U.S. Court Extends Fifth Amendment to Encrypted Data

[spartan231490]

I hope they do this in the UK too, as far as I know they can force you to unencrypt your data.

Does the UK even have protection against self-incrimination?

OT: Seems legit. I'm all for any time when personal rights are upheld or extended.

 

[spartan231490]

I love that 'The Founding Fathers' knew about computing and encryption when they wrote the constitution!
Any chance your old document could be slightly irrelevant to a modern day problem *Cough*Bible*Cough*

<a href=http://en.wikipedia.org/wiki/Jefferson_disk>The Founding Fathers DID know about encryption.

LOL hardly encryption compared to modern standards

The principle is literally identical.

Except that their encryption is for passing on messages and ours is for hiding information of varying description

uh, their encryption was used to pass messages with hidden information in them.

but only text based information, whereas a hard drive can store more than text

a hard drive can only store binary data, which can be interpreted as text, images, or what have you. In any case, means of encrypting or hiding data, whether visual or textual, has existed for millenia and the Founding Fathers were certainly aware of the methods available to them, as they used them extensively throughout the Revolution.

They are irrelevant nowadays, the world is so different today than it was then, they need to write a new constitution, that's right I said it.

Firstly, the bill of rights is different from the constitution. Secondly, the bill of rights has not, nor will it ever be, made irrelevant by the passage of time. It defines what rights the government isn't allowed to infringe upon. What technology is available at the time is irrelevant to those rights. The court system was created partially to make sure that new technology didn't create loopholes, which is exactly what's being done now.

Furthermore, the entire constitution was designed to be flexible and adapt to changing times, which it has done remarkably well.

Now with that said, I do think the constitution could use a major revamp. It has been bent to near breaking between executive orders, some of the amendments, and certain bills and laws that are obviously unconstitutional but have never made it to the supreme court to be shot down. It's time we rewrote the document before we are driven to it by fear or oppression, in a time when we can look back at how it has been abused and decide how to correct it without powerful emotion or a too short time-table crippling our ability to do it right.

 

[Not G. Ivingname]

But hey data privacy is way more important than protecting the democratic process.

You could make the same argument for warrantless phone taps, searches without any sort of probable cause and pretty much anything else. How far are you willing to go in the name of security? What are you willing to sacrifice?

If you are ordered by a court to produce a printed document you shred it not only are you guilty of contempt the shred document can be put together and used in evidence against you. Why should the process of encryption be treated any different from shredding? It is also clear that he was ordered to by a court after due process. The FBI didn't walk and demand he decrypt without a warrant is the same way that they bugged Rod Blagojevich phone. Why should it be treated any different, in both cases due process occurred. In encryption case he actually knew that and order was beginning potentiality made against him and had an opportunity defend himself in court which is more than Rod Blagojevich had. Why should data held on disk have greater legal protection than the same information held on paper or the same information exchanged by spoken word?

The pieces of the shredded paper are still in the world, they are not contained in your head. The encryption code IS in your head. They are making you give up a piece of information that may or may not lead to incriminating evidence. A key to a safe isn't a piece of information, it is a physical object that the police have every right to take with a warrant. You equaly cannot tell if it is a drug dealer hiding behind the Bill of Rights, or an innocent man just trying to use the rights he has been given. Innocent before proven guilty, remember that.

 

[Evil Alpaca]

snip

It's funny how people like you come here and talk about stuff you literally know NOTHING about.

Modern encryption algorithms, the ones employed by TrueCrypt, are so strong that if you employ a strong password (and potentially keyfiles) they can't be cracked within the lifetime of the universe, even if you gathered the earths collective computer power and multiplied it by a trillion. Even quantum computers cannot help bruteforce modern algorithms (their application is in factoring prime-numbers, which can crack public key crypto like RSA, but not symmetrical key crypto like AES, Twofish and Serpent).

