Once Again, Courts Struggle With Whether Or Not Forcing You To Decrypt Your Computer Is Unconstitutional
from the back-and-forth dept
For years, courts have gone back and forth over whether or not it’s a 5th Amendment violation to force someone to decrypt their computer hard drives. Some have noted that it is a form of self-incrimination, and thus cannot be required, but others have ruled the other way. Not surprisingly, the Justice Department thinks there’s no Constitutional issue and that judges should regularly require decryption.
This issue is getting lots of attention yet again, as a judge recently ruled that a guy accused of child porn had to decrypt his hard drives, while another judge quickly reversed that order, noting that the 5th Amendment issues hadn’t been properly briefed, and ordering the parties to present their arguments on the 5th Amendment issue before the court would make a final decision. This case alone has gone back and forth a few times, with the magistrate judge initially saying that the 5th Amendment forbade the decryption order, but then changing his mind, only to then step aside and let the other judge put things on hold for a bit.
This issue is going to come up again and again, and you know that eventually the Supreme Court will have to weigh in. In the meantime, it’ll be interesting to see how these cases play out. In this case, part of the reason why the magistrate ordered the decryption was because law enforcement had cracked one of the hard drives themselves, and claimed to have found evidence of child porn. The judge felt that provided enough evidence to require the other drives be decrypted, since before that part of the argument had been that there hadn’t been enough evidence to require the decryption. Honestly, it seems like the fact that feds decrypted the drive themselves actually provides more weight to the flip side of the argument, noting that the feds have other ways of getting evidence that don’t require forcing someone to decrypt their own hard drives. There’s nothing wrong with using legally obtained evidence of a crime against someone — but forcing them to build their own case against themselves is certainly a big Constitutional no-no.
Filed Under: 5th amendment, encryption
Comments on “Once Again, Courts Struggle With Whether Or Not Forcing You To Decrypt Your Computer Is Unconstitutional”
Since DNA collection was just legitimized… Its only a matter of time before this type of thing is too.
Re: Re:
The DNA collection is a settled issue, it’s not going to get overturned by a future court.
This is different. If the courts keep ruling that people have to incriminate themselves then people will keep on refusing to obey the court orders, or appealing on grounds of self incrimination. Even a Supreme Court ruling saying they can make you incriminate yourself won’t end this.
The only way this issue can be settled for good is to rule it a violation of the 5th amendment. Much as a lot of the judges on the courts are complete idiots, I think enough of them will see this and rule the right way.
Re: Re: Re:
A fringe of wacko academics, in the wake of the waterboarding news, have ever since strenuously argued for ?torture warrants.?
I just called ’em a fringe of wacko academics, but ?sorry? they’re really respected conservative thinkers and jurists.
That’s where we’re headed: ?? Torture warrants.
Re: Re: Re: Where hearts were entertaining june...
A fringe of wacko academics, in the wake of the waterboarding news, have ever since strenuously argued for ?torture warrants.?
I just called ’em a fringe of wacko academics, but ?sorry? they’re really respected conservative thinkers and jurists.
I understand this concern on behalf of the taxpayers. People want value for money. That’s why we always insist on the principal of Information Retrieval charges. It’s absolutely right and fair that those found guilty should pay for their periods of detention and the Information Retrieval procedures used in their interrogations.
Another issue
I wonder did law enforcement have the appropriate warrant before they went ahead and did their own decryption.
Re: Another issue
See the Banner Affidavit (sworn April 5th, 2013) attached (beginning p.14 in PDF) to Application Under the All Writs Act Requiring Jeffrey Feldman to Assist in the Execution of Previously-Issued Search Warrant.
Clearly Mike is supporting child pornography! How can this copytard stoop so low?!
/troll
You've omitted -- or don't understand -- a severe complication.
DOJ claims to have decrypted one drive, so now it’s a yet more anomalous situation where the judge has ruled that defendant is simply being obstinate in admitting what’s proven from other means.
I still hold that this is forced testimony. But it’s become dicey. Also, can’t overlook that DOJ has probable cause here because an agent claims to have seen CP before the drive was turned off.
Re: You've omitted -- or don't understand -- a severe complication.
They have probable cause to seize the drives – however, the suspect has no obligation to help them decrypt the drives.
