UK Man Jailed For Not Giving Police Thumbstick Password
from the did-they-try-p@ssw0rd? dept
The question of whether or not citizens should be compelled to give up their passwords to law enforcement is not going to go away. What with different agencies in different countries attempting to do more searches of technology at borders, on the mainland, and around the world, the law is eventually going to have to settle whether these kinds of searches and forced compliance are in good standing with the fourth and fifth amendments of our constitution or the governing laws of other nations.
Another such case is causing a renewal of the discussion in the UK, where Syed Hussain, admitted wannabe terrorist, was jailed in part for refusing to decrypt a thumbdrive.
He said he had forgotten the password until a fraud probe was launched. The judge jailed him for four more months.
Sending Hussain back to prison, Old Bailey judge Richard Marks said the defendant’s deliberate failure and refusal to comply with a police notice to provide the password was a very serious matter because it had potentially hampered investigations.
Now, let’s be clear on a couple of things. The UK has their own flavor of our 5th amendment, commonly referred to as “the right to silence.” However, thanks to a law passed in 2000, refusal to present decryption keys to LEOs is an exception to that right. So, jailing Hussain wouldn’t appear to run afoul of that law, unless you actually believe that he temporarily forgot his password (he later provided it to investigators). Also, Hussain is also being jailed for some very serious reasons.
Hussain and three other men were jailed in 2012 after admitting discussing attacking the town’s TA headquarters by placing a homemade bomb on to a remote controlled toy car.
This is where things get really fun for those of us that advocate for citizen’s rights as though they were dogma. If you believe that the right to avoid self-incrimination ought to be universal (as I do), and that being compelled to hand over passwords to law enforcement that might result in self-incrimination is a violation of that universal right (as I do), then you don’t get to pick and choose when you advocate. Hussain, wannabe terrorist and all around scum of the Earth, deserves this right as much as a nun in a convent.
As for the exception to the law in the UK, it nullifies the right completely. You can’t write a law that provides relief from assisting law enforcement for the citizenry…except when we really want you to. There’s no point to that at all. You might as well take the right away completely. Or, better yet, actually follow its original spirit.
Filed Under: passwords, self-incrimination, uk
Comments on “UK Man Jailed For Not Giving Police Thumbstick Password”
the exception for naming the driver of a vehicle went to the european courts in ~98. they said you had no right to silence or protection from self-incrimination then.
Then RIPA came in, and they can demand the password for any crime, failure is 2 years. for terrorism its 5. So one of the first things people did when it passed, was commit a minor crime, write a file about it, then encrypted it and sent it to the Home Secretary (or maybe the deputy PM, I forget which) then told the police that politician had evidence of a crime.
As you might expect, plod didn’t really care, because of who it was (this was before plebegate) but it might be something people will try again.
Re: Re:
Citation, please. I’d like to know more about it.
I’ve already complained about the erosion of our rights to my MP, but my MP is Hazel Blears…
We really need to start pushing back, and hard, against these laws. Has anybody else noticed that other countries are adopting similar, restrictive laws that undermine our basic rights? Where is it all coming from?
Re: Re: Re:
gotta love the internet.
Couldn’t find a link myself, until I found a comment I’d made on Falkvinge’s blog 18months ago with the link in it 🙂
http://www.zdnet.com/surveillance-straw-petitioned-on-commerce-bill-controversy-3002073974/
Re: Re: Re: Re:
Thank you, @ Andrew Norton.
You don’t get to pick and choose when you advocate. Hussain, wannabe terrorist and all around scum of the Earth, deserves this right as much as a nun in a convent.
^^This!
Re: Re:
We are talking about “Hussain, wannabe terrorist”. Now I?cannot vouch for the accuracy of the summary, but if we assume that it’s point-on, we have
In any jurisdiction I know, you can’t get punished for discussing anything but only if you actually attempt execution of a plan.
There is no punishment for thought crime, and the reason is that the law only comes into play when a human fails to sort out and prioritize his different impulses in a manner compatible with society and thus, if the lawmakers did a good job, with the law.
