, and decent encryption routines could take several years -- even IF you have *really* good compute engines to chomp on the issue.

        In most cases a couple of HOURS of work with appropriate welding tools will have that safe open.

        1. Anonymous Coward
          Facepalm

          "the" combination?

          And what makes you think that there couldn't be more than one combination to a safe, withthe manufacturer able to disclose a "master" or "master reset" combination. Ever had to have a hotel safe unlocked before? [I've seen some that have physical keys that override the combinationand others that have master reset codes).

          As for encryption, whether of data streams, volumes or flat files, have you never heard of encryption that has been "backdoored", either through software or hardware implementations?

    2. Paul 172
      Stop

      @AC 1550

      ...but the police could seize the safe and then break the safe and then youre back to square one, where the password to go with the secureid card is being demanded...

  12. Matt Bryant Silver badge
    Boffin

    The act of decryption is not self-incrimination.

    The self-incriminating material is the data, not the act of encrypting or decrypting it. The analogy of the safe used above is a good example. Say Mr X is accused of shooting dead Mrs X, and the police suspect he has stashed the murder weapon in his safe, which he now refuses to open. If the police asked in court, "Is the gun you used to kill Mrs X in your safe?", then Mr X could plead the Fifth as answering would be incriminating. However, the incriminating evidence is the gun, not the safe door, so it is irrellevant whether it is locked or not, the act of opening the safe door in itself would not incriminate Mr X, it is the fact that the gun would be found after the door was opened that would do so. Similarly, the act of encrypting or decrypting the data on Ms Fricosu's laptop is not in itself a crime, it would have to be read afterwards to actually become incriminating. I suspect the material on the laptop either shows where she stashed the cash, or that others were accomplices to the act, or that she committed other as yet undetected frauds.

    1. Anonymous Coward
      Boffin

      Decryption Key

      So if my key were an object containing KP material (say a thoroughly disgusting png), the accused be safe from revealing said key? The key itself if is illegal...

      One way to do this is to use an image from an illegal site, sort of like using a word string from a random page in Shakespeare's works (but more secure).

      Next you'd say, but one can provide the URL to the jpg. But simply revealing a knowledge of the URL to the jpg implies the accused has seen it and therefore partaken of forbidden fruit, which seems avoidable by invoking the Fifth Amendment.

      The real solution it seems to me is to say, if you don't reveal the key, the statute of limitations does not apply (or maybe starts from the point where decryption is realistically feasible). Eventually, the tech will catch up with you, if the coppers live long enough. This isn't a lot different from the piles of perps convicted many years after the fact when DNA evidence capability caught up with them (tho the coppers were limited by a long SOL still).

    2. Anonymous Coward
      Anonymous Coward

      It might well be.

      Imagine that the encryption is based on a simple one-time pad. In this case, without the key, there simply IS NO INFORMATION. In fact, with simple xor-based one-time pad encryption, you can extract *any* information if you have a suitable key. In this case, providing the key is equal to providing the information.

      Same applies to any steganograpic method: you have no idea whether there's any information until you get the key.

      And, same applies to TrueCrypt hidden volumes: without the keys, they're indistinguishable from /dev/urandom dump.

      1. TeeCee Gold badge
        WTF?

        Re: It might well be.

        Truecrypt hidden volumes.

        Maybe, but you'd have to be the dumbest investigator on the planet not to smell a rat at the sight of umpty-megabytes of apparently random crud stored somewhere.

        Not incriminating in itself, but at the very least it's a good, solid clue to dig harder.

    3. Anonymous Coward
      Big Brother

      @The act of decryption is not self-incrimination

      I don't think you should be able to separate the acts in such a way. In your example providing the safe combination inevitably means they will find the gun which will be enough to convict Mr X.

      Basically I don't see any difference here. Effectively you can reword the situation as "the law says you must tell us what we need to know to convict you".

      Classic catch-22. Either tell them and go to jail, or don't tell them and still go to jail.

  13. Yet Another Anonymous coward Silver badge

    @The act of decryption is not self-incrimination.

    I think the issue here is more the search process.

    A warrant to hand over document X - where you are forced to do so if it's in a key locked safe but not if it's in a combination safe is obviously silly.

    The problem with requiring handing over encryption keys in general is that the amount of stuff stored about you.

    A warrant requesting everything you had ever read, every message you had ever sent, every phone call, and every web site visited would be rejected by the judge as a fishing expedition - but by routinely demanding the decryption keys this is what they are after.

  14. Anonymous Coward
    Anonymous Coward

    Torture

    With all the problems I have with the RIPA law, like it should have only ever been used in national security scenarios with overwhelming evidence as to why it should be used in each case. The one thing no-one ever mentions is that how is it like torture.

    How is 'we want to know something that only you know so why are going to take away your liberty until you let us what it is', different to 'we want to know something that only you know so we are going to use these pair of pliers until you tell us what it is'. I thought this was the reason we have rules against self incrimination as it stop's people incriminating themselves under torture.

    The real problem is that you can use the safe scenario, but the alleged criminal does not have to give up the combination as the authorities can break in. The problems is that 'safe' technology has gotten to the point where the authorities have a hard time breaking in. But rather than put in the necessary resources and cost so you can break these new types of safe, people are happy to curb our liberties. So the real message is civil liberties are great as long as they don't cost to much to uphold.....

    I liked the setup up until now where you could tell it was a serious crime else they would not have put in the resources to break the encryption. As that approach steps no civil liberties.

    1. Anonymous Coward
      Big Brother

      yes, and what is torture?

      You can see how the US is treating Bradley Manning--solitary confinement for months on end and all other sorts of indignities and horrors.

      So, if you aren't willing to give up your password, does that possibly mean indefinite detention? Solitary confinement? Confinement with some rat friends? A little water boarding for entertainment?

      A Bush administration lawyer tried to define torture as only actions leading to organ failure or death... do "civilized" countries wish to beat the truth out of criminal suspects?

    2. Charles 9

      Double-edged sword.

      There are two reasons they don't publicly pursue codebreaking.

      One is that they use the technology themselves. Most public-sector encryption tech is the result of competitions that enlist the private sector. As a result, trying to break consumer encryption will have the inevitable side effect of making THEIR encryption vulnerable.

      The other is that the encryption is DESIGNED to be hard to break. These aren't your basic cobbled-together Ceasar ciphers or whatnot. These were designed to be hardened against codebreaking, much as you can build safes with safecracker ratings of anywhere from "5 minutes" to "several hours" or so. Barring a fatal flaw or a computing breakthrough, these encryptions are like top-rated safes: not going to be broken anytime soon.

  15. david 63

    Just a thought...

    ...how will anyone know national security is involved if I'm refusing to give up my crypto key?

    1. TeeCee Gold badge
      Black Helicopters

      Re: Just a thought...

      And a good thought at that. Here's another one:

      How can you or your legal representatives show that it isn't without disclosing the data............?

    2. Anonymous Coward
      Black Helicopters

      Bingo !

      At least in the US, if they do get a warrant to obtain the decrypt key, it would have to be for something *specific* - and any other evidence found would be inadmissable.

      In the UK, you are ****ed.

    3. Anonymous Coward
      Anonymous Coward

      Re: just a thought

      "...how will anyone know national security is involved if I'm refusing to give up my crypto key?"

      I would expect that there would be evidence of involvement in some activity detrimental to national security. Otherwise it is a fishing expedition. I would expect the anchorites to turn up in front of a judge with a very good argument backed up by evidence of criminal associations, etc before being given the power to compel some to divulge keys.

      This is known at least in the US as 'probable cause'. And without this search warrants are not granted

  16. Anonymous Coward
    Trollface

    Trollolol

    I win! My PC passwords themselves always contains admissions of criminal guilt - you can't compel me to reveal a password that is in and of itself self-incriminating. Eat me!

  17. Anonymous Coward
    Anonymous Coward

    Explanation of border security

    I have done a small amount of research into border security when recent cases of detained journalists and confiscated laptops came up.

    The legal justification for this nonsense is that when you are going through border security, you are not actually officially in any country, so you have no rights, so the border security people can do whatever they want to you.

    So you can try to not give them your encryption keys and passwords on the grounds of constitutional rights, but they have guns.

    1. Anonymous Coward
      Anonymous Coward

      So do I...

      If I'm not in any country and I have no rights, then there are also no laws and you have no authority to arrest me. I call bullshit on that train of "logic".

      1. Anonymous Coward
        Anonymous Coward

        If there are no laws

        nobody *needs* any authority to arrest you; being better armed is enough.

  18. Matt Bryant Silver badge
    FAIL

    RE: So do I...

    "....then there are also no laws and you have no authority to arrest me...." I call BS on your ability to research. There are international laws that govern how you move between countries that cover "unowned" areas in between, like the open oceans and international airspace, and those include international laws that allow sovereign countries to stop and search you for certain items.

This topic is closed for new posts.

Other stories you might like