That’s the DOJ’s problem – if they want the information bad enough (read: it’s worth it), then they have the means to try and decrypt it.
I disagree that it’s dicey – it’s just become inconvenient for law enforcement to have to do any REAL work lately. It’s much easier to compel people to prosecute themselves.
Re: You've omitted -- or don't understand -- a severe complication.
If the DOJ claim to have decrypted one drive then there is no reason for the DOJ to take the matter to court to get the passwords revealed to them when they have already claimed to decrypt the hard drive without a password and thus showing prove clear that they don’t need the passwords.
Re: Re: You've omitted -- or don't understand -- a severe complication.
No… There’s a big difference between the DOJ decrypting the drive and finding something there, and you PROVING that you have the keys to do the same… There is still deniability in the current case. If he is forced to cough up the keys, he is being forced to implicate himself.
Re: You've omitted -- or don't understand -- a severe complication.
That’s not what I’m reading in the April 5th, 2013 Affidavit of Special Agent Brett E. Banner.
Perhaps you can provide a source for your assertion?
Re: You've omitted -- or don't understand -- a severe complication.
After recent events I don’t think the DOJ should have that kind of respect.
People lie, hearsay should never be part of any real prosecution, they should show the evidence, it could have been God saying he saw it and I still would want to see the evidence.
Re: You've omitted -- or don't understand -- a severe complication.
I might agree with you if we were talking about a 4th amendment issue here, but we’re not. This is a 5th amendment issue and no amount of evidence or probable cause can route around the 5th amendment. As long as they have a warrant, I fully support them cracking the drives, but nothing could get me to support forcing a defendant to build the case against himself (by giving them the keys).
Great constitutional analysis there, Mikey. Really hard-hitting and insightful.
Re: Re:
Could you at least try to be original?
Decryption
If one drive was decrypted I would expect about the same level of difficulty in decrypting the other. I am assuming whoever did each drive is the same person and would probably use the same level of encryption on both drives wiht a different key.
I am dreading when this eventually shows up at the Supreme Court. I have zero confidence they will decide this case in a way that protects the 5th amendment.
Re: Re:
This is -why- we need a Stare Decisis sunset law. Bad rulings should not be allowed to live forever.
Incriminate Yourself
The right of the government to reuest a subpoena is only for physical evidence it is reasonably sure you have, relating to a specific likelycrime (i.e. produce your bank statements and emails relating to dealings with Cartels-R-Nosotros, Inc.) Requiring you to decrypt a hard drive is a controlled situation where the act is self-incriminating.
The analogy I would use is a court order demanding you take the police to the place where you buried some evidence in the drive from Denver to Chicago. Simply disclosing the fact that you know that specific information is additional incriminating evidence they can point to in court; the court cannot force a defendant to reveal what they alone know, it is essentially revealing the content of their mind – basically self-incrimnation.
The fact that the evidence revealed is physical (4th Amendment) evidence, even if legitimately subpoenaed, does not seem to me to be good enough. Requiring you to incriminate yourself to deliver it is violating the 5th amendment.
Asking the defendant to decrypt the drive in a private setting does not detract from the action – he alone went into the room with an encrypted drive, he alone came out with a decrypted drive. This is no different than being required to divulge the password, basically self-incriminating testimony. (In fact, I assume a decrypted drive sitting open permits capture of the passowrd.)
Re: Incriminate Yourself
In fact, I assume a decrypted drive sitting open permits capture of the passowrd.
It normally does allow a better chance to capture a password but even more so it allows you to capture the un-encrypted data available in that session and within memory.
This is why ALL LEO’s who have been briefed properly about digital evidence are told DO NOT ALLOW DEVICES TO BE SWITCHED TO AN ALTERNATE STATE. ie: If On .. DO NOT TURN OFF and vise versa.
Also interestingly there are now double blind encryption systems that accept multiple passwords/keys and only one will actually decrypt REAL data the others either decrypt dummy data whilst destroying the real data. Now that’s problematic
If the DOJ has already decrypted the hard drive, why do they need the passwords still? Job’s already done, guys. You don’t actually need the password anymore. You all can easily tell us if he has CP on that drive or not and just end the case right now. Otherwise, either it’s a bluff on their end and they don’t actually have it decrypted, or they merely want a court precedent to strong-arm defendants into surrendering their passwords and self-incriminate themselves.