Neither the FBI, nor any other organization (NSA, CIA, Russians, Chinese) have the capabilities to crack modern symmetrical key crypto with a proper password/key. And no, the TrueCrypt developers cannot help them either. The system is designed with no backdoors. TrueCrypt is Open-Source, uses well-known encryption algorithms (including AES which the US Government themself use to protect data), and TrueCrypt containers have already been attempted cryptoanalyzed before. They just look like random data.

Edit: Decided to fetch you an article [http://www.zdnet.com/blog/ou/is-encryption-really-crackable/204], that might be able to put things into perspective.

Thanks for the article, interesting read.

Decryption may not be the right word I'm looking for. What would you call figuring out a person's password based on what you know of the individual. I agree that a bruteforce solution to cracking the software is unlikely.

I wasn't trying to say the FBI would crack the software, but that they could find the necessary password key files. Given human tendency for password redundancy and the fact that the feds have the man's hardware, I was thinking in terms of cracking this particular man's software would involve searching through the man's life for figuring out what password and key files he would have picked. That too takes time which could easily be saved if the man gave up his password information.

 

[Athinira]

Thanks for the article, interesting read.

Decryption may not be the right word I'm looking for. What would you call figuring out a person's password based on what you know of the individual. I agree that a bruteforce solution to cracking the software is unlikely.

I wasn't trying to say the FBI would crack the software, but that they could find the necessary password key files. Given human tendency for password redundancy and the fact that the feds have the man's hardware, I was thinking in terms of cracking this particular man's software would involve searching through the man's life for figuring out what password and key files he would have picked. That too takes time which could easily be saved if the man gave up his password information.

People who actively employ encryption typically don't use cheap passwords. TrueCrypt itself actually warns you if you try to create a container with a password with a length shorter than 20 characters (20 characters is enough to make the password uncrackable within the lifetime of the universe). Now assuming that someone doesn't pick something stupid (like combining the name of their cat with their phone number). Most modern encryption programs actively

Looking through their life for details that could be part of their password seldomly gives results, and if you go above a 20 character password (and doesn't use something stupid) it's still going to be practically impossible to break. Best thing you can hope for with a modest amount of processing-power is a dictionary attack with some random permutations, but the chance of even breaking a moderate (9-12 character) password is very slim.

A few years back when Amazons cloud was in the early stages, a firm was hired by a guy to crack a file he had forgotten the password to. The password was 7-8 chars long, and either took some hours or days to crack if i recall correctly. The thing is though, you only need to jump up 2 characters before the password becomes OVER NINE-THOUSAND times harder to crack (9.216 times to be exact, but i couldn't resist ). Cracking a password at 8-9 chars would be possible, but unfeasable. 10 chars+ using a cloud service is really pushing it unless you pull some serious money into the project, and 11-12 chars you might as well forget it (you need supercomputers to do that, and even there we're talking months, if not years).

So while i get your theory, it's unfeasable in most cases. But of course you should try. You might get lucky and have a noob on your hand.

 

[MrTub]

snip

It's funny how people like you come here and talk about stuff you literally know NOTHING about.

Modern encryption algorithms, the ones employed by TrueCrypt, are so strong that if you employ a strong password (and potentially keyfiles) they can't be cracked within the lifetime of the universe, even if you gathered the earths collective computer power and multiplied it by a trillion. Even quantum computers cannot help bruteforce modern algorithms (their application is in factoring prime-numbers, which can crack public key crypto like RSA, but not symmetrical key crypto like AES, Twofish and Serpent).

Neither the FBI, nor any other organization (NSA, CIA, Russians, Chinese) have the capabilities to crack modern symmetrical key crypto with a proper password/key. And no, the TrueCrypt developers cannot help them either. The system is designed with no backdoors. TrueCrypt is Open-Source, uses well-known encryption algorithms (including AES which the US Government themself use to protect data), and TrueCrypt containers have already been attempted cryptoanalyzed before. They just look like random data.

Edit: Decided to fetch you an article [http://www.zdnet.com/blog/ou/is-encryption-really-crackable/204], that might be able to put things into perspective.

