Man jailed over computer password refusal

Discussion in 'privacy general' started by CloneRanger, Oct 5, 2010.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    http://www.bbc.co.uk/news/uk-england-11479831
     
  2. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    The UK is particularly draconian on this issue, no? It's not like there's a Bill of Rights. And, for the Americans in the audience, recall that the Bill of Rights doesn't apply while you're outside the USA :eek:
     
  3. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    If the police had such a shoddy case that they had to resort to information gleaned from the suspect himself....well, that's pretty bad....like you said, Hierophant, in the USA we have a 5th amendment that keeps one from being a witness against himself.

    I, too, am curious how they know the password length.
     
  4. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    It's not so cut and dry here in the USA. For instance, even though we have the 5th amendment, courts routinely force people to give up the passwords to safes and to provide DNA samples. Safe combinations and hair and DNA samples are not protected under the 5th. Therefore, prosecutors have argued it should be the case with encryption keys too.

    There was one case in Vermont where a guy was suspected of child porn. [1] The prosecutors told him to give up his encryption keys but the judge ruled that the key is protected under the 5th. Later, the case went to an appeals court, and that court reversed the decision and said he must give up his key or face contempt. So, I guess current case law is unclear about this sort of thing, which is why it will probably take a Supreme Court ruling before we can put it to rest.

    1. The original judge in that case is the same guy who has been really "compassionate" toward child predators in the past. For instance, he gave an extremely light sentence to a man convicted of raping a girl under the age of 10 (like 30 days or something) which caught the ire of many on the cable news circuit.
     
  5. Mazock

    Mazock Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    1
    I understand that the courts can hold you in contempt if you refuse to divulge your password. One solution is to use a keyfile on a USB stick, and conveniently destroy/lose the USB stick at the first sign of trouble. If the keyfile is an unknown random set of characters, there's no way they can hold you in contempt.

    You don't have the password :)

    Of course, you've lost your data, but if you're in this sort of position, that's the least of your worries.
     
  6. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    Okay, the main differences between fingerprints, DNA, etc. and the passwords....is that forcing someone to give up information you know rather than what you possess physically are two very different things. One is available whether you want to give it up or not - what's in your mind is clearly asking one to incriminate themselves and has been considered a violation of the Fifth Amendment. I'm aware of the current case working its way through the courts; meanwhile, prosecutors nowhere in America are challenging 5th Amendment claims to password information. So you're right in that it will eventually be settled - legally. I also agree with 'Simply The Best' that's it's an absurd thing to request and expect given his/her arguments about the password being correct or not. How would you prove in the U.S. court system that somebody is lying about the password? How could a jury not have reasonable doubt?

    BTW, combination safes ARE protected by the 5th amendment. Physical keys to a safe ARE NOT. So again, it comes down to a physical thing versus what's in the mind.
     
  7. scott1256ca

    scott1256ca Registered Member

    Joined:
    Aug 18, 2009
    Posts:
    144
    I don't think you can just claim a dvd has corrupt data. I believe they use a fair amount of error correction, and if the raw data isn't showing as corrupt or having some bit errors, you will have a tough time convincing anyone that every block, or even most, on the dvd has corrupted bits which just happen to read back as blocks with no errors at all. Especially if every time they read the raw data, it is exactly the same.
     
  8. nightrace

    nightrace Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    159
    DiskCryptor seems more useful in these cases. With DiskCryptor he could have given them the password (or any password) to a fake OS.
     
  9. stap0510

    stap0510 Registered Member

    Joined:
    Aug 5, 2008
    Posts:
    104
    The same applies to TrueCrypt aswell.
     
  10. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,278
    Location:
    New England
    Come on guys, post about the issues or technical points, but, leave the personally direct, inflammatory words out of it. Refute the arguments, if they are flawed. However, there's no need to insult the posters.
     
  11. ploder

    ploder Registered Member

    Joined:
    Apr 11, 2009
    Posts:
    38
    Some good points are raised above. I would also add the following. According to the police spokesperson:

    So they are presuming that he was carrying out crime, a variation of the 'if you weren't doing anything wrong why were you hiding' phony argument. Whatever happened to the presumption of innocence? He went down for failing to disclose a key not the crime he was investigated for (distribution of indecent images of children or whatever the appropriate charges would have been)

    It also seems draconian to me that all they need under s.49(2) is reasonable grounds to think that you have the key but are failing to disclose it http://www.legislation.gov.uk/ukpga/2000/23/part/III/crossheading/power-to-require-disclosure
    Note: not even deliberately trying to conceal it but only failing to disclose it. That is a very low threshold and thus generating spam/dud containers that you don't remember the password to could actually get you in even more trouble under this lovely law introduced by Labour :(
     
    Last edited: Oct 6, 2010
  12. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Agreed. The cat is out of the bag and it ain't going back in. And the legislators would have a very hard time completely outlawing encryption. There would be a first amendment issue (like was the case with Phil Zimmerman) and any such legislation is guaranteed to be overturned by the courts.

