1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar
Source link: http://archive.mises.org/17704/doj-demands-laptop-password/

DOJ Demands Laptop Password

July 13, 2011 by

The attorney who defended PGP encryption creator Phil Zimmerman in the 1990s, Phil Dubois, is now defending a woman accused of a mortgage scam against Department of Justice demands that she reveal the password to her laptop.

Dubois says, “The government let us know a month or two ago that: ‘We just can’t break this encryption, so why doesn’t your client just give us the password?’ And we said, ‘We don’t think so.’”

He adds, “When I was representing Zimmermann, this subject came up. We used to talk about it. We knew at some point the issue would arise. The government would run into encrypted data, and it would do whatever it could to get in there, including turning to the courts and getting some compulsion order. It doesn’t come as a surprise. Frankly, I’m surprised it took so long to arise.

“The government is trying to expand its power. Back in the PGP days, the government was trying to prevent, futilely, the spread of encryption software around the world. Now they’re trying to increase their power by narrowing the Fifth Amendment. Like the others, the Fifth Amendment is aimed directly at the government, primarily the executive. The executive wants, as it always has and always will, to narrow the Fifth Amendment and thereby increase its own power.”

Read more here, at cnet.com.

{ 13 comments }

Nielsio July 13, 2011 at 2:21 pm

“Shortly after its release, PGP encryption found its way outside the United States, and in February 1993 Zimmermann became the formal target of a criminal investigation by the US Government for “munitions export without a license”. Cryptosystems using keys larger than 40 bits were then considered munitions within the definition of the US export regulations; PGP has never used keys smaller than 128 bits so it qualified at that time. Penalties for violation, if found guilty, were substantial. After several years, the investigation of Zimmermann was closed without filing criminal charges against him or anyone else.

Zimmermann challenged these regulations in a curious way. He published the entire source code of PGP in a hardback book, via MIT Press, which was distributed and sold widely. Anybody wishing to build their own copy of PGP could buy the $60 book, cut off the covers, separate the pages, and scan them using an OCR program, creating a set of source code text files. One could then build the application using the freely available GNU Compiler Collection. PGP would thus be available anywhere in the world. The claimed principle was simple: export of munitions—guns, bombs, planes, and software—was (and remains) restricted; but the export of books is protected by the First Amendment. The question was never tested in court with respect to PGP. In cases addressing other encryption software, however, two federal appeals courts have established the rule that cryptographic software source code is speech protected by the First Amendment (the Ninth Circuit Court of Appeals in the Bernstein case and the Sixth Circuit Court of Appeals in the Junger case).

US export regulations regarding cryptography remain in force, but were liberalized substantially throughout the late 1990s. Since 2000, compliance with the regulations is also much easier. PGP encryption no longer meets the definition of a non-exportable weapon, and can be exported internationally except to 7 specific countries and a list of named groups and individuals (with whom substantially all US trade is prohibited under various US export controls).”

http://en.wikipedia.org/wiki/Pretty_Good_Privacy#Criminal_investigation

nate-m July 13, 2011 at 2:46 pm

Back in the early days of Linux-land developers and software builders would have to house certain types of software outside of the USA because they were not willing and were not able to control the country or origin of the people that downloaded the software.

Hosting fully functional Linux systems in the USA and letting people download it freely could land a unlucky person in federal prison.

With the relaxation of export laws Linux systems can now host their files in the USA, but you can see examples of this lingering in archived ftp servers and such.

For example:
http://archive.debian.org/debian-non-US/

That housed software that was illegal to distribute from USA ftp servers due to the off chance that somebody from a restricted country would log in. So the work around was to simply host certain files in places like Germany and then make USA users download it from those foreign countries.

Nowadays they are faced with a similar issue with ‘IP’, that is patents specifically.
http://debian-multimedia.org/
http://fedoraproject.org/wiki/Forbidden_items
https://help.ubuntu.com/community/RestrictedFormats

Now patents are even worse because even housing your software out of the USA can still get you in trouble if your in the USA. Patent laws don’t care if your exporting or importing anything.

All this stuff works perfectly fine in Linux. But the legal hoops that people are forced to jump through is too much for most people.

Reed July 13, 2011 at 4:12 pm

So, do they simply want the password to log onto her Windows 7 account, or is her entire hard drive encrypted with special software?

On this topic, what’s the best software to encrypt files? I know you can encrypt files in Windows by right-clicking the folder and going to properties. There’s a checkbox in there that will allow you to encrypt the contents of the folder. Is that enough? I have documents with important info that I’d like to not ever be hacked.

El Tonno July 13, 2011 at 4:25 pm

I recommend TrueCrypt, which gives you the ability to have files whose contents are encrypted and that can be mounted like partitions.

Inside the partition, I have a couple of VMWare Virtual machine images. I’m not sure whether Windows throws some of their data into the unencrypted Windows swap file while they run though..

Big Brother July 14, 2011 at 4:00 am

According to this Daily Mail article,> failing to disclose a computer password is a criminal offence in the UK: “He pleaded guilty to specimen charges of possessing indecent images, two of having prohibited drawings, three charges of distributing the material and one count of failing to disclose the password for an encrypted computer.”

Matt July 14, 2011 at 2:00 pm

There are some programs, like TrueCrypt, where the whole drive is encrypted and the result is basically a drive full of random data if you don’t have the password. Without the password, it’s impossible to read. But what if an adversary forces you (via subpoena or tire iron to the knees) to reveal the password?

The answer is that since the whole drive is encrypted, unused disk space appears as just the same random noise as actual data that has been encrypted. So Inception-style, TrueCrypt and some other software allow you to have a *secondary* password which allows you to hide data in the seemingly unused space. So if forced to reveal your password, you’ve only let your adversary see what’s in the file system of the encrypted drive, not what’s further hidden in the seemingly blank space. And there’s no way to tell whether blank space is truly blank or has hidden data, so your adversary doesn’t even know there’s more data that they need your other password to see.

BioTube July 14, 2011 at 6:55 pm

You still have to take additional precautions – even TrueCrypt’s hidden containers won’t help you if they can prove that the one you unlock isn’t the one you actually use.

nate-m July 14, 2011 at 7:02 pm

Or they take your system when it’s running and the encrypted drives are open.

Friedrich July 14, 2011 at 6:07 am

I guess this is a harsh enough crime to allow for advanced examinations. Maybe while starting to break fingers the delinquent may “remember”.

Veridical Driver July 17, 2011 at 3:23 am

How hard would it be to just say “Sorry, I forgot the password”. Or say “The password was on the post-it-note on my desk”, “What post-it-note?, “You guys must have lost it!”.

Also, TrueCrypt lets you create two volumes in one file, each with their own password. When they ask you for the password, you give them the password to data you don’t care about. Your private data is in the other volume.

Max Power July 17, 2011 at 10:32 am

I suppose you could also use a passphrase that is itself incriminating (e.g. “I took an illegal income tax deduction of $something in some year”). Then, when the government, at least in the US, demands your password, you can use a 5th defense against self-incrimination.

Jack @ Laptop September 20, 2011 at 11:30 am

I think one’s policy for securing its laptop data by encrypting it is a preventive step. Laptops are now easily connect with internet access in line with the level of technological advancement, but it’s also an increasingly wide open spaces for the entry of spyware and hacking activities

the walking dead wiki November 3, 2011 at 12:45 am

What a really great blog!

Comments on this entry are closed.

Previous post:

Next post: