Sign in with
Sign up | Sign in

HDD Decrypting Cannot be Enforced by U.S. Prosecutors

By - Source: US Court of Appeals | B 52 comments
Tags :

The Fifth Amendment to the United States Constitution protects some people under criminal investigation from having to reveal passwords provided access to the encrypted content of storage devices.

In a case between the United States government and John Doe, the defendant refused to decrypt the data on the hard drives of several laptop computers and five external hard drives. He invoked his Fifth Amendment right against self-incrimination. He ended up spending eight months in jail for contempt of court, but the Court of Appeals for the Eleventh Circuit agreed with him and stated that the the content on a storage device is considered a form of testimony and he is therefore covered Fifth Amendment rights. Despite the government's suspicion that the hard drives contain child pornography, the defendant was released free of any charges.

The prosecutors attempted to get around the hurdle by guaranteeing that the defendant would not have to fear any charges for the act of decrypting the data, which was - not surprisingly - not compelling enough. They would only be able to enforce the decryption if they were to grant immunity to the defendant over any potentially incriminating contents at the same time. The government rejected this path.

One could suspect that the data encryption could now be concealed simply by encrypting the data. While that may be true in some cases, this particular ruling was based on the fact that the prosecutors simply had the suspicion that the hard drives stored illegal content. Had there been proof that the defendant obtained child pornography, he could have been forced to provide the decrypted data.

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 16 Hide
    captjack5169 , February 28, 2012 3:23 PM
    Personally, I would rather them trying to crack the encryption on my drives. I bet I get to retirement first.
  • 15 Hide
    rozz , February 28, 2012 3:46 PM
    COLGeekFor better wording, read the PDF linked as the source of the article. This is an interesting case. It seems odd that the govt didn't clone his HDDs and decrypt (various means to do so including brute force).

    Yeah Brute force wont get them anywhere. You're talking tens if not hundreds of years with a simple 128bit encrypted drive.

    And that's with tons of GPUs cracking at it..

    Curious.. did they try "12345" as the password?
  • 14 Hide
    memadmax , February 28, 2012 3:40 PM
    Also, any form of "bruteforce" is still a 5 year endeavor, even with the most powerful supercomputers doing the number crunching.... this puts it past the "statute of limitations"....

    Until they get a computer that can do several trillion tries a second, that is also widely available, you are safe on bruteforce. But by then, I suppose they would find a more secure means of encrypting data.
Other Comments
    Display all 52 comments.
  • 1 Hide
    Anonymous , February 28, 2012 3:10 PM
    This is worded just so incorrectly from a legal standpoint. Just awful.
  • 5 Hide
    SpadeM , February 28, 2012 3:12 PM
    Quote:
    Had there been proof that the defendant obtained child pornography, he could have been forced to provide the decrypted data.


    What is the definition of force in this case? I doubt it's water boarding :p  but then again it is America ...
  • 14 Hide
    juncture , February 28, 2012 3:15 PM
    fish1932989This is worded just so incorrectly from a legal standpoint. Just awful.
    Yeah, people can actually understand it now.
  • 7 Hide
    COLGeek , February 28, 2012 3:17 PM
    fish1932989This is worded just so incorrectly from a legal standpoint. Just awful.

    For better wording, read the PDF linked as the source of the article.

    This is an interesting case. It seems odd that the govt didn't clone his HDDs and decrypt (various means to do so including brute force).
  • 16 Hide
    captjack5169 , February 28, 2012 3:23 PM
    Personally, I would rather them trying to crack the encryption on my drives. I bet I get to retirement first.
  • -8 Hide
    Anonymous , February 28, 2012 3:29 PM
    You dont need 'proof' of childporn on the hard drive. That is not the court's standard among other things..

  • 9 Hide
    memadmax , February 28, 2012 3:35 PM
    The canadians had the same issue regarding a guy that had a "boot up password" on his laptop....

    They couldn't force him to give up his password, so he managed to get out of it.

    The same goes with this.

    They can't force you to give up your password.
  • 14 Hide
    memadmax , February 28, 2012 3:40 PM
    Also, any form of "bruteforce" is still a 5 year endeavor, even with the most powerful supercomputers doing the number crunching.... this puts it past the "statute of limitations"....

    Until they get a computer that can do several trillion tries a second, that is also widely available, you are safe on bruteforce. But by then, I suppose they would find a more secure means of encrypting data.
  • 15 Hide
    rozz , February 28, 2012 3:46 PM
    COLGeekFor better wording, read the PDF linked as the source of the article. This is an interesting case. It seems odd that the govt didn't clone his HDDs and decrypt (various means to do so including brute force).