I know proper and law-abiding citizens willing to stand up for the rights of others that did, indeed, plan and manufacture their own explosive devices and tested them in the wild where nobody was affected.
For fun and curiosity. And fireworks and stuff. In today’s atmosphere, they would have to fear being eavesdropped on and put into jail for decades because of planning and executing devices that could be used to harm people but weren’t.
When is John Irving going to jail for outlining a plot to blow up the Vienna Opera in “The Hotel New Hampshire”?
Re: Re: Re:
We’ve been a bit twitchy about terrorist plotting – even for a laugh – since 7/7/2005.
The particulars of the case are as follows:
He was already in jail for plotting an attack on a TA base, then a fraud case came to light and the memory stick was required. When they finally got it open, it revealed details of his fraud crimes.
he four men were arrested in April 2012 and pleaded guilty at Woolwich Crown Court to engaging in preparation for acts of terrorism.
Hussain had arranged terrorism training in Pakistan, debated obtaining weapons and how best to raise funds for their plans. Their conversations were secretly recorded in a joint police-MI5 operation.
http://www.bbc.co.uk/news/uk-22200133
“The defendant’s terrorist intent was generalised and ill-formed… discussion was embryonic, a very long way from fruition and unlikely to be realised.” (- their defence team)
http://www.bbc.co.uk/news/uk-22178105
Okay, he’s a wannabe terrorist but I say anyone who is actively planning and making arrangements to join terrorist training cells and learning how to make bombs, etc., is someone you should keep an eye on, at the very least.
The idea that people have a right to not incriminate themselves by refusing access to information that might get them into trouble sounds reasonable, but should we really be obliged to follow such people as Hussain around until he finally straps a bomb to a toy car and sets it in motion, and only then arrest him?
Sorry, I think he deserves to be in prison. Planning a terrorist act after arranging for terrorist training isn’t free speech. In any case he had committed fraud, presumably to finance his murderous intentions.
He needs to be kept under close surveillance for life; he has forfeited any right he thought he had to privacy because he wants to murder us if he can. The police and the courts have ensured that he can’t.
Re: Re: Re: Re:
That’s about the size of it, yes.
With a proper warrant/authorization (available in this case), the device can be seized and attempts at decryption can be made, but compelling the person in question to turn over the password cannot be enforced. You can’t force someone to open their door, even with a search warrant, but you are allowed to force the door itself.
The law punishes deliberate actions and those cases where responsibilities willing taken on have been left undone. It does not and should not compel action (some small exceptions for compelling limited and immediate actions during an arrest). The lack of any strong precedent to compel is a powerful barrier against severely abusive laws and thus is well worth protecting even if minor compelling might seem reasonable.
Re: Re: Re:2 Re:
Thank you for explaining where the “Due process gets in the way of getting things done” mentality comes from.
Seriously, if someone is ACTIVELY planning to ACTUALLY kill people, I wouldn’t gamble on getting to them first while they’re in the act of committing a crime before they’ve done any harm.
I live in a city that has been subject to urban renewal courtesy of the IRA, who used to bomb the crap out of us on a regular basis. Google “the Troubles” to find out more.
We didn’t need mass surveillance then and we don’t need it now, but we do need to set a line that can’t be crossed so we’re saving people’s lives well in advance instead of rushing to stop a bomb from being detonated before someone is hurt or killed. The last thing relatives want to hear at an inquest after an attack is, “We couldn’t stop them because of due process. And traffic was too heavy that day.”
For a proven terrorist (i.e. there is evidence they planned to actually do some harm), I’d make an exception in the event that it might save lives. What if the coordinates of a planned attack had been on that memory stick? That there wasn’t is immaterial. Nobody knew what was on it till they got it open.
If nothing else, we need to understand that if people start to believe due process is putting them in harm’s way to protect terrorists so they can murder us at their leisure, those politicians who are desperate to get rid of it will merrily do so and the masses will cheer them on. Is that what you want? Because when that goes, habeas corpus will follow it, at which point I might as well change my name to Winston Smith.
