Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News

From: Kurt Buff <kurt.buff () gmail com>
Date: Thu, 19 Mar 2009 18:07:48 -0700
Under normal circumstances, you are correct.

However, when dealing with the rough (!) equivalent of the KGB, Stasi,
whatever, you're playing a different game.

Just saying.

Kurt

On Thu, Mar 19, 2009 at 17:04, Craig S Wright
<craig.wright () information-defense com> wrote:

10 years plus The original charge or even more

Basically the jury can be instructed to treat the destroyed evidence as
containing the most highly incriminating evidence possible.

It is never better to destroy evidence

Sent from my iPhone

On 20/03/2009, at 10:23, Kurt Buff <kurt.buff () gmail com> wrote:


While true, the penalty for doing this may be much less than the
penalty that would be imposed if the data is sufficiently
embarrassing.

Kurt

On Thu, Mar 19, 2009 at 14:01, Craig S Wright
<craig.wright () information-defense com> wrote:


The intentional destruction of evidence is a crime.

US law varies by state, but as an example, Australian federal law and
Victorian state law would make this a criminal act that would itself be
punished and also result in an instruction for the jury to treat the now
unaccessable evidence as holding definstive proof of what you are being
checked for in the first place.

Your strategy makes you a criminal. It does not gain any benifit.

Regards,
Dr. Craig S Wright LLM. GSE-Malware...

On 18/03/2009, at 20:04, Aarón Mizrachi <unmanarc () gmail com> wrote:


On Sábado 07 Marzo 2009 18:14:51 Shailesh Rangari escribió:


Steve,

I agree that their is a real possibility that a said user may forget
the password owing to numerous reasons,
But I am not aware of any technique that can prove beyond a reasonable
doubt that the user has really forgotten his password or is pretending
it to avoid a sentence.
Seems like the case is bound to set a precedent in the interpretation
of this law. Any which ways it would be worthwhile to observe whether
the US courts follow a similar course of action as their UK
counterparts.



two factor authentication with micro-sd memory card that you preserve
all
the
time with you, and can be eated when you feel angry, or can be
incinerated
if
you smoke it on a cigar, or simply drop it. this sd memory card will
contain
bootstrap and encrypted key for two-factor cypher.



http://upload.wikimedia.org/wikipedia/commons/8/8a/Cigar_tube_and_cutter.jpg
(Over 200 celsius degrees!!!)

Then, the hardrive will only contain: RANDOM DATA.

This is plausible?, this could be insulting for the judge, but, you must
allegate that before the raid, you do an "cat /dev/urandom > /dev/sda1"
for a
mantainance pourporse from a live cd... (i really didit before sell my
harddrive to prevent credit card and other private info leakeage).

Look at:

http://www.guardian.co.uk/technology/2009/jan/08/hard-drive-security-which

This is plausible. You didn't consider your hard-drive as evidence
before
the
judge starts, because you never didit anything barely legal.



------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Find the source of cybercrime! Almost every crime today involves a
computer
or mobile device. Learn how to become a Computer Forensics Examiner in
InfoSec Institute's hands-on Computer Forensics Course. Up to three
industry
recognized certs available, online computer forensics training available.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------






------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a 
Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized 
certs available, online computer forensics training available.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: