NovaTC

Your experience with file/disk encryption

Recommended Posts

I just want to point out that in the US, it is HIGHLY unlikely that they could ask you for your encryption key without some supporing evidence that you were doing something illegal - such as having your IP found listed as a supernode for Kaaza, or massive file traffic from your IP, or questionable website links to your IP. 

But if you are not worried about such supporing evidence (you're either doing NOTHING wrong, or there is no way for anyone to know at all), then you don't need encryption, because they wouldn't get the search warrant in the first place.  I'm just pointing out that once they HAVE the search warrant, then you can be compelled to open your "residence" to search, and that includes your harddrives. 

For an analogy, if I have the police come to my house with a valid search warrant, and I have a LOCKED ROOM, they can ask me to open that room.  If I say no, I am in violation of the search warrant, obviously.  And I can be arrested and/or held in contempt.  An encrypted drive is the equivalent of a locked room, plain and simple.  And they can compell you to open it, the same as if it was a locked room.  You can put the strongest lock on that room that you want, but the police can still order you to open it - after all, the search warrant says your whole house is (usually) open to search.  Similarly, you can put the stongest lock on your files - but the police with a warrant can compell you to open it.

In my mind, this is NOT a violation of civil liberties in any respect.  A search warrant is a search warrant, and they had to prove to a judge that something was probably illegal at that residence to get it.  A locked room, a locked car trunk, or an encrypted file is, and should be, equivalent.  So far, I have been impressed with the willingness of the US courts to apply that rule to not only filesharers, but mafia bosses with encrypted books, and corporate criminals with encrypted emails.  It's not a "screw the little guy" law, it seems to work it's magic across spectrum, as long as it's fairly applied in the initial search warrant phase...

Future Shock

100% correct.

Listen to this man. He knows what he’s talking about.

Share this post


Link to post
Share on other sites
@ Future Shock

While the comparison between a locked room and an encrypted drive is intriguing, a search warrant, at least to my understanding, allows them to search your house. It does not allow them to force you to do what they please, i.e. you do not have to help them or actively cooperate in any way. Especially if helping them would only incriminate yourself. Of course, you should not resist actively either.

I only read some sources about house searches in my country, perhaps it is different in the US.

The practise is as follows: They can ask you to open a locked door. You can say, "fine, better I open it myself, because otherwise they will break it open, costing me more in the end". Or you decide not to help them (perhaps because what you did will bring you in jail for years anyway, so a torn out door is your least concern). Then they will force the door open and find all evidence anyway. But if your locked door was impenetrable (i.e. a hard disk ecnrypted with a save encryption algorithm), they can not force you to open it. Not in a constitutional state, at least to my understanding of the word, as helping to open the (theoretically of course) impenetrable door is essentially the same as incriminating one self.

Impenetrable real world doors do not exist, while there are certainly encryption algorithms that are impenetrable by today's knowledge. So you cannot compare a door and an encrypted drive.

I did some coarse research regarding self-incrimination and the US constitution:

http://www.columbia.edu/itc/tc/bolotin/res...oliceprior.html

appears to confirm that you do not have to incriminate yourself, but it doesn't cover the search warranty & password issue.

However, although obviously concerned with New Zealand law,

http://www.chapmantripp.com/resource_libra...cle.asp?id=2604

appears to refer to a change in law that (probably under the "anti-terrorist" hood), that confirms what you said:

"Subsection 1 of the new section says that the police, when executing a search warrant, can make a specified person:

'provide information or assistance that is reasonable and necessary to allow the constable to access data held in a computer that is on premises named in the warrant.' "

"subsection 4 says that subsection 3 does not stop the police from making a person provide assistance in accessing a computer, even if that computer 'contains or may contain information tending to incriminate the person'."

Well, if this is true, I am truely horrified. I didn't expect that cutting down civil rights has already progressed that far. A balance has to be found between the rights of the individual and the safety of a nation. This balance has obviously long since been tipped over.  *me removes new zealand from list of potential vacation targets*

I will do further research on that topic, especially about how this situation is handled in the US and in my country.

So youre telling me if i hade a walk in safe and the cops new i hade tons of drugs in it and they had a search warrant for it and i told them they couldnt; because its impenetrable they just say, "OK, well, see you. I guess we will come back when its not behind an "impenetrable" door?

What country do you live in? I want to move there.... I would be a crime lord.

stinker, just run your computer in a walk in safe room/panic room....

LOL....

Share this post


Link to post
Share on other sites

@track: Of course computer files are usually not random data. But if you want to securely erase a hard disk (perhaps before selling it on ebay), you can just write random data to it.

So a hard disk full of random data could just be that.

And about search warrants: judges tend to be very generous when signing them. I recently read about someone's flat being searched because he was accused of having used someone else's account to pay on a porn site. While this is certainly not something to be taken lightly, the evidence was not clear (the guy in fact _was_ innocent). Actually the attorney of the state had no clue about computers, as had the judge. They filled the search warrant. And all for about 50 euros (~60$)! So don't place a bet on a judge to protect your rights as a citizen.

@pico1180:

You quoted Future Shock and said that he is 100% correct.

My point is: you _cannot_ conmpare a door to an encrypted disc. Cause there is no such thing as an impenetrable door. The door is there, they have a search warrant, they can ask(! not force!) you to open it, or they will open it for you, certainly leaving quite a mess. But how can they force you to reveal a password. Perhaps you forgot it. Of course, that is a lie, but what should they do? Put you in jail 'til you remember? For what, perhaps because of some hundred MP3 or warez? While RIAA and other lobby organisations would like to have jail sentences for that, the relation between the severity of the crime and the punishment should not be forgotten.

Currently there is a development in many countries, caused by serios lobbying of the entertainment industry, to put severe punishment (even prison sentences) for non-commerical violation of copyrights. I say that here the balance between punishment and "crime" is no longer kept. I mean, five years of prison is less than a rapist usually gets! It can't be that you are (punishment-wise) better of when you rob your local CD store than when you download the MP3s them from the internet.

And even for the most severe crimes, there are measures that simply MAY NOT be taken under any circumstances in a country that calls itself civilized and democratic. Torture, locking up people without giving them proper legal support etc.

The problem ist, that if the apparent crime is severe enough, many people will happily agree to do whatever necessary to make someone speak.

Should someone be tortured if national security is at stake (just think about the "24" TV-series, where Jack Bauer kills and tortures non-stop, and most viewers think that's okay)? Maybe.

Should someone be tortured/locked up because he _may_ have some warez on an encrypted disk? - Definitely not.

But since "we have the best politicians money can buy", we might soon see laws that allow just that. Perhaps that is the time to consider leaving a country (but go where?), not only because such a law might one day be applied to oneself, but because the fact that such a law was ever adopted shows that a country is no longer "free" or a constitutional state.

Leaving a country because of questionable laws might seem extreme at first, but consider what many germans (especially those of yewish origin) did during the 1930s. They saw to what the political developments were leading to, and left the country. But unlike in the 1930s there might not be a "save haven" to go to.

Share this post


Link to post
Share on other sites
@track: Of course computer files are usually not random data. But if you want to securely erase a hard disk (perhaps before selling it on ebay), you can just write random data to it.

So a hard disk full of random data could just be that.

And about search warrants: judges tend to be very generous when signing them. I recently read about someone's flat being searched because he was accused of having used someone else's account to pay on a porn site. While this is certainly not something to be taken lightly, the evidence was not clear (the guy in fact _was_ innocent). Actually the attorney of the state had no clue about computers, as had the judge. They filled the search warrant. And all for about 50 euros (~60$)! So don't place a bet on a judge to protect your rights as a citizen.

@pico1180:

You quoted Future Shock and said that he is 100% correct.

My point is: you _cannot_ conmpare a door to an encrypted disc. Cause there is no such thing as an impenetrable door. The door is there, they have a search warrant, they can ask(! not force!) you to open it, or they will open it for you, certainly leaving quite a mess. But how can they force you to reveal a password. Perhaps you forgot it. Of course, that is a lie, but what should they do? Put you in jail 'til you remember? For what, perhaps because of some hundred MP3 or warez? While RIAA and other lobby organisations would like to have jail sentences for that, the relation between the severity of the crime and the punishment should not be forgotten.

Currently there is a development in many countries, caused by serios lobbying of the entertainment industry, to put severe punishment (even prison sentences) for non-commerical violation of copyrights. I say that here the balance between punishment and "crime" is no longer kept. I mean, five years of prison is less than a rapist usually gets! It can't be that you are (punishment-wise) better of when you rob your local CD store than when you download the MP3s them from the internet.

And even for the most severe crimes, there are measures that simply MAY NOT be taken under any circumstances in a country that calls itself civilized and democratic. Torture, locking up people without giving them proper legal support etc.

The problem ist, that if the apparent crime is severe enough, many people will happily agree to do whatever necessary to make someone speak.

Should someone be tortured if national security is at stake (just think about the "24" TV-series, where Jack Bauer kills and tortures non-stop, and most viewers think that's okay)?  Maybe.

Should someone be tortured/locked up because he _may_ have some warez on an encrypted disk? - Definitely not.

But since "we have the best politicians money can buy", we might soon see laws that allow just that. Perhaps that is the time to consider leaving a country (but go where?), not only because such a law might one day be applied to oneself, but because the fact that such a law was ever adopted shows that a country is no longer "free" or a constitutional state.

Leaving a country because of questionable laws might seem extreme at first, but consider what many germans (especially those of yewish origin) did during the 1930s. They saw to what the political developments were leading to, and left the country. But unlike in the 1930s there might not be a "save haven" to go to.

Let me just make this as simple as I possibly can.

Lets say I work for the federal government and have access to classified informant. For the sake of being long-winded we will say I’m taking that information home and storing it on my personal computer. I have no authorization to do so and, to make a long story short, I’m suspected of espionage.

The Department of Justice along with The Department of Defense accompanied by state and local law enforcement kick in my door with a search warrant for said classified information. They arrest me and confiscate my computer. I’m held without bail until the contents of my hard drive can be examined. They find what they believe to be encrypted data on my hard drive. They ask me to unencrypt it. I say no. I go to jail for a long, long time.

That’s just the way it works.

You are absolutely right. Under the 5th amendment to the US constitution I can not be made to self incriminate my self. More commonly, I have the right to remain silent. In the situation above I invoked that right… and I was still found guilty…

You can get me rolling on law. Please don’t get me started…. Gene will move this thread to The Bar and Grill. ;)

I don’t care what liberal folks want to say. An encrypted hard drive may not be a locked door per say, but it is a locked container. And locked containers are treated just like locked rooms, locked vessels, locked automobiles and locked houses.

And keep in mind. Any evidence, either real or perceived, that can reasonable be suspected of deteriorating over any length of time, can be forced from a person. And when I say force I mean what ever force necessary to extract what ever evidence they want. Note I didn’t say minimal. That’s because it doesn’t have to be minimum, just reasonable. What’s the difference? There’s a BIG difference. Hit me up later if you care. I'm tired and want to go to bed…

The old adage applies.

The only ones who should fear the law are those who break it.

Share this post


Link to post
Share on other sites
The old adage applies.

The only ones who should fear the law are those who break it.

The problem is: laws are made by humans. And humans are neither free of error, nor free of malevolence. In history, many laws have been passed that were injust, inhumane, simply "not right".

The Department of Justice along with The Department of Defense accompanied by state and local law enforcement kick in my door with a search warrant for said classified information. They arrest me and confiscate my computer. I’m held without bail until the contents of my hard drive can be examined. They find what they believe to be encrypted data on my hard drive. They ask me to unencrypt it. I say no. I go to jail for a long, long time.

That’s just the way it works.

Yes, it works like that in dictatorships, "communist countries" and all other forms of government that don't regard human rights very high. It just doesn't suit a democracy.

It seems this discussion leads nowhere. Lets agree on disagreement.

Share this post


Link to post
Share on other sites

This thread has turned into an interesting little discussion into the rights, both moral an actual, that authorities have to force you to give them access to your encrypted data. There is something that I've often wondered about in relation to this so I'll post it here while the ball is rolling, even though it is a somewhat different senario to what is currently being discussed.

I'm wondering about the situation where you are not under any particular suspicion but instead are merely being subject to a random search, say of your laptop at airport security for instance. What would happen in this case if you refuse to provide access to your encrypted data?

No doubt this would vary from country to country but does anyone have any information on what would be the likely consequences of this senario, say in the US or the UK (or others).

Share this post


Link to post
Share on other sites
@track: Of course computer files are usually not random data. But if you want to securely erase a hard disk (perhaps before selling it on ebay), you can just write random data to it.

So a hard disk full of random data could just be that.

And about search warrants: judges tend to be very generous when signing them. I recently read about someone's flat being searched because he was accused of having used someone else's account to pay on a porn site. While this is certainly not something to be taken lightly, the evidence was not clear (the guy in fact _was_ innocent). Actually the attorney of the state had no clue about computers, as had the judge. They filled the search warrant. And all for about 50 euros (~60$)! So don't place a bet on a judge to protect your rights as a citizen.

Seems we agree here.

But what if they found an encrypted container that the suspect refuses to open?

A container that they *think* holds the proof of the fraud.

Would he get of the hook (easily) then?

In your last reply above this message you wrote:

"Yes, it works like that in dictatorships, "communist countries" and all other forms of government that don't regard human rights very high. It just doesn't suit a democracy."

So rouge countries get a search warrent for finding classified info.

Democracies get search warrents for alittle fraud.

I guess the diffrence lays in the amount of time you have to serve because you refused cooperation.

I think we agree the USA isn't considred as a dicatorship or similar; but still I hear about 'unproven terrorists' locked up.

If we look around very carefully is there even 1 country on this planet that values human rights at 100%?

As I said above if all was fair their was no diffrence between a $1/hour lawyer or a $1000/hour lawyer. We wouldn't even need lawyer at all.

I'm in court with my 100GB encrypted container and a freebie lawyer.

RIAA is also present with a team of high class lawyers.

"A jury consists of twelve people who determine which client has the better lawyer." :)

Share this post


Link to post
Share on other sites
So rouge countries get a search warrent for finding classified info.

Democracies get search warrents for alittle fraud.

I guess the diffrence lays in the amount of time you have to serve because you refused cooperation.

It is _not_ about cooperation. That would be the case if you are an (otherwise not involved) witness to a crime and refuse to help the authorities. It is about incriminating oneself. While it is not done directly (like in "yes, I did it, the skeleton is in the closet"), it is done indirectly by revealing the password.

