Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
When Uncle Sam Can Demand You Decrypt Laptop
Newest First  |  Oldest First  |  Threaded View
Deathbecon
50%
50%
Deathbecon,
User Rank: Apprentice
10/8/2012 | 6:28:17 AM
re: When Uncle Sam Can Demand You Decrypt Laptop
Sorry probable cause does not negate the fifth amendment the first case you sighted observed that the office saw the intended evidence where the second is on hearsay evidence. I would not in her place give them the password because one the drive is protected because there was no direct evidence that the information is on the drive other than the direct mention of it on the phone conversation but that's not a direct observation by law enforcement. The second is there exists alternate methods of retrieving the information whether it is efficient or not has no bearing. There is still such a thing as privacy in this world and I would take this to the supreme court before I would give up the password.
randomchaos
50%
50%
randomchaos,
User Rank: Apprentice
5/29/2012 | 6:24:44 PM
re: When Uncle Sam Can Demand You Decrypt Laptop
Should we be able to write a message that the government cannot see? Obviously we can and will continue to do so, more now than ever.
MITDGreenb
50%
50%
MITDGreenb,
User Rank: Apprentice
2/17/2012 | 2:22:53 AM
re: When Uncle Sam Can Demand You Decrypt Laptop
I think the logic here is a bit flawed. Suppose we went back about a century. During a search of a house, the police find a handwritten notebook. It appears incriminating and, in fact, the occupant of the house is so agitated that the Police have it that she demands its return. The Police take it away only to find out that the text is written in code, whereupon the Police return and demand that the occupant/owner of the book:
1) give them the means to decode the book themselves. "A grand jury issued a subpoena demanding that the man furnish the password, but he protested that it would violate his Fifth Amendment right against self-incrimination. A judge concurred."
2) give them a decoded copy of the book by a certain date. The occupant argues that this is a breech of Fifth Amendment rights, but the government rules "where the existence and location of the documents are known to the government, no constitutional rights are touched, because these matters are a foregone conclusion."

Now, looking at this as a book... of known existence, ownership, and location... it seems ludicrous. It is not a foregone conclusion that the book would be decoded and, therefore, in my opinion, compelling the creation and forfeiture of a decoded copy constitutes a violation of self-incrimination.

Jellico1969
50%
50%
Jellico1969,
User Rank: Apprentice
1/25/2012 | 9:58:14 PM
re: When Uncle Sam Can Demand You Decrypt Laptop
You know, it occurs to me that a plausible reply for her is to provide a password that she believes is the correct one, and when it doesn't work, she can claim the drive was damaged or altered while in possession of law enforcement officials. She can claim cooperation and it would be impossible for the prosecution to prove otherwise (unless she's stupid enough to talk about it on the phone). Anyway, that was my thought upon reading the judge's ruling.
theonlyaether
50%
50%
theonlyaether,
User Rank: Apprentice
1/25/2012 | 1:50:25 PM
re: When Uncle Sam Can Demand You Decrypt Laptop
If I'm understanding the judge's order, this is nothing like opening a safe. The government will give Fricosu a "copy" of the encrypted drive, and then Fricosu has 15 days to produce a decrypted "copy" of the drive. So in a sense the owner does not need to be compelled to produce their knowledge of the lock/code/password, but they do need to act on that knowledge, like in the case of a safe.

Unlike a safe... Firstly - a decrypted version will never be a copy, of course. Unlike a safe you're not simply removing an outer barrier, this is crypto - you're rearranging the contents like a puzzle. Secondly - what's to stop Fricosu from producing a selectively decrypted "copy"? Do they plan on using some kind of hashing algorithm to verify the drive's contents (doubtful)?

I'm going to assume that they're counting on the idea that the user is as ignorant as the judge in this case.
Dris
50%
50%
Dris,
User Rank: Apprentice
1/25/2012 | 12:16:55 AM
re: When Uncle Sam Can Demand You Decrypt Laptop
I fail to see the reasoning by the judge. I have encrypted archive files on my hard disk. My personal finance records, for example. I routinely use a security utility program to wipe all free and slack space so remnants of my private files can't be recovered. My archive encryption is strong encryption. I use Pretty Good Privacy (PGP) which last time I looked was "military grade", if that means anything. I have several user accounts on my machines as well as other people, so their trick of the user name in the machine name would probably not apply to the archives. I use a "used" machine and I never wiped the system, so all of the old owner's stuff is still there. Isn't there then a question of ownership of an archive? for ME, I am not about to divulge my passwords for my archives. Feel free to try to break my encryption. Giving up my passwords, in my opinion, amounts to allowing a fishing expedition. It is one thing in the case of the porn to see it and then want to get it later, which makes sense to me since after all, they already have knowledge. But, it is something else in my case as no one but me knows what is IN my archives. There is no tangible evidence in my archives as there might be in the drug dealer's safe. I will open my archives to assist in my defense, but I refuse to open my archives to assist in prosecution. Isn't THAT what the 5th amendment is all about? Wouldn't opening my archives amount to self-incrimination? Based on this article, I guess I am just going to have to accept being held in contempt of court if push comes to shove... This is as bad as the Clipper Chip hardware encryption that the Fed wanted to force on the public a while back instead of using individual encryption like PGP. You know the one, the hardware encryption chip with a backdoor master password that supposedly only the Fed and other authorities would have... The only legal encryption was going to be the chip with the backdoor! How would YOU like it to have the Fed be able to read anything YOU encrypted? Sorry, but I doubt I will be assisting the prosecution anytime soon... 5th amendment... Hey! Where are we going? And why are we in this handbasket?
YMOM100
50%
50%
YMOM100,
User Rank: Apprentice
1/24/2012 | 10:47:55 PM
re: When Uncle Sam Can Demand You Decrypt Laptop
One issue is that by providing access, the defendant is admitting knowledge and control. There were three computers in the house. The government would need to prove the contents were under the control of Fricosu. In this case, the government has already proved that point to the court (and the defendant actually demanded the laptop be returned to her which is an admission of ownership.)

Where a safe is found in the house of a defendant the question of ownership of the safe is not normally an issue. It was located in the defendant's house, thus it is under his control. So, issuing a court order to open the safe is not a 5th Amendment issue. This would be similar to when courts have compelled defendant's to supply the key to their safe deposit boxes.
Bprince
50%
50%
Bprince,
User Rank: Ninja
1/24/2012 | 8:51:30 PM
re: When Uncle Sam Can Demand You Decrypt Laptop
Interesting case. Isn't this the same as finding a safe in the house of a suspected drug dealer and demanding the person open it (assuming the cops had a warrant to search the house)?
Brian Prince, InformationWeek/Dark Reading Comment Moderator


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.