| Author | Thread |
|
|
01/16/2008 01:01:11 PM · #1 |
Attached is an article regarding a disgusting (imo) event (child porn). The question is; regardless of the legality of the files contents, can the government require you to incriminate yourself by disclosing your password to encrypted files?
encryption password case |
|
|
|
01/16/2008 01:18:57 PM · #2 |
| you can pretty quickly get in to thoughtcrimes and the like that way. can you prove you've forgotten a password, or can you prove that someone hasn't ? |
|
|
|
01/16/2008 01:52:18 PM · #3 |
| its more about expediency. If you give up the password, the investigation goes faster. If not, they have your files and will work to get them decoded to view them. |
|
|
|
01/16/2008 01:58:57 PM · #4 |
Originally posted by frisca:
its more about expediency. If you give up the password, the investigation goes faster. If not, they have your files and will work to get them decoded to view them. |
OK, lets say he still refuses to give up his password. He's been arrested and has the right to a speedy trial. Cracking the password by trial and error will likely take several years. Wouldn't keeping him in custody or having the charges pending all that time violate his right to a speedy trial?
|
|
|
|
01/16/2008 02:26:48 PM · #5 |
Honestly, if you are in any way competent expediency isn't a consideration. The PGP keys I routinely use would take millions of years to break using current technology. Now there might be significant breakthroughs made that would reduce that number by many factors. You are still looking at potentially decades for trivially available, free encryption like PGP (which is technically illegal to obtain in the US, but not to use)
It isn't a case of several years. There are no known useful brute force attacks if you set these things up properly. That's the point. |
|
|
|
01/16/2008 02:31:13 PM · #6 |
Well, then, let me give the legal reply:
Its evidence that already exists, so its not self-incrimination. Its proper fodder for a search warrant, and ought to be given up. If the person refuses or claims to have forgotten, I'm sure that will be the source of another investigation (check into the last time he logged in using that password or something else that forsenic investigators have in their arsenal) and then decide the charges. |
|
|
|
01/16/2008 02:37:00 PM · #7 |
Originally posted by Spazmo99:
He's been arrested and has the right to a speedy trial. Cracking the password by trial and error will likely take several years. Wouldn't keeping him in custody or having the charges pending all that time violate his right to a speedy trial? |
I'd say no. If he wanted a speedy trial he'd give the password. Refusing to give the password knowing they have a search warrant and are going to crack it anyway kind of waives your right to a speedy trial. You can't complain about a slow trial when it's your fault it's slow!
Plus, if you'd rather sit in jail for a few years rather then give up a password I'm guessing you have something to hide that is worthy of you being in jail anyway. That or your rightiousness borders on stupidity.
|
|
|
|
01/16/2008 02:37:20 PM · #8 |
FWIW, it is certainly the law in the UK that you have to cough up encryption keys or passwords. Though you could take the 2 years jail time for not providing them, rather than incriminate yourself.
To Frisca: If I know of information about a crime, and in providing that information, I also incriminate myself, isn't the right not to do that all the US 5th amendment is about ?
The password is information. How is that different ? |
|
|
|
01/16/2008 02:39:14 PM · #9 |
Originally posted by LoudDog:
Originally posted by Spazmo99:
He's been arrested and has the right to a speedy trial. Cracking the password by trial and error will likely take several years. Wouldn't keeping him in custody or having the charges pending all that time violate his right to a speedy trial? |
I'd say no. If he wanted a speedy trial he'd give the password. Refusing to give the password knowing they have a search warrant and are going to crack it anyway kind of waives your right to a speedy trial. You can't complain about a slow trial when it's your fault it's slow!
Plus, if you'd rather sit in jail for a few years rather then give up a password I'm guessing you have something to hide that is worthy of you being in jail anyway. That or your rightiousness borders on stupidity. |
They aren't going to crack it anyway. Large (tens of thousands) of computers, running for years, can start coming close to cracking one password, for the mid range encryption that is available (512 bit keys) 1024 bit and 2048 bit keys are easily generated in PGP, that are essentially uncrackable with current technology. Most people are already using 2048 bit keys.
Don't you have a right to silence and a right not to self-incriminate ? and also a right to not be punished without due process ? I know everyone's all gung ho about throwing away the constitution and all, but that one seems quite useful in general.
Message edited by author 2008-01-16 14:42:35. |
|
|
|
01/16/2008 02:40:34 PM · #10 |
Originally posted by frisca:
Well, then, let me give the legal reply:
Its evidence that already exists, so its not self-incrimination. Its proper fodder for a search warrant, and ought to be given up. If the person refuses or claims to have forgotten, I'm sure that will be the source of another investigation (check into the last time he logged in using that password or something else that forsenic investigators have in their arsenal) and then decide the charges. |
OK, I'll grant you that in this case, there is other evidence that child porn is on the HD (the video showing child porn on the screen during the stop at the border), but, simply in the interest of this discussion, what if the authorities had no such indication?
|
|
|
|
01/16/2008 02:42:54 PM · #11 |
Originally posted by Gordon:
FWIW, it is certainly the law in the UK that you have to cough up encryption keys or passwords. Though you could take the 2 years jail time for not providing them, rather than incriminate yourself.
To Frisca: If I know of information about a crime, and in providing that information, I also incriminate myself, isn't the right not to do that all the US 5th amendment is about ?
