Security Basics mailing list archives
Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News
From: Aarón Mizrachi <unmanarc () gmail com>
Date: Fri, 20 Mar 2009 04:03:06 -0430
On Jueves 19 Marzo 2009 18:53:02 Kurt Buff escribió:
While true, the penalty for doing this may be much less than the penalty that would be imposed if the data is sufficiently embarrassing.
That's the point. In laws, there are two sides: - defendant - accuser Every side will take sides (redundant), and every side know (based in facts and statistics) how to incriminate or defend. The defendant will try to minimize the sentence. not to embarrase himself with information. And a lawyer is the best player on this game, choosing what is best for his client. We cannot take real sides as writers... (Is not my job). We have to put everything on the table, and accept a reasonable disccusion.
Kurt On Thu, Mar 19, 2009 at 14:01, Craig S Wright <craig.wright () information-defense com> wrote:The intentional destruction of evidence is a crime.
You are taking asumption that this "random data" are evidence. In a judge, you need to prove that. And... evidence are evidence since a criminal act was commited, not before. Then, we (all of us) can "cat /dev/urandom > /dev/sda" anytime without worry about "evidence destruction" if we are not in a court acussed of anything and we didnt anything bad. Legally, the only proof of your point are the destruction of the MicroSD after the raid... But again, you need to prove that this microSD card was destroyed after the raid, because it's not considered evidence before... BTW... Some Info: Some cryptos, like LUKS (Included in many linux distributions), have a "visible encryption header"... Some cryptos like ncrypt or cryptoloop not, and are statistically random data.
US law varies by state, but as an example, Australian federal law and Victorian state law would make this a criminal act that would itself be punished and also result in an instruction for the jury to treat the now unaccessable evidence as holding definstive proof of what you are being checked for in the first place.
You need to prove that is not random data. "Presumption of innocence, base of modern democracy, amendments: 5th 6th 14th " Otherwise, every picture on your harddrive can be taken as unaccessable evidence, with a proof on stegano... (Today, steganography can mask bytes on pictures, sometimes without leading a real proof of existence, sometimes looks like a real picture with a very low noise, hand-move, or camera effect, and good stegano systems have countermeasures for statistically analisis). How do you prove that your camera noise or picture hand-move are random? The responce is: Presumption of innocence, the judge need to prove that the defendant hide data on this file.
Your strategy makes you a criminal. It does not gain any benifit.
Only if you are inoccent or your charges are not so bad. Im only trying to show that this problem is more complex that we know, those cryptosystems where designed for stress situations, more hard than a simple judge, where you only have to loose n years of your life without torture or prosecutions. In other situations, many times out of your country, those two-factor and other technologies on cryptosystems save lives and make heroes. Other cryptosystems where only designed to protect my data from my wife... In a democratic world, judges with crypto and computer obtained information are more complex that we think. Sometimes are too easy for the judge, when you buy pgp and pgp installs a bootstrap saying: HELLO, THERE IS A PGP INSTALLED SYSTEM... (loudly)... But sometimes we are treating with steganography, sometimes with files that looks as random data, sometimes with foreing servers, sometimes there is not so easy for the judge... Taking the side of accuser... Our job as security or forensic speccialist is not to say: oh, random data, looks like encrypted data. (That is a mediocre analysis) Our job is to find with statistics, the probability that this random data are encrypted data. Some bad cryptosystems will lead flaw to us to detect that, like cryptofiles not initialized (will look as chunks of random data mixed with zeroes...), or bad cypher algorithm (Will look as diferent noise type that random data), or a header signature that reveals that there are an encrypted container. This info, mixed with a good detective work, can correlate scenarios (like a microsd card fire-burned), with your probability analysis, increasing or decreasing the probability to be innocent or guilty of every charge. Forensics analysis will say if the microsd was burned after or before the judge...
Regards, Dr. Craig S Wright LLM. GSE-Malware... On 18/03/2009, at 20:04, Aarón Mizrachi <unmanarc () gmail com> wrote:On Sábado 07 Marzo 2009 18:14:51 Shailesh Rangari escribió:Steve, I agree that their is a real possibility that a said user may forget the password owing to numerous reasons, But I am not aware of any technique that can prove beyond a reasonable doubt that the user has really forgotten his password or is pretending it to avoid a sentence. Seems like the case is bound to set a precedent in the interpretation of this law. Any which ways it would be worthwhile to observe whether the US courts follow a similar course of action as their UK counterparts.two factor authentication with micro-sd memory card that you preserve all the time with you, and can be eated when you feel angry, or can be incinerated if you smoke it on a cigar, or simply drop it. this sd memory card will contain bootstrap and encrypted key for two-factor cypher. http://upload.wikimedia.org/wikipedia/commons/8/8a/Cigar_tube_and_cutter .jpg (Over 200 celsius degrees!!!) Then, the hardrive will only contain: RANDOM DATA. This is plausible?, this could be insulting for the judge, but, you must allegate that before the raid, you do an "cat /dev/urandom > /dev/sda1" for a mantainance pourporse from a live cd... (i really didit before sell my harddrive to prevent credit card and other private info leakeage). Look at: http://www.guardian.co.uk/technology/2009/jan/08/hard-drive-security-whi ch This is plausible. You didn't consider your hard-drive as evidence before the judge starts, because you never didit anything barely legal.------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized certs available, online computer forensics training available. http://www.infosecinstitute.com/courses/computer_forensics_training.html ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized certs available, online computer forensics training available. http://www.infosecinstitute.com/courses/computer_forensics_training.html ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News, (continued)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Aarón Mizrachi (Mar 19)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Craig S Wright (Mar 19)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Kurt Buff (Mar 19)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Craig S Wright (Mar 20)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Kurt Buff (Mar 20)
- Message not available
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Kurt Buff (Mar 24)
- RE: Judge orders defendant to decrypt PGP-protected laptop - CNET News Craig S. Wright (Mar 24)
- RE: Judge orders defendant to decrypt PGP-protected laptop - CNET News Craig S. Wright (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Devnull (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Aarón Mizrachi (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Aarón Mizrachi (Mar 24)
- RE: Judge orders defendant to decrypt PGP-protected laptop - CNET News Craig S. Wright (Mar 25)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Aarón Mizrachi (Mar 25)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Ansgar Wiechers (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News William Warren (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Jeffrey Walton (Mar 20)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Dave Koontz (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Deano (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Ansgar Wiechers (Mar 05)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Robert Bauer (Mar 05)