NationStates Jolt Archive

This morning on the radio I was listening to a news story where a guy was being questioned by police, who were also trying to search his computer for evidence. Apparently he has a bunch of stuff on his computer that was stored in a password protected encryption, and the police were demansing the password from him.

He refused to tell them on the grounds that it would violate his right to remain silent so as not to incriminate himself.

On the one hand, you can draw an analogy to a locked trunk in his house. If the cops want they key and he won't provide it, they can break into the trunk without violating his rights (assuming they had a search warrant.)

On the other hand, they're apparently unable to break the encryption on his computer and so they have no viable way in without his providing the password, so the act of giving it to them would be like a waiver of his 5th Amendment right to not say anything-even if it's only that one word.

What do you think?

This morning on the radio I was listening to a news story where a guy was being questioned by police, who were also trying to search his computer for evidence. Apparently he has a bunch of stuff on his computer that was stored in a password protected encryption, and the police were demansing the password from him.

He refused to tell them on the grounds that it would violate his right to remain silent so as not to incriminate himself.

On the one hand, you can draw an analogy to a locked trunk in his house. If the cops want they key and he won't provide it, they can break into the trunk without violating his rights (assuming they had a search warrant.)

On the other hand, they're apparently unable to break the encryption on his computer and so they have no viable way in without his providing the password, so the act of giving it to them would be like a waiver of his 5th Amendment right to not say anything-even if it's only that one word.

What do you think?

I think that a suspect can not be legally required to aid in his own prosecution in any way. If they can't get into his computer, that's not his problem, and he is not obligated to say a word to them.

and he is not obligated to say a word to them.

Maybe he then best says: 'I wish to remain silent.' Or they might think he is a mute.

Maybe he then best says: 'I wish to remain silent.' Or they might think he is a mute.

Or he could just say "Oops - I seem to have forgotten my passphrase. Damn that bad memory of me".

I think that a suspect can not be legally required to aid in his own prosecution in any way. If they can't get into his computer, that's not his problem, and he is not obligated to say a word to them.

That seems reasonable to me. I think in this case the DA is pushing the locked trunk analogy, as well as appealing to emotion because the guy is sucpeted of posessing kiddie porn.

I'm somewhat surprised that in the high tech world we live in today this kind of thing isn't commonplace. I mean, don't tell me that everyone who downloads kiddie porn or whatever is too stupid to at least try and password protect it.

I'm somewhat surprised that in the high tech world we live in today this kind of thing isn't commonplace. I mean, don't tell me that everyone who downloads kiddie porn or whatever is too stupid to at least try and password protect it.
Probably. If you are stupid enough to get caught dealing in such stuff you are obviously too stupid to encrypt it. That's probably how you got caught in the first place.

That seems reasonable to me. I think in this case the DA is pushing the locked trunk analogy, as well as appealing to emotion because the guy is sucpeted of posessing kiddie porn.
The locked trunk analogy is perfect - they are welcome to crack the lock on his trunk without his approval or help. It's not his problem if his trunk and lock are made of titanium.

I'm on the side of free encryption. A person's password or encryption key is an item of information, and must be protected under their right to remain silent.

I'm afraid that's already been taken care of (http://www.heise-online.co.uk/security/Will-the-UK-Government-RIP-off-encryption-keys--/news/96850/) on this side of the pond.

Great stuff, eh?

Probably. If you are stupid enough to get caught dealing in such stuff you are obviously too stupid to encrypt it. That's probably how you got caught in the first place.

Hmmmm, this does make sense.

That seems reasonable to me. I think in this case the DA is pushing the locked trunk analogy, as well as appealing to emotion because the guy is sucpeted of posessing kiddie porn.

But that's just it, a suspect does not have to provide a key to the trunk. If he doesn't, the police however are free to break into it by whatever means they have at their disposal.

Just as they're free to break into his computer, by whatever means possible. A defendant is under no obligation to aid the prosecution in gathering evidence against him.

Aye, because encrypting your data is a particularly spiffing idea?

The fact that it makes it look like you're doing something dodgy isn't going to help you if you're taken into the station, and if you think that a home computer's encryption is incapable of being broken by a high-powered police or security service computer, then you're pretty stupid.

So, for some reason this department has NO computer experts that are capable of breaking his encryption?

Decent computer encryption is pretty hard to break in a short time. I assume they are not willing to wait months.

So, for some reason this department has NO computer experts that are capable of breaking his encryption?

I'm not sure if he should be required to give them his password. I think the locked trunk analogy is valid - but would he be required to give them his key?

Anyway, these cops should be able to find someone to hack his computer. That the local police department would not have the resources is plausible. However, the FBI should be able to do so. They have computer experts and stuff.

Only people who have something to hide use encryption :P

And is having something to hide something wrong per se ;) ?

And is having something to hide something wrong per se ;) ?
Well yes.

Well yes.

Really ?
Then gimme your pin and creditcardnumber please. Also tell your little daughter to remove the lock from her diary and to place it somewhere where everyone can read it.

After all, we would not wish to do something wrong by hiding stuff.

Only people who have something to hide use encryption :P

(Or uber-paranoid geeks.)

Would you like my gigs of encrypted hardcore porn? There's some really nasty shit in there... ;)

nah. Your music collection otoh...

Aye, because encrypting your data is a particularly spiffing idea?

The fact that it makes it look like you're doing something dodgy isn't going to help you if you're taken into the station, and if you think that a home computer's encryption is incapable of being broken by a high-powered police or security service computer, then you're pretty stupid.

It's a great idea. You can look as dodgy as you want, if the evidence they need ot convict you is on a computer, and they can't get into that computer, they can't convict you.

"Looking dodgy" isn't a crime.

Well yes.

bank account and social security number please.

What, have something to hide?

Really ?
Then gimme your pin and creditcardnumber please. Also tell your little daughter to remove the lock from her diary and to place it somewhere where everyone can read it.

After all, we would not wish to do something wrong by hiding stuff.
Yeah, fine, there are legitimate cases for keeping things quiet to the general public, but if the police have a warrant on you and you're keeping the encryption on your PC, and generally being an utter prick, then you forfeit your rights to keep your data encrypted.

Hopefully the FBI will find out whatever he's got on there and he'll get the crap beaten out of him for being a nonce, which he probably is if he's keeping all this stuff secret.

Really ?
Then gimme your pin and creditcardnumber please. Also tell your little daughter to remove the lock from her diary and to place it somewhere where everyone can read it.

After all, we would not wish to do something wrong by hiding stuff.

Would you like my gigs of encrypted hardcore porn? There's some really nasty shit in there... ;)

I'll ask my law teacher but probably not.

I'm afraid that's already been taken care of (http://www.heise-online.co.uk/security/Will-the-UK-Government-RIP-off-encryption-keys--/news/96850/) on this side of the pond.

Great stuff, eh?

According to that article, a person can be imprisoned for 2-5 years for not giving the password. In the U.S., you can get up to 20 years for posessing certain kinds of illegal content, so the trade-off seems worth it.

According to that article, a person can be imprisoned for 2-5 years for not giving the password. In the U.S., you can get up to 20 years for posessing certain kinds of illegal content, so the trade-off seems worth it.
If he's tempted to go to prison for five years (although note that the article was on UK law), then it's worth the FBI cracking the encyption to get him in for twenty-five.

That his local police authority might have some trouble with his PC is fair enough, the FBI have people who break encryption for a living, so they'll get through to whatever his PC is holding eventually.

Aye, because encrypting your data is a particularly spiffing idea?

The fact that it makes it look like you're doing something dodgy isn't going to help you if you're taken into the station, and if you think that a home computer's encryption is incapable of being broken by a high-powered police or security service computer, then you're pretty stupid.

But looking dodgy is irrelevant. The reason those rights exist is to protect the citizenry from corruption by Government officials or personal grudges. That puts the onus of 'looking good' on the police, not the citizen.

So, for some reason this department has NO computer experts that are capable of breaking his encryption?


Anyway, these cops should be able to find someone to hack his computer. That the local police department would not have the resources is plausible. However, the FBI should be able to do so. They have computer experts and stuff.


Hopefully the FBI will find out whatever he's got on there and he'll get the crap beaten out of him for being a nonce, which he probably is if he's keeping all this stuff secret.

Well here's the thing, guys.

Data encryption isn't about ABSOLUTE Security. Given enough time, any encryption can be cracked. The idea behind computer security is to force the intruder to take enough time that doing so becomes implausible. For example, some encryption schema can take tens of thousands of years to crack by even the most sophisticated computers available.

If he's tempted to go to prison for five years (although note that the article was on UK law), then it's worth the FBI cracking the encyption to get him in for twenty-five.

That his local police authority might have some trouble with his PC is fair enough, the FBI have people who break encryption for a living, so they'll get through to whatever his PC is holding eventually.

In a case like this, the FBI is unlikely to get involved due to jurisdiction. As I understand the case (and I could be wrong) there's no interstate trafficking of material and so it would only go as high as the state level. The FBI is Federal.

Yeah, fine, there are legitimate cases for keeping things quiet to the general public, but if the police have a warrant on you and you're keeping the encryption on your PC, and generally being an utter prick, then you forfeit your rights to keep your data encrypted.

You seem to be confusing the issue. Since the police have the warrant they have every right to try and break the encryption. The point is, they think the accused has to provide them with the password. He does not, for the same reason he wouldn't have to provide them with a key to his hypothetical safe.

But that's just it, a suspect does not have to provide a key to the trunk. If he doesn't, the police however are free to break into it by whatever means they have at their disposal.

Just as they're free to break into his computer, by whatever means possible. A defendant is under no obligation to aid the prosecution in gathering evidence against him.

Yes, but they need a warrant first. But the real question is what if they cannot get that encryption code without him telling them, does he then have to give it up?

The locked trunk analogy is not valid. They can break into his house to get his key, they can't force him to reveal where in the house to find it.

His passwords are his. If the pigs can't hack very well, too bad too sad for them.

Yeah, fine, there are legitimate cases for keeping things quiet to the general public, but if the police have a warrant on you and you're keeping the encryption on your PC, and generally being an utter prick, then you forfeit your rights to keep your data encrypted.

Except, you know, not. Unless you can tell me where in the constitution it says that.

Hopefully the FBI will find out whatever he's got on there and he'll get the crap beaten out of him for being a nonce, which he probably is if he's keeping all this stuff secret.

And then he sues the cops and wins millions.

You see, I don't know what it's like in the little fantasy realm you like to pretend exists, but here in the "real world", people have these things called "rights". and those "rights" exist, even when the policy say you did something bad.

Because, believe it or not, the police saying you did something bad isn't enough, they have to prove you've been bad. And you don't have to help them do that.

Yes, but they need a warrant first. But the real question is what if they cannot get that encryption code without him telling them, does he then have to give it up?

no. He doesn't have to do a damned thing. It's that whole "right to remain silent" bit. A suspect can not be compelled to give information that would be used in furtherance of his prosecution. He doesn't have to say shit, and they can't make him.

If he's tempted to go to prison for five years (although note that the article was on UK law), then it's worth the FBI cracking the encyption to get him in for twenty-five.

That his local police authority might have some trouble with his PC is fair enough, the FBI have people who break encryption for a living, so they'll get through to whatever his PC is holding eventually.

I'm not an expert or anything, but as I understand there only way for a person to break an encryption today is essentially to guess the password. It could well be that the FBI has people who would be experts at human psychology and could make a better guess than the local cops, but failing that all they can do is hook it up to a damned powerful computer and brute force it, that is try every possible combination of allowable characters.

The locked trunk analogy is not valid. They can break into his house to get his key, they can't force him to reveal where in the house to find it.

His passwords are his. If the pigs can't hack very well, too bad too sad for them.

It is valid if you consider that he may have written the password down somewhere.

If they can't find the key to the box, they can try and break it open.

If they can't find the password, they can try and crack it.

Decent computer encryption is pretty hard to break in a short time. I assume they are not willing to wait months.

Tough shit for them then.

Tough shit for them then.

Which brings up the question: Could the police take the computer and wait the few months until they can brute force it and then press charges(assuming they find anything incriminating)?

Which brings up the question: Could the police take the computer and wait the few months until they can brute force it and then press charges(assuming they find anything incriminating)?

Probably. Of course, they cannot hold the guy that long.

I'm not an expert or anything, but as I understand there only way for a person to break an encryption today is essentially to guess the password. It could well be that the FBI has people who would be experts at human psychology and could make a better guess than the local cops, but failing that all they can do is hook it up to a damned powerful computer and brute force it, that is try every possible combination of allowable characters.

From my limited knowledge of the law I would think that it would be acceptable as long as the related case remains open.

I don't know what software the guy was using, but like I said, a good encryption scheme can literally take millenia to crak, even with a supercomputer.

Which brings up the question: Could the police take the computer and wait the few months until they can brute force it and then press charges(assuming they find anything incriminating)?

From my limited knowledge of the law I would think that it would be acceptable as long as the related case remains open.

From my limited knowledge of the law I would think that it would be acceptable as long as the related case remains open.

sorta yes sorta no, under law they only have a limited time from once charges are brought to indict him, if they can't get sufficient evidence to indict by the time required by law....well...too bad.

If they merely got a warrant for the computers, and broke into them some time later, and arrested them, then ok, but if they already arrested him...clock ticking.

From my limited knowledge of the law I would think that it would be acceptable as long as the related case remains open.

Or the Statute of Limitations runs out. If they don't charge him by then, they're SOL, and if they can't get into his computer to get evidence to convict him, well you see their problem.

It depends. If the cops had a search warrant, they're entitled to the password. If they don't, then they don't get the password either.

No. As stated before, if they can't find it themselves, they're out of luck. He doesn't have to give them anything that could further his prosecution: the key to the front door, the combination to the safe, the password to his computer, nothing.

Of course, the police, if they have a warrant, are free to just break the lock if they have to. But that's the problem here, lock's too tough.

I don't know what software the guy was using, but like I said, a good encryption scheme can literally take millenia to crak, even with a supercomputer.

A functional quantum computer will probably be developed within the next twenty years. While those are pretty useless for most applications they will be quite good at codebreaking. Excessively good even; making most of the current algorithms obsolete. Banks are somewhat unhappy about that.

But true - a paranoid pedophile probably added more than just some basic encryption to his system.

From my limited knowledge of the law I would think that it would be acceptable as long as the related case remains open.

I can't recall hearing of anything that would necessarily prevent it. Though if I were that guy (and I actually had something illegal on that computer) I'd leave the country while the cops dicked around for months. Probably to Cuba.

This morning on the radio I was listening to a news story where a guy was being questioned by police, who were also trying to search his computer for evidence. Apparently he has a bunch of stuff on his computer that was stored in a password protected encryption, and the police were demansing the password from him.

He refused to tell them on the grounds that it would violate his right to remain silent so as not to incriminate himself.

On the one hand, you can draw an analogy to a locked trunk in his house. If the cops want they key and he won't provide it, they can break into the trunk without violating his rights (assuming they had a search warrant.)

On the other hand, they're apparently unable to break the encryption on his computer and so they have no viable way in without his providing the password, so the act of giving it to them would be like a waiver of his 5th Amendment right to not say anything-even if it's only that one word.

What do you think?

It depends. If the cops had a search warrant, they're entitled to the password. If they don't, then they don't get the password either.

It depends. If the cops had a search warrant, they're entitled to the password. If they don't, then they don't get the password either.

They're entitled to look for it. If they can't find it, the accused isn't required to give it to them.

He must have used a password that is possible to remember, they'll just have to brute force it. My PC can calculate just over 4 million sha1 hashes per minute (sha1 is sometimes used to store passwords in databases). I don't know how many times longer it takes to test passwords on encrypted data but they should have the computer power to test at least a million passwords per minute.

He must have used a password that is possible to remember, they'll just have to brute force it. My PC can calculate just over 4 million sha1 hashes per minute (sha1 is sometimes used to store passwords in databases). I don't know how many times longer it takes to test passwords on encrypted data but they should have the computer power to test at least a million passwords per minute.

From what I'm aware a lot of dedicated cracking equipment relies on getting a whole buckload of FPGAs to play nicely with each other. A single FPGA is basically a chip that can do whatever you want it to do. It can be a CPU, GPU, or 555 timer chip if you really wanted, and in some cases can be reprogrammed in-situ to be something completely different. Now fit a couple of hundred on a board and get them to be dedicated cracking processors (with however many cores each as you have gates to spare), and I imagine you could brute force a simplish password in seconds, let alone years. Not many people have (say) a 4 kilobit password of random characters.

That said are there any actual cryptologists in the crowd? :P

I'm given to understand that freely avalible encryption software, which can be got off TEH INTERWEBZ, would, given some of the governments most powerful codebreaking computers, were they wholly dedicated to the task, would take about a week to break open, depending on password strength and the like. A 12-character case sensitive password made up of a random combination of letters and numbers would take quite a long time to break, even with a very powerful computer trying to brute-force it, and there are security measures against brute-force hacks now anyway.
Thats IF the government was willing to divert itself from checking up on the Ruskies and Chinamen long enough to focus on a single person looking at kiddie porn.
What the police and FBI have doesnt come anywhere close to the CIA/NSA's toys.

Hmm, I believe what this shows is that the 5th amendment is outdated. My interpretation of laws such as the right to remain silent is that the a person cannot be forced to answer certain questions that would directly further the case for prosecution. Such as 'did you do it?', 'where was you the night of the murder?', 'you hated the victim because of whatever, didn't you?', and so on.

Generally, you should not be required to give up any item or piece of information that could be used in a court of law against you. Since the key to a chest or an encryption key are not evidence in and of themselves - this means that you should be required to give them up.

However, like the UK law states, you could always claim not to have the key or to have forgotten it. In which case it would be up to the police to prove you were lying to them. eg. the file was last modified a few days before the person was arrested.

Or then there's my other evil idea - a defendant can be held without trial while a judge accepts that the police still have evidence to process and have not yet had reasonable time to process the evidence. So, if it takes about 1,000 years to brute force the encryption on your file then you can be held without trial for 1,000 years.

Of course he should have to give them the password.

He's withholding information that would incriminate himself, so as long as he prevents the investigation advancing he's in the clear and is getting away with it when he's clearly doen something wrong.

Of course he should have to give them the password.

He's withholding information that would incriminate himself

You do realize that's the entire point of the 5th amendment right?

Hmm, I believe what this shows is that the 5th amendment is outdated. My interpretation of laws such as the right to remain silent is that the a person cannot be forced to answer certain questions that would directly further the case for prosecution. Such as 'did you do it?', 'where was you the night of the murder?', 'you hated the victim because of whatever, didn't you?', and so on.

Except your interpretation is..well...wrong.

Miranda is quite clear. You don't have to tell the police shit. Not one word, not a "yes", not a "no", not one word, not one gesture. You don't have to say a damned thing.


Or then there's my other evil idea - a defendant can be held without trial while a judge accepts that the police still have evidence to process and have not yet had reasonable time to process the evidence. So, if it takes about 1,000 years to brute force the encryption on your file then you can be held without trial for 1,000 years.

Also entirely illegal under the 6th amendment right to a speedy trial

A functional quantum computer will probably be developed within the next twenty years. While those are pretty useless for most applications they will be quite good at codebreaking. Excessively good even; making most of the current algorithms obsolete. Banks are somewhat unhappy about that.

I'm pretty certain that those same computers will be used to generate yet more complex encryptions. Encryption is always likely to stay ahead of decryption.

A 12-character case sensitive password made up of a random combination of letters and numbers would take quite a long time to break,
Yeah, it can. But the chance a password is actually random is extremely, extremely low. Unless they used something to generate it, people are going to use passwords they can remember, thus they will all follow a certain pattern and be somehow related to the person, and each other. If they want to crack his password, they should look around his office to see what he has and check his computer for other saved passwords.

Cops should take a copy of his encrypted volumes and give the guy his computer back. I don't care if it's kiddy porn or his plans for a world-destroying death ray, if he's taken steps to keep the information to himself then I don't see any crime in the possession of it.

I'm reminded of the case of the "lyrical terrorist" who was charged with possession of prohibited material (terrorist literature) despite having made no attempt to make it available to others, and arguably not having wred it herself.

This is the case we're talking about, right?

Washington Post 15 jan '08 (http://www.washingtonpost.com/wp-dyn/content/article/2008/01/15/AR2008011503663.html)

Dumb-fuck Homeland Security 'expert' turned the computer off, thus dismounting the encrypted partition. That amounts to mishandling of evidence and he should now do a stint on the border, checking the registration plates of migrating moose.

Honestly, this isn't the "ticking bomb" scenario, this is a blatant bungle by police and there's no way a court should bail them out by breaking the Fifth. What a laugh!

On the other hand, they're apparently unable to break the encryption on his computer and so they have no viable way in without his providing the password, so the act of giving it to them would be like a waiver of his 5th Amendment right to not say anything-even if it's only that one word.

What do you think?

Well, if the cops hired a teenage hacker he/she would be into the password protected files in 15 minutes or less. :p

If he's tempted to go to prison for five years (although note that the article was on UK law), then it's worth the FBI cracking the encyption to get him in for twenty-five.

That his local police authority might have some trouble with his PC is fair enough, the FBI have people who break encryption for a living, so they'll get through to whatever his PC is holding eventually.

And won't they look like utter morons if all he's encrypted ARE his credit card #s, ss#, and other personally identifying information.

Criminals and terrorists are using "relatively inexpensive, off-the-shelf encryption products,"
THEN GO FUCKING BUY SOME. If a product can encrypt something, the same product decrypts it. If it didn't, it would be damn useless software.

John Miller is a god damn dipshit and apparently the whole of the FBI's crack computer squad needs to sit in on a meeting given by a teenager.

I bet it would take anyone with common sense 5 minutes to "crack" his password that has dumbfounded the FBI for a year.

And won't they look like utter morons if all he's encrypted ARE his credit card #s, ss#, and other personally identifying information.

His attitude is exactly the attitude I will take.

If the court compels me to give the keys to my encrypted folder, I will tender the contents to the court if the prosecution will not.

Free publishing, I call that. My first draft was so horribly boring and self-indulgent, that I was protecting the delicate sensibilities of hackers and government agents from its turpitude.

But since, by the power of law, y'all insist on reading it ... here, on the public record, is half a meg of BAD POETRY :D

I think the government should be able to compel people to give passwords if a judge has issued a search warrant for a computer and its encrypted. I'm guessing that when a search warrant is issued for a house or safe the owner is obligated to unlock said object. I take this to be the case since if the suspect isn't cooperative and force is needed to open said object to inspection the executer of the search warrant isn't liable for damages.

I think the government should be able to compel people to give passwords if a judge has issued a search warrant for a computer and its encrypted.

Then you and I disagree.

I find a person's computer to be an extension of their mind. A folder (partition, etc) which they have specifically and with a sacrifice of effort made their personal business is nothing less than a part of their personal knowledge. A part of their mind, and not subject to "search."

Then you and I disagree.

I find a person's computer to be an extension of their mind. A folder (partition, etc) which they have specifically and with a sacrifice of effort made their personal business is nothing less than a part of their personal knowledge. A part of their mind, and not subject to "search."

Well when computers literally become extensions of our minds (http://en.wikipedia.org/wiki/Exocortex) I'll be caught in a quandry, but until then I find that computers, like homes and diaries, even if in some ways extensions of someone's self they are still legitimate items for a search warrant.

I'm pretty certain that those same computers will be used to generate yet more complex encryptions. Encryption is always likely to stay ahead of decryption.

Correct - but it does mean that encryption used now will probably not be unbreakable for "centuries to come" despite the bold claims of some software makers.

And won't they look like utter morons if all he's encrypted ARE his credit card #s, ss#, and other personally identifying information.

If he is very clever that is all he has to show the cops. Many encryption programs allow "hidden volumes" on encrypted drives. He could then give a password that decrypts the drive to show all those financial records and personal numbers but not the porn - without the police being able to prove there is more information hidden on the drive. An encrypted drive after all is always completely filled with random data; so there is no way to tell how big all the files on it should be.

