Judge: Man can't be forced to divulge encryption passphrase

Discussion in 'Politics' started by Malice, Feb 15, 2008.

  1. Malice BMFH

    Joined:
    Mar 26, 2001
    Messages:
    12,734
    Likes Received:
    0
    Link

    A federal judge in Vermont has ruled that prosecutors can't force a criminal defendant accused of having illegal images on his hard drive to divulge his PGP (Pretty Good Privacy) passphrase.

    Niedermeier tossed out a grand jury's subpoena that directed Sebastien Boucher to provide "any passwords" used with his Alienware laptop. "Compelling Boucher to enter the password forces him to produce evidence that could be used to incriminate him," the judge wrote in an order dated November 29 that went unnoticed until this week. "Producing the password, as if it were a key to a locked container, forces Boucher to produce the contents of his laptop."


    This is a landmark case....
     
  2. Malice BMFH

    Joined:
    Mar 26, 2001
    Messages:
    12,734
    Likes Received:
    0
    This is quite an interesting case as he was basically covered by the 5th amendment as he cant be forced to incriminate himself.
     
  3. SuBe Voluntaryist

    Joined:
    Dec 22, 2005
    Messages:
    11,897
    Likes Received:
    3
    That's interesting.
     
  4. ScottyBBadd The Texas Outlaw

    Joined:
    Aug 3, 2005
    Messages:
    4,566
    Likes Received:
    0
    The legal system has been trying to circumvent the 5th amendment since its inception. I am pleased to see that our 5th amendment right is enforceable in a court of law.
     
  5. jaguarr Be Your Own Hero

    Joined:
    Nov 11, 2003
    Messages:
    43,566
    Likes Received:
    1
    Glad to see the 5th being upheld like that, even if the guy it's protecting is probably a dirty kiddy-fiddler who deserves to be burned alive.

    jag
     
  6. Genesis 1.0 Thread Overlord's Minion

    Joined:
    Aug 29, 2005
    Messages:
    6,012
    Likes Received:
    0
    Eh, this just seems like one of these cases that's really a slippery slope. On the one hand, the man does indeed have the right not to do so and on the other, it could prove he has those disgusting items on his drive.

    The judge erred on the side of caution and I can't blame him really.

    Meh.
     
  7. ScottyBBadd The Texas Outlaw

    Joined:
    Aug 3, 2005
    Messages:
    4,566
    Likes Received:
    0
    Probably, but still.
     
  8. Addendum Avenger

    Joined:
    Jun 20, 2004
    Messages:
    22,111
    Likes Received:
    0
    But according to the customs officer, the laptop had "thousands of images of adult pornography and animation depicting adult and child pornography."

    An adult having adult pornography on their computer is not illegal. Animated images are not real, therefore an animated picture is not putting a real child in harm's way to create.

    Even if someone thinks "pornography" is disgusting, what this person supposedly has on their computer is not against the law.
     
  9. ScottyBBadd The Texas Outlaw

    Joined:
    Aug 3, 2005
    Messages:
    4,566
    Likes Received:
    0
    Very valid points.
     
  10. Krypton Girl Sidekick

    Joined:
    Feb 16, 2008
    Messages:
    1,360
    Likes Received:
    0
    If this was punishable by law, they would have to ban all forms of hentai and dirty Harry Potter fan fiction (and we'd have a lot of 15 year olds in jail).
     
  11. Joker Avenger

    Joined:
    Jun 28, 2002
    Messages:
    33,762
    Likes Received:
    4
    Which is exactly why it should be illegal. But maybe that's just me :o
     
  12. The Senator Avenger

    Joined:
    Jun 22, 2004
    Messages:
    12,223
    Likes Received:
    1
    This is definitely an interesting case. While I know very little about computers and IT, there has to be a way for the government to hack into his computer to seize those files without obtaining his password, right? As long as there was a warrant?

    I agree with the ruling that someone shouldn't have to incriminate himself by turning over his password, simply on constitutional grounds. But if there's a way to hack into his hard drive or whatever the terminology is, then they should be able to punish him regardless.
     
  13. Addendum Avenger

    Joined:
    Jun 20, 2004
    Messages:
    22,111
    Likes Received:
    0
    Punish him for what though? Adult pornography is not illegal. Animated pornography only involves an artist creating it. The images are just as real as a character from a comic book or a novel. Since no one is harmed in making it, it is also not illegal.

    Even though the authorities have a warrant, they do not have the right to break in. It would be the same as the police breaking into a house that they have a warrant to search when the homeowner is not at home.
     
  14. jaguarr Be Your Own Hero

    Joined:
    Nov 11, 2003
    Messages:
    43,566
    Likes Received:
    1
    Not if the files are properly encrypted. PGP is pretty heavy duty. Not likely they'll be able to crack it open.

    jag
     
  15. Malice BMFH

    Joined:
    Mar 26, 2001
    Messages:
    12,734
    Likes Received:
    0
    Cracking an encrypting file or drive with brute force oe something with a 256 bit encryption key, I kid you not, could take years.
     
  16. The Senator Avenger

    Joined:
    Jun 22, 2004
    Messages:
    12,223
    Likes Received:
    1
    Oh.
     
  17. jaguarr Be Your Own Hero

    Joined:
    Nov 11, 2003
    Messages:
    43,566
    Likes Received:
    1
  18. Malice BMFH

    Joined:
    Mar 26, 2001
    Messages:
    12,734
    Likes Received:
    0
    That is assuming the key is still in RAM...
    If its not..this will not do any good
     
  19. jaguarr Be Your Own Hero

    Joined:
    Nov 11, 2003
    Messages:
    43,566
    Likes Received:
    1
    Yep. Sounds like it's in there often enough for them to want to try it, though. Kind of disconcerting to us encryption enthusiasts. Looks like it's time to invest in a USB passkey.

    jag
     
  20. teseract Civilian

    Joined:
    Sep 18, 2007
    Messages:
    711
    Likes Received:
    0
    Hmm, considering that the data only remains for a very short timespan the feds would have to be very quick in unscrewing the lid on the computer to access the chip. It's highly unlikely that they are fast enough to get any valuable data in time after a shutdown of the computer.
     
  21. jaguarr Be Your Own Hero

    Joined:
    Nov 11, 2003
    Messages:
    43,566
    Likes Received:
    1
    Actually, they're using new algorithm's and a cold reboot process to do this. Kind of a unique approach:

    http://citp.princeton.edu/memory/



    Abstract Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.


    Not foolproof but a lot more consistently effective than I think most of us were originally envisioning this process to be.

    jag
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice
monitoring_string = "afb8e5d7348ab9e99f73cba908f10802"