-Submitted by David Drumm (Nal), Guest Blogger
With the Fourth Amendment a mere shadow of its former self, its time to apply the same erosional process to the Fifth Amendment. The Justice Department has asked a federal judge to compel Ramona Fricosu, charged with bank fraud, wire fraud, and money laundering related to a mortgage scam, to decrypt the files on a laptop found during a raid on her home. Fricosu now faces the cruel trilemma: perjure herself by claiming she doesn’t know the passphrase, incriminate herself by decrypting the files, or face contempt of court for refusing to decrypt.
The key phrase in the Fifth Amendment is, “[no person] shall be compelled in any criminal case to be a witness against himself.”
To get around Fricosu having to reveal the contents of her mind, the Justice Department would permit Fricosu to decrypt the files via a secure link, without actually revealing the decryption passphrase.
The first opinion to directly address the issue was handed down by Magistrate Judge Jerome Niedermeier in Vermont. From In re Boucher, Judge Jerome Niedermeier wrote that entering the password is testimonial:
Entering a password into the computer implicitly communicates facts. By entering the password Boucher would be disclosing the fact that he knows the password …
Many acts of production, such as providing fingerprints, blood samples, or voice or handwriting samples, are not protected by the Fifth Amendment, even though that production could provide a link to incriminating evidence. It is undeniable that a person possesses fingerprints, blood, and a voice, so production of those items gives no evidence of a person’s thoughts. However, the decryption of the files reveals the fact that the password is known, and that reveals the contents of a person’s mind.
One document published in the University of Chicago Legal Forum in 1996 says:
Because most users protect their private keys by memorizing passwords to them and not writing them down, access to encrypted documents would almost definitely require an individual to disclose the contents of his mind. This bars the state from compelling its production. This would force law enforcement officials to grant some form of immunity to the owners of these documents to gain access to them.
Prosecutors in the Fricosu case are refusing to grant her full immunity for whatever appears in the decrypted files.
In Maness v. Meyers, Chief Justice Burger, in the majority opinion, wrote:
This Court has always broadly construed its protection to assure that an individual is not compelled to produce evidence which later may be used against him as an accused in a criminal action.
…
The protection does not merely encompass evidence which may lead to criminal conviction, but includes information which would furnish a link in the chain of evidence that could lead to prosecution, as well as evidence which an individual reasonably believes could be used against him in a criminal prosecution.
H/T: Fourth Amendment.com, cnet News, Orin Kerr.
AY,
Your words of caution are well taken. Anyone who thinks that anything they do isn’t or cannot leave a record of their actions in this digital age is a fool.
My methods are simpler because I am retired, live on a fixed income and don’t use credit except for purchasing vehicles. My “stoned” days are more than three decades past, so beyond statutes of limitations. I use my real name, have little savings and no investments. I also, as you may note am very open about myself and my life, so there are no hidden skeletons to find. I’m a wise enough old bird to understand that the cover-up always bites you in the ass, so I have nothing to cover up. Beyond that I believe that in today’s world, if they want to get you they will. With me though there’s nothing to get.
One last thing….in remembrance of Peter Falk….
That is one of the reasons that I wipe and clean my drives regularly…and compress and zip personal and financial files….It is no ones business….what I do or do not do….
This is a word of wisdom to the unknowing…If you ever visit a government website…they can track you with cookies that you pick up from there site for what is supposed to be a minim of one year. They can virtually tell everyplace your IP address has been….if you think that I kid you….think about a website that you visit…pretty innocence to start with….they obtain your IP address for marketing tracking purpose….they also share that information with other marketers….if you have an open email system/browser running at the time….they also obtain your email address…then think about all of the unwanted emails you start getting….addressed just to you….
Although I have a smart phone….maybe not the person operating it… It is best to destroy them at the end of its useful life….Never, ever donate them as they can never truly be cleansed of the personal data that they carry…..especially if you have done any type of banking or trading activities….even though you have cleaned it…some residual information is still there……
The only one that I am pretty sure that can erase most everything at the present is Blackberry….but I still suspect its owner RIM is still tied to covert operations….this was the phone of choice for the Government and Sandinista conflicts….but of course we did not have any government opts down there…nor were there drugs exchanged for guns…that is the story and they are sticking with it……
FYI Cell Phones:
Deleting Cell Phone Data Before Upgrading Phones
Whether you’re itching to get an iPhone or another cell phone, there are certain security precautions you should take when upgrading phones. Before you sell or trade in your current phone, learn how to delete your cell phone data. The last thing you want is to hand over personal information or sensitive data to a stranger.
