Judge: Man can't be forced to divulge encryption passphrase

[Malice]

Link

A federal judge in Vermont has ruled that prosecutors can't force a criminal defendant accused of having illegal images on his hard drive to divulge his PGP (Pretty Good Privacy) passphrase.

Niedermeier tossed out a grand jury's subpoena that directed Sebastien Boucher to provide "any passwords" used with his Alienware laptop. "Compelling Boucher to enter the password forces him to produce evidence that could be used to incriminate him," the judge wrote in an order dated November 29 that went unnoticed until this week. "Producing the password, as if it were a key to a locked container, forces Boucher to produce the contents of his laptop."

This is a landmark case....

 

[Malice]

This is quite an interesting case as he was basically covered by the 5th amendment as he cant be forced to incriminate himself.

 

[SuBe]

That's interesting.

 

[ScottyBBadd]

This is quite an interesting case as he was basically covered by the 5th amendment as he cant be forced to incriminate himself.

The legal system has been trying to circumvent the 5th amendment since its inception. I am pleased to see that our 5th amendment right is enforceable in a court of law.

 

[jaguarr]

Glad to see the 5th being upheld like that, even if the guy it's protecting is probably a dirty kiddy-fiddler who deserves to be burned alive.

jag

 

[Genesis 1.0]

Eh, this just seems like one of these cases that's really a slippery slope. On the one hand, the man does indeed have the right not to do so and on the other, it could prove he has those disgusting items on his drive.

The judge erred on the side of caution and I can't blame him really.

Meh.

 

[ScottyBBadd]

Glad to see the 5th being upheld like that, even if the guy it's protecting is probably a dirty kiddy-fiddler who deserves to be burned alive.

jag

Probably, but still.

 

[Addendum]

But according to the customs officer, the laptop had "thousands of images of adult pornography and animation depicting adult and child pornography."

An adult having adult pornography on their computer is not illegal. Animated images are not real, therefore an animated picture is not putting a real child in harm's way to create.

Even if someone thinks "pornography" is disgusting, what this person supposedly has on their computer is not against the law.

 

[ScottyBBadd]

But according to the customs officer, the laptop had "thousands of images of adult pornography and animation depicting adult and child pornography."

An adult having adult pornography on their computer is not illegal. Animated images are not real, therefore an animated picture is not putting a real child in harm's way to create.

Even if someone thinks "pornography" is disgusting, what this person supposedly has on their computer is not against the law.

Very valid points.

 

[Krypton Girl]

But according to the customs officer, the laptop had "thousands of images of adult pornography and animation depicting adult and child pornography."

An adult having adult pornography on their computer is not illegal. Animated images are not real, therefore an animated picture is not putting a real child in harm's way to create.

Even if someone thinks "pornography" is disgusting, what this person supposedly has on their computer is not against the law.

If this was punishable by law, they would have to ban all forms of hentai and dirty Harry Potter fan fiction (and we'd have a lot of 15 year olds in jail).

 

[Joker]

If this was punishable by law, they would have to ban all forms of hentai and dirty Harry Potter fan fiction (and we'd have a lot of 15 year olds in jail).

Which is exactly why it should be illegal. But maybe that's just me

 

[The Senator]

This is definitely an interesting case. While I know very little about computers and IT, there has to be a way for the government to hack into his computer to seize those files without obtaining his password, right? As long as there was a warrant?

I agree with the ruling that someone shouldn't have to incriminate himself by turning over his password, simply on constitutional grounds. But if there's a way to hack into his hard drive or whatever the terminology is, then they should be able to punish him regardless.

 

[Addendum]

Punish him for what though? Adult pornography is not illegal. Animated pornography only involves an artist creating it. The images are just as real as a character from a comic book or a novel. Since no one is harmed in making it, it is also not illegal.

Even though the authorities have a warrant, they do not have the right to break in. It would be the same as the police breaking into a house that they have a warrant to search when the homeowner is not at home.

 

[jaguarr]

This is definitely an interesting case. While I know very little about computers and IT, there has to be a way for the government to hack into his computer to seize those files without obtaining his password, right? As long as there was a warrant?

Not if the files are properly encrypted. PGP is pretty heavy duty. Not likely they'll be able to crack it open.

jag

 

[Malice]

This is definitely an interesting case. While I know very little about computers and IT, there has to be a way for the government to hack into his computer to seize those files without obtaining his password, right? As long as there was a warrant?

I agree with the ruling that someone shouldn't have to incriminate himself by turning over his password, simply on constitutional grounds. But if there's a way to hack into his hard drive or whatever the terminology is, then they should be able to punish him regardless.

Cracking an encrypting file or drive with brute force oe something with a 256 bit encryption key, I kid you not, could take years.

 

[The Senator]

Cracking an encrypting file or drive with brute force oe something with a 256 bit encryption key, I kid you not, could take years.

Oh.

 

[jaguarr]

This guy might be screwed. Some researchers just established a very simple way of breaking encryption through the DRAM, no encryption keys required:

http://www.nytimes.com/2008/02/22/t...em&ex=1203915600&en=13d01f43eefefaeb&ei=5087

jag

 

[Malice]

That is assuming the key is still in RAM...
If its not..this will not do any good

 

[jaguarr]

That is assuming the key is still in RAM...
If its not..this will not do any good

Yep. Sounds like it's in there often enough for them to want to try it, though. Kind of disconcerting to us encryption enthusiasts. Looks like it's time to invest in a USB passkey.

jag

 

[teseract]

Yep. Sounds like it's in there often enough for them to want to try it, though. Kind of disconcerting to us encryption enthusiasts. Looks like it's time to invest in a USB passkey.

jag

Hmm, considering that the data only remains for a very short timespan the feds would have to be very quick in unscrewing the lid on the computer to access the chip. It's highly unlikely that they are fast enough to get any valuable data in time after a shutdown of the computer.

 

[jaguarr]

Actually, they're using new algorithm's and a cold reboot process to do this. Kind of a unique approach:

http://citp.princeton.edu/memory/



Abstract Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.


Not foolproof but a lot more consistently effective than I think most of us were originally envisioning this process to be.

jag