So don’t be too quick to insist on principles when pragmatism might be a better option. For all of us.
Re: Re: Re:3 Re:
The last thing relatives want to hear at an inquest after an attack is, “We couldn’t stop them because of due process. And traffic was too heavy that day.”
Designing laws to satisfy relatives of victims is a terrible idea.
What if the coordinates of a planned attack had been on that memory stick? That there wasn’t is immaterial. Nobody knew what was on it till they got it open.
By that philosophy, we should just trample everyone’s rights, because you never know what anybody might be planning. If the government has legitimate reason to believe there’s life threatening information on a device, give them immunity and then compel its disclosure. If the police are really so concerned with saving lives, they shouldn’t have a problem making that choice. Then they can explain why they can’t prosecute the terrorist and we can have a debate about that, rather than about why a bomb went off.
Re: Re: Re: Re:
Which is a bit sad, as it’s hardly the first time we’ve had a terrorist incident. Just the first since the Cowards Parade took over. (Warrington Bombing survivor here)
Re: Re: Re:
In any jurisdiction I know, you can’t get punished for discussing anything.
Actually, you can. If Hussain had written these details into a document that only he and the police saw, or if he’d written them as a plotline in a book, then no crime has been committed. However, because the guy discussed his idea with others as if to one day carry it out, that became conspiracy to commit a terrorist act, which is an arrestable offence in the UK.
We need a revolution.
So the terrorist has information on a memory stick or computer about a planned attack and they just give say no, you’re not getting access to it and then we say, ok, thanks for your time. All the best?
I have always believed you should never criticise something unless you have a sensible and workable option to replace that which you are criticising.
So what other options do we have?
Re: Do what they do anyway,
just use old fashion decryption techniques with the consent of the courts. They have done this in the past, they can still do it now. If they really have a case for prosecuting, then they should have much more evidence.
Otherwise, innocent until proven guilty means nothing. In every situation where an individual is considered guilty until proven innocent, the rule for proving innocence is very high, basically, beyond a shadow of a doubt. We have seen too many instances where an innocent has been charged and convicted and only later has the real culprit been found. In many of these cases, it has occurred only after many years of imprisonment or death.
I know what it is like to go to the aid of someone and then when others turn up, being treated with suspicion as being the one to have caused the problem, that is guilty until proven innocent.
Unfortunately, we have come to the point (again) where being politically incorrect is now being treated as though you are a “terrorist”. What people are forgetting is that just because someone does not hold your “cherished” beliefs, they are not “necessarily” wrong and hence should not be treated as “criminal”.
So getting back to the story at hand, should a person be force to give up encryption keys or can they remain silent, I think I’ll stick with them being able to remain silent. Otherwise, it will at some time in the future come back and bite me if I support the alternative. If the “authorities” really believe they have a case and there is evidence here, then they can do there investigations the old fashioned way.
Re: Re:
Crack the encryption, offer a deal for the information or do some old fashioned police work!
No one should be required to hand over encryption keys ever.
Lets not even get into forgotten passwords or what may be and encrypted partition or may just be blank space because they look the bloody same. Because those alone mean someone can end up imprisoned for absolutely nothing.
Say something the government doesnt like and that blank space on your laptop (recovery partition) may be seen to be a disguised encrypted partition your not giving up the non-existent key to. Prove otherwise while you rot in jail “terrorist scum”
Re: Re:
Well, according to you I have the option to accuse you of being a terrorist and demand all your passwords. You must be a terrorist if you’ve been accused, right? Hand ’em over!
Re: Re: Re:
Actually, it’s more like, “You must be a terrorist because you have been actively arranging to join terrorist training cells and planning to blow things up. Hand ’em over!”
That said, I’m all for probable cause and a warrant for these things. And planning to bomb people or property by discussing how to do it as part of a terrorist group is enough probable cause for me.
Re: Re: Re: Re:
Enough probably cause to seize the thumb-drive and attempt to crack the encryption, to be sure. You can’t however, compel the accused to assist you in your investigation.
Re: Re: Re:2 Re:
Sadly, yes in the UK you can. I think you meant shouldn’t be able to
Re: Re: Re: Re:
Re: Re: Re:2 Re:
They do. He was in prison for terrorist offences and this came up. On it was information relating to a fraud he had committed, presumably to fund his terrorist offences. Unless he’s just a common crook as well.
Re: Re: Re: Re:
Except this is the whole point (theoretically at least) of “innocent until proven guilty”. Until the plan and the discussing have been proved in a court of law, his denial carries more weight than the police accusation.
Compelling a suspect to produce private information under threat of a slam-dunk criminal offence (if you refuse you are de-facto a criminal under this law – you will lose in court) is an end-run around the basis of UK law.
This was Tim’s point – no matter how much it might be clear the guy is a terrorist, law should apply equally otherwise it’s not “just and fair”.
Imagine you’re accused of, let’s say, rape. Your word against hers (or his as the case may be), but the police demand you turn over that password to your secure files. You know there’s nothing relevant in there, but it’s personal and private – perhaps it’s embarrassing, perhaps it’ll ruin your career or marriage. You now have a choice of those consequences or going to jail for being simply accused of something I’m going to assume you didn’t do.
Re: Re: Re:2 Re:
@Not an Electronic Rodent, the man was in prison for terrorist offences already. The crime was not, “I’m not telling you my password, so nyah!” It was arranging to join a terrorist cell for training, then discussing how to carry out an attack on a territorial army base.
While he was in prison for this, the thing with the thumb drive came up.
Re: Re: Re:3 Re:
If it’s the crime he was convicted of, the evidence would seem to be fairly irrelevant as evidence would it not? If it’s not the crime he was convicted of, then the same protection applies. Just because you’re guilty of one crime does not mean you are assumed guilty of further crimes.
Re: Re:
the ‘option’ we are taking now: turn the world into an authoritarian, fascistic, control-freak, free-fire zone where freedom is a ‘quaint’ concept…
Self incrimination in the UK
The caselaw on self incrimination and the right to silence is complicated by the fact that the UK has no supreme constitutional law.
Parliament has enacted The Human Rights Act incorporating Article 6 of the ECHR.
Article 6 does not explicitly protect the individual against self incrimination, but the court has held that the right to silence and the protection against self incrimination may be engaged by the right to a fair trial.
The European Court of Human Rights in Strasbourg has never squarely ruled on whether mandatory disclosure of encryption keys is self incrimination forbidden by the convention.
1. The court has held that production of physical evidence enjoying an independent existence independently of the individual’s mind may be compelled by the government.
This evidence may include blood samples, DNA and fingerprints.
Absent clear direction from the European Court, the UK government has successfully argued in national courts that the decrypted data enjoys such an existence and may be compelled without engaging the privillege.
2. The court has carved out an exception where the legal owner of a car is compelled by criminal sanction to identify the actual driver — the rationale being that the state imposes a licensing and regulatory regime to which the owner has already consented and that though only — implicitly stated that driving is dangerous and only a privilege to which the state may attach conditions.
As far I know, the UK government has not attempted to stretch this controvversial precedent to computer owners.
But the car exception is also recognized by the U. S. Supreme Court as an exception to the Fifth Amendment.
3. The European court has however never held that a suspect in a criminal investigation can be compelled by threat of criminal sanction to admit to the custody, control and ownership of directly incriminating evidence regardless of the severity of the crime.
The problem here is that the European Court has never explicitly held that compelled production of derivative evidence engage Article 6.
An encryption key is not directly incriminating but may lead the police to evidence in the custody, possession and control of the suspect.
An order to open a locked box or decrypt data so the government can look for stolen goods is different from an order to produce all goods of a certain type for the prosecution’s case.