A "rogue country" will not accept that the suspect is not willing to help the authorities get to evidence against him. A _true_ democracy would have to respect it. Even if it leads to the perpetrator getting away. That is among other things what differentiates a democracy from a tyranny. It is not only about elections and free speech.

I think we agree the USA isn't considred as a dicatorship or similar; but still I hear about 'unproven terrorists' locked up.

Agreed. But Guantanamo is one such thing that I think, does not suit a democracy. Moving suspects to other countries where they can be tortured instead of interogated in accordance with human rights is a similar matter. (Note: AFAIK the later is only an unproven rumor)

If we look around very carefully is there even 1 country on this planet that values human rights at 100%?

I am afraid not. While some countries come closer than my country or the US in some respect (like e.g. Switzerland), they often lack in other departments.

The "degree of democracy" can oftennot be determined by reading a countries constitution. It can often only be seen in day to day life.

Share this post


Link to post
Share on other sites
This thread has turned into an interesting little discussion into the rights, both moral an actual, that authorities have to force you to give them access to your encrypted data. There is something that I've often wondered about in relation to this so I'll post it here while the ball is rolling, even though it is a somewhat different senario to what is currently being discussed.

I'm wondering about the situation where you are not under any particular suspicion but instead are merely being subject to a random search, say of your laptop at airport security for instance. What would happen in this case if you refuse to provide access to your encrypted data?

No doubt this would vary from country to country but does anyone have any information on what would be the likely consequences of this senario, say in the US or the UK (or others).

That’s a really good question, and let me try to answer it by saying this…

A search has to be specific and direct. Meaning, if the police come into my house looking for drugs and find child porn, in the short, they can’t take immediate action. They have to re-write an affidavit and petition for a new search warrant. Depending on the judge they may or may not get it.

If there looking for a stolen car they can’t look in any other place but the garage.

Now, I’ve had my computer looked at at an air port before. They usually have it x-rayed. That’s about it. I’ve never had to turn it on and have then go through the files. That’s a little weird. But, once again, I have nothing to hide so they can. BUT. There has to be a reason for there search and it has to be relevant to their mission there at the screening station. For example, they have to be looking for some type of improvised explosive device. Their duty there does not afford them any other authority. NOW. For what ever reason, if they visually inspect the contents of your hard drive and find child porn and arrest you nothing will happen to you. Its called fruits of the poisons tree. They weren’t searching for child porn so they cant arrest you for having it. NOW, if the search station has some disclaimer like, “All hand carried items are subject to search for any material illegal or otherwise….blablabla…†and you consent to the search and they find “contraband†on your computer then you will go to arrested. But youre lawyer will have you out before you get processed. There is no reason why they should be searchign for child porn at a security check point. Are there actually security checkpoints that are search the contents of your hard drive? Thats really shady stuff there. Tell me more about this...

Anyway. It’s a free country. Under the 4th amendment to the US constitution you don’t have to submit to being searched. BUT, you also don’t have a right to fly in an air plane. If you want me to give you a ride to the store and you’re a hot chick, then I can ask you to show me your boobs. If you don’t want to that’s fine, I don’t have to give you a ride. Something to consider is the 4th amendment protects you from a designated official working in an official capacity. Not a private person. IE. John can’t violate Andy’s 4th amendment rights. But Officer Smith can.

I can go into more on that if you want later…

In short, can they ask you to show them your encrypted data? They shouldn’t even bee looking at your hard drive.

If that doesn’t answer your question let me know and I will come at it form a different angle.

Share this post


Link to post
Share on other sites
This thread has turned into an interesting little discussion into the rights, both moral an actual, that authorities have to force you to give them access to your encrypted data. There is something that I've often wondered about in relation to this so I'll post it here while the ball is rolling, even though it is a somewhat different senario to what is currently being discussed.

I'm wondering about the situation where you are not under any particular suspicion but instead are merely being subject to a random search, say of your laptop at airport security for instance. What would happen in this case if you refuse to provide access to your encrypted data?

No doubt this would vary from country to country but does anyone have any information on what would be the likely consequences of this senario, say in the US or the UK (or others).

Wait, you know what? I was in the mind set you were traveling in the US, state to state. I remember an incident in Saudi Arabia where ever bit of the media was thoroughly inspected on the way into the country.

All I have to say is; don’t happy fellow with the Saudis. You might loose your head on Al Jazzier for all the word to see… :ph34r:

Share this post


Link to post
Share on other sites
For example, they have to be looking for some type of improvised explosive device. Their duty there does not afford them any other authority. NOW. For what ever reason, if they visually inspect the contents of your hard drive and find child porn and arrest you nothing will happen to you. Its called fruits of the poisons tree.