Cell phones are like PCs in that they store data. You might think that because they were smaller, the task of removing your data would be easier. Sorry, that’s not the case. It can be downright difficult to do it with some phones. Part of this is intentional by the manufacturers so we don’t accidentally delete the data.
http://www.timeatlas.com/cell_phones/general/deleting_cell_phone_data_before_upgrading_phones
Elaine,
One thing that I have learned is this…if you think that you are smarter than the next guy…someone will always out do you…..especially in the area of electronics…..I learned a lot when a 13 year old kid from I believe Milford, MI brought TRW (Credit Reporting System) system down….Everyone seemed to thing that the system was impenetrable…He was in some deep do do….as they also have a defense component….as part of the company….before they were all renamed.
I know even from days as an Investigator for the AG where I would literally slip in an office and retrieve ribbons cartridges from type writers and decode them….You needed a warrant….not every time….even if you think its is gone it is still there….I remember getting a Federal Judge Rescued from a fairly important case, based upon some personal filings with the SOS…nuff said there… All’s you have to have is a little imagination…
This is one of the reasons that when Thomas has not rescued himself on cases of known associations that it burns a hole in my a&&……
Gene H.,
I was up past my bedtime…..
Thanks, Elaine. That is seriously fascinating. I do hope they can get the data from her hard drive without compromising her Fourth and Fifth Amendment rights. That would be a giant step backwards for civil rights, which are already on life support thanks to the so-called PATRIOT Act.
Let me know how the work turns out. It has meaning for us, because our company is in a business where security is very important.
CASEY IS FREE DECRYPT THEM FILES!!!!!!! YESSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! SHOUT OUT TO JESUS!!!
Otteray & AY,
My husband says that if the hard drive is taken apart and you’re working with the platters you can get access to the data in the magnetic field. My husband has worked with the University of California at San Diego that does all the hard drive forensics for the US government. He said they’ve never failed to retrieve data. He’s now working on SSDs. They are a big problem for forensics because no software can overwrite the data in hard drives completely. As you probably know, SSDs do not read and write to the same location and there will always be areas of the drive that the presently known software will not overwrite. Degaussing will not work on the NAND chips in a SSD drive. My husband is working with scientests on a new technology that may solve the problem. He knows you are very knowlegeable and can keep you abreast of their progress if you have any questions.
AY, OS Elaine, thank you all for your discussion. I have a lot of food for thought. It was illuminating.
A.Yours,
You raise a valid point, but it was nonetheless a typo albeit it a possibly relevant typo. It wasn’t really a malapropism as it wasn’t totally incorrect nor did it involve words but numbers. I guess that would make it a misnumerism? On that moderately silly note, I’m going to bed to sleep off the Tecate and carnitas.
Gene H,
It could very well be a balance of the 4th and 5th….I pondered your statement…for a while…It could still prove to be an illegal search and seizure…..even if the court says that the
does not apply and that the password must be provided…and then the balance would be the 4th…..what is the PC to obtain the warrant….
Blouise,
I think Symtec offers a home use version…..but one program I am aware of says this: The integrated password generator creates virtually uncrackable passwords: instead of passwords like “sweetheart” or “John”, which can both be cracked in a few minutes, you now use passwords like “g\/:1bmV5T$x_sb}8T4@CN?\A:y:Cwe-k)mUpHiJu:0md7p@<i" (with a 1-GHz-Pentium-PC, it takes approx. 307 years to guess this password!).
Virtual (on-screen) keyboard: The ultimate protection against keylogging. With this tool you can enter your master password or other confidential information without even touching the keyboard. Password Depot does not simulate keystrokes, but uses an internal cache, so that they can neither be intercepted software- nor hardware-based.
which sounds like the program that the FE cannot crack…..or this is where the government is at, at the present….
Lock function: Locks the program under certain, customizable conditions, so that nobody apart from the owner can access it.
Here is one I found for you:
Carry Sensitive Data on an IronKey
When you first plug in the USB thumb drive, you can launch the app for your platform right off the device itself. They have the documentation there as well. Give it a name and your secure password (please remember it!). You can also enable the Device Reset feature at this point so that if your device is lost/stolen and someone keys in the wrong password too many times it will automatically and securely erase or destroy the device.
http://terrywhite.com/techblog/archives/4211
I also have downloaded Firefox Private Browsing….Nothing is saved….you do not have to erase anything….