    Yeah Brute force wont get them anywhere. You're talking tens if not hundreds of years with a simple 128bit encrypted drive.

    And that's with tons of GPUs cracking at it..

    Curious.. did they try "12345" as the password?
  • 10 Hide
    captjack5169 , February 28, 2012 3:48 PM
    rozzYeah Brute force wont get them anywhere. You're talking tens if not hundreds of years with a simple 128bit encrypted drive.And that's with tons of GPUs cracking at it.. Curious.. did they try "12345" as the password?


    This +1 I chuckled
  • 8 Hide
    rozz , February 28, 2012 3:48 PM
    memadmaxAlso, any form of "bruteforce" is still a 5 year endeavor, even with the most powerful supercomputers doing the number crunching.... this puts it past the "statute of limitations"....Until they get a computer that can do several trillion tries a second, that is also widely available, you are safe on bruteforce. But by then, I suppose they would find a more secure means of encrypting data.

    ENCRYPT ALL DRIVES WITH 512BIT QUICK BEFORE GOVERNMENT INVENTS QUANTUM COMPUTING!
  • 1 Hide
    COLGeek , February 28, 2012 4:05 PM
    I will only say this in regard to cracking these passwords. They can certainly be cracked with the proper tools in far less time than you might think. This might even be a good topic for Tom's to look into.

    The bottom line, don't feel too secure with these tools. What math can put together, math can take apart. Think about it.....
  • 2 Hide
    memadmax , February 28, 2012 4:06 PM
    I want to add something to my "laptop password" rationale....

    If you add a "boot up password" to any system.... yea sure, they could take the hard drive out and try to get into the contents thru another system...

    But, this has its drawbacks: The system, in its original form, would be compromised. This opens up the defense to such things as "what if they planted data on the hard drive after it was removed from the original system" and so on and so forth...
  • 11 Hide
    COLGeek , February 28, 2012 4:25 PM
    Quote:
    Strike one for citizens rights and the Constitution.
    Scumbag lawyers. cops and judges, especially pigs, I mean cops, are liars of the worse kind. They all hang out together and have drinks, this includes politicians too.

    Anger issues? Not exactly a great addition to the discussion.
  • 7 Hide
    drwho1 , February 28, 2012 4:44 PM
    This is interesting...
    But at the same time, If I suspect of someone has child porn, I would probably would try to find other ways to get the facts straight before arrest him in the first place.

    Maybe a simple court order to "sniff" on his computers should have been enough.
    (predators would simply not stop doing what they do) and they could have tracked his "whereabouts" online, that would be proof enough to get access to his dirty drive.

    OR proof that they were wrong and move along...
  • 12 Hide
    gm0n3y , February 28, 2012 4:45 PM
    I still don't understand how 'I forgot my password' isn't a valid defence. Sure it's perjury, but there is no way to prove it and if you're already storing child porn you probably aren't too concerned with breaking the law.
  • 3 Hide
    Marco925 , February 28, 2012 4:56 PM


    Ranting of privacy
  • 6 Hide
    upgrade_1977 , February 28, 2012 5:11 PM
    Right, just like they can't search your car, or come into your home without a reason. But as we are seeing in many video's on the internet, those rights a broken all the time by government and police. Just saying..
  • 4 Hide
    mrmike_49 , February 28, 2012 5:16 PM
    But take note that the ^&*%#^&)%) judge kept the guy in jail for 8 months first - THAT is what pissed me off
  • 6 Hide
    rozz , February 28, 2012 5:41 PM
    COLGeekI will only say this in regard to cracking these passwords. They can certainly be cracked with the proper tools in far less time than you might think. This might even be a good topic for Tom's to look into.The bottom line, don't feel too secure with these tools. What math can put together, math can take apart. Think about it.....

    Not necessarily.. Even with Microsoft's Bitlocker, it is nearly impossible to decrypt an entire drive with 128bit encryption. Especially if you add a diffuser to your encryption, there is no possibly way to figure out the encryption. Once you think you start to get the encryption.. diffuser just messes you all up again. Kinda fascinating reading into it a little. Sure there are "spoofs" you can do like pulling the dram out while it's still hot and getting the algorithm off it, but that's not practical. Math may of put it together.. but you have to understand the math to take it back apart.
Display more comments