I am aware that the US have this doctrine, i.e. that they cannot use evidence they stumble upon by accident and that is not related to the reason for the search warrant, or evidence gathered by illiegal means. It is however not like this in every country. In my country, if they do stumple upon evidence that hints to other crimes, you can and will be charged for that as wll. Say, they come looking for warez and find your beautiful canabis green house and that cool Kalashnikow rifle in your closet, than warez will be the least of your problems. Depending on the amount of canabis,you will get quite a sentence either for drug consumption (if the amount is small, so that it might seem an apprioate amount for private consumption) or for drug dealing/production if you green house holds more than a few plants. Not to forget that gun... even if you had a gun license (which you can get if you make it plausbile why you would need a gun), in my country you still would not be allowed to have an automatic rifle, which is considered a weapon of war, i.e. not for civilian use under any circumstances. This would end you up in prison for sure.

Back to the point... the "fruit of the poisonous tree"-doctrine that definitely lacks in my countries laws. Evidence that was gathered by questionable means _can_ be used against you. Not good.

Share this post


Link to post
Share on other sites
Back to the point... the "fruit of the poisonous tree"-doctrine that definitely lacks in my countries laws. Evidence that was gathered by questionable means _can_ be used against you. Not good.

OK, let me clarify. Evidence that has been gathered against you through questionable means CANNOT be used against you.

If they search your house for warz and find illegal guns instead, then that’s a bit different. They cant arrest you on the spot, a new search warrant must be obtained and you must be brought up on new charges. It’s the some ultimate end that you described, just a different, longer way of going about it.

NOW. If they are looking for cannabis, they can’t check your hard drives. If they’re looking for rifles they can’t check your sock draw.

BUT if you have a gun safe or a container that’s primary purpose is to hold weapons they may or may not be aloud to open it, depending on the search warrant. BUT if you do open it and your AK is in there and not a hard drive its not an immediate given you will be in trouble for it. It would have to be argued that a reasonable person would suspect that someone would keep hard drives or media inside a gun case. If the judge deems it unreasonable to suspect someone of storing hard drives in a gun case then it will be thrown out and you will walk away. Probably not with your AK, but you won’t be doing any jail time for it…

BUT. If a judge does deem it a reasonable place to store a hard drive then you will get in trouble for having an AK. Does that make since?

A better, more clear example would be if the police entered your dwelling illegally to begin with. If it was an unlawful detention, or a bad search then anything that comes from it you will not get in trouble for. No, "Well, we will come back laiter with a warrant." or anything. Nothing. Period. You will no doubt be put on that officers, "people to watch" list but thats about it.

However, there are times when the police can come into yoru home without a warrant and without yoru permision.

Its uncertain how liberal a judge may be when it comes to giving search warrants for digital info. The warrant may be very specific and not allow the officers to search anywhere but the computers and their immediate arrears.

It should also be known that you can’t use coercion or a ruse to get the subject to allow you to search. For example, “We don’t have a search warrant, but we can get one,†or “Don’t make us get a search warrant.†something along those lines. If you let the police in on that and they do find what they were looking for and they arrest you on that, then you will not go to jail.

Also, if you are driving your car and the police pull you over for no reason, that’s an unlawful detention. What ever they find in lue of that will be worthless in court. That’s up to and including dead body’s in the trunk.

That’s all for now…

Share this post


Link to post
Share on other sites
Wait, you know what? I was in the mind set you were traveling in the US, state to state. I remember an incident in Saudi Arabia where ever bit of the media was thoroughly inspected on the way into the country.

Yeah, if you're trying to enter another country then I think you just have to put up with it, either that or turn straight around and go home.

I once read about a guy entering the UK (from Australia) and they picked him out for a full media scan of his laptop (probably looking for porn or something). The guy was a journalist and it was a pretty amusing little anecdote.

Apparently when they told this guy that they needed to scan his hard-drive he was really taken aback and asked lots of questions like “why do you want to do thatâ€, “what are you looking for†etc. Maybe this made them suspicious, I don't know, but he said the customs guy was bragging about their “really good scanning software†and kind of swaggering about with lines like “if you've got anything illegal then this will find it†etc.

Here's the punch line though. It turns out when he finally hands the computer over for scanning that the customs guy suddenly starts looking less bold and slightly red-faced he says, “oh.. it's a Mac, our ..um.. software can't ..er.. do Mac's yetâ€. LOL!

That was supposedly a true story, a few years old now (circa 2000) and I honestly don't know if it was exaggerated for humorous impact. Still it thought it was pretty funny at the time. :)

Share this post


Link to post
Share on other sites

Future Shock writes inpart;

"With cause (such as monitoring network traffic for filesharing), they will certainly get the search warrant. Your encryption alone is probably enough grounds to get a judge's order to have the key released - it is almost tantamount to an admission of guilt - "if he ISN'T doing something illegal, then why does he have 500Gigs of encrypted files???"."