Compelling a suspect to produce the latter is clearly forbidden by the privilege, but requiring the suspect to decrypt the data may not necessarily be a compulsion forbidden by the privilege in particular where the government already knows from other evidence that the suspect is the exclusive owner and the decrypted data appears in the prosecution’s office like manna from heaven.
Remember that the manna from heaven theory was good law in the United States until the court decided otherwise in United States v. Hubbel.
I find it very interesting that S.49 of RIPA has never been challenged in the European Court by anyone convicted of the offense.
Re: Self incrimination in the UK
The difference between them wanting blood, DNA and fingerprints compared to a password is that the former can be forced from you simply by holding you down while the latter cannot without applying some torture or punishment.
So all they are doing here is saying like “tell us where you buried the body or we jail you for 4 months for non-cooperation”. This is keeping in mind they don’t even know there is actually a “body” for you to identify.
Still in this case he later revealed the password proving he did lie saying he forgot it. So this is certainly not the best case for a ECHR challenge.
Re: Re: Self incrimination in the UK
These “laws” will survive until the point where they are used against someone who has the intelligence and presence of mind to expose their inner contradictions. They are an example of the authori=ties refusing to face up to reality.
The compulsion to expose the driver of a car cannot survive the two possible drivers each claiming that the other was driving.
Similarly it is impossible to prove that you know something that you claim not to.
Also there are ways of securing an encrypted device that are not susceptible to forcing a single person to give up a password.
Re: Re: Self incrimination in the UK
Still in this case he later revealed the password proving he did lie saying he forgot it.
Haven’t you ever forgotten something and remembered it later?
What right to silence?
The UK had no useful right to silence.
When arrested, you will be told:
?You do not have to say anything. However, it may harm your defence if you do not mention when questioned something which you later rely on in court. Anything you do say may be given in evidence.?
So staying silent can be taken as evidence of guilt.
Re: What right to silence?
That isn’t quite accurate. What can happen is that if someone chosen to exercise their right to silence when interviewed by the police but later uses some fact as a defence during a trial, the trial judge has the option of informing the jury that they could consider that the reason the fact was not revealed to the police was that there was no truthful fact at that time, i.e. that the person lied during their interview.
It’s then a matter for the jury to decide on whether or not they wish to draw such an inference. A bit more nuanced than silence = guilt. Additionally a defendant’s legal advocate would have an opportunity to argue that the trial judge should not so advise the jury for whatever reason.
Re: Re: What right to silence?
Indeed, but it’s still another step on the slippery slope and taints both the “right to silence” and “innocent until proven guilty”.
He should have used multiple containers. If done correctly it’s impossible to tell there is more than one even. For example if you have two containers and you give them a dummy containers password they could never be sure if there was another container hidden to a different password.
With such laws it should be a standard for anyone using encryption.
What right to silence?
This commenting rule is likely a violation of ECHR Article 6, since it effectively allows the prosecution to tell the jury that you are guilty if you invoke the privilege.
But under the Fith Amendment this is impermissible, see Griffin V. California.
And if such a case ever came before the Strasbourg court, it’s likely it would rule the same way.
As usual, the UK is playing the game of hide and seek from the European Court’s mandate.
Until there is a clear ruling from Strasbourg, the UK government refuses to make the privilege against self incrimination effective.
@ronny: No other option available. Either you give the right of silence to everyone, or you nibble away at rights that EVERYONE ought to have.
I’m surprised he only recieved 4 extra months, the last case I read about got the defendant 2 years imprisonment (which is the maximum).
Joint access and custody
Another point I find interesting is that the suspect did not deny being the owner of the storage media.
If the computer and storage media had been jointly accessible or owned by a group, family or community project, S.49 would be toothless since no one could be proven beyond a reasonable doubt to be the owner of the data.
So my advice to all criminals is:
Store everything in a location, media or in an online account accessible to multiple parties.
If Alice, Bob and John share a computer, and there is an encrypted partition, it will be harder for the government to prove whom of them are the owner with the ability to decrypt the data.
The reason why the government usually succeeds in these cases is that the suspect to whom the S.49 order is directed is the sole owner of the equipment.