Re: Re:
They have decrypted one of several drives. They just don’t want to go through the trouble of decrypting the remaining ones.
Re: Re: Re:
They just don’t want to go through the trouble of decrypting the remaining ones.
No, it’s way more than that. They do not have the ability to decrypt the other drives. The reason they were able to decrypt the one they did is because they somehow acquired the decryption key. Barring some heretofore undiscovered flaw in the AES encryption algorithm, trying to brute force decrypt a a 256 bit AES encrypted volume is quite literally impossible (and that’s even the correct use of ‘literally’). For the why of this I’m going to steal a link from reddit that is in turn an explanation stolen from Bruce Schnieir from his book Applied Cryptography.
http://www.reddit.com/r/technology/comments/1foo16/judge_grants_emergency_injunction_overruling_a/cacj8ye
The short version is, even if you could build a hypothetical “perfect” computer, and if you could extract all the energy of a very large star (much much larger than our own), it would still not be enough to cycle through all 2^256 possible encryption keys. You could only make it to about 2^219, which, despite being a very large number, is nevertheless a tiny tiny tiny fraction of 2^256.
In short, the only way the feds are getting into those other drives is if they somehow get their hands on the key, or convince the accused to decrypt the drive.
Re: Re: Re: Re:
I don’t under stand the math but i think you are assuming a few things. one they have no idea what the password is if they have one key surely they can reverse hash it and get the clear text password and make some educated dictionary attacked. I would assume you could cut 2^256 down to a lot more manageable number using phishing, psychology, and dictionary based attacks. personally if i were him i would just tell them it was on a key file on a flash drive and i lost the flash-drive thats something else they could do go over all his flash drives and see if any files work as a key file.
Re: Re: Re:2 Re:
I don’t under stand the math but i think you are assuming a few things.
I’m not assuming anything, I’m talking about the specific case of attempting to do a pure brute force attack against a 256 bit AES encrypted data set.
The reality is that yes, there are a lot of very clever techniques that could be used to search a vastly reduced keyspace, but there is no guarantee that the key will be found in that keyspace. It’s speculation based on knowledge of human behavior that they key is probably not truly secure.
Nevertheless, as long is it is reasonably secure and so long as the investigators have no additional information to aide them in guessing the key, the point stands that it is impossible to crack the encryption. If they do have additional information that would aide them in guessing the key then that is an entirely different use case.
Re: Re: Re: Re:
Well you could always use a quantum computing system that basically allows the brute force to be cut in half (though that’s now in doubt and could be way more than half hmmmm [ http://phys.org/news/2013-05-los-alamos-reveals-quantum-network.html ] ) though at half the time it’s still about a million years to brute force all combinations… 😉
Re: Re: Re:
That is the DO(in)J’s problem with laziness or ineptitude. If they what method worked on the first drive then set a battery to decrypt each drive starting with “known”. Is there any technical reason the drives must be decrypted serially?
you can say hello to having to decrypt your hard drives then, if The Supreme Court does weigh in. they have just destroyed the 4th Amendment so i doubt if they will say ‘NO’ to doing the same with the 5th. while they are on a roll, who knows what will be next to go!! strange way for those that are supposed to be more concerned than any other body to keeping the Constitution in tact and upheld to act really!
So… if they require you to incriminate yourself. I guess they can hold you responsible for doing a bad job of it?
So here’s the thing I don’t understand, I’d think it would be rather trivial, if not a bit weird, to set up a decryption key that would actually rewrite stuff on your hard drive.
Like use your secret “The cops are watching!!” password to replace all your files with other harmless files… Or something far more clever than that, I don’t know… something to destroy evidence while making it look like you didn’t.
They don’t know what the files are. How would they know how much, if any, were destroyed when you “decrypted” the harddrive?
Re: Re:
Well they could make a copy of the drive before you type in your “The cops are watching!” password thus destroying only the copy.
Some encryption software does offer “Plausible Deniability” which is a very similar concept to what you propose.
One method being two keys, one opens up your secret content the other key opens up pictures of lolcats. When your adversary forces you to decrypt just give them the lolcats key.
http://www.truecrypt.org/docs/plausible-deniability
Guess he did not have a long password. I still think what is accused of is gross but for the cryptology of it I wonder what he was using that was cracked so fast.
gotta go with the 3 layer AES-Twofish-Blowfish or if your super paranoid go for the One time pass, if you access to truly random number generation. Use LOOOOONG passwords
This is very interesting for many reasons.
