Fifth Amendment doesn't protect encrypted hard drives

Any other tech-related topics
Post Reply
Message
Author
freakazoid
Posts: 1060
Joined: Wed Jul 18, 2007 5:45 pm

Fifth Amendment doesn't protect encrypted hard drives

#1 Post by freakazoid » Tue Jan 24, 2012 2:31 pm

Just read an article about how a woman encrypted her hard drive using PGP Desktop and is now being asked to decrypt the contents of the HD:
http://arst.ch/s8e

She argued that the Fifth Amednment's privilege against self-incrimination protected her from having to disclose the password, but according to the federal judge, this is not the case.

Funny how the users in the comments say to use TrueCrypt!
is it stealth? ;)

User avatar
webfork
Posts: 9979
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Fifth Amendment doesn't protect encrypted hard drives

#2 Post by webfork » Tue Jan 24, 2012 4:25 pm

freakazoid wrote:Funny how the users in the comments say to use TrueCrypt!
... that's because it uses deniable encryption, something PGP Whole Disk Encryption lacks. You can claim that you gave your password and there is no software or mathematical way to determine if you are lying. However, in this particular case that may not apply as the laptop very obviously has data on it, and the user would have to go to some lengths to create a fake laptop image as well as a real one (something most people are not going to do).

Additionally, there's another reason this applies only here and not generally to encrypted laptops: ordinarily, if you get arrested and your stuff is confiscated, you shouldn't say anything until you talk to a lawyer. This woman was exempt from that due to a recorded conversation. However, as US law enforcement barely needs a reason to start wiretapping you, it DOES make it likely people will lose their 5th amendment rights going forward.

I guess the best thing to do is to just have an encrypted volume with deniable encryption rather than encrypting the entire laptop. You leave yourself vulnerable to some types of forensics analysis, but it would likely still protect a user's privacy against a court order.

Side note about PGP Disk Encryption: as someone who's worked with it, the security is great, but you'll want a good backup as the filesystem is not very fault tolerant. Drive corruption frequently results in data loss or having the re-image the system.

Hydaral
Posts: 194
Joined: Tue Mar 09, 2010 7:36 pm

Re: Fifth Amendment doesn't protect encrypted hard drives

#3 Post by Hydaral » Tue Jan 24, 2012 5:28 pm

A few countries have acts/laws that cover key disclosure, here in Australia, we can only get 6 months, it's 7 years in India.

http://en.wikipedia.org/wiki/Key_disclosure_law

Julian Assange of Wikileaks fame wrote a deniable encryption app called Rubberhose, specifically for protecting aid workers in countries that prefer to use torture for key disclosure: http://en.wikipedia.org/wiki/Rubberhose

User avatar
joby_toss
Posts: 2902
Joined: Sat Feb 09, 2008 9:57 am
Location: Romania
Contact:

Re: Fifth Amendment doesn't protect encrypted hard drives

#4 Post by joby_toss » Tue Jan 24, 2012 10:55 pm

Seeing her name, she must be Romanian. :)
Good thing she's not in my country, 'cause she wouldn't even need a court order to reveal her password! Needing a court order for that... just time wasted... :)

Hydaral
Posts: 194
Joined: Tue Mar 09, 2010 7:36 pm

Re: Fifth Amendment doesn't protect encrypted hard drives

#5 Post by Hydaral » Thu Mar 08, 2012 9:34 pm

An update:
Investigators have cracked the encryption key for a laptop drive owned by a Colorado woman accused of real-estate fraud - rendering a judge's controversial order to make her hand over the passphrase or stand in contempt of court irrelevant.

http://www.theregister.co.uk/2012/03/01 ... ling_moot/

NickR
Posts: 105
Joined: Thu Aug 26, 2010 6:37 am

Re: Fifth Amendment doesn't protect encrypted hard drives

#6 Post by NickR » Fri Mar 09, 2012 6:32 am

Correction:
"Investigators have cracked" is a typical rubbish media quote

The encryption was never broken

The actual encryption key she used was known by a co-defendant,
who simply gave it to the authorities for whatever reason.
"Investigators have intimidated and typed in" is more accurate

Typical opsec failure not crypto - take care what you share

Post Reply