The above type of attitude indicates a lack of understanding of usa Federal statute and state statutes as well;

Your comment about Encyrption is absurd.. This is a form of "Nazi thinking" for instance "your lust for money indicates you are most likely A JEW" << sound familar? "your Big nose indicates you are guilty of being A JEW"

there is the 5th amendment HERE TO CONSIDER.. It is not contempt of court and if I was ever in this situation, Id resist regardless of what information I had encrypted. Your comparision to a search warrant and a "locked door" is a bit off. One does not have to open the door for them. A search warrant would not instruct them to compell you to open the said door, but only that they have a right to search what is behind it. You are confusing things here a bit.

They can kick it down but they cannot compell you to open up a door even with a warrant because again the 5th amendment has bering here. This assumes if one is "Hiding something that can implicate you as "guilty of a crime" then it is soley up to them to break the door down. If they cannot they are "out of luck" the same with encryption. If you decided to delete the encyrption key it is soley uip to them to break the encyrption, ifd they cannot they cannot "assume guilt"

This is not about "assumption" thats the core issue what ia wrong with America today and a comparision to a pre ww2 Nazi Germany is justified.. Simply generating a large amouny of traffick on your ip is not grounds for "probable cause" It lies in an "assumptive nature"..

I might be swapping legal files with my freinds, source code, etc. The fact that I generate alot of ip traffic is not paramount nor does it reach the grounds of any probable cause on its own merit.

Let's say for argument sake I was involved in "warez" which I am not but for arguments sake in a purely hypothetical sense, I was;

The law would have to establish probable cause, not a suspicion of guilt. They cannot use the partiot act here if the suspicion does not reach the level of "terrorist activity" which The Patriot act clearly defines what that is, and it does not include copyright infringement on any level, I.E "WAREZ"

The Probable cause(for the warrant) would have to entail that a fed witnessed me uploading and/or downloading warez, i.e they would first have to "sting me" by inviting me to participate on a site and or sites they setup themselves. If I participate and illegal actions are witnessed, then the large amount of ip traffick is part of the probable cause to issue a search warrant

Your assesment "assumes guilt by suspicion" and would violate my civil liberties. Again, The Patriot act covers this, the difference between "probable cause" and "reasonable suspicion" and again, "reasonable suspicion" would only fall under the partiot act's SPECIFIC definitions of "TERRORISM" They refer to "Cyber Terrorism" but there is no manin section dealing with "Warez" I.E "copy right infringement"

Your attitude is most alarming here concerning these issues. However I will admit allot of judges fail to uphold the very constitution they have sworn to uphold. Hnece The Usa might be in the begining stages to eventually initiate marshall law one day/ This is because of again, JUDGES WHO Violate their sworn oaths and improper jUDges, I.E THOSE who have not put up the proper collateral to hold a bench position. The usa today in itself acts in illegally all the time.

It does alarm me and should alarm everyone else. Dont fall for the "we need to get rid of liberal judges" sound bites.. be free thinkers not brainwashed puppets!!

Peace

Share this post


Link to post
Share on other sites

One more thing I forgot to mention;

you say;

"With cause (such as monitoring network traffic for filesharing), they will certainly get the search warrant. Your encryption alone is probably enough grounds to get a judge's order to have the key released - it is almost tantamount to an admission of guilt - "if he ISN'T doing something illegal, then why does he have 500Gigs of encrypted files???".""

NO NOT WITH CAUSE.. with "PROBABLE CAUSE"

what u miss is that they need a warrant TO MONITOR YOUR IP TRAFFICK IN THE FIRST PLACE" If you feel otherwise than I am sure you would agree that law enforcement can follow me to work, they can monitor who i associate with..

sound familar? again the Nazi comparision

"we FEEL we have probable cause to monitor you because you are "A JEW"

you do not address the very issue of how they were able to legally monitor your ip traffick in the first place. You arguement assumes;

"Those who generate large amount of IP traffick are PROBABLY GUILTY OF ILLEGAL FILE SHARING" << there is where you go wrong. Generating large amounts of ip traffick is not in itself a crime. If it was I suppose they can get warrants for IBM since they generate a large amount of file traffick.

This is not "probable cause" not even close, its ASSUMING.. I assume EVERYONE WHO GENERATES huge ip traffick is guilty of illegal warez file swapping..

"file swappers" are automatically guilty of engaging in illegal file swapping activities

"Jews" are automatically guilty of trying to destroy Germany because that what Jews are business people and they are acting illegally to hurt the very core of germany"

DISTURBING to say the least...

SEE?

Share this post


Link to post
Share on other sites
...bla bla bla....An encrypted drive is the equivalent of a locked room, plain and simple...bla bla bla

100% correct.

Listen to this man. He knows what he’s talking about.

The conclusion of this thread is only that legal advice should not be sought on Storagereview (or on the Internet).

I would like to know what Future Shock, pico1180 and others base their views on other than personal beliefs and guesses pulled out of thin air.