(Of course, having two word documents on a 500 gig drive would be suspicious - but unless the cops find the second decryption code they cannot prove more encrypted files exist. If the man has a few word documents and a few dozen pirated normal movies on the "public" encrypted drive he even has plausible deniability)

Except your interpretation is..well...wrong.No, but perhaps my interpretation is different to the one used in the US courts. If I'd said 'the US judicial interpretation is...' then you'd be correct.
Miranda is quite clear. You don't have to tell the police shit. Not one word, not a "yes", not a "no", not one word, not one gesture. You don't have to say a damned thing.Have you ever considered that the law, though it needs to be applied fairly, could be ineffective because of zealous interpretations of the law that promote injustice without actually reducing injustice elsewhere.
Also entirely illegal under the 6th amendment right to a speedy trialIt could be argued that by refusing to help with access to data that the police already have in their possession a defendant is upholding the process of getting to trial and therefore waiving their right to a speedy trial.

Besides, I never said it was legal or illegal, just evil.

I suppose what you could also do is to present, as circumstantial evidence, the fact that the defendant has a large amount of encrypted data which they do not wish to allow the courts access to. The defendant should not then be allowed to rely on using a decryption of the encrypted data as a defence during trial. Or if you believe they should be allowed to do so then the defendant should be made to pay for the wasting of police and court time that could have easily been saved had the data been decrypted earlier.

I think that a suspect can not be legally required to aid in his own prosecution in any way. If they can't get into his computer, that's not his problem, and he is not obligated to say a word to them.This makes a lot of sense. My first thought was that he should provide unencrypted versions of the files they want; but really, if he has the right to remain silent, then he has no obligation to do even that.

Data encryption isn't about ABSOLUTE Security. Given enough time, any encryption can be cracked. The idea behind computer security is to force the intruder to take enough time that doing so becomes implausible.It depends on the type of encryption. If you encrypt a text with a random bitstring of the same length, then there is no way to crack it. Because the original might be any bitstring of that length that makes any sense (and even ones that don't, because you don't know if it's padded or has secondary levels of encryption). Of course, the problem for the encrypter is that he now has to remember a key as large as the text he encrypted.

For example, some encryption schema can take tens of thousands of years to crack by even the most sophisticated computers available.That's what they want you to think ;)

A functional quantum computer will probably be developed within the next twenty years. While those are pretty useless for most applications they will be quite good at codebreaking. Excessively good even; making most of the current algorithms obsolete. Banks are somewhat unhappy about that.Quantum computing would also, at the same time, provide fundamentally unbreakable security; and banks are pretty happy about that.
I'm not optimistic they'll have a quantum computer within 20 years though. And even then, not all encryption schemes are immediately obsolete. The biggest problem lies with the prominent encryption schemes that rely on prime factoring being excessively hard, because quantum computing makes this problem easy. But if you can physically hand someone a terabyte of random bits (so it isn't intercepted), then you can transmit large amounts of data, perfectly safely, with 0 chance of it being cracked. Just xor your data with a range of bits in the 'key', send it over and tell him which range to use to decrypt it. As far as anyone in between is concerned, the data can be any bitstrong of the same length.

He must have used a password that is possible to remember, they'll just have to brute force it.I'm fairly good at remembering completely random passwords exceeding 10 characters.. And there's no reason why you can't append two passwords to form a longer one.

If a product can encrypt something, the same product decrypts it. If it didn't, it would be damn useless software.But you usually need a password for that; the software provides the encryption scheme, not the key.

Well when computers literally become extensions of our minds (http://en.wikipedia.org/wiki/Exocortex) I'll be caught in a quandry, but until then I find that computers, like homes and diaries, even if in some ways extensions of someone's self they are still legitimate items for a search warrant.Actually, a very valid case can be made that computers, and cellphones, and even paper notebooks, are all already, literally, extensions of our mind. Consider for example the range fo cognitive tasks you need a computer to accomplish; and the extend to which you rely on your cellphone to remember things (like phone numbers). Andy Clark and David Chalmers (two renowned philosophers of mind) have written a book on the subject, called, appropriately, "the extended mind".

Well when computers literally become extensions of our minds (http://en.wikipedia.org/wiki/Exocortex) I'll be caught in a quandry, but until then I find that computers, like homes and diaries, even if in some ways extensions of someone's self they are still legitimate items for a search warrant.

Homes yes, diaries no.

A home is private property, it deserves some protection from search (beyond say the privacy of one's pockets in public) but this "protection" from self-incrimination could easily be misused. The clothes of a murder victim (or indeed their very corpse) could be held on private property, the only evidence which would prove a murder. That this evidence was physically within a person's private property would not entitle them to withhold it (by the Fifth.) It is material evidence, not evidence of intent.

(I would like to add that I believe there is some parallel of privacy, a right-to-know if you will, which should prevent the government or any other party searching a person's private property without their knowledge. Yes, search on a court order, to gather evidence ... but charge or not, that person must eventually be informed of that. It's like habeas corpus, for privacy. Without that, there is a presumption of no-privacy, guilty or not ... just as, with the removal of habeas corpus, there is a presumption of no-physical-liberty. From the presumption follows the fact: nothing is private.)

But the diary is a different matter. A diary is an aid to memory, not a place to store stuff. Can one "hide" incrimidating evidence by writing it in a diary? Pah.

A diary is a very personal thing, I would uphold a person's right to encrypt their diary to "hide" it from others ... no matter what heinous crime they were accused of, I would hold their diary to be nothing more or less than the contents of their own mind, and as such entirely within the bounds of "testimony against themselves." They tender it is evidence IF and ONLY IF they so choose.

Neither a diary nor an encrypted volume of porn is "speech to others" and as such is not subject to accusations of conspiracy or incitement to commit a crime.

If this man distributed child porn, let him be charged for it. If he thought a million dirty thoughts, let him go free.

From what I'm aware a lot of dedicated cracking equipment relies on getting a whole buckload of FPGAs to play nicely with each other. A single FPGA is basically a chip that can do whatever you want it to do. It can be a CPU, GPU, or 555 timer chip if you really wanted, and in some cases can be reprogrammed in-situ to be something completely different. Now fit a couple of hundred on a board and get them to be dedicated cracking processors (with however many cores each as you have gates to spare), and I imagine you could brute force a simplish password in seconds, let alone years. Not many people have (say) a 4 kilobit password of random characters.

That said are there any actual cryptologists in the crowd? :P

I'm not a professional, but I know more about it than most. For a start, it is not as simple as: Buy program, decrypt. One of the greatest strengths of most modern systems is that the algorithms are public knowledge, as is (for asymmetric systems) the encryption key. Even from this, you cannot calculate the decryption key. The general public have access to the same encryption schemas used by the NSA, often developed with the help of aforesaid agencies.

It cannot be done by brute force (in a reasonable length of time). You need the private key, which is probably 2048bit for security. It is theoretically breakable, with either quantum computers or a massive advance in mathematics. It is also theoretically possible that agencies such as the NSA have the relevant items. However, presuming they do, they wouldn't use it on a small fellow such as this guy.

A way of reliably and rapidly cracking public key crypto would be worth billions, and giving away that you've done it is a stupid idea.

Anyway, the weakpoint of this fellow's system is the password, but if the design of the program is good, it'll be able to help minimise the risk there. So let them try to crack it, if they can.

In the US you always have the right to NOT consent to a search. By extension it can be argued that you also have the right to not aid in any search being done without your consent.

*snip stuff I'm not replying to*

A way of reliably and rapidly cracking public key crypto would be worth billions, and giving away that you've done it is a stupid idea.

Open development of algorithms and implementations is reliable precisely because some people will do this "stupid" thing.

If I knew a simple crack for AES, I wouldn't be taking the millions (or billions) from whatever russian cracker would pay for it, I'd just be posting an "er, I don't know if anyone has thought of this yet, but ..." post to one of the development channels.

It's not "stupid" to do the right thing instead of making billions by aiding criminals. It's just the plain-out right thing to do.

Nor is it "good business practice" to leverage that knowledge by advising for a fee, while people get ripped off by criminals and killed by oppressive regimes who have broken their encryption.

You come right out and say what's wrong with the strong encryption. Naive, yes but not stupid.

Anyway, the weakpoint of this fellow's system is the password, but if the design of the program is good, it'll be able to help minimise the risk there. So let them try to crack it, if they can.

He was driving a car with an encrypted volume mounted. That sounds kinda dumb to start with ... like, who watches porn while driving?
He could have taken the battery out while handing it to the cop (oops!), or busted the laptop over his knee.
I'm thinking, this is an easy-going not-so-bright guy who picked a simple password he can remember.

And again, no sympathy for the Homeland Security doob who turned the computer off. Courts make no allowance for criminals who fuck up, nor should they for law enforcement officers. Bungle, no conviction ... that's the way it goes.

But you usually need a password for that; the software provides the encryption scheme, not the key.
As explained, nothing is truly random. Unless he has something that specifically generates random passwords, it is not a truly random password because if he just made up a completely random password, he either wrote it down, or forgot it.

I find a person's computer to be an extension of their mind. A folder (partition, etc) which they have specifically and with a sacrifice of effort made their personal business is nothing less than a part of their personal knowledge. A part of their mind, and not subject to "search."

Wouldn't that effectively give them the opportunity to completely hide all evidence related to certain crimes? And, of that matter, couldn't I also argue that any of my personal documents are also an extension of my mind and immune to any kind of search?

Basically, I could hide a colossal amount of criminal activity using this single defense.

Open development of algorithms and implementations is reliable precisely because some people will do this "stupid" thing.

If I knew a simple crack for AES, I wouldn't be taking the millions (or billions) from whatever russian cracker would pay for it, I'd just be posting an "er, I don't know if anyone has thought of this yet, but ..." post to one of the development channels.

It's not "stupid" to do the right thing instead of making billions by aiding criminals. It's just the plain-out right thing to do.

Nor is it "good business practice" to leverage that knowledge by advising for a fee, while people get ripped off by criminals and killed by oppressive regimes who have broken their encryption.

You come right out and say what's wrong with the strong encryption. Naive, yes but not stupid.

<snip stuff I'm not replying to>

Okay, consider the fact that this knowledge isn't public. Therefore it is developed in secret or it isn't.

If the second, all communication is safe for practical lengths of time.

If the first, however, then it is probably possessed by the NSA, GCHQ, or a similar organisation. It is a massive strategic advantage to be able to break the strongest cipher of the day. Just look at what happened when the Brits could break Enigma, and before that, when they could crack Vigenere. They didn't publicise it, they kept it a secret, because the information asymmetry is a massive advantage.

If public key crypto has been broken, then whatever security agency possesses the method will not be releasing it, because while they are the only ones who know it, they have a massive advantage over all their competitors. We're talking about the same systems that encrypt most government traffic, if the US know how to break that they won't be letting on. Therefore they wouldn't use a method on a guy like this, simply because it's not worth it for them. Plus side --- they catch one criminal. Minus side --- every other government in the world knows to change systems.

Does this make sense?

Homes yes, diaries no.

I don't think the founding fathers intended diaries to be exempt from law-fully gained search and seizure and I also believe the idea that most people would computers, diaries and the like counterintuitive. How will you persuade the unbelievers?

As explained, nothing is truly random.And as someone has undoubtedly explained, that doesn't make cracking it trivial, nor easy, nor even doable. Just because it isn't "truly random" that does not make it predictable.
If someone takes the first letter of every word of a sentence or two, good luck figuring out what the password is.

Here, a sha1 hash: 956c8eb19622bbe91fb2dad74ecba217a3ae83a4
Give it a shot.

Unless he has something that specifically generates random passwords, it is not a truly random password because if he just made up a completely random password, he either wrote it down, or forgot it.Well, I don't know how good the person in question is at remembering stuff, but I for one don't have much of a problem remembering random passwords.

Wouldn't that effectively give them the opportunity to completely hide all evidence related to certain crimes?

Sure! But a person has to opt-in by encrypting their own data, and most people will still take the "nothing to hide" approach.

Those people, who leave their data on their disk however their operating system defaults to do so, opt out of the Fifth.

Your choice. Your informed choice.

The Fifth Amendment always favoured the better-informed and the better-represented. This just raises the stakes.

Hell, take it right uptown and claim the DMCA. "I encrypted it to protect my intellectual property, by even trying to crack it my adversary has broken the law."

And, of that matter, couldn't I also argue that any of my personal documents are also an extension of my mind and immune to any kind of search?

Basically, I could hide a colossal amount of criminal activity using this single defense.

As I could hide criminal activity by selling the things I stole to a guy in a pub I'd never visited before. Or by burning the clothes of the prostitute I kidnapped. Or dissolving her body in acid and flushing it down the sewer.

But use my computer to conceal evidence which exists only on that computer? You'd ban that?

Now what I want to know, is: would you prevent me from destroying evidence by putting my hard disk in a removable caddy, and when the cops come knocking pull the HD out and start hitting it with the sledge-hammer I keep beside the computer, on the anvil I have in my room? For one or two minutes until the cops get past my office door?

And if so, how? How do you write that law?

Now what I want to know, is: would you prevent me from destroying evidence by putting my hard disk in a removable caddy, and when the cops come knocking pull the HD out and start hitting it with the sledge-hammer I keep beside the computer, on the anvil I have in my room? For one or two minutes until the cops get past my office door?


Wouldn't it be easier to just run a makeshift electromagnet over the caddy?

1. Take a copy of Truecrypt
2. Create an encrypted partition with triple-encryption algorithm encryption (so if one of the algorithms used is proved to be crackable, the volume remains encrypted.)
3. Create a hidden volume on the partition you have just created
4. Generate a 64 ascii character password with passwordmaker.org (For this to be secure you need to be able to use easy to remember but hard to guess variables, otherwise use as long passwords as you can remember)

Result = Good Luck Police/MI5/FBI/whoever.

The fact is the very nature of plausible deniability offered in this software makes the debate moot, until such time as cracking all these algorithms becomes easy.

1. Take a copy of Truecrypt
2. Create an encrypted partition with triple-encryption algorithm encryption (so if one of the algorithms used is proved to be crackable, the volume remains encrypted.)
3. Create a hidden volume on the partition you have just created
4. Generate a 64 ascii character password with passwordmaker.org (For this to be secure you need to be able to use easy to remember but hard to guess variables, otherwise use as long passwords as you can remember)

Result = Good Luck Police/MI5/FBI/whoever.

You forgot step 5:
5. Put some shady/private but not illegal material on the part of the encrypted partition that is not the hidden volume.

That is when you have plausible deniability ;)

You forgot step 5:
5. Put some shady/private but not illegal material on the part of the encrypted partition that is not the hidden volume.

The Apocrypha.

"Well, I heard it was sort of like the Bible, but all the bad bits.
I didn't really read it, honest!
But I kept it because when I tried to google Apocrypha my computer crashed.
And then you kicked in the front door!
I wasn't doing anything bad, honest! Only Satan told me it was really part of the Bible, but I didn't read it, honest!"

That is when you have plausible deniability ;)

;)

Just out of curiosity, does anyone here doubt AES?

I mean doubt, in the sense "it's a conspiracy by the NSA to create a weak algorithm and employ lots of smart people to cover the flaws" ?

It seems to me the cryptographers are quite serious, and they're quite serious about using a public process to develop and test an encryption standard.

So, is AES what it is meant to be?

This morning on the radio I was listening to a news story where a guy was being questioned by police, who were also trying to search his computer for evidence. Apparently he has a bunch of stuff on his computer that was stored in a password protected encryption, and the police were demansing the password from him.

He refused to tell them on the grounds that it would violate his right to remain silent so as not to incriminate himself.

On the one hand, you can draw an analogy to a locked trunk in his house. If the cops want they key and he won't provide it, they can break into the trunk without violating his rights (assuming they had a search warrant.)

On the other hand, they're apparently unable to break the encryption on his computer and so they have no viable way in without his providing the password, so the act of giving it to them would be like a waiver of his 5th Amendment right to not say anything-even if it's only that one word.

What do you think?He has the right not to provide evidence incriminating him. The cops are allowed to ask for the password, but that's about it. If the cops have a search warrant, they can break into his trunk/computer. If they lack the tools to do so, that's not the suspects fault.

He has the right not to provide evidence incriminating him. The cops are allowed to ask for the password, but that's about it. If the cops have a search warrant, they can break into his trunk/computer. If they lack the tools to do so, that's not the suspects fault.

You, me and Neo Art are together on this one.

Destroying evidence may or may not be a crime (I tend towards not, if the destruction is not itself a crime, eg hacking or forgery, unless it is on behalf of another, which is the concealment of a crime. It is presumed that any criminal has concealed the evidence of their own crime.)

But the password to an encrypted volume is knowledge CREATED by the person who encrypted it, and if revealing that discloses evidence against themselves, it amounts to revealing evidence and should be protected by the Fifth.

Where you might not agree is this further step I take: if you try to protect the evidence in a lame and pathetic way (eg, a Windows login password) you should have the same protection. That's the DMCA, and if it doesn't apply to an individual in the use of their computer which they bought, running software they have a legal right (bought or freely granted), then it sure as hell doesn't apply to software (or 'media') running on that computer.

And won't they look like utter morons if all he's encrypted ARE his credit card #s, ss#, and other personally identifying information.
Absolutely. You'd have thought that they'd have some level of proof if they want to decrypt his files, though.

Aye, because encrypting your data is a particularly spiffing idea?

The fact that it makes it look like you're doing something dodgy isn't going to help you if you're taken into the station, and if you think that a home computer's encryption is incapable of being broken by a high-powered police or security service computer, then you're pretty stupid.

1) Whole drive encryption is becoming common place already specialy in the world of portable media and machines and theft of data being a possibility (I know several universities and almost all medical organizations in the area investing in these technologies for all laptops that contain their data including home or "rented" computers" of employees

2) "Home computer" encryption by someone who knows what they are doing and spends some time doing researching IS relitivly secure, and with some methods it is pretty safe from anything the police are likly to bring to bare on it.

2) "Home computer" encryption by someone who knows what they are doing and spends some time doing researching IS relitivly secure, and with some methods it is pretty safe from anything the police are likly to bring to BARE on it.

Oh yeah? Are you SURE that no cop is going to try to same trick you did with the fingerprint recognition device?

He has the right not to provide evidence incriminating him. The cops are allowed to ask for the password, but that's about it. If the cops have a search warrant, they can break into his trunk/computer. If they lack the tools to do so, that's not the suspects fault.
That's a particularly stupid law in my opinion, but there we go.

Oh yeah? Are you SURE that no cop is going to try to same trick you did with the fingerprint recognition device?

You would have incorrectly implemented a biometric encryption scheme then ... its always "something you have and something you know" Same with smart devices

A functional quantum computer will probably be developed within the next twenty years. While those are pretty useless for most applications they will be quite good at codebreaking. Excessively good even; making most of the current algorithms obsolete. Banks are somewhat unhappy about that.

But true - a paranoid pedophile probably added more than just some basic encryption to his system.

Then the banks are not thinking ... the possibilites created by quantum computers have the ability to generate and realistically use algorythems that are not in place. Its Just another arms race with both sides ramping it up to a new level again.

That's a particularly stupid law in my opinion, but there we go.

I love the Fifth, because it is internally consistent.


Person has committed a crime. Therefore they are a hostile witness, and while still obliged not to lie, are not expected to co-operate.

Person is quite certain they have not committed a crime, and trusting the justice system is open in answering all questions.


(the thing about not incrimidating a spouse is utter crap though.)

See, the great thing about it is that the witness (when they may incriminate themselves, so usually the defendant) has to choose between possibly incrimidating themselves, or looking shifty by not taking that chance.

Without that, the choice is "incriminating themselves" or Perjury. Without the Fifth, a person could be found guilty to "lying to protect theirself" even when their lie was irrelevant since they were not found guilty of the crime.

Now, where you and I would probably disagree is that I think DNA evidence should be inadmissible, since it is (by definition of DNA) a part of the person, and should therefore not be admissible in evidence against the rest of that person, without their explicit consent..

Luckily for yall, I ain't no constitutional lawyer!

===============

You would have incorrectly implemented a biometric encryption scheme then ... its always "something you have and something you know" Same with smart devices

I do like the smart devices. Particularly when they initiate the handshake.

No. Nor, for that matter, would the sledgehammer be particularly effective. You want thermite, basically. It's actually very tricky to effectively wipe a drive.

Your best bet is probably have it encrypted, and pack the drives in thermite. Then have the whole machine in your basement, and just use a terminal from your room. Cops enter house, you trigger the meltdown. By the time they can get to the machine, the drives will be molten slag. Meanwhile, you power down the terminal, and drop a few thousand volts through its RAM, to wipe that as well.

Then you might be secure.

Or Transition to solid state hard drives

Actually may be intresting to see the trend in electronic espionage and data capture both on the part of the government and other parties as solid state becomes more and more popular

Wouldn't it be easier to just run a makeshift electromagnet over the caddy?

No. Nor, for that matter, would the sledgehammer be particularly effective. You want thermite, basically. It's actually very tricky to effectively wipe a drive.

Your best bet is probably have it encrypted, and pack the drives in thermite. Then have the whole machine in your basement, and just use a terminal from your room. Cops enter house, you trigger the meltdown. By the time they can get to the machine, the drives will be molten slag. Meanwhile, you power down the terminal, and drop a few thousand volts through its RAM, to wipe that as well.

Then you might be secure.

Snip

I do like the smart devices. Particularly when they initiate the handshake.

They are handy ... I have seen some pretty cool implementations over the years really kind of supprised we are not seeing more of them already and in more applications

You forgot step 5:
5. Put some shady/private but not illegal material on the part of the encrypted partition that is not the hidden volume.

That is when you have plausible deniability ;)

Quite right, I did. a couple of videos like 2girls1cup is for :D No one would question why you kept THAT encrypted.

Also: The new version of truecrypt (released on February 5th) has the possibility to encrypt a partition on which windows exists without reformatting.... I shall test this on my windows partition, but it looses the plausible deniability...

Also: The new version of truecrypt (released on February 5th) has the possibility to encrypt a partition on which windows exists without reformatting.... I shall test this on my windows partition, but it looses the plausible deniability...

Why ? The hidden secondary container is still possible. And you just added encryption to the windows partition so that your kids/roommates/whatevers could not use the computer, knowing full well that blanking the windows administrator password takes about 10 seconds on XP.

They can hardly blame you for wanting something stronger..

Why ? The hidden secondary container is still possible. And you just added encryption to the windows partition so that your kids/roommates/whatevers could not use the computer, knowing full well that blanking the windows administrator password takes about 10 seconds on XP.

They can hardly blame you for wanting something stronger..
That is a very good point... Why the hell didn't I think of that? And it has the added bonus of protecting your data in the event of computer theft.

(I started it going on my windows partition. Predicted time 3 hrs for a 200GB partition)

That is a very good point... Why the hell didn't I think of that? And it has the added bonus of protecting your data in the event of computer theft.

(I started it going on my windows partition. Predicted time 3 hrs for a 200GB partition)
Like I said with my "whole drive encryption" it is pretty common place in educational instutions as well as healthcare and government

It is pretty common for "company" laptops to do this now as a matter of cource

Actually, I have a question for those of you who have legal/technical knowledge of this:

How does a guy like that even get caught? if the incriminating files are hidden away in an encrypted valut in his machine, then how did the authorities suspect him in the first place?

(In general, not on this case in particular. how do they find these people?)

Actually, I have a question for those of you who have legal/technical knowledge of this:

How does a guy like that even get caught? if the incriminating files are hidden away in an encrypted valut in his machine, then how did the authorities suspect him in the first place?

(In general, not on this case in particular. how do they find these people?)

Multiple methods. The simplest are monitoring of downloads, tracing data packets and having agents go online pretending to be 12 year olds and getting addresses from pervs that cannot believe their luck.

Actually, I have a question for those of you who have legal/technical knowledge of this:

How does a guy like that even get caught? if the incriminating files are hidden away in an encrypted valut in his machine, then how did the authorities suspect him in the first place?

(In general, not on this case in particular. how do they find these people?)

In general, by getting the access logs from the site, I would presume. Sting operations are also an effective method.

The guy (probably) has to get the files from somewhere.

Well yes.

Well, no.

Merely because you encrpyt info doesn't mean you are doing anyhting wrong. It may certainly seem indicative, but is not proof in itself. Maybe he just wants to be a big jerk, I've seen a lot of people not cooperate merely to make a statement about having their 'rights' 'removed' or some such

He is (or at least should be) under no obligation to provide the password. They are free to break in there if they can (and I'm sure they can, it would take one heck of a tech genius to make an unbreakable encryption).

And as someone has undoubtedly explained, that doesn't make cracking it trivial, nor easy, nor even doable. Just because it isn't "truly random" that does not make it predictable.
If someone takes the first letter of every word of a sentence or two, good luck figuring out what the password is.

Here, a sha1 hash: 956c8eb19622bbe91fb2dad74ecba217a3ae83a4
Give it a shot.
That's your password huh? I bet that's a bitch to remember.

I wasn't talking about cracking the encryption, I was talking about the password, which if you actually read any of my posts, you would have gotten that. No one is going to make a password they can't remember, and if they do, there will be a password keeper somewhere.


Well, I don't know how good the person in question is at remembering stuff, but I for one don't have much of a problem remembering random passwords.
I'm glad you are better than everyone else. Maybe you should try remembering two or three dozen passwords.

This morning on the radio I was listening to a news story where a guy was being questioned by police, who were also trying to search his computer for evidence. Apparently he has a bunch of stuff on his computer that was stored in a password protected encryption, and the police were demanding the password from him.

He refused to tell them on the grounds that it would violate his right to remain silent so as not to incriminate himself.

On the one hand, you can draw an analogy to a locked trunk in his house. If the cops want they key and he won't provide it, they can break into the trunk without violating his rights (assuming they had a search warrant.)

On the other hand, they're apparently unable to break the encryption on his computer and so they have no viable way in without his providing the password, so the act of giving it to them would be like a waiver of his 5th Amendment right to not say anything-even if it's only that one word.

What do you think?

As I said in the poll "Definitely not. He wouldn't have to give a trunk key either. Not his fault they can't break in."

Of course he should have to give them the password.

He's withholding information that would incriminate himself, so as long as he prevents the investigation advancing he's in the clear and is getting away with it when he's clearly doen something wrong.

You do realize that's the entire point of the 5th amendment right?

M-mm's not big on people having rights from what I've seen :rolleyes:

Well when computers literally become extensions of our minds (http://en.wikipedia.org/wiki/Exocortex) I'll be caught in a quandry, but until then I find that computers, like homes and diaries, even if in some ways extensions of someone's self they are still legitimate items for a search warrant.

And if you're served with a search warrant you're still protected by the 5th amendment.. You are not required to assist in the search.

So, for some reason this department has NO computer experts that are capable of breaking his encryption?

Consider this:

AES 128-bit encryption is certified by the NSA as sufficient data encryption for documents classified secret. AES 256-bit is considered uncrackable at our current level of computing and is used to encrypt Top Secret documents. Freeware is readily available online that is capable of encrypting individual files, partitions, and entire drives in both AES-128 and AES-256. (AES stands for Advanced Encryption Standard)

I love the Fifth, because it is internally consistent.


Person has committed a crime. Therefore they are a hostile witness, and while still obliged not to lie, are not expected to co-operate.

Person is quite certain they have not committed a crime, and trusting the justice system is open in answering all questions.


(the thing about not incrimidating a spouse is utter crap though.)

See, the great thing about it is that the witness (when they may incriminate themselves, so usually the defendant) has to choose between possibly incrimidating themselves, or looking shifty by not taking that chance.

Without that, the choice is "incriminating themselves" or Perjury. Without the Fifth, a person could be found guilty to "lying to protect theirself" even when their lie was irrelevant since they were not found guilty of the crime.

Now, where you and I would probably disagree is that I think DNA evidence should be inadmissible, since it is (by definition of DNA) a part of the person, and should therefore not be admissible in evidence against the rest of that person, without their explicit consent...
To be honest, I simply disagree with the whole "you can be unco-operative thing. Drags trials out, and makes evidence that the police need (they might have tracked certain illegal downloads, but are not sure if there are cover names for other stuff etc.) more difficult to obtain.

But there we go.

To be honest, I simply disagree with the whole "you can be unco-operative thing. Drags trials out, and makes evidence that the police need (they might have tracked certain illegal downloads, but are not sure if there are cover names for other stuff etc.) more difficult to obtain.

But there we go.

So you think the police should be able to force you to say something that might be construed as incriminating?

So you think the police should be able to force you to say something that might be construed as incriminating?
If it's true and relevant, yes.

If it's true and relevant, yes.

And in this instance you know for a fact that the information on the guy's computer is relevant to the inquiry?

If you've got nothing to hide, you might as well give them the password. If you are a criminal, you don't deserve the ability to keep info on computers secret. But someone should be able to get into the computer soon.

And in this instance you know for a fact that the information on the guy's computer is relevant to the inquiry?
Quite possible, if the police want to access it and if he's also refusing to give them a password.

If you've got nothing to hide, you might as well give them the password. If you are a criminal, you don't deserve the ability to keep info on computers secret. But someone should be able to get into the computer soon.

If someone asked me for the password to my computer, regardless of who it was, I would tell them no, not because I have anything illegal on my computer, but because I do have private information which is none of their business.

Quite possible, if the police want to access it and if he's also refusing to give them a password.

So in other words, no you don't know, you're just assuming his guilt.

If you've got nothing to hide, you might as well give them the password. If you are a criminal, you don't deserve the ability to keep info on computers secret. But someone should be able to get into the computer soon.

What if it's information that's illegal, but not wrong?

What if it is information that is legal, but is embarrassing, and that's why you encrypted it?

Yes, this guy is being investigated for child porn, and yes he deserves to go to jail.

However, eroding our rights for the sake of prosecuting one sick fuck is not right. I know that if I was being prosecuted for something, whether or not I'd done anything wrong, I sure as hell wouldn't help the police.

Yes, this guy is being investigated for child porn, and yes he deserves to go to jail, if he is convicted.

fixed

So in other words, no you don't know, you're just assuming his guilt.
The police quite obviously have a warrant for all of this stuff, so that's a fair assumption.

The police quite obviously have a warrant for all of this stuff, so that's a fair assumption.

So, according to you, if a warrant has been issued the person is guilty?

Sorry to break your bubble and expose you to the real world, but I have had a warrant issued for my arrest (for a robbery) when I had nothing to do with said robbery.

So, according to you, if a warrant has been issued the person is guilty?

Sorry to break your bubble and expose you to the real world, but I have had a warrant issued for my arrest (for a robbery) when I had nothing to do with said robbery.
No, they're not automatically guilty, but as with the whole locked case thing, the police should realistically be given a password by this guy so they don't have to waste a ton of time cracking it. Same as any search, really.

No, they're not automatically guilty, but as with the whole locked case thing, the police should realistically be given a password by this guy so they don't have to waste a ton of time cracking it. Same as any search, really.

It is the police's responsibility to 'open' it they asked him, he said no, now they're just going to have open it themselves.

It is the police's responsibility to 'open' it they asked him, he said no, now they're just going to have open it themselves.
They should pretty much be able to demand the truth imo.

They should pretty much be able to demand the truth imo.

They can demand it all they like. ;)

They should pretty much be able to demand the truth imo.

They can ASK for the truth, but under our system of law, the accused has the option of either 1.) providing the truth, or 2.) not speaking... The accused under our system of law cannot be compelled to provide the government with information aiding in their prosecution of him/her... The burden always lays where it should lay, upon the state... Since they have the most resources at their disposal for prosecution... It's setup this way for a reason, that reason is simply to make it harder upon the state to prosecute people, so as to make false-prosecutions less likely... Your idea may sound good to you, but when you relieve the burden upon the state, the excess automatically falls upon the defense, and you end up with more innocent people in prison for crimes they did not commit...

The police quite obviously have a warrant for all of this stuff, so that's a fair assumption.

In no way does the fact that the police have a warrant make his guilt a fair assumption.

They should pretty much be able to demand the truth imo.

They can't handle the truth!

fixed

My bad. That is true.

My bad. That is true.

Woo-hoo... I corrected somebody and they didn't get pissy, that just might be a first (not really, but it is fairly unusual {unless my correction was a joke])

Woo-hoo... I corrected somebody and they didn't get pissy, that just might be a first (not really, but it is fairly unusual {unless my correction was a joke])

Well, it is kind of a habit in our society to think someone's guilty as soon as they're arrested. I fully admit to often doing it myself, including this case.

But anyway, on the main point, we're on the same side of the argument, in that he doesn't have to say anything at all to the cops. If he doesn't want to give them the password, they'll just have to force their way into the computer.

By the way, does anyone know if there's a statute of limitations on this and exactly how they have to indict him if there is one?

If you've got nothing to hide, you might as well give them the password. If you are a criminal, you don't deserve the ability to keep info on computers secret. But someone should be able to get into the computer soon.

You don't quite understand the nature of encryption, do you?

If the man used 128-bit encryption (fairly common) that means that in order to solve the encryption, the computer trying to brute-force it would have to perform 2^128 operations. The fastest super computer in the world performs about 500 trillion floating point operations per second, or 5 x 10^14 operations per second. That means it would take approximately 6.80564734 × 10^23 seconds to crack the encryption, or about 2 quadrillion years. To put that in perspective... the Universe is only estimated to be 14 billion years old, and there are one million billions in a quadrillion.

They could alternatively attempt to brute force the password. However, there are 95 characters in the ASCII contains 95 characters. This means that to solve the password they would need to do permutations equal to 95^n where n is the length of the password. Because n is unknown, this becomes a daunting task. Even a password 6 characters in length creates 735,091,890,625 possible combinations. If the man used a strong password (ten or more characters in length) possible solutions increase to 5.98736939 × 10^19.

So, at this point, no police department, or any other organization has the ability to decrypt those files.

That's your password huh?No, that's not even the hash of one of my passwords; but it's the hash for a possible (simple) password (based on the principle I mentioned of taking the first letters of an easy to remember sentence), which will be problematic enough to crack as it is.

I bet that's a bitch to remember.Not really. I remembered the hash after making it. Took a while to get it in my head, admittedly, but it's firmly entrenched now.

I wasn't talking about cracking the encryptionNor was I.
If passwords are easily cracked, then it should not be no problem to find which password goes the sha1 hash I gave; the hash algorithm is publicly available. It has nothing to do with cracking encryption, but is just a test to see how fast you can find the password.

I was talking about the password, which if you actually read any of my posts, you would have gotten that.If you had actually properly read my post, you'd understand that that was exactly what I was responding to. There isn't even any mention in that post of encryption.
Although, considering you don't even comprehend the difference between a password and the hash of a password, perhaps it's too much to hope for any comprehension..

I'm glad you are better than everyone else.I don't think I am. I fully expect there are quite a few people that can remember passwords a lot better than you give them credit for, especially for things they want to keep secure.

Maybe you should try remembering two or three dozen passwords.I do. Is it really so surprising not to have a memory like a sieve?

If passwords are easily cracked, then it should not be no problem to find which password goes the sha1 hash I gave; the hash algorithm is publicly available. It has nothing to do with cracking encryption, but is just a test to see how fast you can find the password.

With hashed passwords, you don't need to figure out the password to crack it, all that needs to be found is a string that produces the same hash as the password (since there are far more possible passwords then there are hashes, it makes cracking it that much easier).

I dont think the Police can "just" break the encryption. Unless its a MickeyMouse encryption.

so they need to figure what the Password is, or hope the boy is stupid enough to handle it on a silver platter.

And if you're served with a search warrant you're still protected by the 5th amendment.. You are not required to assist in the search.

But you are required to unlock a door, safe, or whatnot. This is why one can't sue the police for damages when they break down a door one chooses not to unlock. I'm guessing it wasn't the founding fathers intent to let someone with an unbreakable lock to get off scot free.

But you are required to unlock a door, safe, or whatnot. This is why one can't sue the police for damages when they break down a door one chooses not to unlock. I'm guessing it wasn't the founding fathers intent to let someone with an unbreakable lock to get off scot free.

You can't sue for damages if they break a lock that you didn't open for them, but that statement just reinforces that you don't have to open it for them.

They should pretty much be able to demand the truth imo.

