Judge: Fifth Amendment doesn't protect encrypted hard drives

It's a variant of what's called "rubber hose cryptology": sometimes it's technologically a lot easier to just beat the password out of someone (smacking the soles of one's feet with a rubber hose apparently being a rather effective technique).<p>I draw the line using a "rag doll" model. They can compel fingerprints, physical keys, DNA, etc. insofar as they can manipulate your limp unresitive (albeit uncooperative) body to take fingerprints, extract keys from pockets, snip a hair, extract a blood sample, etc. They cannot, however, compel you to act on their behalf and against your own interests - to wit, they cannot demand you speak (type, write, press buttons) words the whole point of which can and will be used against you. A fair argument may be made for compelling you to provide the key/combination to a safe, but only insofar as they CAN tear the safe apart with blowtorches &#38; diamond saws if you don't cooperate. But when it comes to the state's evidence hinging entirely upon the defendant's cooperation, no - that's why we have the 5th Amendment (gov't cannot compel one to testify against self).

To counter this, you need an encryption method with these properties:<p>- you can be banned or self-banned, irrevocably, from accessing your data;<p>- you can prove to the judge that you can't access your data;<p>- even with full forensic copies of your disk, you can't be un-banned.<p>You can do that by having part(s) of the key on server(s) online. Give yourself, a couple of trusted friends and optionally a script, the ability to wipe those keys: it will irrevocably seal your disk's content. Obviously, pick servers under foreign jurisdictions which dislike to collaborate.<p>Even better, there's no proof that you're the one who destroyed the keys: you can't be charged with evidence tempering.

I have question to those who know more about these things: Instead of hidden volumes, wouldn't it be better to have an "under duress" password?<p>The hard drive is encrypted and sensitive folders are identified by the user. When a password is given all contents are decrypted.<p>When a "under duress" password is given the sensitive folders are permanently wiped and all the (remaining, innoculous) contents are decrypted.<p>This stops them from finding hidden volumes or operating systems because there are none. Wouldn't that be a better model, and much harder to figure out?

What if lawyer-based service is created, which allows to automate representation of client including when client need access to data on the his hard drive. Essentially, develop algorithm allowing external OTP authentication.<p>And this lawyer, representing user, will have in agreement something like this "In case my client is under investigation or incriminated or ..." I will not be allowed to release OTP password.<p>Of course, this service will be based in country which treat law as a law, not inconvenience.<p>What I am missing? There are no such countries may be?

Everyone is trying to figure out which encryption technique can bypass the law when it's already too late. The best solution for this type of case is to <i>keep your damn mouth shut</i> and don't talk about the contents of the drive.<p><i>"the police had recorded a phone call between Fricosu and her husband in which she seemed to acknowledge ownership of the laptop and to reference incriminating material on it."</i><p>Without that recording, the prosecutions case would be a lot weaker. Sure, encrypt your files, but keep your mouth shut about it!

Just out of curiosity, what's the case-law like if she had encoded these documents and stored them on paper?<p>I certainly don't want to see mandatory decryption, but at the same time it doesn't make sense to let an accused completely skip out on discovery by simply truecrypt-ing the evidence either.

BTW, hackers, if you did not see it yet, check out what EncFs offer you. Essentially, it allows you to have multiple passwords on the same repository, and only files decryptable with currently used password are shown (require special option during mounting to ignore incorrect password warning).<p>Using that you can have any number of passwords and any number of "partitions" inside your folder. This is not like hidden partition in TrueCrypt, where you can not prove it exists at all.

Makes sense.<p>Yes, dead-man switches and whatnot always come up with cases like this - that's not really part of this ruling. This case includes: a) they have record of the defendant stating the information exists on the machine, which she stated she owns, and b) they have (a very good) reason to believe the drive can be decrypted.<p>All of this strikes me more as a search warrant than anything, in the same way that they can break locked doors if they have a warrant to search a location. That it's a cryptographic lock really has no bearing on the matter - if the documents were printed and put in a locked closet, they could be confiscated and searched. Why is this different?

Yesterday's link, to the original source: <a href="http://news.ycombinator.com/item?id=3502850" rel="nofollow">http://news.ycombinator.com/item?id=3502850</a>

Any technologies exist that let you have multiple encrypted OS's on multiple keys? For example, 1 key could boot up one OS and another key could boot up a different OS. Seems like it'd be difficult to prove that you booted one or the other...

Classical jibberish passwords are mostly muscle memory. I know I wouldn't be able to remember some of my mine of that sort after two weeks.<p>If you were incarcerated and you knew you might have to comply with an order to decrypt a hard drive, it might be in your best interest to create and shadow type many alternate passwords until you actually forget the important one. Then (hopefully) you're just a polygraph away from a not guilty in an obstruction charge.

An important clarification since some people seem to be confusing the issue: the police seized her computer already, presumably legally and with a warrant.<p>So while this does present an interesting edge case in the fifth amendment (does evidence count as evidence if it's encrypted?), it shouldn't set off civil liberty alarm bells in your head nearly as badly as several other things currently going on in this country.

It looks like they're not trying to decrypt the laptop for the fun of it, but judge has physical evidence that the laptop contains relevant information to the case. From the article:<p><i>But the police had recorded a phone call between Fricosu and her husband in which she seemed to acknowledge ownership of the laptop and to reference incriminating material on it.</i>

Did anybody see this?<p><i>But the police had recorded a phone call between Fricosu and her husband in which she seemed to acknowledge ownership of the laptop and to reference incriminating material on it.</i><p>I'd like more details about this - without any clarification, this sounds <i>extremely scary</i>.

I really hope this gets appealed.

It would be cool to have a "canary" system in encryption.<p>For example, without having entered the 'everything is OK' password every week, the drive/encryption automatically destroys itself.<p>So if the drive is ever compromised, or you are separated from it, etc, the fact that you do nothing should cause the protected data to be destroyed.

I forget my password for things all of the time...This situation would be no different.

Note to self: never acknowledge ownership of a laptop with incriminating material on it (encrypted or not); especially while on the phone or in the general vicinity of a recording device.

I used to think we didn't want these kinds of cases in front of the supreme court right now - but I am starting to change my mind. They are showing signs of intelligence.

What happens if a friend of a suspect burns some papers that the jury suspects that those were incriminatory evidence?<p>In this context: what would happen in the case the crypto software deletes all the data after not logging in for 1 week? (It would be too short for the trial to happen i guess)