Obama's "Justice" Department wants to force you to decrypt your DjWVBeXx4ZHsvGME

[em3rgentOrdr]

http://news.cnet.com/8301-31921_3-20078312-281/doj-we-can-force-you-to-decrypt-that-laptop

The Obama administration has asked a federal judge to order the defendant, Ramona Fricosu, to decrypt an encrypted laptop that police found in her bedroom during a raid of her home.

What happened to the The Fifth Amendment of TCOTUS which says that "no person...shall be compelled in any criminal case to be a witness against himself."

[1714094766]

1714094766

[1714094766]

1714094766

[1714094766]

1714094766

[myrkul]

http://news.cnet.com/8301-31921_3-20078312-281/doj-we-can-force-you-to-decrypt-that-laptop

The Obama administration has asked a federal judge to order the defendant, Ramona Fricosu, to decrypt an encrypted laptop that police found in her bedroom during a raid of her home.

What happened to the The Fifth Amendment of TCOTUS which says that "no person...shall be compelled in any criminal case to be a witness against himself."

I have been asking Truecrypt to put in a killswitch password option for a couple of years now.

[em3rgentOrdr]

http://news.cnet.com/8301-31921_3-20078312-281/doj-we-can-force-you-to-decrypt-that-laptop

The Obama administration has asked a federal judge to order the defendant, Ramona Fricosu, to decrypt an encrypted laptop that police found in her bedroom during a raid of her home.

What happened to the The Fifth Amendment of TCOTUS which says that "no person...shall be compelled in any criminal case to be a witness against himself."

I have been asking Truecrypt to put in a killswitch password option for a couple of years now.

Are you familiar with Vanish? http://vanish.cs.washington.edu/

Computing and communicating through the Web makes it virtually impossible to leave the past behind. College Facebook posts or pictures can resurface during a job interview; a lost or stolen laptop can expose personal photos or messages; or a legal investigation can subpoena the entire contents of a home or work computer, uncovering incriminating or just embarrassing details from the past.

Our research seeks to protect the privacy of past, archived data — such as copies of emails maintained by an email provider — against accidental, malicious, and legal attacks. Specifically, we wish to ensure that all copies of certain data become unreadable after a user-specified time, without any specific action on the part of a user, without needing to trust any single third party to perform the deletion, and even if an attacker obtains both a cached copy of that data and the user's cryptographic keys and passwords.

Vanish is a research project aimed at meeting this challenge through a novel integration of cryptographic techniques with distributed systems. We initially implemented a proof-of-concept Vanish prototype that uses the million-node Vuze BitTorrent DHT to create self-destructing data. For a description of our Vuze-based self-destructing data system, please refer to our paper.

Basically you don't have to even press a kill switch.  The encrypted data automatically becomes un-decryptable after a certain amount of time.

[myrkul]

Basically you don't have to even press a kill switch.  The encrypted data automatically becomes un-decryptable after a certain amount of time.

Kinda defeats the purpose of 'Long-term storage'.

[em3rgentOrdr]

Basically you don't have to even press a kill switch.  The encrypted data automatically becomes un-decryptable after a certain amount of time.

Kinda defeats the purpose of 'Long-term storage'.

Yes, but Vanish is it is not meant for stuff you want stored long-term.  Its for stuff that you want to automatically vanish after a certain period of time.  So you put some sensitive stuff on your labtop before you cross the border, but incase you get detained and you are able to stall long enough without being drugged to reveal your passcode, then Vanish would ensure that no one could decrypt that data.

[myrkul]

Yes, but Vanish is it is not meant for stuff you want stored long-term.  Its for stuff that you want to automatically vanish after a certain period of time.  So you put some sensitive stuff on your laptop before you cross the border, but in case you get detained and you are able to stall long enough without being drugged to reveal your passcode, then Vanish would ensure that no one could decrypt that data.

So, does it reset every time you access the data?

[em3rgentOrdr]

Yes, but Vanish is it is not meant for stuff you want stored long-term.  Its for stuff that you want to automatically vanish after a certain period of time.  So you put some sensitive stuff on your laptop before you cross the border, but in case you get detained and you are able to stall long enough without being drugged to reveal your passcode, then Vanish would ensure that no one could decrypt that data.

So, does it reset every time you access the data?

No.  Basically the key is stored in a global bit-torrent distributed hash table such that different parts of the key are placed in different nodes which gradually drop-in and drop-out of the bit-torrent network.  If all segments of the key are available, then the file can be decrypted, but as bit-torrent users drop-out, sections of the key are lost, and if there are not enough backups, then the file can't be decrypted.

[myrkul]

No.  Basically the key is stored in a global bit-torrent distributed hash table such that different parts of the key are placed in different nodes which gradually drop-in and drop-out of the bit-torrent network.  If all segments of the key are available, then the file can be decrypted, but as bit-torrent users drop-out, sections of the key are lost, and if there are not enough backups, then the file can't be decrypted.

