Security Basics mailing list archives
Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News
From: "Morrison, John" <John.Morrison () galacoral com>
Date: Fri, 20 Mar 2009 18:38:47 +0000
The advice given to me was that if you access sensitive data and you plan to travel to the US, or other potentially "hostile" country, you should take a machine that does not hold any sensitive data. Then only use a VPN to access it remotely. Preferably one that does not leave any trace on the disk. If you must deliver data to somebody in that country use an encrypted memory stick, or separate encrypted laptop, and get a colleague to set up the encryption so that you do not know the key. Once the data has been successfully delivered then the key can be sent. All a bit James Bond if you ask me. ----- Original Message ----- From: listbounce () securityfocus com <listbounce () securityfocus com> To: Aarón Mizrachi <unmanarc () gmail com> Cc: security-basics () securityfocus com <security-basics () securityfocus com> Sent: Fri Mar 20 02:04:38 2009 Subject: Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News
Seems like the case is bound to set a precedent in the interpretation of this law. Any which ways it would be worthwhile to observe whether the US courts follow a similar course of action as their UK counterparts.
I recall a similar instance in the US about two years ago (damn if I can find a citation at the moment). The legal issue was slightly different than above, where the above claims he does not have to surrender due to [possible] self incrimination. In the previous the issue raised was whether a computer, obtained through a warrant, also included the password to decrypt the data on the computer. In the later, the judge ruled that the password to decrypt the data was included since the warrant included the computer. Standard disclaimer: I'm not a lawyer, but I am interested in the legal interpretations of these security related matters as most others on the list. Jeff On 3/18/09, Aarón Mizrachi <unmanarc () gmail com> wrote:
On Sábado 07 Marzo 2009 18:14:51 Shailesh Rangari escribió: Seems like the case is bound to set a precedent in the interpretation of this law. Any which ways it would be worthwhile to observe whether the US courts follow a similar course of action as their UK counterparts. [SNIP]
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized certs available, online computer forensics training available. http://www.infosecinstitute.com/courses/computer_forensics_training.html ------------------------------------------------------------------------ ________________________________________________________________________ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ This email has been sent from Gala Coral Group Limited ("GCG") or a subsidiary or associated company. GCG is registered in England with company number 4639005. You can contact us at GCG's registered office address: Glebe House, Vicarage Drive, Barking, Essex, IG11 7NS, United Kingdom (marked for the attention of the Company Secretariat). You can also contact us by the following means: telephone: +44 (0) 20 8507 5767; fax: +44 (0) 20 8507 5788; email: hq () galacoral com; website: www.galacoral.com. This e-mail message (and any attachments) is confidential and may contain privileged and/or proprietorial information protected by legal rules. It is for use by the intended addressee only. If you believe you are not the intended recipient or that the sender is not authorised to send you the email, please return it to the sender (and please copy it to hq () galacoral com) and then delete it from your computer. You should not otherwise copy or disclose its contents to anyone. Except where this email is sent in the usual course of business, the views expressed are those of the sender and not necessarily ours. We reserve the right to monitor all emails sent to and from our businesses, to protect the businesses and to ensure compliance with internal policies. Emails are not secure and cannot be guaranteed to be error-free, as they can be intercepted, amended, lost or destroyed, and may contain viruses; anyone who communicates with us by email is taken to accept these risks. GCG accepts no liability for any loss or damage which may be caused by software viruses.
Current thread:
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Morrison, John (Mar 24)