Weekly Edition
Return to the Press page
| |||||||||||||
Judge orders defendant to decrypt PGP-protected laptop (CNet)
CNet reports that
a US Federal judge has ordered a defendant to decrypt a laptop drive to
allow the government to view its contents; this runs counter to an earlier
ruling that compelling decryption would violate the defendant's
self-incrimination rights. "Boucher's attorney, Jim Budreau, already
has filed an appeal to the Second Circuit. That makes it likely to turn
into a precedent-setting case that creates new ground rules for electronic
privacy, especially since Homeland Security claims the right to seize
laptops at the border for an indefinite period."
(Log in to post comments)
Judge orders defendant to decrypt PGP-protected laptop (CNet) Posted Feb 27, 2009 2:11 UTC (Fri) by theraphim (subscriber, #25955) [Link]
I am looking forward for thousands of people imprisoned for forgetting
their passwords.
Judge orders defendant to decrypt PGP-protected laptop (CNet) Posted Feb 27, 2009 11:34 UTC (Fri) by spaetz (subscriber, #32870) [Link]
It worked for Attorney General of the United States, so it should work for anybody else:
"During actual testimony on April 19 2007, Gonzales stated at least 71 times that he couldn't recall events related to the controversy.[34]"
Judge orders defendant to decrypt PGP-protected laptop (CNet) Posted Feb 27, 2009 14:10 UTC (Fri) by clugstj (subscriber, #4020) [Link]
Well, yes, if you can't recall something and some idiot ask you the same question 71 times, the answer each time is "I can't recall".
Judge orders defendant to decrypt PGP-protected laptop (CNet) Posted Feb 27, 2009 21:29 UTC (Fri) by leoc (subscriber, #39773) [Link]
I know the feeling. I am a programmer and my boss once asked me to write a program. Six months later he got angry that I hadn't done it and fired me despite my repeated explanation that I couldn't remember how to program.
Judge orders defendant to decrypt PGP-protected laptop (CNet) Posted Mar 5, 2009 15:34 UTC (Thu) by clugstj (subscriber, #4020) [Link]
Well, if your boss asked you to do something and then didn't check on the task for 6 months, he is indeed an idiot.
Judge orders defendant to decrypt PGP-protected laptop (CNet) Posted Feb 27, 2009 14:32 UTC (Fri) by tialaramex (subscriber, #21167) [Link]
This is interesting because it's a "Couldn't happen here" case. In the UK there is a specific law compelling suspects to provide a password, key or whatever or go to prison, and when that law was enacted many US folk said that /their/ constitutional protection would prohibit such a thing. But it seems in fact it's not a settled question.
The UK law is nastier because it actually obliges you to help cover up the police's tampering with a cryptographic system. A UK certificate authority, for example, could be forced to let police create a fraudulent cert, and then carry on operating indefinitely. Anyone who tried to report what was really going on could be imprisoned (and of course in prison its easy to curtail their free speech)
Therefore we can't even be sure how often this law is used!
In some ways the resulting situation is no better than it used to be in France (where decent crypto was simply outlawed for ordinary citizens)
Judge orders defendant to decrypt PGP-protected laptop (CNet) Posted Feb 27, 2009 14:40 UTC (Fri) by clugstj (subscriber, #4020) [Link]
Having a constitution is different than the government actually obeying the constitution. Until they can stack the Supreme Court with people who've never even read the document, we still have a chance.
Judge orders defendant to decrypt PGP-protected laptop (CNet) Posted Feb 27, 2009 15:31 UTC (Fri) by mtaht (✭ supporter ✭, #11087) [Link]
What do you mean, "we", Kemosabe?
Judge orders defendant to decrypt PGP-protected laptop (CNet) Posted Feb 27, 2009 15:55 UTC (Fri) by clugstj (subscriber, #4020) [Link]
The comment to which I was responding referred to "/their/". My "we" is the same.
Judge orders defendant to decrypt PGP-protected laptop (CNet) Posted Feb 27, 2009 18:25 UTC (Fri) by Russ.Dill@gmail.com (subscriber, #52805) [Link]
My thought is that the prosecutor wants to set a precedent, not prosecute a child pornographer. Its Windows with an encrypted volume, not drive, data has probably leaked all over the unencrypted drive. Paging file, registry, thumbnails, caches, etc, etc, etc.
Secondly, truecrypt does have the nice hidden volume support, which is nice, but wouldn't it be neat if you could segment that into multiple volumes so that different passwords would treat different regions as filled and empty. Not only could you plausibly deny that anything actually exists, but you could give a bogus password if somehow further pressured and have the volume decrypt to a freshly formatted filesystem.
Judge orders defendant to decrypt PGP-protected laptop (CNet) Posted Feb 27, 2009 23:14 UTC (Fri) by jwb (guest, #15467) [Link]
This is why whole-volume encryption is preferable. You can plausibly claim that the device has undergone a DBAN operation or an ATA Secure Erase. Of course, the problem is then you need some other medium from which to boot. But that is a small matter if you're truly concerned about security.