    Saying that people couldn't write their own crypto software for personal use would be a huge infringement on the 1st amendment (in my lay opinion).
     
  13. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    I agree. There's too many legitimate uses for encryption - even mandated by law - for anybody to stand for outlawing or backdooring. Not going to happen.
     
  14. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    According to the various articles I have read, he was entering the USA and went through a border search where they asked to see his laptop's contents. He (for some odd reason) voluntarily decrypted the drive and they found the images. Then they confiscated his laptop and (stupidly) turned it off. When they tried to turn it back on later, they couldn't access it because of PGP disk. That's where it all began.

    Yeah, but this seems to be exactly what they were planning on doing here -- relying on the testimony of the border agents.
     
  15. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    OK, so what's the solution? Let's say I'm going to be in Amsterdam for a month (don't I wish). So I create a TrueCrypt volume, and put all my stuff in it. Then I csplit it into several pieces. Perhaps I then encrypt each piece. Then I put overlapping subsets of those pieces on several cloud storage sites, with nowhere near a complete set on any one site. If relevant, I do that via several VPNs. When I get to Amsterdam, I buy a netbook, download the requisite pieces, and reassemble them. If I were really paranoid, I could do multiple layers of the encryption and splitting.

    When I have some time, I believe that I'll test that -- this weekend, perhaps. Any bets?
     
  16. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    It would be a real pain in the a$$ for most users to access their data. I guess it would depend on how often you need to access your data.
     
  17. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    1,034
    Location:
    Hawaii
    I predict the high possibility of a screwup. Encrypted data can be very fussy. If the reassembly is not perfect, if even a single bit (or more) is excluded or shifted out of place then the decryption will fail from that point onwards.

    I sure wouldn't want you to waste a weekend on it. Computer screens are so darned ... flat! And they just sit there. Why not go for a nice healthy hike instead?
     
  18. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Yes, that is a serious concern. Also, just to be upfront, that's a manual/simplified version of CleaverSafe.

    Hey, I'm a geek :eek:
     
  19. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    Excellent point. And there is no rational argument to the contrary.
     
  20. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    Haha! I don't know what csplit is but I know how to use hjsplit and winrar. You could put everything into a truecrypt folder, split it into several pieces, encrypt a piece with winrar, then axcrypt, and use rapidshare, hotfile, mediafire and maybe an email attachment...:argh:
     
  21. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Right, caspian. And could you put it back together again? We shall see.

    FWIW, csplit is an old-school Unix file splitter.

    Edit: Make that lxsplit, which seems to be Ubuntu's default. I gather that it's compatible with hjsplit.

    So, anyway, I created the 300 KB TrueCrypt volume "test.tc", and split it into three 100 KB pieces -- "test.tc.001", "test.tc.002" and "test.tc.003". Then I compressed each piece ("001.tar.gz" etc) and put them on www.megaupload.com. Then I downloaded them, extracted the pieces, and "unsplit" them. Worked just fine. Perhaps that was obvious. And it was fun. Anyway, the pieces are at "/?d=XJKUAOPH", "/?d=CB74673X" and "/?d=BUBPPY6K" if you want to see for yourself. The password is "foo".
     
    Last edited: Oct 8, 2010
  22. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    What do we do when most evidence may soon be digital?
     
  23. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    1. We make good money helping clients to hide it.
    2. We make good money helping clients to discover it.
    3. We use some of that money to ensure that ours is well-hidden.
    Have I missed anything?
     
  24. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    Kinda where I was going.
    But I think the endgame is that the courts will apply the privacy "penumbras" of the US Constitution to the internet. Your "house" is your solitude, generally speaking, but when you go out, we'll tap the crap out of you! I don't know if it can be any other way.
     
  25. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Ya think :eek:

    In/out it makes no difference to "Them" Don't think you're safe in/on your own home/land even if you own Every part of it, not these days i'm afraid :eek:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.