HDD Decrypting Cannot be Enforced by U.S. Prosecutors
The Fifth Amendment to the United States Constitution protects some people under criminal investigation from having to reveal passwords provided access to the encrypted content of storage devices.
In a case between the United States government and John Doe, the defendant refused to decrypt the data on the hard drives of several laptop computers and five external hard drives. He invoked his Fifth Amendment right against self-incrimination. He ended up spending eight months in jail for contempt of court, but the Court of Appeals for the Eleventh Circuit agreed with him and stated that the the content on a storage device is considered a form of testimony and he is therefore covered Fifth Amendment rights. Despite the government's suspicion that the hard drives contain child pornography, the defendant was released free of any charges.
The prosecutors attempted to get around the hurdle by guaranteeing that the defendant would not have to fear any charges for the act of decrypting the data, which was - not surprisingly - not compelling enough. They would only be able to enforce the decryption if they were to grant immunity to the defendant over any potentially incriminating contents at the same time. The government rejected this path.
One could suspect that the data encryption could now be concealed simply by encrypting the data. While that may be true in some cases, this particular ruling was based on the fact that the prosecutors simply had the suspicion that the hard drives stored illegal content. Had there been proof that the defendant obtained child pornography, he could have been forced to provide the decrypted data.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
-
SpadeM Had there been proof that the defendant obtained child pornography, he could have been forced to provide the decrypted data.
What is the definition of force in this case? I doubt it's water boarding :P but then again it is America ... -
juncture fish1932989This is worded just so incorrectly from a legal standpoint. Just awful.Yeah, people can actually understand it now.Reply
-
COLGeek fish1932989This is worded just so incorrectly from a legal standpoint. Just awful.For better wording, read the PDF linked as the source of the article.Reply
This is an interesting case. It seems odd that the govt didn't clone his HDDs and decrypt (various means to do so including brute force). -
captjack5169 Personally, I would rather them trying to crack the encryption on my drives. I bet I get to retirement first.Reply -
You dont need 'proof' of childporn on the hard drive. That is not the court's standard among other things..Reply
-
memadmax The canadians had the same issue regarding a guy that had a "boot up password" on his laptop....Reply
They couldn't force him to give up his password, so he managed to get out of it.
The same goes with this.
They can't force you to give up your password. -
memadmax Also, any form of "bruteforce" is still a 5 year endeavor, even with the most powerful supercomputers doing the number crunching.... this puts it past the "statute of limitations"....Reply
Until they get a computer that can do several trillion tries a second, that is also widely available, you are safe on bruteforce. But by then, I suppose they would find a more secure means of encrypting data. -
rozz COLGeekFor better wording, read the PDF linked as the source of the article. This is an interesting case. It seems odd that the govt didn't clone his HDDs and decrypt (various means to do so including brute force).Yeah Brute force wont get them anywhere. You're talking tens if not hundreds of years with a simple 128bit encrypted drive.Reply
And that's with tons of GPUs cracking at it..
Curious.. did they try "12345" as the password? -
captjack5169 rozzYeah Brute force wont get them anywhere. You're talking tens if not hundreds of years with a simple 128bit encrypted drive.And that's with tons of GPUs cracking at it.. Curious.. did they try "12345" as the password?Reply
This +1 I chuckled