Reading back over this diary and the comments, it occurred to me that she may be in a no-lose situation. If she is ordered by the court to reveal the password, she may opt still for contempt. She may go to jail or prison for a time for contempt, but that may end up being a lot less time than if she is convicted. Also, if they do eventually break the encryption, she may qualify for time served against any eventual sentence. I would not want to be in her shoes under any circumstances, but she is in the catbird seat as far as those files are concerned. Some of the encryption programs available these days are, for all practical purposes, impregnable.
When I did the calculations on the WikiLeaks document dump encryption, I was stunned to figure it would take a battery of supercomputers about 1×10^51 years to crack the code Julian Assange and his team used. That is a one followed by 51 zeroes which is several times the age of the universe.
I might add that I hope they crack the code, because in no way can I condone what this suspect is suspected of doing. My hope is they can crack it without forcing her to compromise her civil rights.
Pardon my typo.
I meant 5th earlier.
Great post, Nal. Good lord … I’m learning a lot about the Fifth and even more about computers.
Elaine,
I agree with your husband….It is still there in some format…the data may not be formalble….to be if any use or value as data may be compressed in some areas and so discombobulated in other areas that its value is useless to even the examiners….. Degaussing is a good way to erase the data…but some data is still left on…it use is minimal…..as the other supporting binary codes are rearranged as well to make it intelligible……therefore you are left with only part of the information….it is like having a corner of currency that has been burnt….and only .001 percent is left…
The drive wipes I am talking about….compress the files and basically makes them a zip related type file and then deletes them….some part may still be dangling….but, what use is it….then it encrypts them with such long password protections options, not only to get the computer to open back up…but each program is set with password protections….then it is theoretically possible to have the invalid password driver wipe restart within the program that they are trying to open….
I am not saying that it cannot be opened but where does it start and where does it end….
I think the FE has already looked at the root menu and knows what programs are there and what security files exist….
Just as OS has stated and quantified…..
If I was the government….I would be looking for safety deposit boxes….in every persons name that this person has ever had contact with….to simple rocks that the person has passed by as they may hold a zip drive with just the information that they are seeking…If the person has janked as much money as been suggested….they probably have a car with a GPS in it and they can figure out where they have gone, stopped, speed, gone slow etc……
I still do not figure out how they can require the person to provide the passwords in violation of there 5th Amendment…or as has been suggested the 4th Amendment…..This is a tricky area, very tricky area….for the DOJ…..just think about all of the contributors to the various different causes…..that information is not generally discoverable…I think its the NAACP case out of the 60’s……but if they are trying to prove illegal contributions….hmmm…..seize the hard drives and make them supply the passwords…..it would open literally Pandora’s box that they wish not to have opened….Clarence Thomas certainly would not want that…..
Elaine, your husband is correct, but from a practical standpoint, the files are beyond reach. What at least some of the scrambling programs do is essentially change the password, perhaps to a random alphanumeric string that may be several hundred digits/letters/symbols long. Then encrypt everything. The boot files are also corrupted in the process. All you can see is the “blue screen of death.” Obviously, any encrypted file or program can eventually be broken, provided you have a billion or so years to spare.
AY,
My husband says the data could still be retrieved through data retrieval forensics. He says the only way to destroy the data is through degaussing.
http://www.datasecurityinc.com/
Semantics aside, this seems self-incriminating.
If this were a civil case, the defendant would have no recourse to any of the above arguments. Discovery rules in civil cases require that the defendant make the plaintiff’s case for him. The plaintiff’s lawyer can ask where is that, give me copies of this, to whom have you told this, who was that lady I saw you with last night; and the defendant must answer truthfully. Why is that? Why do civil defendants not have the right to silence?
In some other thread, I’ll ask why is it so easy to become a civil defendant.
OS,
We agree…
LK,
Yes, there are many different types of hard drive wipes that if you mis-enter the password (how many times you define) then it will do an entire drive cleaner and then encrypt the drive so that it is unusable for anyone or anything other than a paper weight….
Are there self-destruct mechanisms for hard drives? Either a program that destroys the info if it’s a brute force hack/decrypt or something that actually damages the HD? I’d have that installed as an add-on if I saw it offered when I bought a new computer.
Capt. Erb, where your analogy breaks down is, if a diary is found, it may be entered into evidence. But suppose said diary is written in an unbreakable code? Can the writer be forced to reveal the decoding formula to the police? Seems to me that if they want to figure it out, they can try, but forcing you to tell them how to break the code would infringe on the Fifth Amendment right against self-incrimination.
They can take a an exemplar, such as a fingernail clipping, fingerprint or hair sample, but when they want to get into what you KNOW, that is a different thing altogether.