What right to silence?
So the rule does not directly allow the jury to convict based on the failure of the suspect to cooperate with the police, it rather permits the prosecution to state the reason for invoking the privilege while in custody and waiving it later is that the defendant is guilty of perjury.
Of course, if the suspect says something to the police, and later contradicts it during trial, it’s fair to infer that the suspect perjured himself, but invoking the privilege against self incrimination while in police custody does not equal perjury.
So what the UK rule means is that you must either truthfully tell the police everything or risk the prosecution telling the jury that your reason for remaining silent during police interrogation is that you’re a liar.
This is no better than allowing the prosecution to instruct the jury that a defendant who invokes the privilege is guilty of either perjury or the charged crime.
If you want an example of a country that loves freedom...
…never look at the UK.
Re: If you want an example of a country that loves freedom...
File that one under “sad but true”, though there’s a difference between what the country loves and what the government loves.
Not that the US seems any better – all talk and no actuality. Personally I think the US is worse in some ways – the UK has no history of “freedom”, but the US is supposedly founded on it which makes it worse that it throws it away.
Though we can say its against human rights, we can’t actually go against it. It’s what the law looks like especially in the developed countries. What a joke government has become now a days 🙂
typical UK attitudes now but you know exactly where they got the idea for doing this from!
Terrorism and self incrimination
‘So the terrorist has information on a memory stick or computer about a planned attack and they just give say no, you’re not getting access to it and then
we say, ok, thanks for your time. All the best?
I have always believed you should never criticise something unless you have a sensible and workable option to replace that which you are criticising.
So what other options do we have?’
The objection to compelling the suspect to produce the information is that such compulsion violates the protection against self incrimination.
If the government really really wants the information, it canand should still force the suspect to produce it provided that the individual is granted use and derivative use immunity.
The government however often wants both worlds: It wants to compel the suspect to produce incriminating evidence, but reserves the right to use the recovered evidence against the suspect in a criminal prosecution.
This is wrong.
I would have no objection to laws such as S.49 of RIPA, if the individual to whom the order was directed was granted direct and derivative use immunity.
So, if the police suspect Joe of possessing child pornography, they should have the power to compel him to produce the decrypted data, but any direct or indirect use of said evidence against Joe should be inadmissible in any criminal prosecution.
Re: Terrorism and self incrimination
I still have a MASSIVE problem with this.
It comes back to forgotten passwords and false positives….
When you can lock someone up just because you THINK they have something hidden we have a HUGE problem.
In fact your suggestion would help real criminals while not helping people who should never have been locked up in the first place.
If there really is evidence of wrongdoing in that encrypted directory they can reveal it and be safer from prosecution. If there isnt then not being able to supply proof of wrongdoing can leave you in a world of hurt…..
the excuse that will be continually used here is that if you are suspected of being involved in any sort of activity that Cameron and/or May dont like, all justice disappears. the UK citizens have no idea how close they are to losing everything they have ever thought of, fought and died for as being part of the UK way of life. freedom and privacy has been almost wiped out in the last couple of years, but it will take a lot longer than ‘a couple of years’ to get those things back!
Terrorism and self incrimination
‘When you can lock someone up just because you THINK they have something hidden we have a HUGE problem.’
I think the best approach is that the government should first have to prove with reasonable particularity that The individual exercises custody, control and possession over the physical media and is able to decrypt the information and that The information is likely to be useful in a criminal prosecution.
Merely proving that someone is in possession of random or encrypted data, should never be sufficient to compel anyone to decrypt.
The government should only have the power to compel production if it can also prove that the individual is able to decrypt the data, which would only be a possibility in rare cases of realtime monitoring of the suspect’s computer.
This is the way the privilege operates in the US.
‘In fact your suggestion would help real criminals while not helping people who should never have been locked up in the first place.’
Anyone having broken any law may be a ‘criminal’ so even if the privilege in addition helps pedophiles, terrorists or tax evaders it’s better than granting the government any slice of the power to compel suspects to aid in their own prosecution.
The protection against self incrimination is not limited to people who are innocent, it extends to anyone including the guilty and an innocent witness.
It’s a check on governmental abuse, prosecutorial overreach and the effort to make everything a crime and not least an added layer on the presumption of innocence.
In this case, the government likely thought that the suspect was in possession of terrorist training material, but discovered something different.
And this is the reason why the privilege must be absolute and never be compromised for any ‘infamous’ crimes.
If the government claims that someone is in possession of child pornography or terrorist material, but discovers that there is evidence of tax fraud on the computer, simply using the child pornography or terrorism label effectively nullifies the protection.
‘If there really is evidence of wrongdoing in that encrypted directory they can reveal it and be safer from prosecution. If there isnt then not being able
to supply proof of wrongdoing can leave you in a world of hurt…..’?
No, revealing information subsequent to a grant of immunity does not mean that the individual can’t be prosecuted.
It only means that the information can’t be used directly or indirectly in a prosecution of the individual.
If the government can prove that the information can be discovered from an independent source untainted by the compulsion, the information can still be used against the defendant later in a prosecution.
It’s important to note that the privilege is rooted in the axiom that even a guilty man ought not be compelled to contribute to his own ruin.
There is no difference between S.49 and The Star Chamber and both were inspired by authoritarian regimes.
Here’s how it’s done:
– Install TrueCrypt
– Format thumb drive as a TrueCrypt partition. Use a password that you want to give to police.
– Create hidden partition inside the first partition. Use your private password.
Hidden partitions don’t show in the file system, and don’t reserve any disk space (they can even be accidentally overwritten if you put too many files in the “fake” partition), therefore nobody is going to ask you for your password unless they are aware of it beforehand.
Re: Re:
Yes, but remember that at least in Windows a record of all mounted devices is stored in the registry.
If you mount a removable usb disk, in Windows it is stored in the MountedDevices registry subkey.
A forensic examiner may later inventory the registry and find the hardware specific information associated with the usb disk.
And some programs keep log files of recently opened files and folders.
If you want to deny that the disk belongs to you, it’s bad for your defense, if your operating system contains traces of the hardware.
In Windows, any usb hardware ever attached will leave a record in the registry, unless you takes steps to erase it.
And even so, cleaning Windows traces is often a hit or miss.
Better, only access your Truecrypt hidden volume from a Linux live cd on a computer without an internal harddisk.
Re: Re: Re:
Better hide the whole operating system. That way when the hidden partition is in use windows is not running.
Re: Re: Re:
In Windows, any usb hardware ever attached will leave a record in the registry, unless you takes steps to erase it.
If it’s only information about the hardware, that’s no problem. You just admit that yes it’s your USB drive and yes it’s been attached to that computer, and here’s the password. Meanwhile, there’s another hidden partition that nobody but you knows about.
I doubt Windows logs information about what sectors of the USB drive were mounted.
For all authorities
.. From this day forth, I will always have an encrypted flash drive in my possession.
The password is “SnowdenRocks”
It contains a copy of the constitution and bill of rights.
I know you have never seen them – so enjoy studying them for all the “radical ideas” they contain.
Re: For all authorities
If you desire a strong password and not one easily cracked then try… $n0denR0ck$.
The more and more this becomes common, the more and more people will use dummy password to decrypt into dummy drives with nothing on them.
Hell my one college friend already has a dual boot laptop because his boss is worried their “trade secrets” will be seen by eyes that shouldn’t. If you boot the computer normally it just launches just like expected. But if you go into boot devices you can boot onto a “hidden” partition on the drive with a dongle he has inserted into the computer.
To the average government lackey or border patrol guy, they would never even remotely suspect an issue.
Even forgoing that, internet speeds are so fast now you could keep most of your important documents encrypted on a server and just move them around as you need.
“the law is eventually going to have to settle whether these kinds of searches and forced compliance are in good standing with the fourth and fifth amendments of our constitution or the governing laws of other nations.”
Nope, even that won’t end the controversy. The only way to end it is to not allow forcing people to give up passwords and incriminate themselves. Even if the Supreme Court rules it’s perfectly legal, people will STILL state that they won’t self incriminate themselves by turning over their password, and millions of Americans will continue to get outraged about it until they ban that practice.
You know, in my point of view words such as “potentially” or “maybe” or any other that cast any hint of doubt should not have any place in any justice system.
Either it was hampering investigations or it was not. In this case it could be justifiable due to previous solid evidence that the guys were criminals. Could. Since they already had evidence that the guy is a criminal then why force him to give the password anyway?
Also let’s drop the word terrorist, terrorism and the likes. They are just criminals like any other.
Re: Re:
Tell you what, mate: we’ll drop the use of the word “Terrorist” when they drop the use of bombs, beheadings, and other acts of violence against our citizens at home and abroad. Deal?
Re: Re: Re:
All criminal acts perfectly solved without throwing human rights, freedom and the likes under the bus. If I behead someone it’s a crime regardless of who it is, if I blow up things it’s a crime regardless of where or what for. Your deal seems weak, I hope few are willing to take it.
Re: Re: Re: Re:
You’ve never seen some bugger get clean away with the crimes he has committed because of the peculiar kind of politics that goes with terrorism, have you?
Seriously, learn more about the Troubles, will you?
And don’t get me started on Lockerbie.
It’s the political dimension of terrorism that gives it its power. To deny that is to fail to understand it and to fail to understand it is… damn it, just look up the Troubles, will you?
The point is, otherwise decent people will do the most appalling thing for their cause, and when they maim or kill us, it’s nothing personal. Then, later on, the politicians deny us the justice we deserve for the crimes committed by these people because it’s politically expedient. So no, it’s not merely a crime. Crimes for a cause are the worst ones for precisely that reason.
Re: Re: So all of your armed military forces are "Terrorists"?
How often have the armed forces (of whatever nation) shot, bombed or otherwise caused great damage to peoples of other nations or even their own? By your own definition above, these men and women (including all the elected officials up to the heads of state) are terrorists.
Calling anyone a “terrorist” just plays into their hands and abides by their agendas. Calling them criminals is more likely to undermine their “legitimacy”, whether they be members of some “I hate what your doing and I want power” group or members of a government or members of “inappropriately used” military forces.
But the reality is that there will be those who want power over others no matter what the cost and they will do whatever they need to do to achieve that power. We see this in the election campaigns of the various political parties that run in each nation around the world. We see this in the civil conflicts that kill so many lives around the world.
I think he should have appealed to the EU Court of Human Rights when the UK has signed up to the Human Rights act and where EU law is there to correct such faulty national law.
The right to silence as protection from self-incrimination is a large part of the Human Rights act. So the Government commits human rights violations against their own citizens.
I also find it interesting how far the administration now goes to hack people’s computers keeping in mind that hacking and password breaking is unlawful for the average citizen.
Well one thing that is true to say is that I would never turn over my passwords no matter their punishment and no matter what I have to hide because… they are wrong to demand it.
In the man's defense
You’d be surprised how easy it is to forget the password for thumbdrives. I should know, having 3 (or was it 4?) password-protected thumbdrives that I rarely ever use.
Which results in me having to try and remember the password I used and how much l33tspeak is used in it at the time. Which is even more fun when the password program on the thumbdrive states it will reformat the drive if you fail to get it correct 5 times in a row.
But yeah, as mentioned above by others, the authorities already have the ability to decrypt the drive without forcing the accused to give up the password. Just get the court to give the go ahead and do that instead of punishing the accused for “refusing to cooperate”.
Why is it so hard for authorities to ask for clearance from the court to go ahead and crack the password/encryption these days?
Re: In the man's defense
Why is it so hard for authorities to ask for clearance from the court to go ahead and crack the password/encryption these days?
Laziness and accountability. They have the first, and they want to avoid the second as much as possible.