So it’s a punishable offense for me to circumvent Crapple’s iPhone security in order to switch carriers but its perfectly legal for the FBI to circumvent the protection measures in place on my hard drive?
When data is encrypted it is not “hidden”, it’s changed. The original plain text data probably no longer exists. The bits of data are essentially scrambled and randomized by a process that can be reversed with the correct key. So technically, the CP image wouldn’t actually exist on the drive in question until the data is decrypted.
What if he says he “forgot” the password (or what if he really did)? You can’t be held accountable for not doing something you are unable to do.
Could very well be different decryption schemes
I would not assume both drives use the same encryption. Probably one is the system drive and might have some encryption built into the OS. Heck, knowing how the DOJ often distorts the truth they could be claiming the login pw is a form of encryption. The other drive is probably aftermarket and could have its own proprietary encryption, or perhaps he created a Truecrypt volume.
I wonder what the prosecutor would do if someone did decrypt a drive under duress and it turned out to have nothing but gobbledegook, or 500,000 identical pictures of a unicorn or something. Would they charge the accused with destroying evidence?
Re: Could very well be different decryption schemes
I have wondered if the problem is they are assuming NTFS format and have Linux format such as ext4. Windows is notorious for having trouble reading Linux formats.
Also, if they are claiming a login password as encryption I can provide a number Linux live CD/DVD probably would allow access to the data.
Re: Re: Could very well be different decryption schemes
Doubtful. Most of the software they use will auto detect partition types and formatting.
Most likely is that the drive they were able to de-crypt was because they either discovered a password written somewhere, or perhaps because a ‘dictionary word’ was used as the password, or they simply got lucky brute forcing.
The Linux CDs you are talking about generally rely on rainbow tables, they may or may not work,
Re: Could very well be different decryption schemes
Could they prove that it’s really evidence?
Couldn’t the DOJ be charged with a CFAA violation?
After all, they didn’t have authorization to decrypt the hard drive…
Hmmm…
Wall safe/warrant?
Here’s a relevant question… how is this different from forcing someone to open a wall safe? I don’t get why it’s being treated any differently… Can they require someone to open a wall safe? If yes, same for decryption… If they can’t require someone to open it, but can crack it… same rules… sorry it’s got a tougher lock, so sad.
Re: Wall safe/warrant?
When he provides the key or decrypts the data that proves it is his data which is self incriminating.
A better analogy is:
“Tell us where you hid the body or go to jail until you do tell us”
You can not prove someone knows where the dead body is nor can you prove he knows the encryption key.
I think the question is a philosophic one, since someone invented an encryption tool that has several passwords, and will “unlock” different data depending on the password you choose for decrypting. A certain password can even destroy the data that is hidden.
Re: Re:
so the cats dead?
The bigger problem here is if someone refuses to decrypt it could look very bad. Though they may not want to decrypt it for a entirely unrelated reason.
A good example would be someone who runs a tor relay gets raided. Then they refuse to decrypt because they have some pirated movies and software.
The logical thing to do would be to give them immunity on anything that is not child porn related.
This would be for someone that actually did not use a hidden volume. If encrypted correctly with hidden volumes or even a hidden os there is actually no way to tell if there may be more.
The truth is even bad as cp is, it cannot trump a persons birthrights.
do they really need more evidence?
If they’ve already decrypted 1 drive, and supposedly found cp on it, then they can go ahead and charge him with that. They want more, so they can pile on the charges and recommended sentencing, but do they really need more? Did they really decrypt the 1 drive and did they really find cp on it, or is it a ploy?
What if one had a program that irrevocably destroyed the data upon entry of the wrong password, then “accidentally” gave or entered a password in which, say, two of the characters were transposed?
Re: Re:
Easy–step one in any forensic analysis is to make a duplicate of the drive, so the original can then be stored in a locker. He’d be entering a password on the duplicate. If that gets wiped, A) nothing is lost, and B) shows, at best, him being uncooperative. At worst, it shows an attempt to destroy evidence.
The best thing to do
Don’t store anything the government deems illegal on your hard drive, encrypted or not. Removable media is made for a reason.