Thanks for the article, interesting read.

Decryption may not be the right word I'm looking for. What would you call figuring out a person's password based on what you know of the individual. I agree that a bruteforce solution to cracking the software is unlikely.

I wasn't trying to say the FBI would crack the software, but that they could find the necessary password key files. Given human tendency for password redundancy and the fact that the feds have the man's hardware, I was thinking in terms of cracking this particular man's software would involve searching through the man's life for figuring out what password and key files he would have picked. That too takes time which could easily be saved if the man gave up his password information.

That is called social engineering or something similar.

And honestly why bother encrypting something if you write the password on a usb stick/notepad? seems a bit stupid tbh

 

[Athinira]

That is called social engineering or something similar.

No. Social Engineering is more like scamming. Like sending an e-mail pretending to be someone else. "hi Danny. I need the password to your computer so i can use it for a while. Love, Mom!"

And honestly why bother encrypting something if you write the password on a usb stick/notepad? seems a bit stupid tbh

Because it's better to use a really complicated password and write it down than using a weak password that is easy to remember (and you use elsewhere).

Once you've learned the complicated password in your sleep, you can destroy whatever you wrote it down on.

 

[MrTub]

That is called social engineering or something similar.

No. Social Engineering is more like scamming. Like sending an e-mail pretending to be someone else. "hi Danny. I need the password to your computer so i can use it for a while. Love, Mom!"

And honestly why bother encrypting something if you write the password on a usb stick/notepad? seems a bit stupid tbh

Because it's better to use a really complicated password and write it down than using a weak password that is easy to remember (and you use elsewhere).

Once you've learned the complicated password in your sleep, you can destroy whatever you wrote it down on.

Of course its better to use a complicated password. I just do not see the need to have it written down somewhere for longer then a day at most.

The reason I thought that social engineering was a fitting word since he suggested that they would gather information on the person and then try to crack the password. But I guess you are correct.

 

[Athinira]

Of course its better to use a complicated password. I just do not see the need to have it written down somewhere for longer then a day at most.

Some people really have terrible memories, and will take quite a while to safely learn a long password. Remember, if you encrypt your data and forget your password, it's a really shitty situation for you

 

[oktalist]

You can clear out bank accounts, steal credit card information, hire a hitman, whatever you want now.

So should we go back to the old days when hitmen kept a written record of their activities which they kept under their beds so it would be easy for the police to find?

can someone PLEASE explain to me what the 5:th Ammendment is all about? Because after reading this, I imagined a scenario.
Imagine that there is a man that the feds [del]know of[/del] suspect, that have a trigger locked in a small box. If the trigger is not pressed within 24 hours, a bomb goes off somewhere, and a lot of people get killed. The feds [del]know[/del] suspect this, they have the man, he knows how to open the box, but he denies that there is a trigger in the box (though he confirms that there is something illegal in there, and that he can open the box, but he won't, because it would "incriminate himself"). The feds can not open the box without the bomb going off, nor can they find the bomb within 24 hours.
So, even though the man admits that he is hiding something illegal, and the feds have very strong evidence for thinking that this might be the trigger, they really can't force the man to open the box?

I fixed it for you.

Most countries have something similar. It's the right to remain silent.

The court can compel your man to open the box, as he has already admitted that he can, but it cannot compel him to reveal any information which resides in his brain.

Suppose you are suspected of an assault that occurred on a particular street. You are innocent, but you were walking down that particular street at the time the assault took place. If you told the police this fact, that would "incriminate yourself", even though you are innocent. It would be a piece of evidence they could use against you in a trial. You would be foolish to reveal this information to the police, and it would be wrong for a government to have the power to compel someone to reveal such information. By "pleading the fifth" you might seem to admit that there is some information that incriminates you (makes you appear guilty), but that does not imply any actual guilt. The Fifth Amendment is intended to protect the innocent from being compelled to incriminate themselves (make themselves appear guilty).

To apply a similar logic to the encryption argument, if I have an encrypted document on my computer all about how I really, really hate a particular person, and then one day this person turns up floating in the river with a bullet in his head, I'm sure as hell not going to want the police to be able to read that document.

Or if I keep a traditional, pen and paper diary, and in the entry for April 19th, I have written "JC" (using initials is a form of encryption), and on April 19th John Connor turns up in a similar river/bullet-based predicament, I am not going to want to tell the police that "JC" stands for John Connor. Of course if "JC" actually stood for Jackie Chan I would be happy to tell the police that.

Privacy is overrated when it starts interfering with the justice system.

This isn't about privacy at all.

People need to respect the police.

In the same way that we need to respect tigers.

'Never trust a copper' is 70s talk. I like to think we've come past that. If the officer asks 'what's in the box', you open the box. The law enforcement has a job to do. An important job.

And if law enforcement is investigating me, it's going to have to do that job without my help.

"Always trust a copper" is just as stupid as "never trust a copper".

The police are (mostly) honest people. The problem is they are honestly following a procedure that says: 1. Gather evidence. 2. Is there enough evidence to press charges? 3. If yes, press charges. There is no room for an officer to say, well, yesss... but I think we've got the wrong guy. If there's enough evidence, the charges get pressed, whether the police think he's guilty or not.

That procedure will and does lead to charges being pressed against innocent people every day.

If you disagree, then perhaps you'd like to explain to the class, in your own words, why, if at all, you think we need a criminal court system with juries of our peers.

Now let's not bring in the faults of the legal system here

The faults of the legal system are the only reason this thread exists. If the legal system was faultless, there would be nothing to discuss here.

 

[Wintermoot]

what,s there to prevent you from making a kill switch?
somebody with childporn can easily delete all the data or destroy the storage medium.
or maybe a master key that unencrypts all forms of data.

 

[Thyunda]

You can clear out bank accounts, steal credit card information, hire a hitman, whatever you want now.

So should we go back to the old days when hitmen kept a written record of their activities which they kept under their beds so it would be easy for the police to find?

can someone PLEASE explain to me what the 5:th Ammendment is all about? Because after reading this, I imagined a scenario.
Imagine that there is a man that the feds [del]know of[/del] suspect, that have a trigger locked in a small box. If the trigger is not pressed within 24 hours, a bomb goes off somewhere, and a lot of people get killed. The feds [del]know[/del] suspect this, they have the man, he knows how to open the box, but he denies that there is a trigger in the box (though he confirms that there is something illegal in there, and that he can open the box, but he won't, because it would "incriminate himself"). The feds can not open the box without the bomb going off, nor can they find the bomb within 24 hours.
So, even though the man admits that he is hiding something illegal, and the feds have very strong evidence for thinking that this might be the trigger, they really can't force the man to open the box?

I fixed it for you.

Most countries have something similar. It's the right to remain silent.

The court can compel your man to open the box, as he has already admitted that he can, but it cannot compel him to reveal any information which resides in his brain.

Suppose you are suspected of an assault that occurred on a particular street. You are innocent, but you were walking down that particular street at the time the assault took place. If you told the police this fact, that would "incriminate yourself", even though you are innocent. It would be a piece of evidence they could use against you in a trial. You would be foolish to reveal this information to the police, and it would be wrong for a government to have the power to compel someone to reveal such information. By "pleading the fifth" you might seem to admit that there is some information that incriminates you (makes you appear guilty), but that does not imply any actual guilt. The Fifth Amendment is intended to protect the innocent from being compelled to incriminate themselves (make themselves appear guilty).

To apply a similar logic to the encryption argument, if I have an encrypted document on my computer all about how I really, really hate a particular person, and then one day this person turns up floating in the river with a bullet in his head, I'm sure as hell not going to want the police to be able to read that document.

Or if I keep a traditional, pen and paper diary, and in the entry for April 19th, I have written "JC" (using initials is a form of encryption), and on April 19th John Connor turns up in a similar river/bullet-based predicament, I am not going to want to tell the police that "JC" stands for John Connor. Of course if "JC" actually stood for Jackie Chan I would be happy to tell the police that.

