http://www.cbsnews.com/8301-501465_162-57365004-501465/judge-americans-can-be-forced-to-decrypt-their-laptops/

Interesting case I think. I didn't see a thread about it anywhere else but maybe I missed it.

Some of us at work were wondering if you had done this:

http://www.truecrypt.org/hiddenvolume

If you provided the first key, but not the second, the blank space of the drive would be the encrypted volume. I believe its called plausible deniability volume.

I wonder if she would just get a contempt of court charge if she never produces it. It would take years to break into the drive.

So you can be forced to encryminate yourself?

So you can be forced to encryminate yourself?

Not quite.

I think they're trying to say that decrypting the data isn't the same as incriminating yourself.

I can see the argument for this going something like:

If I've got a search warrant for your house to look for evidence you're being legally told to open the front door with your house key. If I've got a search warrant for your PC to look for evidence you're being legally told to open your PC for search using your pass key.

They aren't asking you to testify and incriminate yourself, they're looking at evidence. Testimony can be used as evidence but not all evidence is testimony. 5th amd is covering testimony yes?

I use the hidden volume in Truecrypt, but I don't expect to ever be under investigation. The problem here is that the search warrant allowed the police to find the laptop and discover that it was encrypted. If this person was slightly less obvious (Truecrypt is relatively not obvious -- even if you know that it's installed, you don't necessarily know what file is encrypted, if any), then the court could not order that the person reveal hidden evidence and unencrypt it. The evidence is there, and unfortunately for her the court does have the right to get her to open it. As much as I hate to agree with the ruling, I do.

If, of course, she had used something like Truecrypt's file-within-a-file technique, and it went unnoticed, she'd be in the clear. She can't be forced to reveal that it exists, but if it was found, then she would have to decrypt that one too -- much like putting a locked container inside a safe doesn't make it immune from search warrants.

So you can be forced to encryminate yourself?


Much of the discussion has been about what analogy comes closest. Prosecutors tend to view PGP passphrases as akin to someone possessing a key to a safe filled with incriminating documents. That person can, in general, be legally compelled to hand over the key. Other examples include the U.S. Supreme Court saying that defendants can be forced to provide fingerprints, blood samples, or voice recordings.

I have to admit, that's pretty convincing. What if they have solid evidence that some guy is guilty of murder. They also find some DNA at the crime scene that might link the suspect to the crime. Can the suspect really just plead the fifth and not be forced to provide a DNA sample? Especially considering a lot of cases these days rely on DNA evidence.

Can a suspect refuse to allow police officers to search his home or car because he has stolen merchandise inside and that would incriminate himself?

I was trying to be funny.
However you bring up a point - You cannot be forced to show the police where you are hiding something (say the murder weapon) in your house. Its up to them to find it.

Can a suspect refuse to allow police officers to search his home or car because he has stolen merchandise inside and that would incriminate himself?

Yes, but the police can get a warrant. Without a warrant, absolutely, you can refuse to allow police to search anything without probable cause (I would argue police thinking the guy has stolen merchandise will never be acceptable probable cause).

Yes, but the police can get a warrant. Without a warrant, absolutely, you can refuse to allow police to search anything without probable cause

Well yeah that was sort of my point though. I'm assuming police in this case do have a warrant to basically search her laptop (or maybe this ruling IS the warrant? I don't know) but she's trying to take the fifth in refusing that warrant. So it's very close to still refusing the police to search your home even with a search warrant.

Two thoughts for fun: you could make your true crypt password "I killed Amy", then the act of giving the password would incriminate oneself.

You could make your password a digital rights management scheme, then reverse engineering it would make you (or the government) commit a felony.

Or you could just use a hidden volume.

I was trying to be funny.
However you bring up a point - You cannot be forced to show the police where you are hiding something (say the murder weapon) in your house. Its up to them to find it.

Yeah they think they found the 'murder weapon' but she's denying them access to it so they can't be sure. No where in this ruling does it say she must specifically point out which files are the ones they are looking for that will incriminate her for a crime.

Just as I quoted from the story earlier, if the police have a warrant to search your home for a murder weapon and they come across the safe and want to check in there to see if it's in there can the person refuse to allow them entry into the safe?

Just as I quoted from the story earlier, if the police have a warrant to search your home for a murder weapon and they come across the safe and want to check in there to see if it's in there can the person refuse to allow them entry into the safe?

Yes, but now it's a crime because the court ordered you to do something and you didn't. It's a fairly decent strategy if you're guilty of murder, but maybe less so for lower felonies (and probably senseless for misdemeanors). It's like refusing a sobriety test if you're super drunk; you can't be convicted for DUI, which you like, but you will lose your license, which would happen anyway.

It's also less effective for a safe because they'll convict you for whatever charge for refusing, and then they'll just crack the safe anyway. The encryption, if it's actually strong enough to deter them from breaking it, might make it worth taking the guaranteed lesser charge if it means the smoking gun can't be used against you.

Yes, but now it's a crime because the court ordered you to do something and you didn't. It's a fairly decent strategy if you're guilty of murder, but maybe less so for lower felonies (and probably senseless for misdemeanors). It's like refusing a sobriety test if you're super drunk; you can't be convicted for DUI, which you like, but you will lose your license, which would happen anyway.

It's also less effective for a safe because they'll convict you for whatever charge for refusing, and then they'll just crack the safe anyway. The encryption, if it's actually strong enough to deter them from breaking it, might make it worth taking the guaranteed lesser charge if it means the smoking gun can't be used against you.

Okay I guess instead of saying 'can you refuse them entry to the safe' I should have said 'can you actually plead the fifth and not face any charges for refusing said order.' Yes you're right we're not in the habit in this country of breaking someone's fingers until they comply with a court order.

Two thoughts for fun: you could make your true crypt password "I killed Amy", then the act of giving the password would incriminate oneself.

You could make your password a digital rights management scheme, then reverse engineering it would make you (or the government) commit a felony.

Or you could just use a hidden volume.

How is a password incriminating, it's supposed to be something difficult to guess/crack so if why couldn't you make it something like that?

He was saying that a password that is also an admission of guilt would be self-incriminating if it were revealed. Of course, they aren't asking for the password here, because of 5th Amendment rights.

They are two seperate questions:

What is your password? I killed Amy

That's not an admission of guilt. That's a password/phrase.

Did you kill Amy? Yes, didn't you see my password?

That's an admission.

Also you're saying incriminating not admission after I read it again....yeah I'm retarded. I still don't think the password being that might raise some questions but I don't think it could stand on its own as incriminating.

The court effectively cannot force a person to communicate. Revealing the password would be communication, whether or not the password itself is incriminating. It's also bordering selective communication (e.g., revealing information that would not be incriminating, but refusing to answer questions that you know would be), and that's a great way to look guilty as fuck, which is why the 5th Amendment exists in the first place. You simply don't communicate at all.

Here are my thoughts on it.

You have a bloody knife. You lock it in a safe. If they get a warrant for the safe, you are not required to open it. They can break into the safe and get it. Same as if you don't open the door for the warrant to search your house.

They can break down the door and come in.

So I think they can break the code on the drive, and it is unreasonable to require you to decrypt the drive. Granted, I would use the hidden option in truecrypt.

The other thing is that I believe with truecrypt instead of using a passkey you can use a key file. If you put said key file on a usb stick or some other digital item, and then simply loose it, how can you be expected to produce the passkey?

Do you have the passkey? - No, you have it, on one of the USB sticks you took from my home.

Which one? - They all are the same you find it on there.

We couldn't find the passkey on the USB sticks we have, you will need to enter in the passkey manually. - I don't remember what that is. It was a randomly generated hashkey that was on a post-it note that was near my computers. Which were confiscated.

I think that would be a reliable defense. But I am no lawyer.

It's 100% correct for the justice system to be able to compel passwords, and to levy appropriate punishment for refusal to comply. Nobody is required to communicate: the article specifies that all the alleged has to do is type in the password with no one "looking over her shoulder". Unlocking a door is not testimony, therefore the 5th Amendment doesn't apply. Done and done. :)

We couldn't find the passkey on the USB sticks we have, you will need to enter in the passkey manually. - I don't remember what that is. It was a randomly generated hashkey that was on a post-it note that was near my computers. Which were confiscated.

Specifically with Truecrypt, it's actually slightly different. The key file isn't actually a file that stores your password for you; it's a second, and necessary, password. The encrypted drive won't say "I need a key file." Instead, if you type in the correct password but do not select the key file, Truecrypt will deny access. The key file itself is literally any file on your machine -- I'm assuming Truecrypt reads some hash from the file to check against, but the actual file can be your favorite MP3, a picture of tits, whatever. If you did actually lose the key file, though, that data's as good as gone (which is also why it's good to use a key file that is easily replaceable, since the whole idea is the person simply doesn't know which file it is).

Anyway, you're right that if the person legitimately cannot access the drive, they are not doing anything wrong. If, however, the court feels that they should be able to access it (facts are irrelevant here, since they can't be certain either way), they will be charged with something along the lines of obstruction of justice.

Specifically with Truecrypt, it's actually slightly different. The key file isn't actually a file that stores your password for you; it's a second, and necessary, password. The encrypted drive won't say "I need a key file." Instead, if you type in the correct password but do not select the key file, Truecrypt will deny access. The key file itself is literally any file on your machine -- I'm assuming Truecrypt reads some hash from the file to check against, but the actual file can be your favorite MP3, a picture of tits, whatever. If you did actually lose the key file, though, that data's as good as gone (which is also why it's good to use a key file that is easily replaceable, since the whole idea is the person simply doesn't know which file it is).

Anyway, you're right that if the person legitimately cannot access the drive, they are not doing anything wrong. If, however, the court feels that they should be able to access it (facts are irrelevant here, since they can't be certain either way), they will be charged with something along the lines of obstruction of justice.

So yeah the best plan would be to pick a file on a un-remarkable easily disposed of media. Then just lose the media. Problem solved.

I suspect this will be overturned on appeal.

What would be interesting to watch is if she "forgets" her encryption key.

Would be kind of difficult to prove they are lying about forgetting a password or key.

Ever heard of national security?

So, this is like a subpoena issued to a computer?