Interesting proof of concept, but if you ask me, that just sounds like a great way to lose your data at some random, unspecified time. That is literally terrifying to me, especially if the data's a wallet.dat.

[em3rgentOrdr]

No.  Basically the key is stored in a global bit-torrent distributed hash table such that different parts of the key are placed in different nodes which gradually drop-in and drop-out of the bit-torrent network.  If all segments of the key are available, then the file can be decrypted, but as bit-torrent users drop-out, sections of the key are lost, and if there are not enough backups, then the file can't be decrypted.

Interesting proof of concept, but if you ask me, that just sounds like a great way to lose your data at some random, unspecified time. That is literally terrifying to me, especially if the data's a wallet.dat.

  Yes.  If you know what you want and how it works, then its great.

[NghtRppr]

labtop

Was that a typo or are you one of those people that calls them labtops?

[em3rgentOrdr]

labtop

Was that a typo or are you one of those people that calls them labtops?

I have been calling them labtops ever since i was a little kid.  I don't consider it a typo.

[NghtRppr]

labtop

Was that a typo or are you one of those people that calls them labtops?

I have been calling them labtops ever since i was a little kid.  I don't consider it a typo.

That bugs the hell out of me.

http://www.urbandictionary.com/define.php?term=labtop

[myrkul]

labtop

Was that a typo or are you one of those people that calls them labtops?

I have been calling them labtops ever since i was a little kid.  I don't consider it a typo.

That bugs the hell out of me.

http://www.urbandictionary.com/define.php?term=labtop

In his defense, calling them laptops just encourages baked balls.

[JoelKatz]

What happened to the The Fifth Amendment of TCOTUS which says that "no person...shall be compelled in any criminal case to be a witness against himself."

The justice department is offering production immunity, so there's (arguably) no testimonial act.

That means the actual text of the passphrase (which for all we know could be "I am guilty") is not admissible in court. Similarly, the fact that she knew the passphrase (which could be evidence that she is connected to the decrypted contents) will not be admissible in court either. They just want the decrypted contents of the hard drive they already have.

They don't want any testimony from her. They don't want her to be a witness.

They can force you to provide handwriting exemplars. They can force you to provide DNA. They can even force you to sign a letter authorizing a foreign bank to reveal your account information to them. The only thing the fifth amendment says is that they can't force you to be a witness or to testify.

I agree, it's bullshit, but it's also not an unreasonable interpretation of the text of the fifth amendment.

[lemonginger]

#1) It is impossible to prove that someone remembers or doesn't remember something. I forget passwords all the time, what's to say I haven't forgotten this one.

#2) Deniable Encryption

http://en.wikipedia.org/wiki/Deniable_encryption

[Jaime Frontero]

what's that, you say?

you want me to log in to my computer and then put the passphrase into TrueCrypt to decrypt that file i have that you want to see?

not a problem.  here - i'll log in right now.

...

ooops.  wrong user.  damn!  looks like some old login script i was testing has completely deleted both the file you wanted and the text file which contains my 89-character-and-impossible-to-remember-passphrase.

double drat!

sorry about that...

[JoelKatz]

what's that, you say?

you want me to log in to my computer and then put the passphrase into TrueCrypt to decrypt that file i have that you want to see?

not a problem.  here - i'll log in right now.

...

ooops.  wrong user.  damn!  looks like some old login script i was testing has completely deleted both the file you wanted and the text file which contains my 89-character-and-impossible-to-remember-passphrase.

double drat!

sorry about that...

Now you're in jail for attempted obstruction of justice and tampering with evidence and they just restore the data from a backup. That, or lying and claiming you don't remember the password, are about the worst things you could do.

[myrkul]

Now you're in jail for attempted obstruction of justice and tampering with evidence and they just restore the data from a backup. That, or lying and claiming you don't remember the password, are about the worst things you could do.

Killswitch password.

You input password, Truecrypt eats header (making the data unencryptable), and throws up an error screen identical to if the data was corrupted.

All you have to do is throw a convincing fit that you lost your data (the rage should be easy to summon).

[lemonginger]

whether you have plausible deniability or not (and really there's no reason you shouldn't be encrypting without it) it is impossible to prove whether you remember your password. Even if you logged in yesterday, it is impossible to prove without a reasonable doubt that you haven;t forgotten your password today.

[bitplane]

You input password, Truecrypt eats header (making the data unencryptable), and throws up an error screen identical to if the data was corrupted.

All you have to do is throw a convincing fit that you lost your data (the rage should be easy to summon).

Heh, good luck with that. This isn't like they're asking you to unlock your computer, they've already got a copy of your hard drive which is being used as evidence and they're entering their password it into their copy of truecrypt on a backup of a copy of your data. Entering your kill password into it would be attempting to destroy evidence but failing.