• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

Fed Judge: Forcing de-cryption does not violate 5th ammendment

SkepticScott said:
No one is preventing access. They have the data. You want the person to bear witness against themselves by telling the court what the data means.

Read my posts about what if it were abstract poetry or a foreign language.

(Changing my phrasing to match the 5th, as I was using it incorrectly before.)
Click to expand...

There is a difference between this and something like poetry or foreign language. Decryption is not open to interpretation, there is only one correct answer.
 
fuelair said:
Darn shame if giving a special version of the password triggers a thermite charge that eats the drive and all storage.
Click to expand...

I know that you're joking but in reality the data is already copied onto a different hard drive using a bit for bit process for forensic reasons. Deleting or destroying the original copy of the data would only add the charge of (attempted?) destruction of evidence.
 
Crossbow said:
Well, I do take exception to your statements since I do have a copy of the US Constitution and I refer to it every time that I make postings about Constitutional law. And just in case you still doubt my word, then here is the relevant text:

Article V:

nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law;

And I suggest that you bring yourself upto speed on another item as, which is:

Article IV:


The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

And since I said that I would like to see the courts review this issue, then I have to say that what I said was quite correct.

As for your statements about how people are required to aid the prosecution, that is somewhat correct. While it is true that a person can be compelled to provide fingerprints, blood samples, DNA samples, handwriting samples, participate in line-ups, and so on. However, such things are allowed since they are already in the public view and a person does not have an expectation of privacy about them.

However, I submit that since things like passwords are by their very nature quite private, then a person does have an expectation of privacy about them, therefore passwords cannot be considered to be similar to fingerprints, blood types, and so on.

Finally, you may not have heard, but criminals destroy evidence all the time. And in the case of computer data, then one can destroy such an item and leave no trace of doing so. Which is another point that I was trying to make, but you missed.
Click to expand...
You claimed the 5th amendment said something that it did not. You said that compelling someone to act in their own prosecution is a violation of the Fifth Admendment. You were flat out wrong.

Forcing someone to confess or *testify* against themselves is unconstitutional, but that isn't the only thing that 'incriminate' or 'aid the prosecution' means.

Your blind faith denial game of cutting and pasting the actual words of the 5th after I had already posted them, and pretending it somehow proves me wrong is just a waste of time, as is your backpedalling and moving of goal posts on the other items.

This isn't an MPORPG, so spare me the tap dance to avoid admitting that your 'Constitutional law' expertise is an online role you've adopted.
 
Last edited:
As has been said in this thread already: Use TrueCrypt plus a hidden container. Refuse to give the "harmless" password for a while to make it look plausible. Then give them the password, which only decrypts the regular container, but not the hidden one.

There is no way they can see that there is a hidden volume, since even an empty, regular volume would be completely filled with random data by default.

Pop some private stuff in there to make them happy, that's it. There are some applications that create a virtual keyboard that is to be used with the mouse, which can also randomly place the characters/numbers, so a regular keylogger would be of no use as well. Of course, if they put a trojan on your machine to spy you out, then you are pretty much out of luck. Unless, of course, you put your real OS in a hidden container to boot, and a decoy OS the regular way. That way they can install on your OS whatever they want (for example if they claim to "inspect" your laptop during airport security checks).

Greetings,

Chris
 
AvalonXQ said:
I agree with this decision. Passwords and decryption fall under Fourth Amendment protections, not Fifth Amendment. If you can be required to unlock a cabinet with your documents in it, being required to decrypt a file is the same thing.
Click to expand...

If it comes out of your mouth, it's fifth amendment.

I am under no obligation whatsoever to open my mouth to aid the government do its job of prosecuting me.




And at the end of the day, just saying the password gives evidence that what's contained therein is yours. That alone is enough to get this tossed.
 
Last edited:
I don't doubt that there is a way to hide stuff.

I do doubt that internet advice is going to be of much comfort to those who take it, if the authorities somehow figure out what you've done.

How long has it been since we were assured that Apples couldn't be hacked? ; -}
 
Beerina said:
If it comes out of your mouth, it's fifth amendment.

I am under no obligation whatsoever to open my mouth to aid the government do its job of prosecuting me.
Click to expand...
Again, broad brushes are better at painting houses than portraits.

If you are ordered to say your name and address, or to provide a voice exemplar, the Supremes have already held that 5th doesn't always apply, even if what you say works against you.
 
crimresearch said:
I don't doubt that there is a way to hide stuff.

I do doubt that internet advice is going to be of much comfort to those who take it, if the authorities somehow figure out what you've done.

How long has it been since we were assured that Apples couldn't be hacked? ; -}
Click to expand...

Hidden containers in TrueCrypt have nothing to figure out about them.

A TrueCrypt volume is filled with random data during creation by default. Using a strong encryption chain (yes, you can (and should) use a chain of different crypts), the encrypted result looks like random data. Unless you use a weak password that could be guessed easily, there simply is no way to find that hidden container. There is no discernable header for whose structure you could look out. There are no start/end markings that you could find. In fact, if you write too much data to your outer, regular container, you will destroy the hidden, inner container.

That is, even TrueCrypt itself has no way to know about the hidden one, unless you give it the right password. Because only then it tries to decrypt a certain area of the outer volume to see if it can decrypt a hidden one with that password. Only then it knows about it and can handle it accordingly.

TC does not require you to open the outer container first, and only then you get access to the inner one. No, it purely depends on what password you give to decrypt either the outer or inner container. To make things even more interesting, you can also use regular files as containers. And again do the outer/inner container shtick with those.

Really, unless you are completely stupid when you use TC, there is no way for anyone to find what you do not want to be found.

Greetings,

Chris

ETA: BTW, they put this hidden container feature into TC exactly for that reason: That you are able to give a "harmless" password when forced to, while still having your sensitive data protected. Plausible deniability is the keyword here.
 
Last edited:
Christian Klippel said:
Hidden containers in TrueCrypt have nothing to figure out about them.

A TrueCrypt volume is filled with random data during creation by default. Using a strong encryption chain (yes, you can (and should) use a chain of different crypts), the encrypted result looks like random data. Unless you use a weak password that could be guessed easily, there simply is no way to find that hidden container. There is no discernable header for whose structure you could look out. There are no start/end markings that you could find. In fact, if you write too much data to your outer, regular container, you will destroy the hidden, inner container.

That is, even TrueCrypt itself has no way to know about the hidden one, unless you give it the right password. Because only then it tries to decrypt a certain area of the outer volume to see if it can decrypt a hidden one with that password. Only then it knows about it and can handle it accordingly.

TC does not require you to open the outer container first, and only then you get access to the inner one. No, it purely depends on what password you give to decrypt either the outer or inner container. To make things even more interesting, you can also use regular files as containers. And again do the outer/inner container shtick with those.

Really, unless you are completely stupid when you use TC, there is no way for anyone to find what you do not want to be found.

Greetings,

Chris
Click to expand...
So, impossible to defeat? Just like Apple's security.
 
Last edited:
Christian Klippel said:
As has been said in this thread already: Use TrueCrypt plus a hidden container. Refuse to give the "harmless" password for a while to make it look plausible. Then give them the password, which only decrypts the regular container, but not the hidden one.
Click to expand...
You can assume that investigators know about TrueCrypt's features. The state typically is not going on a mere hunch that the data is present. For example in the Vermont border case the defendant was stupid enough to show customs officials that he had kiddie porn on his laptop, and encryption became an issue only after the laptop was seized.
 
Ziggurat said:
It's also directly analogous to forcing them to tell you where the body of a murder victim is.

I don't think it's all that obvious which analogy should be considered more relevant. It looks to me like it could go either way.
Click to expand...

Sure, if by "tell...where the body of a murder victim is" really means "the journal entry I wrote for that night indicates where the victim is and I am required to hand over the key to the cabinet in which the journal is locked".
 
Gazpacho said:
You can assume that investigators know about TrueCrypt's features. The state typically is not going on a mere hunch that the data is present. For example in the Vermont border case the defendant was stupid enough to show customs officials that he had kiddie porn on his laptop, and encryption became an issue only after the laptop was seized.
Click to expand...

It doesn't matter if they know how TrueCrypt works. They cannot prove there is a hidden volume.
 
Christian Klippel said:
Hidden containers in TrueCrypt have nothing to figure out about them.

A TrueCrypt volume is filled with random data during creation by default. Using a strong encryption chain (yes, you can (and should) use a chain of different crypts), the encrypted result looks like random data. Unless you use a weak password that could be guessed easily, there simply is no way to find that hidden container. There is no discernable header for whose structure you could look out. There are no start/end markings that you could find. In fact, if you write too much data to your outer, regular container, you will destroy the hidden, inner container.

That is, even TrueCrypt itself has no way to know about the hidden one, unless you give it the right password. Because only then it tries to decrypt a certain area of the outer volume to see if it can decrypt a hidden one with that password. Only then it knows about it and can handle it accordingly.

TC does not require you to open the outer container first, and only then you get access to the inner one. No, it purely depends on what password you give to decrypt either the outer or inner container. To make things even more interesting, you can also use regular files as containers. And again do the outer/inner container shtick with those.

Really, unless you are completely stupid when you use TC, there is no way for anyone to find what you do not want to be found.

Greetings,

Chris

ETA: BTW, they put this hidden container feature into TC exactly for that reason: That you are able to give a "harmless" password when forced to, while still having your sensitive data protected. Plausible deniability is the keyword here.
Click to expand...

I agree with almost everything you said. But using multiple algorithms is unessesary. AES 128 is perfectly fine. It will still take many times the age of the universe to brute force if a good password is used.
 
Gazpacho said:
The state typically is not going on a mere hunch that the data is present.
Click to expand...
... and, surprise surprise, that is exactly the case here! Because first, the government already has evidence that the defendant uses the computer in question (her name is on it) and second, they recorded a conversation in prison where she admitted knowing that there were encrypted incriminating materials on the computer. It was only after this that the government issued the data warrant. The judge has granted immunity with regard to the act of decrypting the drive:
THEREFORE, IT IS ORDERED as follows:
5. That the government SHALL BE precluded from using Ms. Fricosu’s act of production of the unencrypted contents of the computer’s hard drive against her in any prosecution"
Click to expand...


The Dark Lord said:
It doesn't matter if they know how TrueCrypt works. They cannot prove there is a hidden volume.
Click to expand...
They can if the defendant voluntarily reveals its existence.
 
BenBurch said:
I know how to make a password that decrypts the same file into different payloads. So, the crook just gives the skittles & beer password and they have nothing.
Click to expand...

Do you put the skittles in the beer or are they on the side? :p
 
You must log in or register to reply here.

Back
Top Bottom