Silk Road forums
Discussion => Security => Topic started by: wiggum on June 04, 2013, 11:25 pm
-
A guy accused of possession of CP was ordered to tell the government the password to his encrypted drives. He refused, and was ordered to be locked up (essentially contempt of court) until he gives up the password. He's now appealing on 5th Amendment grounds that his right against self-incrimination includes the right to remain silent about his passwords.
I believe there is currently a federal circuit split on this issue, with one circuit having held that 5th Amendment protects passwords, and another circuit holding that defendants can be coerced into giving up the password by locking them up until the password is revealed. Too lazy to look for the cases now but I'm pretty sure the law is unsettled right now. Needs to go to the Supreme Court, and I hope they realize forcing someone to reveal what is inside their head (whether an admission of killing someone or a password) in order to obtain incriminating evidence is always protected by 5th Amendment.
In any case it shows why TrueCrypt suggests making an encrypted drive have more than one encrypted volume so that if LE resorts to rubber hose cryptography, defendant can give up one password and maintain plausible deniability that there are no other passwords/encrypted volumes.
CLEARNET: http://www.wired.com/threatlevel/2013/06/decryption-order-stayed
A federal judge today halted an order that a Wisconsin man decrypt 16 computer drives the authorities suspect contain child pornography downloaded from the peer-to-peer file-sharing site e-Donkey.
The brief ruling (.pdf) by U.S. District Judge Rudolph Randa of Milwaukee came a day after the suspect’s attorney urged Randa to halt a magistrate’s earlier order that Jeffrey Feldman decrypt the drives by today or potentially face indefinite detention until he complied.
Because of legal complexities, the magistrate judge in the case stepped aside and the case was assigned Monday to Randa, who today ordered the government and Feldman’s counsel to brief “the issue of Feldman’s Fifth Amendment right against self-incrimination.”
Feldman’s attorney Robin Shellow has characterized the issue as “one of the most important constitutional issues” in the digital era. She said today that she would “move heaven and earth” to ensure that “the infinitesimal amount of child pornography that recirculates on the internet does not eradicate the Fifth Amendment the way the war on drugs has eviscerated the Fourth Amendment.”
Prosectors did not respond for comment.
In our earlier story today on the decryption flap, we delve into the legal complexities of the issue and the novel defense that Shellow is making.
-
If the SC does not rule correctly on this we truly have a corrupt goverment and the checks and balances system is doing nothing to stop it.
That said, hidden volume encryption is a must for anyone who believes they have a chance to end up head to head with LE.
-
I expect this case will have reprecussions longer than the individual that brings it to court. The issue I see, is that the reason for the issue, may cloud the judgement (and cause bias) in the decision making process. CP is just an extremely emotional subject for everyone who gets involved in it. This could ultimately work in the favor of the accused, but all the same, having CP as the argument supporting our rights to safekeep our passwords is a little scary.
When I worked as a technician at a computer store, we were all given cards for the LE to contact if we discovered suspected CP. I had to make that call twice. I wish I could unsee what I discovered on those machines. One of those machines had an encrypted partition on it that was encrypted using the drive manufacturers tools. At the time I was young and I hadn't really considered the fact, but that day when LE came to pick up the machine and my boss informed them of the encrypted partition, the "Don't worry, we will handle it." tone confirmed a suspicion that I had. From that day, I began encrypting certain things in ways that were encrypted through an encryption process that was not employed by a commercial entity. I employ that policy today, in addition to my truecrypt drives, and I do that for more than just things I don't want LE to find.
That being said, at the same time over the years I've come to also believe that to truly mitigate the problem, I need to reduce the overall requirement of what I need to encrypt, and the purpose that encryption serves for me. This also stems from that prior experience, because to a certain degree while I know it may be misplaced paranoia, I've come to assume that if anything incriminating is on a drive, no matter the encryption or security or obscurity of it existing, there is at least some risk of it being found. The only way it doesn't get found... is if it doesn't exist. By limiting the overall landscape of what I need encrypted, I've limited the overall impact and the necessary complexity to the encryption scheme to begin with. I feel that this overall policy in my modern lifestyle has at least to a certain extent, improved my overall paranoia feeling, and generally helped me to relax some over the issue.
I just don't trust our government to maintain rights that they say we have over time... so I figure I might as well attack that precendent logically and not get caught with my pants down.
-
This case will go all the way to the Supreme Court. No chance that it won't. It's too important. Only thing is, will America shred the Constitution and turn into Britain, or will it maintain this fundamental protection? Maybe in another year or two we'll find out. Personally, I'm betting on the first. Encrypt everything all the time. Have plausible deniability. Count on yourself to do the right thing, not the government.
-
Since the president can authorize the assassination of US citizens without due process, I wouldn't be surprised if the Supreme Court ruled against the Constitution in this case.
-
I expect this case will have reprecussions longer than the individual that brings it to court. The issue I see, is that the reason for the issue, may cloud the judgement (and cause bias) in the decision making process. CP is just an extremely emotional subject for everyone who gets involved in it. This could ultimately work in the favor of the accused, but all the same, having CP as the argument supporting our rights to safekeep our passwords is a little scary.
Very true. The supreme court already ruled against the first amendment in making child pornography illegal, it is scary to think that now CP will cause them to additionally rule against the fifth amendment. The government has thus far attempted to keep the issue away from the supreme court because the implications of a ruling in favor of the fifth amendment are enormous. The FBI is already throwing an enormous tantrum about how difficult encryption has made their job, pretty much people who use FDE greatly complicate matters for the FBI. In most CP cases the feds assume that no encryption is being used, generally they are correct. Their operational procedures against the average person detected with CP do not include techniques for trying to circumvent encryption. For example, they rarely attempt to use keyloggers of any sort, almost never try cold boot attacks and almost never try to hack into the suspects machine remotely to confirm CP or obtain encryption passwords. Rather they simply use trivial traffic analysis techniques to compile lists of suspect IP addresses, and then after sorting the list based on the sort of CP involved they go through the list obtaining warrants for raids. When they raid they usually just knock on the door or in some cases kick the door in, unplug all electronic devices and ship them off to a forensic lab. They rarely even have on site forensics people, and in many cases the computer is not booted up during the raid because they don't go to the trouble of trying to determine if it is or not. They very rarely follow a different sort of operational procedure, usually when they do it is in cases where the suspect is part of a CP ring that is known to use encryption, or if the suspect is known to have hundreds of thousands of images. This means that in the majority of cases, simply encrypting your entire drive with FDE is enough to protect you from the FBI securing enough evidence to convict you of a CP offense. The FBI does not have the resources to carry out complex operations against all suspect CP offenders in a dragnet fashion, so they are really banking on being able to force people to decrypt anything that is encrypted.
That being said, at the same time over the years I've come to also believe that to truly mitigate the problem, I need to reduce the overall requirement of what I need to encrypt, and the purpose that encryption serves for me. This also stems from that prior experience, because to a certain degree while I know it may be misplaced paranoia, I've come to assume that if anything incriminating is on a drive, no matter the encryption or security or obscurity of it existing, there is at least some risk of it being found. The only way it doesn't get found... is if it doesn't exist. By limiting the overall landscape of what I need encrypted, I've limited the overall impact and the necessary complexity to the encryption scheme to begin with. I feel that this overall policy in my modern lifestyle has at least to a certain extent, improved my overall paranoia feeling, and generally helped me to relax some over the issue.
Certainly even FDE is not perfect at hiding the contents of your drive. FDE has some pretty big assumptions associated with its security guarantees; the passphrase must be very entropic (most people do not have sufficient passphrases, even if they think they do), the partition/drive must not be mounted when the system is seized, the passphrase must not be stolen with a keylogger or by hacking or other techniques, the actual implementation of the FDE system must be correct, etc. A good technique, suggested by Bruce Schneier, is to use two layers of encryption; FDE for general encryption of the entire drive, and something like GPG to encrypt individual files. This way if you are compromised with a currently mounted FDE drive, the individual files you are not using are still encrypted. Even this is not perfect though.
I just don't trust our government to maintain rights that they say we have over time... so I figure I might as well attack that precendent logically and not get caught with my pants down.
Indeed.
-
I believe that the Supreme court will likely rule that passphrases are protected by the fifth amendment though. The best analogy I have heard made is to the two different sorts of safe, safes that use combinations and safes that use keys. In the case of safes opened with a key, the government can force you to hand over the key to the safe. The government can not force you to reveal the combination to a combination safe, provided that it exists only in your mind (and is not written down on paper etc). So in cases where encryption is done with a key file, it is likely the government has the legal right to demand that you hand over the key file. However, if the encryption is password based I do not think the government has any right to demand the password. Now for safes the government doesn't really care, since they can open a safe in either case. For encryption they do care though, because they cannot usually break encryption without the password. So it is possible that the supreme court will rule in favor of the government simply because the government wants them to do so, but if they can see the analogy to key files and keys and passphrases and combinations then they will only rightfully agree that the government has no right to demand a passphrase.
The government is trying to argue that passwords are more analogous to physical keys than they are to combinations. In my opinion they are correct in some cases and incorrect in others, depending on the way the cryptosystem is implemented. In almost all cases the users password is only ever used for derivation of a key that is used for encryption and decryption. The users password itself is used to provide the cryptosystem with a static entropic seed, it is not used directly for encryption or decryption. Usually the user types in their password and then it is used as a seed by a 'password based key derivation function' (PBKDF). The PBKDF then returns the encryption key that is actually fed to the symmetric encryption algorithm. So I think of the password as being much more similar to a combination, even though the key derived from the password is more similar to a key. Really it is most accurate to think of the password as a set of instructions for crafting a key. Since the government can not obtain the key without the password, since the key doesn't exist until you run your password through a PBKDF, and since the password only exists in your mind, I think that it is pretty obvious that the government can not legally demand your key.
Another approach they have taken is promising immunity for the content of your password. For example, if your password is "I, Alice, murdered Bob on December 25th of 2002", they will not be able to use that against you in court. But they can still run it through the PBKDF and obtain the resulting key, with which they can still decrypt your CP, which they can still use against you in court. They argue that this is respecting the 5th amendment right against self incrimination.
Another approach they have taken is demanding the defendant produces the decrypted drive itself, but not demanding to know the password. In this case they will leave the defendant alone with the computer and a keyboard, and after some time passes they will come back and expect the drive to be decrypted. They do not learn the password in this case, but they still get the decrypted content of the drive. They have argued that this is respecting the 5th amendment as well.
For the most part though they have just been trying to get people to accept plea deals before any of the cases make it to the supreme court, because if the supreme court rules against them it will be a very major blow against them. They would rather offer someone a lighter sentence in return for encryption keys and a guilty plea than they would take the risk of never being able to convict the majority of people who use FDE. So far all of the people in such cases have accepted a plea bargain and turned over their passwords. There have been some cases where charges were simply dismissed though, they don't always press the matter.
The primary issue for them is that traffic analysis is only really good for intelligence, it is circumstantial evidence at best. When they raid somebody for CP they usually are not positive that the target is actually involved in CP, it could be a neighbor using open WiFi (although recently they have started checking for this prior to raiding), it could be a botnet master using an infected computer as a proxy, etc. Without actually recovering CP off of a computer or media in the possession of the suspect, their case is going to fall apart. Their typical strategy is traffic analysis to identify suspects, raids to seize computers and forensics to confirm the presence of CP. FDE makes the last step much less likely to be a success. Of course, in addition to other techniques, the smartest CP traders use Tor to prevent the first step , which prevents the second step, and they also use FDE to prevent the third step in case the first steps fail.
-
That is exactly what they'll try to get past the Supreme Court whenever it makes it that far. Every ruling so far involving encryption keys has referenced the 5th Amendment in conjunction with what "exists in one's mind". In order to get around that, the government will try to make this argument as a compromise for not actually revealing one's passphrase to them. In precedent setting cases where the key or passphrase was ordered to be divulged, it was because the defendant had already admitted wrongdoing on the record and had incriminated themselves by doing so. This is the bullshit excuse given in this current case and the reason the magistrate reversed himself. The difference between this case and an earlier one involving fraud is that they haven't even charged this guy with anything yet. LE claims to have damning evidence, but need to decrypt this guy's drives first to make a real case against him. That's fucking garbage reasoning and it should be thrown out on that basis. It probably will be and then escalated to one of the Circuit Courts of Appeals, eventually making it to the Supreme Court. If they then rule in favor of the government when all is said and done, after America is long gone it will be clear to all that the excuses and FEARS of drugs, "the children", and terrorism were primary in its downfall. Personally I think the tearing up of the 5th Amendment will be the final nail in the country's coffin.
Another approach they have taken is demanding the defendant produces the decrypted drive itself, but not demanding to know the password. In this case they will leave the defendant alone with the computer and a keyboard, and after some time passes they will come back and expect the drive to be decrypted. They do not learn the password in this case, but they still get the decrypted content of the drive. They have argued that this is respecting the 5th amendment as well.
-
This is a fascinating case but I seriously hope the supreme court rules in favor of the 5th amendment. Seems like Americans have such excessive punishments for drugs offenses that the fact you can't be forced to open an encrypted file has been something of a balance to stop the LE using anything they find to try and pin distribution charges on top.
If the case goes the wrong way then that moves the focus from encryption for protection to hidden encryption which is a royal pain in the ass! Final nail in the coffin is right, when it becomes illegal not to tell LE everything they want to know about anything and everything you have truly reached a sorry state of affairs.
-
Always create dummy partitions. Always.
Even if they rule in favor, I would not trust it. Remember, once you're in "their" hands, some of your rights will be taken away or threatened to do so. If it were a more serious charge, you'd get waterboarded.
Read the end of 1984, then you will always create hidden volumes ::)