They can demand it all they like. However, in no circumstance under the Fifth Amendment can they force you to aid in any practice that would incriminate you. This extends to opening doors, giving passwords, showing where you buried the body in the backyard...or providing the key to turn off your secret Doomsday device that you constructed with everyday household items and hid in your basement. <.< Doesn't mean they can't search you for the key, but they can't just make you hand it to them.

Furthermore, this is America. In America (and various other countries as well), the burden of proof lies with the prosecution. They are responsible for proving your guilt in whatever crime they wish to charge you.

....So wouldn't it be a little strange if you were obligated to do their work for them, and give them everything they needed to put you away? It seems to me you're saying you'd be fine with doing that.

Finally, Yootopia, I am so glad you aren't in politics. We'd have even fewer civil liberties than we do now. Patriot Act II, anyone?

You don't quite understand the nature of encryption, do you?

If the man used 128-bit encryption (fairly common) that means that in order to solve the encryption, the computer trying to brute-force it would have to perform 2^128 operations. The fastest super computer in the world performs about 500 trillion floating point operations per second, or 5 x 10^14 operations per second. That means it would take approximately 6.80564734 × 10^23 seconds to crack the encryption, or about 2 quadrillion years. To put that in perspective... the Universe is only estimated to be 14 billion years old, and there are one million billions in a quadrillion.

They could alternatively attempt to brute force the password. However, there are 95 characters in the ASCII contains 95 characters. This means that to solve the password they would need to do permutations equal to 95^n where n is the length of the password. Because n is unknown, this becomes a daunting task. Even a password 6 characters in length creates 735,091,890,625 possible combinations. If the man used a strong password (ten or more characters in length) possible solutions increase to 5.98736939 × 10^19.

So, at this point, no police department, or any other organization has the ability to decrypt those files.

While I agree with your overall evaluation an offline brute on the password with 128 is not an unreasonable length of time

Specially depending on the style if precompuation tables are used in conjunction.

But again there are tones of variables in this and without more information it is hard to guess but either way if you know what you are doing and spend the time you can make it unreasonable for most organizations to come close to breaking in

You can't sue for damages if they break a lock that you didn't open for them, but that statement just reinforces that you don't have to open it for them.

Damaging other people's property is normally a criminal offense. Its not in situations where warrants have been served and the suspect doesn't cooperate because the suspect is legally obligated to comply with the warrant, i.e. to unlock the door and let police search and/or seize what is covered in the warrant.

Yes I understood that, but if you were forced to open a lock, then it wouldn't have to be damaged to get it open. Therefore what you said simply reinforced that you don't have to open it for them, but in doing so you're allowing them to break it themselves. Which would parallel not giving a password for the encryption and forcing the police to break it themselves.

Exactly. So in practice you do suffer a penalty for not cooperating: your door or computer might get damaged more than neccessay.

But you still have the right to choose that over cooperating if you wish.

Damaging other people's property is normally a criminal offense. Its not in situations where warrants have been served and the suspect doesn't cooperate because the suspect is legally obligated to comply with the warrant, i.e. to unlock the door and let police search and/or seize what is covered in the warrant.

Yes I understood that, but if you were forced to open a lock, then it wouldn't have to be damaged to get it open. Therefore what you said simply reinforced that you don't have to open it for them, but in doing so you're allowing them to break it themselves. Which would parallel not giving a password for the encryption and forcing the police to break it themselves.

But you are required to unlock a door, safe, or whatnot.

No, actually, you are not.

They can demand it all they like. However, in no circumstance under the Fifth Amendment can they force you to aid in any practice that would incriminate you. This extends to opening doors, giving passwords, showing where you buried the body in the backyard...or providing the key to turn off your secret Doomsday device that you constructed with everyday household items and hid in your basement. <.< Doesn't mean they can't search you for the key, but they can't just make you hand it to them.
Shame, really.
Furthermore, this is America. In America (and various other countries as well), the burden of proof lies with the prosecution. They are responsible for proving your guilt in whatever crime they wish to charge you.

....So wouldn't it be a little strange if you were obligated to do their work for them, and give them everything they needed to put you away? It seems to me you're saying you'd be fine with doing that.
Since this guy was prosecuted by the police for computer-related crimes, and evidently they have some degree of proof on the matter, or they wouldn't have taken his PC in, I'd consider it extremely unhelpful of the accused to not hand over information - if he was innocent, then he should give it over to help them free him of any crimes, and if he was guilty, then the time they're going to waste cracking into his files is time and money spent while the guy's not being brought to justice.

But there we go, you and I differ in opinions on the matter.
Finally, Yootopia, I am so glad you aren't in politics. We'd have even fewer civil liberties than we do now. Patriot Act II, anyone?
If you consider being unnecessarily awkward with the police a civil liberty, then yes, you'd be out of some rights. Oh no, the utter travesty to our system of liberty that is, eh?

If you consider being unnecessarily awkward with the police a civil liberty, then yes, you'd be out of some rights. Oh no, the utter travesty to our system of liberty that is, eh?

Your sarcasm is only applicable if you're assuming that the police are utterly trustworthy in every situation.

Shame, really.

Since this guy was prosecuted by the police for computer-related crimes, and evidently they have some degree of proof on the matter, or they wouldn't have taken his PC in, I'd consider it extremely unhelpful of the accused to not hand over information - if he was innocent, then he should give it over to help them free him of any crimes, and if he was guilty, then the time they're going to waste cracking into his files is time and money spent while the guy's not being brought to justice.


Extremely unhelpful or not, that part doesn't matter. Whether or not he should actually lend his help to do the cops' work for them is subjective. The fact that he won't yield his password may give reasonable suspicion as to his guilt, but it's not enough to convict.


If you consider being unnecessarily awkward with the police a civil liberty, then yes, you'd be out of some rights. Oh no, the utter travesty to our system of liberty that is, eh?

I love how you still didn't answer to my comment:

....So wouldn't it be a little strange if you were obligated to do their work for them, and give them everything they needed to put you away? It seems to me you're saying you'd be fine with doing that.

Well, Yootopia? By what you said, assuming you were guilty, you'd be perfectly willing to do all you can to put yourself away when convicted of a crime. I'm not putting words in your mouth, either. By saying that the suspect has to assist in his own investigation, that's what you're implying.

Yes I understood that, but if you were forced to open a lock, then it wouldn't have to be damaged to get it open. Therefore what you said simply reinforced that you don't have to open it for them, but in doing so you're allowing them to break it themselves. Which would parallel not giving a password for the encryption and forcing the police to break it themselves.

Agents are allowed to break into said items themselves because the suspect is not meeting their obligations. This is similiar to the garnishing of wages to meet the obligations of child support, alimony, ect. Usually taking somebody's wages would be theft, but in this case its to cover one's legal obligations. If someone has unbreakable encryption does that mean they get off scot free?

No, actually, you are not.

Do you have a source? Can you show a case where someone has been able to keep agents of the law from searching their property when a search warrant has been issued?

Your sarcasm is only applicable if you're assuming that the police are utterly trustworthy in every situation.
If they weren't being trustworthy, then giving them all the evidence could counter their claims perfectly well.
Extremely unhelpful or not, that part doesn't matter. Whether or not he should actually lend his help to do the cops' work for them is subjective. The fact that he won't yield his password may give reasonable suspicion as to his guilt, but it's not enough to convict.
Since they already have a search warrant, there's quite possibly something wrong going on, and he's sure as hell not helping his case.
Well, Yootopia? By what you said, assuming you were guilty, you'd be perfectly willing to do all you can to put yourself away when convicted of a crime. I'm not putting words in your mouth, either. By saying that the suspect has to assist in his own investigation, that's what you're implying.
Pretty much. And if I wasn't guilty, I'd try and speed things up a bit by letting them into my PC to make sure there was nothing dodgy there. Simple stuff, really.

Since they already have a search warrant, there's quite possibly something wrong going on, and he's sure as hell not helping his case.

Bolded for emphasis. Missing the point here, Yootopia. Probable cause isn't enough to convict. In no way do you have to assist a warrant besides letting the police open your door, or in this case, take your computer.

I never denied the validity of the warrant, nor am I standing up for the suspect, but he does have Fifth Amendment rights, regardless of whether or not he loves child porn.

Pretty much. And if I wasn't guilty, I'd try and speed things up a bit by letting them into my PC to make sure there was nothing dodgy there. Simple stuff, really.

Well, on one hand I admire your willingness to face the consequence if you're dumb enough to get caught... But it's not so simple. In my opinion, if the police are too inept to be able to do their job, that's their fault. I'll state it again just for good measure. Probable cause and reasonable suspicion are not enough to convict. Suspicion is only enough for detainment. Whether he is guilty or not, they have to have evidence. They can try as much as they want to get in, but the American legal system requires burden of proof on the prosecution.

The suspect does not have to prove their innocence. If they did, then there'd be no reason for either probable cause or reasonable suspicion, because it's hard to provide proof that you didn't do something, and you could just be arrested on whatever charge the police decided to give. Not that it's impossible, of course--eyewitnesses with your alibi, finding the person who really committed the crime--but what if it's a crime such as this? If you don't have child porn, the police could just argue that you deleted it. But that's all beside the point, and part of my rant.

*rantety rant rant rant*
Yeah, I know that's how the law is, I just think it's a bit of shame. There we go, though, our opinions differ on the matter.

Shame, really.
Yes, shame America hasn't paved the road to a police state with marshmallows and has streets vendors selling bottles of pure joy.

Since this guy was prosecuted by the police for computer-related crimes,
If he was actually prosecuted then why are they only searching his computer now? Or are these previous prosecutions?
and evidently they have some degree of proof on the matter, or they wouldn't have taken his PC in, I'd consider it extremely unhelpful of the accused to not hand over information - if he was innocent, then he should give it over to help them free him of any crimes, and if he was guilty, then the time they're going to waste cracking into his files is time and money spent while the guy's not being brought to justice.
The accused doesn't have to be helpful. The police obviously would prefer it if he was, but that doesn't change anything. You don't have to help the police do anything. You don't have to do anything if it might aid in your prosecution.

But there we go, you and I differ in opinions on the matter.

If you consider being unnecessarily awkward with the police a civil liberty, then yes, you'd be out of some rights. Oh no, the utter travesty to our system of liberty that is, eh?

Yes actually. If the police were somehow magically incapable of abusing their powers then I don't think anyone would care if the Fifth were to disappear. Thing is they're not. They're human, just like us. If we don't protect against abuses of power like requiring people to aid in their own prosecution, they will definately happen, all the time.

From the Washington Post article

The agents seized the laptop, and a Vermont Department of Corrections investigator copied its contents. But the investigator could not get access to the drive Z content because it was protected by Pretty Good Privacy, a form of encryption software used by intelligence agencies in the United States and around the world that is widely available online. PGP, like all encryption algorithms, requires a password for decryption.

For more than a year, the government has been unable to view drive Z.

A government computer forensics expert testified that it is "nearly impossible" to access the files without the password, the judge wrote. "There are no 'back doors' or secret entrances to access the files," he wrote. "The only way to get access without the password is to use an automated system which repeatedly guesses passwords. According to the government, the process to unlock drive Z could take years . . . "

I think the government should be able to compel people to give passwords if a judge has issued a search warrant for a computer and its encrypted. I'm guessing that when a search warrant is issued for a house or safe the owner is obligated to unlock said object. I take this to be the case since if the suspect isn't cooperative and force is needed to open said object to inspection the executer of the search warrant isn't liable for damages.

A whole new way of getting someone in deep shit:

1) Hack the box, install a RAT/RAV/RAW/whatever.
2) Create encrypted partition, protected with a random key, containing a few megs of gibberish.
3) ???
4) Profit!

Shouldn't be hard to do for some botnet-owning hacker with a sadistic streak.

Originally Posted by Samyil
*rantety rant rant rant*

Well..that's intelligent. Getting belligerent now. I realize our opinions differ, but I'm just curious to hear your full reasoning as to why you think it's a shame. Other than the inconvenience and financial cost, since I've heard that numerous times across the thread.

Agents are allowed to break into said items themselves because the suspect is not meeting their obligations. This is similiar to the garnishing of wages to meet the obligations of child support, alimony, ect. Usually taking somebody's wages would be theft, but in this case its to cover one's legal obligations. If someone has unbreakable encryption does that mean they get off scot free?


Yes, they do. Our legal system is weighted such that sometimes, guilty people will go free but it's better that than having the innocent unjustly punished.

Well..that's intelligent. Getting belligerent now.
Yeah, sorry about that. It's just that we've both locked horns on the same points like 5 times by now.
I realize our opinions differ, but I'm just curious to hear your full reasoning as to why you think it's a shame. Other than the inconvenience and financial cost, since I've heard that numerous times across the thread.
The inconvience and the financial cost are my reasons for thinking that. It's a perfectly valid point, although I do accept the point of view that some police officers might try to abuse that power. It's just that if they try to abuse that power, one can show them to be wrong, with evidence, in an appeal court.

This morning on the radio I was listening to a news story where a guy was being questioned by police, who were also trying to search his computer for evidence. Apparently he has a bunch of stuff on his computer that was stored in a password protected encryption, and the police were demansing the password from him.

He refused to tell them on the grounds that it would violate his right to remain silent so as not to incriminate himself.

On the one hand, you can draw an analogy to a locked trunk in his house. If the cops want they key and he won't provide it, they can break into the trunk without violating his rights (assuming they had a search warrant.)

On the other hand, they're apparently unable to break the encryption on his computer and so they have no viable way in without his providing the password, so the act of giving it to them would be like a waiver of his 5th Amendment right to not say anything-even if it's only that one word.

What do you think?

I think that because these are his past actions which have the possibility of incriminating him, this scenario is closer to the locked case situation, where one could put in place of computer files actual pieces of paper. If after the case started, after he was read his rights, he decided to keep files under encryption he would have every right to not release those files to the police.

Yeah, sorry about that. It's just that we've both locked horns on the same points like 5 times by now.

Yeah. Though I did admit part of my post was a rant. xD

The inconvience and the financial cost are my reasons for thinking that. It's a perfectly valid point, although I do accept the point of view that some police officers might try to abuse that power. It's just that if they try to abuse that power, one can show them to be wrong, with evidence, in an appeal court.

I see your point here. It's very costly..But in this particular case, I'm not sure whether the article I found was legit, but it said that they had already found some illegal photos, and he 'apologized and deleted them right away on realizing what they were'...So it sounds to me like they're just trying to get more evidence for a harder conviction.

Edit: It was legit, I just remembered it was an AP article. xD

Yes, they do. Our legal system is weighted such that sometimes, guilty people will go free but it's better that than having the innocent unjustly punished.

True, but while I can see the merits in letting someone off because of unlawful searches, even if they reveal damning evidence, I see none in cases like this where search warrants have been lawfully gained. As I have argued before, people are obligated to allow search and seizure of property when warrants have been issued.

True, but while I can see the merits in letting someone off because of unlawful searches, even if they reveal damning evidence, I see none in cases like this where search warrants have been lawfully gained. As I have argued before, people are obligated to allow search and seizure of property when warrants have been issued.

No one is preventing this, they have seized his computer and they are searching it.

No one is preventing this, they have seized his computer and they are searching it.

The encryption prevents them from searching the computer just like a door lock prevents one from searching a house. Now door is easy to break down, which serves as a de facto fine, but encryption may take a long time using a lot of resources to break. It doesn't seem unreasonable to me to legally require people to give passwords to agents of law when a search warrant has lawfully been issued.

The encryption prevents them from searching the computer just like a door lock prevents one from searching a house. Now door is easy to break down, which serves as a de facto fine, but encryption may take a long time using a lot of resources to break. It doesn't seem unreasonable to me to legally require people to give passwords to agents of law when a search warrant has lawfully been issued.
Just because it is difficult does not change the law

They dont change the rules based on the difficulty of a physical lock why should they for the electronic form?

Either way it is a piece of information in his head that may serve to incriminate them ... he is in no way obligated to comply with the request

The encryption prevents them from searching the computer just like a door lock prevents one from searching a house. Now door is easy to break down, which serves as a de facto fine, but encryption may take a long time using a lot of resources to break. It doesn't seem unreasonable to me to legally require people to give passwords to agents of law when a search warrant has lawfully been issued.

And what if it was a very hard to open door? Like the door to a safe, perhaps, or a panic room? Should someone be legally required to give the police the key to a door they can't break down?

And what if it was a very hard to open door? Like the door to a safe, perhaps, or a panic room? Should someone be legally required to give the police the key to a door they can't break down?

if they have a warrant that allows them access, then yes, I believe they are required to open said door.

failure may result in a charge of obstruction.

however, if they are not legally required to give passwords/encryption keys, that may make it legal to break into the computer using whatever methods available, up to and possibly including methods normally reserved by hackers.

if they have a warrant that allows them access, then yes, I believe they are required to open said door.

failure may result in a charge of obstruction.

however, if they are not legally required to give passwords/encryption keys, that may make it legal to break into the computer using whatever methods available, up to and possibly including methods normally reserved by hackers.

Even using said methods, they still aren't going to be getting in (quickly). I've already discussed this at length earlier.

Anyway, IIRC you can be compelled to divulge a physical key, but not a safe combination, which strikes me as more analogous to a password.

Even using said methods, they still aren't going to be getting in (quickly). I've already discussed this at length earlier.

Anyway, IIRC you can be compelled to divulge a physical key, but not a safe combination, which strikes me as more analogous to a password.

I didn't say it would be fast... granted it will take time, but if the pc is confiscated, then several days can be spent cracking it open.

same with a safe. don't know if they could legally crack it open if the owner refuses to give the combo.

I didn't say it would be fast... granted it will take time, but if the pc is confiscated, then several days can be spent cracking it open.

same with a safe. don't know if they could legally crack it open if the owner refuses to give the combo.

Well, days would be all well and good. However, they've had it for over a year, and still haven't cracked it. I doubt they could do so before they have to press charges.

Basically, they can legally crack it if they can, but I don't think they're willing to wait quite enough years to make it work.

if they have a warrant that allows them access, then yes, I believe they are required to open said door.

failure may result in a charge of obstruction.
As the law is now(as I understand it) that is not so. You aren't required to do anything to help the police or anyone else prosecute you. If the police can't find the evidence to put you in jail then that's their problem.

however, if they are not legally required to give passwords/encryption keys, that may make it legal to break into the computer using whatever methods available, up to and possibly including methods normally reserved by hackers.

Indeed. If the police have a warrant then then they can try to break into the computer. But as has already been stated several times in this thread, to do so would take a lot of time and resources.

Just because it is difficult does not change the law

They dont change the rules based on the difficulty of a physical lock why should they for the electronic form?

Either way it is a piece of information in his head that may serve to incriminate them ... he is in no way obligated to comply with the request.

[QUOTE=UNIverseVERS;13456746Even using said methods, they still aren't going to be getting in (quickly). I've already discussed this at length earlier.

Anyway, IIRC you can be compelled to divulge a physical key, but not a safe combination, which strikes me as more analogous to a password.[/QUOTE]

If the last bit is true then I believe the law should be updated. A physical key and one composed of information serve the same basic function, only in different mediums. I see no reason why they should be treated differently.

If the last bit is true then I believe the law should be updated. A physical key and one composed of information serve the same basic function, only in different mediums. I see no reason why they should be treated differently.

Because they are indeed different ... one is information that could serve to incriminate them the other is a physical object

As the law is now(as I understand it) that is not so. You aren't required to do anything to help the police or anyone else prosecute you. If the police can't find the evidence to put you in jail then that's their problem.

Unlocking doors is not helping the police per se. Its more like not hampering. One can't actively, like say shoot at anyone who tries to search said property, or passively, use locks, ect) hamper them form searching and seizing what is listed on the warrant. Since information may be treated differently under the law it would appear to me that the law needs to be changed to suit the information age.

Because they are indeed different ... one is information that could serve to incriminate them the other is a physical object

But they serve the same purpose. The prosecutor won't show the key to the door, he'll show what they found behind the door. He won't write the password down on a piece of paper and show it to the jury, he'll show them what they found on the encrypted part of the hard drive.


You know, if they actually found anything.

Because they are indeed different ... one is information that could serve to incriminate them the other is a physical object

Both allow access to potentially incriminating evidence. Why is information treated differently and why should it be?

But they serve the same purpose. The prosecutor won't show the key to the door, he'll show what they found behind the door. He won't write the password down on a piece of paper and show it to the jury, he'll show them what they found on the encrypted part of the hard drive.


You know, if they actually found anything.

Thank you. That is my point. A criminal could use a lock that needs a key or use one that needs combination. Both deny access to evidence. Why treat them differently?

If the last bit is true then I believe the law should be updated. A physical key and one composed of information serve the same basic function, only in different mediums. I see no reason why they should be treated differently.

Well, at the most fundamental level, the fact that the Fifth protects against the right to provide information that incriminates you makes a difference between them. This is important, because to remove the protection of the information is very risky overall. After all, if one is no longer able to withhold certain pieces of information that are hindering the prosecution, where is this going to lead? Like it or not, retaining the right not to incriminate yourself necessitates that this information must be protected.

Actually, the parallels between key and combo locks can be explored in more detail. The biggest difference is that in one the only missing thing is information, in the other it is a physical item. This does mean that you could argue a similar case for computers. Namely, if the encryption system on your computer was 'unlocked' by insertion of the correct USB dongle, you would (theoretically) have to give that up. As, on the other hand, it is decrypted by input of a piece of information, the courts have ruled that one need not give it up (or at least they have in the context of combination locks, and the same should be applied here, IMO).

Well, at the most fundamental level, the fact that the Fifth protects against the right to provide information that incriminates you makes a difference between them. This is important, because to remove the protection of the information is very risky overall. After all, if one is no longer able to withhold certain pieces of information that are hindering the prosecution, where is this going to lead? Like it or not, retaining the right not to incriminate yourself necessitates that this information must be protected.

I do not see why we can not make an exception for situations like these. I do not think the founding fathers intended the fifth amendment to be used this way.

Actually, the parallels between key and combo locks can be explored in more detail. The biggest difference is that in one the only missing thing is information, in the other it is a physical item. This does mean that you could argue a similar case for computers. Namely, if the encryption system on your computer was 'unlocked' by insertion of the correct USB dongle, you would (theoretically) have to give that up. As, on the other hand, it is decrypted by input of a piece of information, the courts have ruled that one need not give it up (or at least they have in the context of combination locks, and the same should be applied here, IMO).

As I have stated before the way that the law treats keys and combos differently is silly and illogical. I see no reason why it shouldn't be corrected.

I do not see why we can not make an exception for situations like these. I do not think the founding fathers intended the fifth amendment to be used this way.

As I have stated before the way that the law treats keys and combos differently is silly and illogical. I see no reason why it shouldn't be corrected.

It doesn't matter how it was intended. In order to make this exception, we fundamentally compromise the protections of the Fifth. Shall I just step through how we can derive (for want of a better term) my position?

First, we make a distinction between physical evidence and mental evidence. The first is in some way in existence, the second only exists in the mind of the accused. The Fifth Amendment gives people the right to withhold information that would incriminate them. More accurately, to withhold testimony. That is, I can only plead the Fifth for mental items.

This is where the protection comes from. Now can you see why I argue that removing it is very dangerous. We are effectively saying "There are certain kinds of testimony which you must give, even though it incriminates you". Given the track record of Governments on not abusing power, I don't feel it's even safe to let them think they can get away with this. The right to not incriminate yourself is absolute. They may search everything they can get into, but they cannot force you to turn over any information. If they can't get into something without making you turn over information, they'll have to do without it.

And yes, I do feel the founding fathers would have supported this. They were exceedingly aware of the dangers of an abusive government, and I feel they would have supported the absolute right to not divulge information that can be used as evidence against you. This includes how you killed them, combination lock codes, and encryption passphrases. Removing any one of these protections fundamentally weakens the rest, so I feel they must all stay.

Both allow access to potentially incriminating evidence. Why is information treated differently and why should it be?

Because it is protected by the 5th?

Thank you. That is my point. A criminal could use a lock that needs a key or use one that needs combination. Both deny access to evidence. Why treat them differently?

because to communicate a combination requires communication, and the fifth amendment treats it differently.