The password is information. How is that different ? |
The right against self-incrimination doesn't apply to premises when a search warrant has been issued. You don't have the right to deny the cops a key to your storage locker if they have a warrant to search it, and they'll blow the door off if they have to to conduct their search.
R.
ETA: that's interesting:
"In his ruling, Niedermeier said forcing Boucher to enter his password would be like asking him to reveal the combination to a safe. The government can force a person to give up the key to a safe because a key is physical, not in a person's mind. But a person cannot be compelled to give up a safe combination because that would "convey the contents of one's mind,'' which is a "testimonial" act protected by the Fifth Amendment, Niedermeier said ."
Message edited by author 2008-01-16 14:46:25.
|
|
|
|
01/16/2008 02:43:56 PM · #12 |
upon further thought, how is a password different then a key to a lock? If they have a warrant, you have to open the safe/shed/closet/front door. If they have a warrant for the info on your computer, I'd consider it the same thing.
|
|
|
|
01/16/2008 02:44:28 PM · #13 |
Originally posted by Gordon:
FWIW, it is certainly the law in the UK that you have to cough up encryption keys or passwords. Though you could take the 2 years jail time for not providing them, rather than incriminate yourself.
To Frisca: If I know of information about a crime, and in providing that information, I also incriminate myself, isn't the right not to do that all the US 5th amendment is about ?
The password is information. How is that different ? |
Well, the password isn't the evidence; its the key to the locker in which the evidence is kept, so in Canada, the right against self incrimination does not apply. |
|
|
|
01/16/2008 02:44:59 PM · #14 |
Originally posted by LoudDog:
upon further thought, how is a password different then a key to a lock? If they have a warrant, you have to open the safe/shed/closet/front door. If they have a warrant for the info on your computer, I'd consider it the same thing. |
Currently you have to give up a physical key for a safe. However, from what I understand, you don't have to give up a combination number. If they have a warrant you don't have to open it. Also, at least in this particular case, the current ruling is that you don't have to give up the password, as it would be self-incriminating.
Message edited by author 2008-01-16 14:47:53. |
|
|
|
01/16/2008 02:51:13 PM · #15 |
Originally posted by frisca:
its more about expediency. If you give up the password, the investigation goes faster. If not, they have your files and will work to get them decoded to view them. |
They may work to get them decoded. But decoding something say in 512 bit blowfish encryption could potentially take longer then global warming would. Bruteforce attacks are just time consuming but luck happens.
Unrelated but i read somewhere years ago and its probably no longer 100% true but the encryption used in GSM phone calls would take all the computing power in the world over 20 years.
I think the fact of decrypting something that they dont know what algorithim and hash were used would be decided on the importance of the case. If they know what algorithim and hash was used and its an important case i figure they would take a crack at it.
This is the reason the government tries to regulate encryption strength in consumer products.
|
|
|
|
01/16/2008 03:01:12 PM · #16 |
Originally posted by frisca:
Originally posted by Gordon:
FWIW, it is certainly the law in the UK that you have to cough up encryption keys or passwords. Though you could take the 2 years jail time for not providing them, rather than incriminate yourself.
To Frisca: If I know of information about a crime, and in providing that information, I also incriminate myself, isn't the right not to do that all the US 5th amendment is about ?
The password is information. How is that different ? |
Well, the password isn't the evidence; its the key to the locker in which the evidence is kept, so in Canada, the right against self incrimination does not apply. |
In the U.S. it's already established that if your locker has a physical key, it must be surrendered. However, if your locker has a combination lock, since a combination does not physically exist, it does not have to be given. The authorities are welcome to seize the locker and force it open, but the accused does not have to provide the combination.
Message edited by author 2008-01-16 15:03:14.
|
|
|
|
01/16/2008 03:02:15 PM · #17 |
Originally posted by Flash:
Attached is an article regarding a disgusting (imo) event (child porn). The question is; regardless of the legality of the files contents, can the government require you to incriminate yourself by disclosing your password to encrypted files?
encryption password case |
Work a deal that gives yourself immunity if you agree to testify against yourself. :)
|
|
|
|
01/19/2008 02:22:23 AM · #18 |
You're best bet is plausible deniability. Use TrueCrypt
to encrypt files, or even partitions on your
harddrive you don't want seen. To do this so
you can defeat the government assholes you create
an encrypted container. Now if that's all you do
they'll just ask you for the password. You'll be
right back where this guy is. The secret is to
create another encrypted container within the first
one. Then you act irritated when they ask you for
the password, but you eventually give in and reveal
the password for the first container. In that space
you only have files that are innocuous. No trade
secrets, copywrited files you don't want Red China
to have, etc. So when they check your drive they
won't find anything to delay you. You can even have
a third container within the second one. If you can
keep your cool when dealing with these people you'll
walk right past them with the goods and there is not
a damn thing they can do. Which is just the way it
should be. The PDF file at the website above describes
how the program works, and how to use it much better
than I described it. |
|
Home -
Challenges -
Community -
League -
Photos -
Cameras -
Lenses -
Learn -
Help -
Terms of Use -
Privacy -
Top ^
DPChallenge, and website content and design, Copyright © 2001-2025 Challenging Technologies, LLC.
All digital photo copyrights belong to the photographers and may not be used without permission.
Current Server Time: 08/27/2025 07:59:28 AM EDT.