Privacy is overrated when it starts interfering with the justice system.

This isn't about privacy at all.

People need to respect the police.

In the same way that we need to respect tigers.

'Never trust a copper' is 70s talk. I like to think we've come past that. If the officer asks 'what's in the box', you open the box. The law enforcement has a job to do. An important job.

And if law enforcement is investigating me, it's going to have to do that job without my help.

"Always trust a copper" is just as stupid as "never trust a copper".

The police are (mostly) honest people. The problem is they are honestly following a procedure that says: 1. Gather evidence. 2. Is there enough evidence to press charges? 3. If yes, press charges. There is no room for an officer to say, well, yesss... but I think we've got the wrong guy. If there's enough evidence, the charges get pressed, whether the police think he's guilty or not.

That procedure will and does lead to charges being pressed against innocent people every day.

If you disagree, then perhaps you'd like to explain to the class, in your own words, why, if at all, you think we need a criminal court system with juries of our peers.

Now let's not bring in the faults of the legal system here

The faults of the legal system are the only reason this thread exists. If the legal system was faultless, there would be nothing to discuss here.

If you had nothing to hide, the investigation could write you off and go elsewhere. But if you insist on hiding it, you're only delaying it. But, then, I guess you can get away with anything as long as you encrypt the evidence.

 

[rapidoud]

Well this is just plain silly. What's he got on his hard drive that he doesn't want the FBI to see? He should have been put away for deliberate obstruction of justice. If you're threatened with a jail sentence, and all you have on your hard drive is a couple of embarrassing files, then surely you'd just let the FBI in?

Jesus, more people who doesn't understand how encryption works, nor the law.

First of all, there is a difference between "obstruction of justice" and "refusing to help". Refusing to help police build a case against yourself is not the same as obstruction of justice. You have NO obligation to help them, and giving that helping them is counter-intuitive to your case, why would you?

Second of all, as mentioned in my earlier posts, you cannot beat encryption. Ever. Hidden volumes means that encryption can cheat investigators, and they have no way to prove otherwise.

Privacy is overrated when it starts interfering with the justice system.

The man is innocent until proven guilty. To jail someone for "Obstruction of justice" (even though, as i explained, refusing to decrypt something isn't obstruction of justice), you first have to prove that there are justice to be dispersed in the first place. If the man is innocent (which is the governments job to prove that he isn't, and he isn't obliged to help them), then there is no justice to be dispersed.

Also i almost don't even want to touch terrible your logic is. By that argument, the government should install cameras in EVERY home in the United States so they could spy on us. Then they would be able to solve almost every case of domestic violence, robbery etc. Sounds like a good idea to you? )

Notice how you keep mentioning hidden volumes. Which I mentioned in my post.

Then the rest was just ranting, providing no discernible arguments yet providing analogies for it.

 

[MrTub]

i know the password to my mums computer because i have to fix it all the time, does not mean i know what the contents are.

...and similarly, being in possession of a computer with encrypted contents doesn't mean you know what the password for that content are )

this is a simply case of a deliberate attempt at hiding evidence and refusing to hand it over. it should not be protected any more then shredding papers.

No, no and no.

First of all, nothing is hidden. The police have access to the data, they just don't have the knowledge of how to read it. Shredding papers is DESTRUCTION of data. An entirely different thing. Destructed things can't necessarily be reconstructed, and those papers can therefore be irrecoverably lost. Decrypted data can ALWAYS be recovered if someone knows how to do it.

Second of all, you assume beforehand it's evidence. Until the content is actually decrypted, you don't know if it was just random data, of if there was actually something of interest to the case.

Thirdly, you don't know if anyone is "refusing" anything. Until the data actually gets decrypted, you cannot conclusively prove that the defendant is actually capable of decrypting the data to begin with. The law states that you cannot be held in contempt of court for not doing something you are incapable of doing.

.

Since you decided to bring in the example with you knowing your moms password, allow me to extend your example:
Imagine that your mom gives you her computer since she has gotten a new one. A few months later, the feds knock on your door with a search warrant because they believe to have evidence that there are illegal content on your computer (or maybe they believe you are tax frauding and wants to seize any documents that could be relevant, including digital ones). On your computer they find a file of random data (from back when your mom had the computer), which they suspect is an encrypted file.

Now first, they demand you decrypt it. You deny being able to decrypt it, stating that it's a leftover file from when your mom was the proprietor. The feds talk to your mom, but she says she forgot the password (or maybe she isn't sure what file they mean or can't remember) since it's some months since she used the computer.

Now, by your logic, the feds can now charge both you and your mom for withholding evidence, even though they cannot conclusively prove that the file is actually an encrypted file, or that either of you actually know (remembers) a valid password for the file.

And once again, i will remind you that real criminals CAN and WILL cheat the feds with a hidden volume, one which you cannot prove the existence of.

but he did not refuse to do it based on not knowing how, he refused based on the 5th amendment. it is perfectly reasonable to assume that he knows how.

the idea that i am assuming it is evidence is wrong. i am assuming the investigators have reason to believe it is evidence. just like when they have reason to believe you are in possession of drugs they can get a warrant and search your house, they should be allowed to get a warrant to get access to the encrypted information.

they have reason to believe the encrypted info is evidence, they have reason to believe the man knows how to decrypt it. the man refusing to give them that information is breaking the law, the same way the druggie is breaking the law if he refuses to let the police search his house.

as for your example. simply dating the file would be enough evidence to see whos it is and who should be charged.

It's not the same way.

A more similar analogy would be that the feds has a warrant to search your house and the person allows them to search for it but refuses to help them find the item.

 

[Maclennan]

I wonder what it is like up here in Canada...

Well they dont currently even need a warrant to monitor our internet usage, only to force a ip to provide them access if the ip does not volunteer it. Based on that I would wager we would be forced to decrypt anything they asked us too.

 

[MrTub]

i know the password to my mums computer because i have to fix it all the time, does not mean i know what the contents are.

...and similarly, being in possession of a computer with encrypted contents doesn't mean you know what the password for that content are )

this is a simply case of a deliberate attempt at hiding evidence and refusing to hand it over. it should not be protected any more then shredding papers.

No, no and no.

First of all, nothing is hidden. The police have access to the data, they just don't have the knowledge of how to read it. Shredding papers is DESTRUCTION of data. An entirely different thing. Destructed things can't necessarily be reconstructed, and those papers can therefore be irrecoverably lost. Decrypted data can ALWAYS be recovered if someone knows how to do it.

Second of all, you assume beforehand it's evidence. Until the content is actually decrypted, you don't know if it was just random data, of if there was actually something of interest to the case.

Thirdly, you don't know if anyone is "refusing" anything. Until the data actually gets decrypted, you cannot conclusively prove that the defendant is actually capable of decrypting the data to begin with. The law states that you cannot be held in contempt of court for not doing something you are incapable of doing.

.

Since you decided to bring in the example with you knowing your moms password, allow me to extend your example:
Imagine that your mom gives you her computer since she has gotten a new one. A few months later, the feds knock on your door with a search warrant because they believe to have evidence that there are illegal content on your computer (or maybe they believe you are tax frauding and wants to seize any documents that could be relevant, including digital ones). On your computer they find a file of random data (from back when your mom had the computer), which they suspect is an encrypted file.

Now first, they demand you decrypt it. You deny being able to decrypt it, stating that it's a leftover file from when your mom was the proprietor. The feds talk to your mom, but she says she forgot the password (or maybe she isn't sure what file they mean or can't remember) since it's some months since she used the computer.

Now, by your logic, the feds can now charge both you and your mom for withholding evidence, even though they cannot conclusively prove that the file is actually an encrypted file, or that either of you actually know (remembers) a valid password for the file.

And once again, i will remind you that real criminals CAN and WILL cheat the feds with a hidden volume, one which you cannot prove the existence of.

but he did not refuse to do it based on not knowing how, he refused based on the 5th amendment. it is perfectly reasonable to assume that he knows how.

the idea that i am assuming it is evidence is wrong. i am assuming the investigators have reason to believe it is evidence. just like when they have reason to believe you are in possession of drugs they can get a warrant and search your house, they should be allowed to get a warrant to get access to the encrypted information.

they have reason to believe the encrypted info is evidence, they have reason to believe the man knows how to decrypt it. the man refusing to give them that information is breaking the law, the same way the druggie is breaking the law if he refuses to let the police search his house.

as for your example. simply dating the file would be enough evidence to see whos it is and who should be charged.

It's not the same way.

A more similar analogy would be that the feds has a warrant to search your house and the person allows them to search for it but refuses to help them find the item.

no a more similar analogy would be that the feds have a warrant to search your house, they find a suspicious box but it is locked, around your neck is a key the same size as the lock for the box, they ask for it and you wave it in their face and say no.

No its not the same, since the feds have access to the information. You shouldn't be required to translate for them.

And honestly I do not see why anyone should be required to hand over the key (Of course then you would have to accept that feds would try to open it with other means and you should expect the safe to be broken into and you shouldn't be able to whine that they broke something).

 

[Something Amyss]

I find the FBI's decryption abilities far more contemptible than this guy's refusal to surrender the information.

I'm going to have to ask you to restrain yourself.

And great day for fraudsters, drug dealers, corrupt politicians, the various mobs, hit men, the Ku Klux clan, the Aryan nation and the other terrorist groups out there. So if Enron had just encrypted all their data they could have walked away scot free after defrauding ten of thousands of poeple. Rod Blagojevich should have sent an encrypted email instead of selling Obama's senate seat on the phone and he wouldn't be doing 14 years and the democratic process would have been for sale. But hey data privacy is way more important than protecting the democratic process.

And think about all the criminals already protected by the fifth amendment! I mean, all a criminal has to do is take the stand and not incriminate himself!

And due process? Man, that shit puts millions of criminal on the streets again! Think about all the criminals we could catch if we stopped requiring things like probable cause and enforcing Miranda rights.

 

[ThunderCavalier]

Yeah, I can see a bit of a problem here with the FBI wanting to force people to decrypt data.

Yet at the same time, encrypting your data obviously means that you have something to hide and some damn good reason to put a good enough encryption that the FBI can't solve it. Either that, or you have way too much time on your hands. I can understand avoiding self-incrimination, but is there really so much sensitive data that you're willing to hide from the FBI that you're going to call the Constitution out on them? I know that's what it's there for, but is it really worth the trouble?

 

[Jodah]

I support this. It is no different than physical property. If the police have a search warrant for your property you don't have to give them the key. They can, however, kick the door down to get in. This is the same thing. You don't have to decrypt the data for them but they can break it themselves.

 

[Athinira]

no a more similar analogy would be that the feds have a warrant to search your house, they find a suspicious box but it is locked, around your neck is a key the same size as the lock for the box, they ask for it and you wave it in their face and say no.

Funny that you should touch this aspect. You see, The Supreme Court has already ruled on this issue several times in regards to opening Safe deposit boxes during a search and seizure. Their ruling is that the police can only compel you to give them physical keys to a safe (if you are in possession of those keys), but that they cannot compel you to reveal the combination to a safe.

A password to encrypted content is a hundred times closer to a combination than a physical key, and barring the Foregone Conclusion, that information is therefore testimonial and protected by the 5th Amendment.

but he did not refuse to do it based on not knowing how, he refused based on the 5th amendment. it is perfectly reasonable to assume that he knows how.

No it's not. It's not "perfectly reasonable" to assume such things when you gambling with peoples freedom (or possibly lives) in the justice system.