Judge orders defendant to decrypt PGP-protected laptop (CNet) Posted Mar 1, 2009 0:16 UTC (Sun) by Richard_J_Neill (subscriber, #23093) [Link]
Why not lodge part of your password with a trusted friend, overseas. You can rely on your friend to destroy their copy if you are legally coerced, thereby locking you out of your own data, and ensuring your confidentiality.
Judge orders defendant to decrypt PGP-protected laptop (CNet) Posted Mar 1, 2009 6:31 UTC (Sun) by dlang (✭ supporter ✭, #313) [Link]
and how exactly do you login to your laptop to use it?
Judge orders defendant to decrypt PGP-protected laptop (CNet) Posted Mar 2, 2009 10:14 UTC (Mon) by Russ.Dill@gmail.com (subscriber, #52805) [Link]
You carry a live boot CD. Depending on your setup, you either always boot from the CD, or buy a USB stick when you get there and reimage the USB stick with something you download via the live CD.
Judge orders defendant to decrypt PGP-protected laptop (CNet) Posted Mar 3, 2009 2:17 UTC (Tue) by dlang (✭ supporter ✭, #313) [Link]
if you can get at your data, the judge can order you to let others get to your data.
if you can't get to your data, why do you bother carrying it around?
Judge orders defendant to decrypt PGP-protected laptop (CNet) Posted Mar 3, 2009 23:15 UTC (Tue) by job (guest, #670) [Link]
We outside your country do find these stories interesting as well, so in the future I would be happy to see terms like "self-incriminating rights" explained and why these rights are relevant to the case. It doesn't need to be a full course in anglo-saxon law of course, more of a quick reminder of what things mean in context.
Self incrimination Posted Mar 3, 2009 23:25 UTC (Tue) by corbet (editor, #1) [Link] Sorry, I did actually try to get that right; one normally speaks of "fifth amendment rights" in the US, but I knew better than to expect the rest of the world to have the amendments to the US constitution memorized. Most Americans, it seems, don't know what they are.The fifth amendment says, in essence, that people cannot be forced to be a witness against themselves. You cannot be forced to admit that you committed a crime; the government has to be able to prove its case without your help. The real world is not quite so clean, of course, and there are a number of places (taxes, for example) where the fifth amendment seems not to apply. The crucial question here is: does being forced to decrypt a disk partition violate a person's fifth amendment rights? The reasoning in this case appear to be "no," at least if the defendant is required to decrypt things directly, rather than being forced to provide a passphrase to somebody else.
Self incrimination Posted Mar 6, 2009 22:04 UTC (Fri) by giraffedata (subscriber, #1954) [Link] I've always thought that's a strange right (though I've never made any attempt to find out why we have it). It's one of the original civil rights guarantees from 1790, so it must be based on something the British government was doing around that time that people found objectionable.One of the odd results of it is that it is rare in a US criminal trial before a jury for the defendant to testify. The jury never hears him say he didn't do it or what really happened. The defendant does have the right to testify if he wants to, but defense attorneys know from experience that a juror is much more likely to convict after hearing the denial than before. There's some strange psychology at work. Plus, after the defendant testifies, the prosecutor is then entitled to additional testimony from the defendant to back up or clarify what he said. In this case, there was a question of whether a password is information in the sense of legal evidence, or just a device like a key. The government can compel a defendant to turn over a key, but not to provide information from his mind. But in password-production cases, there is also the problem that the fact that the defendant knows the password is useful evidence. So turning over a password can be like turning over the missing murder weapon, which a defendant cannot be compelled to do. Prosecutors in this case tried hard to set things up so a) the defendant would not tell the password (he would type it in himself) and b) the fact that the defendant knows the password would not help their case.
Self incrimination Posted Mar 11, 2009 0:57 UTC (Wed) by landley (guest, #6789) [Link]
It was to discourage torturing people. If you _can_ force somebody to testify against themselves, then it's a short step to beating a confession out of 'em. (That's the reasoning anyway.)
Of course the last administration went straight to torturing people, discarded habeas corpus, and so on. Had a somewhat corrosive effect on the legal system...
Self incrimination Posted Mar 11, 2009 2:15 UTC (Wed) by giraffedata (subscriber, #1954) [Link] I thought of that, but it doesn't wash. To discourage torture, you need to remove the person's privilege to testify in his own case. Because as long as the person has the right to confess, you just torture him until he waives his right to remain silent. It might have something to do with officials harrassing people, fishing for ones who might have broken laws and effectively making them prove they didn't.
Of course the last administration went straight to torturing people, discarded habeas corpus, and so on. Well I don't know about the torturing and habeus corpus, but as for the Fifth Amendment, it didn't apply in those cases because the interrogations and trials, by design, didn't happen in the US. (There's something really, really unpatriotic about government officials who say, "We need to do our business in other countries, where the laws are better"!). There were some suspensions of traditional US due process rights on US soil (e.g. people incarcerated indefinitely without being charged with a crime), but those came from Congress, not the executive administration.
|
|||||||||||||