Fifth Amendment doesn't protect encrypted hard drives

[freakazoid]

Just read an article about how a woman encrypted her hard drive using PGP Desktop and is now being asked to decrypt the contents of the HD:
http://arst.ch/s8e

She argued that the Fifth Amednment's privilege against self-incrimination protected her from having to disclose the password, but according to the federal judge, this is not the case.

Funny how the users in the comments say to use TrueCrypt!

[webfork]

Funny how the users in the comments say to use TrueCrypt!

... that's because it uses deniable encryption, something PGP Whole Disk Encryption lacks. You can claim that you gave your password and there is no software or mathematical way to determine if you are lying. However, in this particular case that may not apply as the laptop very obviously has data on it, and the user would have to go to some lengths to create a fake laptop image as well as a real one (something most people are not going to do).

Additionally, there's another reason this applies only here and not generally to encrypted laptops: ordinarily, if you get arrested and your stuff is confiscated, you shouldn't say anything until you talk to a lawyer. This woman was exempt from that due to a recorded conversation. However, as US law enforcement barely needs a reason to start wiretapping you, it DOES make it likely people will lose their 5th amendment rights going forward.

I guess the best thing to do is to just have an encrypted volume with deniable encryption rather than encrypting the entire laptop. You leave yourself vulnerable to some types of forensics analysis, but it would likely still protect a user's privacy against a court order.

Side note about PGP Disk Encryption: as someone who's worked with it, the security is great, but you'll want a good backup as the filesystem is not very fault tolerant. Drive corruption frequently results in data loss or having the re-image the system.

[Hydaral]

A few countries have acts/laws that cover key disclosure, here in Australia, we can only get 6 months, it's 7 years in India.

http://en.wikipedia.org/wiki/Key_disclosure_law

Julian Assange of Wikileaks fame wrote a deniable encryption app called Rubberhose, specifically for protecting aid workers in countries that prefer to use torture for key disclosure: http://en.wikipedia.org/wiki/Rubberhose

[joby_toss]

Seeing her name, she must be Romanian.
Good thing she's not in my country, 'cause she wouldn't even need a court order to reveal her password! Needing a court order for that... just time wasted...

[Hydaral]

An update:

Investigators have cracked the encryption key for a laptop drive owned by a Colorado woman accused of real-estate fraud - rendering a judge's controversial order to make her hand over the passphrase or stand in contempt of court irrelevant.

http://www.theregister.co.uk/2012/03/01 ... ling_moot/

[NickR]

Correction:
"Investigators have cracked" is a typical rubbish media quote

The encryption was never broken

The actual encryption key she used was known by a co-defendant,
who simply gave it to the authorities for whatever reason.
"Investigators have intimidated and typed in" is more accurate

Typical opsec failure not crypto - take care what you share