Also, refusing based on not knowing how and refusing based on the 5th Amendment aren't mutually exclusive. Someone can take the 5th first, and then if a court rules that the 5th doesn't apply, they can still claim afterwards that they don't know how to open it (taking the 5th doesn't imply that you have to acknowledge to be able to open it, so it's perfectly possible to take up that position afterwards).

The 5th Amendment wasn't invented so that the courts could just go "Oh he isn't talking, so he probably knows something". That's not how it works, and choosing to take the 5th Amendment and not talking is not a freeride for either the police nor the courts to just go fabricate facts they can't find themself.

the idea that i am assuming it is evidence is wrong. i am assuming the investigators have reason to believe it is evidence. just like when they have reason to believe you are in possession of drugs they can get a warrant and search your house, they should be allowed to get a warrant to get access to the encrypted information.

Physical items can often be linked to a person during the seizure. Digital information on the other hand can only be linked by analyzing it's nature. Since there is no way to analyze the nature of something that's encrypted, you can't link it to the defendant. For all you know, the encrypted information might as well be a file created by a piece of software that the defendant knows nothing about, in which case they can't decrypt it. It could also be a file from a massive file transaction that occured between the defendant and someone else at some point. It could be that the computer was bought used and the defendant hasn't formatted it, and the file isn't his. It could be that the file isn't encrypted but is just a chunk of random data (no way to tell the difference without decrypting it). The possibilities are endless.

And that's the core of the problem: You cannot prove that a defendant can actually decrypt something you want them to decrypt. And you cannot by law force them to reveal information regarding the encryption because the 5th Amendment protects their right to remain silent. So all you have left is guesswork, and guesswork doesn't hold up in court.

they have reason to believe the encrypted info is evidence, they have reason to believe the man knows how to decrypt it.

No and no.

They have no reason to believe the encrypted info (if it's encrypted content in the first place) is evidence and that the guy can decrypt it. They have a suspicion. That's it. Suspicion and "Reason to Believe" are two entirely different things, and suspicion alone is not enough. You need to have SOMETHING.

In the Sebastian Boucher case, for example, the court put weight on the fact that Boucher had made the mistake of already showing ICE Agents some of the child pornography that was on his encrypted drive. That was enough for the court to invoke the Foregone Conclusion, and compel Boucher to show his decrypted drive. But if all you have is a bunch of random data you suspect MIGHT be encrypted and you suspect the defendant MIGHT be able to decrypt (emphasis on "suspect" and "might" in both cases), that's not enough. And even if you know if someone is able to decrypt it, the foregone conclusion is only invoked if the information you are looking for is well-known and not of vital importance to making the case (meaning that the could would likely be a successful prosecution without the information=. Otherwise the 5th shuts out all attempts of compelling someone to decrypt it.

the man refusing to give them that information is breaking the law, the same way the druggie is breaking the law if he refuses to let the police search his house.

That's funny, because the court disagrees. But i guess you are the supreme authority on this kind of stuff?

/irony

You can prove that a house belongs to someone, and therefore that they have the capability of letting the police in if the police have a warrant (especially easy to prove if they are at home when the police arrives). You can't, however, necessarily prove that something is encrypted information in the first place, and that someone has the ability to decrypt it (even if it resides on their equipment). In addition, you cannot by the 5th Amendment force someone to give up information. Someone earlier made the good comparison of helping the police translate some text they found in your home during a seizure. You're not obliged to do that, just as you aren't obliged to help them read the contents of an encrypted drive.

So no, the man refusing to decrypt something is not breaking the law.

as for your example. simply dating the file would be enough evidence to see whos it is and who should be charged.

No.

It's standard for encryption software to not modify the timestamp of encrypted files, so therefore the only thing a timestamp will tell you is when the file was last copied (possibly created, but that depends on the operating system and software used to handle files), and it's impossible to tell when the file was last used. Also, this only works for files, not encrypted partitions.

You go to court and call that "evidence" and they will laugh in your face, plain and simple.