Security Basics mailing list archives
FW: Judge orders defendant to decrypt PGP-protected laptop - CNET News
From: "Murda Mcloud" <murdamcloud () bigpond com>
Date: Tue, 10 Mar 2009 15:18:57 +1000
I think that the fear that encryption schemes have generated in various governments is quite telling. Punishing people for forgetting or for contempt of court may well become the norm in cases where encryption has been a hurdle to an investigation. Or worse still, subject to the arbitrary whims of a government that feels it must pry into the everyday existence of their employers(ie us) in order to generate the hologram of safety which all these extra laws produce. The whole proposal of having the permission, by law, to monitor every single email/phone call in the UK represents something that should be scaring everybody. Law abiding citizen and criminal mastermind alike, unfortunately, are placed in the same basket. http://www.mirror.co.uk/most-popular/2008/10/16/government-wants-power-to-mo nitor-all-emails-and-website-visits-115875-20808458/ So what would be a low cost solution to this invasion of the privacy illusion we currently believe is protecting everyone? Encryption. Which, unfortunately, the government doesn't want you to use to keep them from snooping on you. I'm not sure there is a solution to the paranoid need for governments to try and know everything about everyone. I suppose that their fear is more important than ours, in their minds at least. I wouldn't want all of this information to be held by a government whose departments have shown that time and time again, humans on the inside of a system are the biggest vulnerability when it comes to data breaches. Even the man mentioned in the first post. If he hadn't allowed them access in the first place, this could be a different story. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Shailesh Rangari Sent: Sunday, March 08, 2009 8:45 AM To: Stephen Mullins Cc: vulcanius; security-basics () securityfocus com Subject: Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Steve, I agree that their is a real possibility that a said user may forget the password owing to numerous reasons, But I am not aware of any technique that can prove beyond a reasonable doubt that the user has really forgotten his password or is pretending it to avoid a sentence. Seems like the case is bound to set a precedent in the interpretation of this law. Any which ways it would be worthwhile to observe whether the US courts follow a similar course of action as their UK counterparts. It is also kind of interesting that the UK courts follow a course of action which almost deters users from using encryption for the fear of forgetting keys that may lead to a sentence. That leaves people in UK the option of using Key Escrow Encryption scheme only. Shailesh On Mar 7, 2009, at 5:10 PM, Stephen Mullins wrote:
Is it not plausible that he forgot his key phrase after a year of not typing it? A twenty to thirty character key phrase is pretty easy to forget if you don't use it frequently. Frankly, I'm pretty sure that after a year I'd have forgotten a 20 to 30 character key phrase, especially if it was a truly strong pass and not based on natural language or 1337. The problem with this is that it takes us to where the U.K. is today - refusing to hand over passwords on demand to the police results in a minimum sentence of 2 years in prison. This is essentially a defacto ban on encryption technology by virtue of the risks of forgetting a password being so great that it simply does not make sense to use it at all. I don't like where that leads. Steve Mullins On Fri, Mar 6, 2009 at 3:55 PM, vulcanius <vulcanius () gmail com> wrote:IANAL but in my opinion there isn't an issue of self-incrimination anymore. If it's true that he allowed the border agents to search his laptop initially then he has, in my limited knowledge I believe, waived certain rights. On Thu, Mar 5, 2009 at 8:33 PM, Shailesh Rangari <shailesh.sf () gmail comwrote: Its strange that the act of revealing the password has essentially been termed underprivileged by the courts in the mentioned case. The Supreme Court on earlier occasions has termed acts of providing fingerprints, blood sample etc. underprivileged because in principle they do not reveal a persons thoughts or knowledge of a particular fact and also because possession of ones own fingerprint is an undeniable fact. In case the Supreme Court concurs with the decision of the District Court the options Mr. Boucher would have are interesting - 1) Self Incriminate - by providing the password that is known to Mr. Boucher which in turn would turn testimonial of his knowledge and control over the said laptop and its contents 2) Perjury - by lying on oath that he does not knows the password that can be proved otherwise by the ICE Agent for he found the laptop sans the encryption 3) Contempt of Court - by rejecting both the options mentioned above Regards, Shailesh On Mar 3, 2009, at 1:00 PM, tvlillard () msn com wrote:Reference below is an interesting article concerning a Judge's order to decrypt of a harddrive. Judge orders defendant to decrypt PGP-protected laptop - CNET News URL: http://news.cnet.com/8301-13578_3-10172866-38.html Federal court orders defendant accused of having illegal data on his laptop to type in his PGP passphrase so prosecutors can access decrypted files. Thanks Terrence
Current thread:
- FW: Judge orders defendant to decrypt PGP-protected laptop - CNET News Murda Mcloud (Mar 10)