Personally I think you should look at two court cases:

In Doe v United States, 487 US 201, 219 (1988), Justice Stevens wrote: “[a defendant] may in some cases be forced to surrender a key to a strongbox containing incriminating documents, but I do not believe he can be compelled to reveal the combination to his wall safe--by word or deed.â€

In United States v Mitnick, May 20, 1998 proceedings, Judge Phaelzer did not order Mitnick to hand over the encryption key to encrypted files found on his laptop even though the government was unable to break it. On the other hand, he didn't get his data back.

An no, I'm not an American, but is it really that hard to read up on a topic beforehand?

Share this post


Link to post
Share on other sites

Oh...and to try to bring this discussion somewhat back on topic:

I would definately go for an open source implementation of any crypto with which I entrusted keeping me out of prison.

The reasons are quite simple, "commercial" offerings tend to be less than ideal since crypto is a *hard* science and companies often cut corners. Furthermore, unintentional bugs sneek in and go undiscovered since noone can study the sourcecode (except the creators). Ask any cryptologist and they will sneer at most commercial offerings.

For more background, read up on the material written by Bruce Schneier, also his Crypto-Gram (http://www.schneier.com/crypto-gram.html) provides interesting context (see the DogHouse section for some horror examples).

So, personally, I'd go for Linux and dm-crypt.

Share this post


Link to post
Share on other sites

I just started using CGD for netbsd, it's a pretty nifty little app that's included with the OS, it encrypts the entire disc. http://www.netbsd.org/guide/en/chap-cgd.html

Right now I'm just running it on a small 40 gig test drive.

if you have your entire drive encrypted in such a way that it looks liek random data, couldn't you just deny everything? "Encrypted drive? I have no idea what your talking about" "What's on my 400 Gig drive? I don't have anything on it"

Or even a lot of us set up computers for our friends and such, so coudln't you use the opposite of that as well "this guy i met online set up my system for security, I don't know what he did, here's his handle *insert bogus handle*"

"Password? I don't remember" It's not uncommon for someone to forget a password.

Based on my onderstanding of the US laws:

While they can say "he has 500 GIgs of possibly encrypted files", if they can't prove what the files are that's really just something they can take into consideration but can't jail you for based entirely on that fact.

I want to start using Disc Encryptioin myself, but i'm paranoid up the ying yang as I"ve been watching nothing but the X-files for the past week. Got the DVD collection, and having my own personal marathon. Just because your paranoid doesn't mean they're not out to get you.

When one of my buddies and I use to transfer files between our computers we were create an encrypted tunnel between our machines, so that all data the travels this "tunnel" would be encrypted and thus not allowing our ISPs (and anyone else watching) to know what it is.

Share this post


Link to post
Share on other sites

...bla bla bla....An encrypted drive is the equivalent of a locked room, plain and simple...bla bla bla

100% correct.

Listen to this man. He knows what he’s talking about.

then any locked room can be broken down plain and simple but they cannot compell you are use threats of imprisonment and/or torture to get you to give up the key. again break down the door= break the encryption, but ah its not the same is it?

its not the equivalent to a locked door, any and all locked doors can be broken into, any and all encryption cannot. again only if the alleged crime falls under the patriot act can the feds hold one without trial until the give up the key, if they do not they can rot in jail for the rest of their lives and the courts have upheld this concerning acts of possible terrrorism, but again they must show that a person being held here qualifies as an enemy combatant and the patriot is quite clear regarding cybercrime and its relation ot terrorism.

Of course the above what I said is total bs if you beleive the movie "The Rock" where they hold a guy before the enaction of the patriot act as a type of "enemy combatant."

I'm sure the feds dso this anyways and thats what concerns allot of us. law enforcement people tend to be morons;

It is up to competant judges to uphold justice and correctly intrepret legislative intent and constutionality. Sadly, the usa system is starting to break down and showing signs of pre ww2 Nazi Germany in my strong opinion.

Share this post


Link to post
Share on other sites

FUTURE SHOCK WRITES;

"For an analogy, if I have the police come to my house with a valid search warrant, and I have a LOCKED ROOM, they can ask me to open that room. If I say no, I am in violation of the search warrant, obviously. And I can be arrested and/or held in contempt. An encrypted drive is the equivalent of a locked room, plain and simple. And they can compell you to open it, the same as if it was a locked room. You can put the strongest lock on that room that you want, but the police can still order you to open it - after all, the search warrant says your whole house is (usually) open to search. Similarly, you can put the stongest lock on your files - but the police with a warrant can compell you to open it.

In my mind, this is NOT a violation of civil liberties in any respect. A search warrant is a search warrant, and they had to prove to a judge that something was probably illegal at that residence to get it. A locked room, a locked car trunk, or an encrypted file is, and should be, equivalent. So far, I have been impressed with the willingness of the US courts to apply that rule to not only filesharers, but mafia bosses with encrypted books, and corporate criminals with encrypted emails. It's not a "screw the little guy" law, it seems to work it's magic across spectrum, as long as it's fairly applied in the initial search warrant phase..."

with all due respect you have no clue what the hell you are talking about :)

and im not impressed with these so called judges doing this,. Id be impressed if these so called judges actaully have properly put up the right collateral to hold a us district bench but you probably dont have a clue what I am talking about.

and I'd like you to name one case of contention where this has held up..

a search warrant gives the law the right to search what the warrant specifies. why do you think they confiscate the computers and take them to a lab?

They have the right to use whatever means necassary to break down the locked down, even blow it up, you are absolutely wrong that they can compell you to give up the key. I will wager you hsave never even seen a search warrant in person before.. can any and all locked doors or car be broken into? the answer is yes, can any and all encrypted disks be broken into? NO,, therefore your analogy falls short of a proper equivalent and your solution to this dilema wreaks of nazism in my opinion. again only under the patriot act in its specific guidelines can your point of view hold water, But name me a case where your viewm a case that was contested on the grounds i mentioned, held up then we can talk.

That is the problem with the interpretation of law today; ignorance is not an excuse to violate civil liberties.. I agree with the specific nature of the patriot act if used correctly by law enforcement under its legistative intent. I agree even means of physical force, if a suspect it is ascertained behind his locked door has a nuke bomb, then its a matter of national security. But read what the DOJ is saying about Warez, they are trying to make that arguement because they know the next logical progression of it if bought into; "warez is a matter of national security and falls under the patriot act" and one day some idiot judge who has not properly offered the correct collateral to sit on a district bench will go along with it. When and if that days happens, Im out of here :)

Do not be fooled by the greedy corporate american system. Sadly many are falling victim to ignorance here.

Do I agree that warez file sharing is a crime? Yes I do and if a suspect is properly brought to justice, that suspect if proven guilty beyond a reasonable doubt, if his/her rights have not been violated, shall be punished accordingly to US STATUTE in its codification.

However as you originally stated,(about large file downloading automatically assumes guilt) just because a person might download a ton of files a month, the gov has no right to pry into this. What is next, If I like to eat a ton of hamburgers a month shold I be investigated as well? or If I like to buy a ton of clothes does that reasonably assume I am selling the trade secrets of a certain type of bluejean? Maybe I have a mental issue and I like to download a ton of useless garbage, Im neurotic and like to downloadthe same shareware over and over again to test my speeds. according to you thats grounds for suspicion. Acoording to me who so ever thinks this in itself is suspect cant potentionally buy into nazi type thinking.

Your attitude is disturbing here. In your zealously to see justice done, be careful that one day because of your race, opinion, or otherwise, your rights are not violated.

Share this post


Link to post
Share on other sites
The old adage applies.

The only ones who should fear the law are those who break it.

The problem is: laws are made by humans. And humans are neither free of error, nor free of malevolence. In history, many laws have been passed that were injust, inhumane, simply "not right".

The Department of Justice along with The Department of Defense accompanied by state and local law enforcement kick in my door with a search warrant for said classified information. They arrest me and confiscate my computer. I’m held without bail until the contents of my hard drive can be examined. They find what they believe to be encrypted data on my hard drive. They ask me to unencrypt it. I say no. I go to jail for a long, long time.

That’s just the way it works.

Yes, it works like that in dictatorships, "communist countries" and all other forms of government that don't regard human rights very high. It just doesn't suit a democracy.

Haven't heard of Kevin Mitnick, have you?

Share this post


Link to post
Share on other sites
The old adage applies.

The only ones who should fear the law are those who break it.

The problem is: laws are made by humans. And humans are neither free of error, nor free of malevolence. In history, many laws have been passed that were injust, inhumane, simply "not right".

The Department of Justice along with The Department of Defense accompanied by state and local law enforcement kick in my door with a search warrant for said classified information. They arrest me and confiscate my computer. I’m held without bail until the contents of my hard drive can be examined. They find what they believe to be encrypted data on my hard drive. They ask me to unencrypt it. I say no. I go to jail for a long, long time.

That’s just the way it works.

Yes, it works like that in dictatorships, "communist countries" and all other forms of government that don't regard human rights very high. It just doesn't suit a democracy.

Haven't heard of Kevin Mitnick, have you?

:ph34r:

This really has turned into a interesting discussion on civil rights. Unfortunately i think most understand that if you live in the US or any one of a number of countries whom have adopted exported US DMCA/Patriot Act type legislation then you've probably lost what little shred of privacy you still had. With that being said, might we return to the original topic at hand, that being how to effectively secure the contents of a drive(s) hopefully without significantly impacting performance, reliability, or day to day operation. :)

Share this post


Link to post
Share on other sites
What's wrong with using EFS? It's built right into NTFS, and has full domain wide key management support?
Because anybody with physical access to the server can recover the EFS encryption key. Not good.

This is only a problem when your braindead admin leaves the private key on the machine. No EFS protected machine should have the private key on the physical machine. You should export the key with the key recovery agent export tool, then delete it.

For Windows , use EFS. For linux, use crypto/loop with AES.

Simple, free, supported.

Thank you for your time,

Frank Russo

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now