Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News

[Shailesh Rangari <shailesh.sf () gmail com>]

Steve,

I agree that their is a real possibility that a said user may forget  
the password owing to numerous reasons,
But I am not aware of any technique that can prove beyond a reasonable  
doubt that the user has really forgotten his password or is pretending  
it to avoid a sentence.
Seems like the case is bound to set a precedent in the interpretation  
of this law. Any which ways it would be worthwhile to observe whether  
the US courts follow a similar course of action as their UK  
counterparts.

It is also kind of interesting that the UK courts follow a course of  
action which almost deters users from using encryption for the fear of  
forgetting keys that may lead to a sentence.
That leaves people in UK the option of using Key Escrow Encryption  
scheme only.

Shailesh

On Mar 7, 2009, at 5:10 PM, Stephen Mullins wrote:

> Is it not plausible that he forgot his key phrase after a year of not
> typing it?  A twenty to thirty character key phrase is pretty easy to
> forget if you don't use it frequently.  Frankly, I'm pretty sure that
> after a year I'd have forgotten a 20 to 30 character key phrase,
> especially if it was a truly strong pass and not based on natural
> language or 1337.
>
> The problem with this is that it takes us to where the U.K. is today -
> refusing to hand over passwords on demand to the police results in a
> minimum sentence of 2 years in prison.  This is essentially a defacto
> ban on encryption technology by virtue of the risks of forgetting a
> password being so great that it simply does not make sense to use it
> at all.
>
> I don't like where that leads.
>
> Steve Mullins
>
> On Fri, Mar 6, 2009 at 3:55 PM, vulcanius <vulcanius () gmail com> wrote:
> > IANAL but in my opinion there isn't an issue of self-incrimination
> > anymore. If it's true that he allowed the border agents to search his
> > laptop initially then he has, in my limited knowledge I believe,
> > waived certain rights.
> >
> > On Thu, Mar 5, 2009 at 8:33 PM, Shailesh Rangari <shailesh.sf () gmail com 
> > > wrote:
> > > Its strange that the act of revealing the password has essentially  
> > > been termed underprivileged by the courts in the mentioned case.
> > > The Supreme Court on earlier occasions has termed acts of  
> > > providing fingerprints, blood sample etc. underprivileged because  
> > > in principle they do not reveal a persons thoughts or knowledge of  
> > > a particular fact and also because possession of ones own  
> > > fingerprint is an undeniable fact.
> > >
> > > In case the Supreme Court concurs with the decision of the  
> > > District Court the options Mr. Boucher would have are interesting -
> > >
> > > 1) Self Incriminate - by providing the password that is known to  
> > > Mr. Boucher which in turn would turn testimonial of his knowledge  
> > > and control over the said laptop and its contents
> > > 2) Perjury - by lying on oath that he does not knows the password  
> > > that can be proved otherwise by the ICE Agent for he found the  
> > > laptop sans the encryption
> > > 3) Contempt of Court - by rejecting both the options mentioned above
> > >
> > > Regards,
> > > Shailesh
> > >
> > > On Mar 3, 2009, at 1:00 PM, tvlillard () msn com wrote:
> > >
> > > > Reference below is an interesting article concerning a Judge's  
> > > > order to decrypt of a harddrive.
> > > >
> > > >
> > > > Judge orders defendant to decrypt PGP-protected laptop - CNET News
> > > >
> > > > URL: http://news.cnet.com/8301-13578_3-10172866-38.html
> > > >
> > > >
> > > > Federal court orders defendant accused of having illegal data on  
> > > > his laptop to type in his PGP passphrase so prosecutors can  
> > > > access decrypted files.
> > > >
> > > >
> > > > Thanks
> > > > Terrence