Comments on: DOJ Demands Laptop Password

By: the walking dead wiki

the walking dead wiki — Thu, 03 Nov 2011 05:45:17 +0000

What a really great blog!

By: Jack @ Laptop

Jack @ Laptop — Tue, 20 Sep 2011 16:30:46 +0000

I think one’s policy for securing its laptop data by encrypting it is a preventive step. Laptops are now easily connect with internet access in line with the level of technological advancement, but it’s also an increasingly wide open spaces for the entry of spyware and hacking activities

By: Max Power

Max Power — Sun, 17 Jul 2011 15:32:20 +0000

I suppose you could also use a passphrase that is itself incriminating (e.g. “I took an illegal income tax deduction of $something in some year”). Then, when the government, at least in the US, demands your password, you can use a 5th defense against self-incrimination.

By: Veridical Driver

Veridical Driver — Sun, 17 Jul 2011 08:23:17 +0000

How hard would it be to just say “Sorry, I forgot the password”. Or say “The password was on the post-it-note on my desk”, “What post-it-note?, “You guys must have lost it!”.

Also, TrueCrypt lets you create two volumes in one file, each with their own password. When they ask you for the password, you give them the password to data you don’t care about. Your private data is in the other volume.

By: nate-m

nate-m — Fri, 15 Jul 2011 00:02:56 +0000

Or they take your system when it’s running and the encrypted drives are open.

By: BioTube

BioTube — Thu, 14 Jul 2011 23:55:26 +0000

You still have to take additional precautions – even TrueCrypt’s hidden containers won’t help you if they can prove that the one you unlock isn’t the one you actually use.

By: Matt

Matt — Thu, 14 Jul 2011 19:00:08 +0000

There are some programs, like TrueCrypt, where the whole drive is encrypted and the result is basically a drive full of random data if you don’t have the password. Without the password, it’s impossible to read. But what if an adversary forces you (via subpoena or tire iron to the knees) to reveal the password?

The answer is that since the whole drive is encrypted, unused disk space appears as just the same random noise as actual data that has been encrypted. So Inception-style, TrueCrypt and some other software allow you to have a *secondary* password which allows you to hide data in the seemingly unused space. So if forced to reveal your password, you’ve only let your adversary see what’s in the file system of the encrypted drive, not what’s further hidden in the seemingly blank space. And there’s no way to tell whether blank space is truly blank or has hidden data, so your adversary doesn’t even know there’s more data that they need your other password to see.

By: Friedrich

Friedrich — Thu, 14 Jul 2011 11:07:23 +0000

I guess this is a harsh enough crime to allow for advanced examinations. Maybe while starting to break fingers the delinquent may “remember”.

By: Big Brother

Big Brother — Thu, 14 Jul 2011 09:00:01 +0000

According to this Daily Mail article,> failing to disclose a computer password is a criminal offence in the UK: "He pleaded guilty to specimen charges of possessing indecent images, two of having prohibited drawings, three charges of distributing the material and one count of failing to disclose the password for an encrypted computer."

By: El Tonno

El Tonno — Wed, 13 Jul 2011 21:25:32 +0000

I recommend TrueCrypt, which gives you the ability to have files whose contents are encrypted and that can be mounted like partitions.

Inside the partition, I have a couple of VMWare Virtual machine images. I’m not sure whether Windows throws some of their data into the unencrypted Windows swap file while they run though..

By: Reed

Reed — Wed, 13 Jul 2011 21:12:19 +0000

So, do they simply want the password to log onto her Windows 7 account, or is her entire hard drive encrypted with special software?

On this topic, what’s the best software to encrypt files? I know you can encrypt files in Windows by right-clicking the folder and going to properties. There’s a checkbox in there that will allow you to encrypt the contents of the folder. Is that enough? I have documents with important info that I’d like to not ever be hacked.

By: nate-m

nate-m — Wed, 13 Jul 2011 19:46:37 +0000

Back in the early days of Linux-land developers and software builders would have to house certain types of software outside of the USA because they were not willing and were not able to control the country or origin of the people that downloaded the software.

Hosting fully functional Linux systems in the USA and letting people download it freely could land a unlucky person in federal prison.

With the relaxation of export laws Linux systems can now host their files in the USA, but you can see examples of this lingering in archived ftp servers and such.

For example:
http://archive.debian.org/debian-non-US/

That housed software that was illegal to distribute from USA ftp servers due to the off chance that somebody from a restricted country would log in. So the work around was to simply host certain files in places like Germany and then make USA users download it from those foreign countries.

Nowadays they are faced with a similar issue with ‘IP’, that is patents specifically.
http://debian-multimedia.org/
http://fedoraproject.org/wiki/Forbidden_items
https://help.ubuntu.com/community/RestrictedFormats

Now patents are even worse because even housing your software out of the USA can still get you in trouble if your in the USA. Patent laws don’t care if your exporting or importing anything.

All this stuff works perfectly fine in Linux. But the legal hoops that people are forced to jump through is too much for most people.

By: Nielsio

Nielsio — Wed, 13 Jul 2011 19:21:35 +0000

“Shortly after its release, PGP encryption found its way outside the United States, and in February 1993 Zimmermann became the formal target of a criminal investigation by the US Government for “munitions export without a license”. Cryptosystems using keys larger than 40 bits were then considered munitions within the definition of the US export regulations; PGP has never used keys smaller than 128 bits so it qualified at that time. Penalties for violation, if found guilty, were substantial. After several years, the investigation of Zimmermann was closed without filing criminal charges against him or anyone else.

Zimmermann challenged these regulations in a curious way. He published the entire source code of PGP in a hardback book, via MIT Press, which was distributed and sold widely. Anybody wishing to build their own copy of PGP could buy the $60 book, cut off the covers, separate the pages, and scan them using an OCR program, creating a set of source code text files. One could then build the application using the freely available GNU Compiler Collection. PGP would thus be available anywhere in the world. The claimed principle was simple: export of munitions—guns, bombs, planes, and software—was (and remains) restricted; but the export of books is protected by the First Amendment. The question was never tested in court with respect to PGP. In cases addressing other encryption software, however, two federal appeals courts have established the rule that cryptographic software source code is speech protected by the First Amendment (the Ninth Circuit Court of Appeals in the Bernstein case and the Sixth Circuit Court of Appeals in the Junger case).

US export regulations regarding cryptography remain in force, but were liberalized substantially throughout the late 1990s. Since 2000, compliance with the regulations is also much easier. PGP encryption no longer meets the definition of a non-exportable weapon, and can be exported internationally except to 7 specific countries and a list of named groups and individuals (with whom substantially all US trade is prohibited under various US export controls).”

http://en.wikipedia.org/wiki/Pretty_Good_Privacy#Criminal_investigation