Security Basics mailing list archives
Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News
From: Aarón Mizrachi <unmanarc () gmail com>
Date: Wed, 18 Mar 2009 04:34:19 -0430
On Sábado 07 Marzo 2009 18:14:51 Shailesh Rangari escribió:
Steve, I agree that their is a real possibility that a said user may forget the password owing to numerous reasons, But I am not aware of any technique that can prove beyond a reasonable doubt that the user has really forgotten his password or is pretending it to avoid a sentence. Seems like the case is bound to set a precedent in the interpretation of this law. Any which ways it would be worthwhile to observe whether the US courts follow a similar course of action as their UK counterparts.
two factor authentication with micro-sd memory card that you preserve all the time with you, and can be eated when you feel angry, or can be incinerated if you smoke it on a cigar, or simply drop it. this sd memory card will contain bootstrap and encrypted key for two-factor cypher. http://upload.wikimedia.org/wikipedia/commons/8/8a/Cigar_tube_and_cutter.jpg (Over 200 celsius degrees!!!) Then, the hardrive will only contain: RANDOM DATA. This is plausible?, this could be insulting for the judge, but, you must allegate that before the raid, you do an "cat /dev/urandom > /dev/sda1" for a mantainance pourporse from a live cd... (i really didit before sell my harddrive to prevent credit card and other private info leakeage). Look at: http://www.guardian.co.uk/technology/2009/jan/08/hard-drive-security-which This is plausible. You didn't consider your hard-drive as evidence before the judge starts, because you never didit anything barely legal. Another plaussible act are say that this 8Gb partition are an encrypted swap used by a secure live cd that you use. (There is to know that encrypted swap uses a random key and looks like random data). You can have the secure live cd and demostrate how it works. ----------------- Everything depends on how you preserve and protect the microsd card... Fact: Microsd card have 11mm x 15mm x 1mm, can be easly destroyed with medium- high temperatures (85 celsius degrees).... http://www.kingston.com/flash/securedigital.asp?id=2 -------------------
It is also kind of interesting that the UK courts follow a course of action which almost deters users from using encryption for the fear of forgetting keys that may lead to a sentence. That leaves people in UK the option of using Key Escrow Encryption scheme only. Shailesh On Mar 7, 2009, at 5:10 PM, Stephen Mullins wrote:Is it not plausible that he forgot his key phrase after a year of not typing it? A twenty to thirty character key phrase is pretty easy to forget if you don't use it frequently. Frankly, I'm pretty sure that after a year I'd have forgotten a 20 to 30 character key phrase, especially if it was a truly strong pass and not based on natural language or 1337. The problem with this is that it takes us to where the U.K. is today - refusing to hand over passwords on demand to the police results in a minimum sentence of 2 years in prison. This is essentially a defacto ban on encryption technology by virtue of the risks of forgetting a password being so great that it simply does not make sense to use it at all. I don't like where that leads. Steve Mullins On Fri, Mar 6, 2009 at 3:55 PM, vulcanius <vulcanius () gmail com> wrote:IANAL but in my opinion there isn't an issue of self-incrimination anymore. If it's true that he allowed the border agents to search his laptop initially then he has, in my limited knowledge I believe, waived certain rights. On Thu, Mar 5, 2009 at 8:33 PM, Shailesh Rangari <shailesh.sf () gmail comwrote: Its strange that the act of revealing the password has essentially been termed underprivileged by the courts in the mentioned case. The Supreme Court on earlier occasions has termed acts of providing fingerprints, blood sample etc. underprivileged because in principle they do not reveal a persons thoughts or knowledge of a particular fact and also because possession of ones own fingerprint is an undeniable fact. In case the Supreme Court concurs with the decision of the District Court the options Mr. Boucher would have are interesting - 1) Self Incriminate - by providing the password that is known to Mr. Boucher which in turn would turn testimonial of his knowledge and control over the said laptop and its contents 2) Perjury - by lying on oath that he does not knows the password that can be proved otherwise by the ICE Agent for he found the laptop sans the encryption 3) Contempt of Court - by rejecting both the options mentioned above Regards, Shailesh On Mar 3, 2009, at 1:00 PM, tvlillard () msn com wrote:Reference below is an interesting article concerning a Judge's order to decrypt of a harddrive. Judge orders defendant to decrypt PGP-protected laptop - CNET News URL: http://news.cnet.com/8301-13578_3-10172866-38.html Federal court orders defendant accused of having illegal data on his laptop to type in his PGP passphrase so prosecutors can access decrypted files. Thanks Terrence
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized certs available, online computer forensics training available. http://www.infosecinstitute.com/courses/computer_forensics_training.html ------------------------------------------------------------------------
Current thread:
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News, (continued)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News David Gadoury (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Michael Painter (Mar 05)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News nameless (Mar 05)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Kurt Buff (Mar 05)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Randy Smith (Mar 06)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News nameless (Mar 05)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Shailesh Rangari (Mar 06)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News J. Oquendo (Mar 06)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News vulcanius (Mar 06)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Stephen Mullins (Mar 09)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Shailesh Rangari (Mar 09)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Aarón Mizrachi (Mar 19)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Craig S Wright (Mar 19)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Kurt Buff (Mar 19)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Craig S Wright (Mar 20)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Kurt Buff (Mar 20)
- Message not available
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Kurt Buff (Mar 24)
- RE: Judge orders defendant to decrypt PGP-protected laptop - CNET News Craig S. Wright (Mar 24)
- RE: Judge orders defendant to decrypt PGP-protected laptop - CNET News Craig S. Wright (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Devnull (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Aarón Mizrachi (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Aarón Mizrachi (Mar 24)