HDD Decrypting Cannot be Enforced by U.S. Prosecutors
The Fifth Amendment to the United States Constitution protects some people under criminal investigation from having to reveal passwords provided access to the encrypted content of storage devices.
In a case between the United States government and John Doe, the defendant refused to decrypt the data on the hard drives of several laptop computers and five external hard drives. He invoked his Fifth Amendment right against self-incrimination. He ended up spending eight months in jail for contempt of court, but the Court of Appeals for the Eleventh Circuit agreed with him and stated that the the content on a storage device is considered a form of testimony and he is therefore covered Fifth Amendment rights. Despite the government's suspicion that the hard drives contain child pornography, the defendant was released free of any charges.
The prosecutors attempted to get around the hurdle by guaranteeing that the defendant would not have to fear any charges for the act of decrypting the data, which was - not surprisingly - not compelling enough. They would only be able to enforce the decryption if they were to grant immunity to the defendant over any potentially incriminating contents at the same time. The government rejected this path.
One could suspect that the data encryption could now be concealed simply by encrypting the data. While that may be true in some cases, this particular ruling was based on the fact that the prosecutors simply had the suspicion that the hard drives stored illegal content. Had there been proof that the defendant obtained child pornography, he could have been forced to provide the decrypted data.
Yeah Brute force wont get them anywhere. You're talking tens if not hundreds of years with a simple 128bit encrypted drive.
And that's with tons of GPUs cracking at it..
Curious.. did they try "12345" as the password?
Until they get a computer that can do several trillion tries a second, that is also widely available, you are safe on bruteforce. But by then, I suppose they would find a more secure means of encrypting data.
What is the definition of force in this case? I doubt it's water boarding
For better wording, read the PDF linked as the source of the article.
This is an interesting case. It seems odd that the govt didn't clone his HDDs and decrypt (various means to do so including brute force).
They couldn't force him to give up his password, so he managed to get out of it.
The same goes with this.
They can't force you to give up your password.
Until they get a computer that can do several trillion tries a second, that is also widely available, you are safe on bruteforce. But by then, I suppose they would find a more secure means of encrypting data.
Yeah Brute force wont get them anywhere. You're talking tens if not hundreds of years with a simple 128bit encrypted drive.
And that's with tons of GPUs cracking at it..
Curious.. did they try "12345" as the password?
This +1 I chuckled
ENCRYPT ALL DRIVES WITH 512BIT QUICK BEFORE GOVERNMENT INVENTS QUANTUM COMPUTING!
The bottom line, don't feel too secure with these tools. What math can put together, math can take apart. Think about it.....
If you add a "boot up password" to any system.... yea sure, they could take the hard drive out and try to get into the contents thru another system...
But, this has its drawbacks: The system, in its original form, would be compromised. This opens up the defense to such things as "what if they planted data on the hard drive after it was removed from the original system" and so on and so forth...
Scumbag lawyers. cops and judges, especially pigs, I mean cops, are liars of the worse kind. They all hang out together and have drinks, this includes politicians too.
Anger issues? Not exactly a great addition to the discussion.
But at the same time, If I suspect of someone has child porn, I would probably would try to find other ways to get the facts straight before arrest him in the first place.
Maybe a simple court order to "sniff" on his computers should have been enough.
(predators would simply not stop doing what they do) and they could have tracked his "whereabouts" online, that would be proof enough to get access to his dirty drive.
OR proof that they were wrong and move along...
Ranting of privacy
Not necessarily.. Even with Microsoft's Bitlocker, it is nearly impossible to decrypt an entire drive with 128bit encryption. Especially if you add a diffuser to your encryption, there is no possibly way to figure out the encryption. Once you think you start to get the encryption.. diffuser just messes you all up again. Kinda fascinating reading into it a little. Sure there are "spoofs" you can do like pulling the dram out while it's still hot and getting the algorithm off it, but that's not practical. Math may of put it together.. but you have to understand the math to take it back apart.