[snipped].
ah, neo, good, quick question.

would you know if search warrents are time sensitive? in other words, they have only x amount of time to search the premesis?

The reason I'm wondering is that the main argument (it seems) against hacking into a computer HardDrive is that it takes time. I was under the impression that if the warrant includes computer files, then, in the event that the user won't give them the encryption key, the police can take the computer and attempt to hack into it.

It doesn't matter how it was intended. In order to make this exception, we fundamentally compromise the protections of the Fifth. Shall I just step through how we can derive (for want of a better term) my position?

Intent is very important. Without looking at intent it would have been legal for the police to tap phones without a warrant.

First, we make a distinction between physical evidence and mental evidence. The first is in some way in existence, the second only exists in the mind of the accused. The Fifth Amendment gives people the right to withhold information that would incriminate them. More accurately, to withhold testimony. That is, I can only plead the Fifth for mental items.

This is where the protection comes from. Now can you see why I argue that removing it is very dangerous. We are effectively saying "There are certain kinds of testimony which you must give, even though it incriminates you". Given the track record of Governments on not abusing power, I don't feel it's even safe to let them think they can get away with this. The right to not incriminate yourself is absolute. They may search everything they can get into, but they cannot force you to turn over any information. If they can't get into something without making you turn over information, they'll have to do without it.

The information is not testimony per se. It does not incriminate in and of itself. It only leads to incriminating evidence just like a physical key. Legally the police able to compel people to give up keys and they are abel to decrypt the information. Requiring people to give passwords logically follows from that.

And yes, I do feel the founding fathers would have supported this. They were exceedingly aware of the dangers of an abusive government, and I feel they would have supported the absolute right to not divulge information that can be used as evidence against you. This includes how you killed them, combination lock codes, and encryption passphrases. Removing any one of these protections fundamentally weakens the rest, so I feel they must all stay.

The founding fathers wanted to protect citizens from arbitrary government actions, but the also wanted an effective government that had the powers to fulfil its functions.

ah, neo, good, quick question.

would you know if search warrents are time sensitive? in other words, they have only x amount of time to search the premesis?

It honestly depends. A search warrant is issued based on "probable cause". If the thing they are looking for is unlikely to remain at the location they are searching, it is time sensitive to the point that if they wait a period of time they may no longer have probable cause to believe the item that they are searching for is still there.

For example, let's say they believe I have purchased some drugs for personal consumption, and they get a warrant, on probable cause, to search my apartment for those drugs.

They can't execute that warrant 6 months later, because I can argue they had no probable cause to assume the drugs I bought six months ago are still around. It is "improbable" that the thing they wanted to find was still there.

The reason I'm wondering is that the main argument (it seems) against hacking into a computer HardDrive is that it takes time. I was under the impression that if the warrant includes computer files, then, in the event that the user won't give them the encryption key, the police can take the computer and attempt to hack into it.

That's fine. If the computer has been in their posession this whole time, they have every reason to believe what was on it is still on it.

To answer your question, warrants, as a general rule, are not time sensitive in general. It depends on whether, after a time lapse, if they still have probable cause to conduct the search or whether they should assume, based on the time passed since the warrant was issues, that it is now improbable that they'd find what they are looking for.

because to communicate a combination requires communication, and the fifth amendment treats it differently.

So why not amend the constitution to require the communication of passwords? we are talking about normative government functions, not just what exist.

The information is not testimony per se. It does not incriminate in and of itself.

The problem is the 5th is far more complicated than that. The right to remain silent is, for the most part, absolute.

It only leads to incriminating evidence just like a physical key. Legally the police able to compel people to give up keys and they are abel to decrypt the information. Requiring people to give passwords logically follows from that.

No, it does not, because while we have no law that says someone does not have to produce a key, we do have a law that says they are not obligated to communicate to the police.

You can try to argue about it all you want, and perhaps from a theoretical perspective you're right that there's little substantive difference between them, other than that one is speech and the other is not.

However the fact that one is speech and the other is not makes all the difference in the world

So why not amend the constitution to require the communication of passwords?

*shrug* perhaps we should. However that has little baring on this case.

so in the case of the 5th amendment, and user x doesn't want to give the officers his encryption key, can the officers (this is assuming the warrant is for computer files) then take the computer and attempt to hack into it without concern for the amount of time it would take to hack into the computer?

for the purposes of the warrant yes.

There is the little problem of a statute of limitations however...

*shrug* perhaps we should. However that has little baring on this case.

The question on the poll says should he be forced to give up his password so I assumed this thread was mostly should one have the right not to give up one's password when a legitimate search warrant, whatever the standard for that, has been issued.

To answer your question, warrants, as a general rule, are not time sensitive in general. It depends on whether, after a time lapse, if they still have probable cause to conduct the search or whether they should assume, based on the time passed since the warrant was issues, that it is now improbable that they'd find what they are looking for.
so in the case of the 5th amendment, and user x doesn't want to give the officers his encryption key, can the officers (this is assuming the warrant is for computer files) then take the computer and attempt to hack into it without concern for the amount of time it would take to hack into the computer?

The question on the poll says should he be forced to give up his password so I assumed this thread was mostly should one have the right not to give up one's password when a legitimate search warrant, whatever the standard for that, has been issued.

I read it as should he be forced, under the laws of the United States. I say no he should not, because forcing him to would be illegal.

Though I see your particular stance on your interpretation as being a moral one not a legal one.

Legally no he should not, as the 5th precludes that. Whether, morally, he should, and the 5th should be amended to take into account, is a personal preference.

Neo Art, what is your preference and why?

Neo Art, what is your preference and why?

assuming the law was maeliable to my opinion and I could craft the law in any way I wanted?

I'm...torn. On one hand I believe in the value of the 5th amendment and the protections it serves. On the other I think americans, especially american lawyers like myself, have a tendancy to view constitution as sacred, without considering how times may have changed.

We have here a situation in which it might, literally, be impossible for the police to access the computer without the password. While I don't favor passing the burden of good detective work on to the accused, what happens when technology reaches the point where no amount of good detective work will make any difference? I think that's where we are at here.

In my own personal opinion, I think a change in law to require him to divulge his password, if carefully crafted to not impinge on the protections that we consider common with the 5th amendment, would not be unreasonable.

for the purposes of the warrant yes.

There is the little problem of a statute of limitations however...

Ah, K thxs.

so if the only argument against Hacking their way into a computer is the time limit and resources needed...

it's still a viable way around User X's refusal to supply a password then.

(this is, of course, still abiding by the normal laws and evidence handling procedures.)

Ah, K thxs.

so if the only argument against Hacking their way into a computer is the time limit and resources needed...

it's still a viable way around User X's refusal to supply a password then.

(this is, of course, still abiding by the normal laws and evidence handling procedures.)

It's a viable option in terms of evidence gathering, but there are some legal timelimits to be considered, namely statute of limitations, right to a fair trial, etc.

It's a viable option in terms of evidence gathering, but there are some legal timelimits to be considered, namely statute of limitations, right to a fair trial, etc.

*nods* but until the 5th Amendment is altered to deal with passwords and encryption keys...

it's their only other option if breaking into the computer is a must.

assuming the law was maeliable to my opinion and I could craft the law in any way I wanted?

I'm...torn. On one hand I believe in the value of the 5th amendment and the protections it serves. On the other I think americans, especially american lawyers like myself, have a tendancy to view constitution as sacred, without considering how times may have changed.

We have here a situation in which it might, literally, be impossible for the police to access the computer without the password. While I don't favor passing the burden of good detective work on to the accused, what happens when technology reaches the point where no amount of good detective work will make any difference? I think that's where we are at here.

In my own personal opinion, I think a change in law to require him to divulge his password, if carefully crafted to not impinge on the protections that we consider common with the 5th amendment, would not be unreasonable.

Ok, but if you just plain forgot your password, you'd still be prosecuted for not divulging your password, wouldn't you? I mean, they can't actually tell the difference between someone who forgot and someone who is lying...

(Lies detector are not admissible as evidence, if I remember correctly?)

Ok, but if you just plain forgot your password, you'd still be prosecuted for not divulging your password, wouldn't you?

Well...they'd have to prove you did not forget...

(Lies detector are not admissible as evidence, if I remember correctly?)

To my understanding, they are not admissable to the prosecution as evidence. I think a defendant can admit a passed lie detector test as evidence that he was telling the truth when he said he did not commit the crime. And to be honest I have no idea why I think that's the case or where I heard that, it's just a vague feeling. I could be wrong.

Well...they'd have to prove you did not forget...



To my understanding, they are not admissable to the prosecution as evidence. I think a defendant can admit a passed lie detector test as evidence that he was telling the truth when he said he did not commit the crime.

So that means such a law would be, at best, useless...

I'm not sure all that many who are guilty are to comply with such a law, because if they're in the situation this guy is in, they have nothing to gain from it unless the punishment for not giving up the password is worse than the crime being investigated, or if they thought they'd be found guilty anyway and that they could avoid having the punishments for two crimes added on top of each other.

I'm sure it'd be really effective at getting innocent people to give up their fetish porn collections, love mail to their mistress and embarrassing Pokemon fanfics though. And what if you honestly can't remember the password, or you never had it in the first place (it might not even be your computer that the police has)? Would you need to convince a judge or jury or whatever of your innocence of that?

Which, come to think of it, is a very large problem with the whole idea.

"I forgot it, prove I didn't". However, if you're given a court order to divulge the password and refuse, you may be better off giving up the password. The penalty for contempt of court is "until you decide to stop being in contempt"

If a court orders you to divulge a password, they can literally hold you until you decide to give it up, no matter how long that is (provided they prove you actually know it)

In my own personal opinion, I think a change in law to require him to divulge his password, if carefully crafted to not impinge on the protections that we consider common with the 5th amendment, would not be unreasonable.

I'm not sure all that many who are guilty are to comply with such a law, because if they're in the situation this guy is in, they have nothing to gain from it unless the punishment for not giving up the password is worse than the crime being investigated, or if they thought they'd be found guilty anyway and that they could avoid having the punishments for two crimes added on top of each other.

I'm sure it'd be really effective at getting innocent people to give up their fetish porn collections, love mail to their mistress and embarrassing Pokemon fanfics though. And what if you honestly can't remember the password, or you never had it in the first place (it might not even be your computer that the police has)? Would you need to convince a judge or jury or whatever of your innocence of that?

governments DO NOT automatically have a 'need to know' just because they are governments. the freedom to keep your mouth shut is the last freedom we have left. loose that and we (america, or any place that does for that matter) will have become a nation of slaves entirely.

=^^=
.../\...

You're also ignoring one important thing: Even if your constitution is amended to compel password divulgence, you still have no way to prove that their isn't a hidden encryption partition within the encrypted container, which would, in fact, render the law virtually useless against all but the laziest and stupid users (Who, lets face it, aren't likely to be using encryption in the first place)

Incidentally, in the UK you can be compelled to divulge encryption keys. Privacy advocates and similar groups are naturally horrified, because they feel that it's giving too much power to the Government.

The problem with this case in particular, and the UK law in general, is that there are very likely other incriminating files that the police have no reason to know exists at this time. Therefore, if they were to decrypt the drive they would have access to not only a few files they claim to already know about, but also to a large number of files they didn't know about. Basically turning it into a fishing expedition.

And what if it was a very hard to open door? Like the door to a safe, perhaps, or a panic room? Should someone be legally required to give the police the key to a door they can't break down?

You will find that any door can be opened with the appropriate application of explosives.

You will find that any door can be opened with the appropriate application of explosives.

True - but that tends to destroy the contents. Which would often defeat the purpose.

*hopes the mods do not consider the previous post a gravedig*

Its become irrelevant. Hackers have discovered a way to use compressed air to freeze ram chips and since im not a computer geek i dont understand why this does anything but apparently it allows you to bypass encryption. http://money.aol.com/news/articles/_a/computer-memory-vulnerable-to-hacking/n20080222165509990001

Its become irrelevant. Hackers have discovered a way to use compressed air to freeze ram chips and since im not a computer geek i dont understand why this does anything but apparently it allows you to bypass encryption. http://money.aol.com/news/articles/_a/computer-memory-vulnerable-to-hacking/n20080222165509990001

That only works if the computers memory contains the passphrase.
If one turns it off one is too late.