Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News

["Morrison, John" <John.Morrison () galacoral com>]

The advice given to me was that if you access sensitive data and you plan to travel to the US, or other potentially 
"hostile" country, you should take a machine that does not hold any sensitive data. Then only use a VPN to access it 
remotely. Preferably one that does not leave any trace on the disk.

If you must deliver data to somebody in that country use an encrypted memory stick, or separate encrypted laptop, and 
get a colleague to set up the encryption so that you do not know the key. Once the data has been successfully delivered 
then the key can be sent.

All a bit James Bond if you ask me.


----- Original Message -----
From: listbounce () securityfocus com <listbounce () securityfocus com>
To: Aarón Mizrachi <unmanarc () gmail com>
Cc: security-basics () securityfocus com <security-basics () securityfocus com>
Sent: Fri Mar 20 02:04:38 2009
Subject: Re: Judge orders defendant to decrypt PGP-protected laptop - CNET      News

> Seems like the case is bound to set a precedent in the interpretation
> of this law. Any which ways it would be worthwhile to observe whether
> the US courts follow a similar course of action as their UK
> counterparts.
I recall a similar instance in the US about two years ago (damn if I
can find a citation at the moment). The legal issue was slightly
different than above, where the above claims he does not have to
surrender due to [possible] self incrimination.

In the previous the issue raised was whether a computer, obtained
through a warrant, also included the password to decrypt the data on
the computer. In the later, the judge ruled that the password to
decrypt the data was included since the warrant included the computer.

Standard disclaimer: I'm not a lawyer, but I am interested in the
legal interpretations of these security related matters as most others
on the list.

Jeff

On 3/18/09, Aarón Mizrachi <unmanarc () gmail com> wrote:
> On Sábado 07 Marzo 2009 18:14:51 Shailesh Rangari escribió:
> Seems like the case is bound to set a precedent in the interpretation
> of this law. Any which ways it would be worthwhile to observe whether
> the US courts follow a similar course of action as their UK
> counterparts.
>
> [SNIP]

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a 
Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized 
certs available, online computer forensics training available.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------


________________________________________________________________________
This e-mail has been scanned for all viruses by Star. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________

This email has been sent from Gala Coral Group Limited ("GCG") or a subsidiary or associated company. GCG is registered 
in England with company number 4639005.   You can contact us at GCG's registered office address:

Glebe House, Vicarage Drive, Barking, Essex, IG11 7NS, United Kingdom (marked for the attention of the Company 
Secretariat).  You can also contact us by the following means: telephone: +44 (0) 20 8507 5767; fax: +44 (0) 20 8507 
5788; email: hq () galacoral com; website: www.galacoral.com.

This e-mail message (and any attachments) is confidential and may contain privileged and/or proprietorial information 
protected by legal rules.  It is for use by the intended addressee only. If you believe you are not the intended 
recipient or that the sender is not authorised to send you the email, please return it to the sender (and please copy 
it to hq () galacoral com) and then delete it from your computer.  You should not otherwise copy or disclose its 
contents to anyone.

Except where this email is sent in the usual course of business, the views expressed are those of the sender and not 
necessarily ours.  We reserve the right to monitor all emails sent to and from our businesses, to protect the 
businesses and to ensure compliance with internal policies.

Emails are not secure and cannot be guaranteed to be error-free, as they can be intercepted, amended, lost or 
destroyed, and may contain viruses; anyone who communicates with us by email is taken to accept these risks.  GCG 
accepts no liability for any loss or damage which may be caused by software viruses.