HDD Decrypting Cannot be Enforced by U.S. Prosecutors

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
Status
Not open for further replies.
Perhaps the prosecutors knew they were going to eventually lose the case, but were able to use the contempt charge to at least incarcerate the defendant for 8 months.

Which makes me wonder: Why don't judges just find ALL suspects in contempt for some reason or another and incarcerate them indefinitely? Seems like judges have the ability to side-step due process when they wish and I wonder what holds them back? Anyone know?

Also I wonder, if the prosecutors WERE able to crack the encryption, would the information even be valid in court? Or would it be poison fruit from an illegal search? Or would it depend on the scope of the original search warrant and whether or not it was backed up by other compelling evidence of illegal activity? Anyone? Bueller? Bueller? lol.
 
interesting. i was just reading an article at bigthink.com about this same exact topic. what it came down to was two prior court decisions already made within the united states. case #1 decided that the 5th amendment disallowed the person from being legally binded to provide the password. case #2 decided that because prior evidence suggested illegal activity could be found on the hard drive that the 5th amendment did not apply. so with both of those cases and outcomes in mind, there has to be evidence that proves that something on the hard drive will indicate a crime to provide additional evidence in order for the person to be legally binded to the password provisioning.

http://bigthink.com/ideafeed/data-encryption-gets-5th-amendment-protection
 
I guess folks failed to see this in my previous post (various means to do so including brute force). A brute force attack is indeed far less than elegant and can be incredibly time consuming.

However, if you know the tool/encrpytion method being used then there are other means to gain access to these systems. That is all I am saying.

When it comes down to it. Commercial security measures are only so secure. Nearly every common security system has been hacked/cracked. Difficult? Yes. Impossible? No.


 
[citation][nom]rozz[/nom]Curious.. did they try "12345" as the password?[/citation]
You would be surprised at how many people use such weak passwords with such strong encryption. It reminded me of breaking into a WEP wireless network without any decryption software' assistance, by using the password, "password".
 
where's the beef? i want the whole story, not just part of it. i would think being compelled to giving just the p/w alone would be breaking the 5th amendment.
the fact that the prosecutors simply had the suspicion that the hard drives stored illegal content.
Click to expand...
i want to know where the probable cause was in this case to begin with.
the whole case and article stink of being non american in some way shape or form to begin with.
 
Would any of the guys saying that it can be decrypted by brute force (in less than years time) go ahead and tell us how? Maybe they know some math everyone else doesn't...
 
While this story is interesting, and the majority of people have focused on the power of encryption, I see this as yet another loophole in the legal system that the media has now made public to encourage even more broken laws and regression of society.
 
[citation][nom]SpadeM[/nom]What is the definition of force in this case? I doubt it's water boarding but then again it is America ...[/citation]
At that point he would have been in Contempt of Court and could be held in detention until he complied with the court order.
 
The FBI and Brazilian government put about a 1 year + into trying to decrypt a banker's drive, they gave up. Good encryption + good password = safe data for the foreseeable future.
 
Am I the only one that thinks bootcd==>create a new admin account in the SAMS database then strip the old user account of password, and you are in as the old user with no password. 10 min job...on windows..does it even matter if the drive is encrypted?
 
@curtis_87 - truecrypt.org. Bootloader + whole encrypted volume. Good luck.
 
One who encrypts data to protect it from prying eyes should use an encrypted container within an encrypted container. good encryption and a good password for each. the main container contains normal stuff and less sensitive stuff. the second container hidden within the main contains your ultra sensitive stuff. when compelled to give up the Password you give up the main container. they end up with egg on the face. use two different encryption methods for each container just in case.

I do NOT support Child Porn, but do support the right to privacy and the 5th amendment.
 
What a waste of Time, National Resources and valuable Tax Payers money! Please contact Jack Bauer so that he would *extract* from anyone or anything without much fuss! :)
 
[citation][nom]rozz[/nom]Yeah Brute force wont get them anywhere. You're talking tens if not hundreds of years with a simple 128bit encrypted drive.And that's with tons of GPUs cracking at it.. Curious.. did they try "12345" as the password?[/citation]
That's amazing! That's the combination on my luggage!
 
mrrugers: "Would any of the guys saying that it can be decrypted by brute force (in less than years time) go ahead and tell us how? Maybe they know some math everyone else doesn't..."

Yeah, sure! Want to borrow my degree and use that too? How about my patents? You can use those free of charge!!!

 
mrrugers: "Would any of the guys saying that it can be decrypted by brute force (in less than years time) go ahead and tell us how? Maybe they know some math everyone else doesn't..."

Yeah, sure! Want to borrow my degree and use that too? How about my patents? You can use those free of charge!!!

 
[citation][nom]mrrugers[/nom]Would any of the guys saying that it can be decrypted by brute force (in less than years time) go ahead and tell us how? Maybe they know some math everyone else doesn't...[/citation]

Yeah, sure! Want to borrow my degree and use that too? How about my patents? You can use those free of charge!!!

 
[citation][nom]curtis_87[/nom]Am I the only one that thinks bootcd==>create a new admin account in the SAMS database then strip the old user account of password, and you are in as the old user with no password. 10 min job...on windows..does it even matter if the drive is encrypted?[/citation]

Those definitely won't work if the hard drive was encrypted with something like PGP, Guardian Edge, or Sophos. Since they pre-load before the OS. Taking the drive out doesn't work either or boot cd because it shows up as unreadable device. Encryption Tools do just that they encrypt the drive so that when you turn on the pc the 1st thing you see is a prompt for username and password, you wont see the windows logo until you authenticate yourself. And it even worse if you machine has removable TPM.
 
If it was child porn and they had proof it was there, they could try hacking it and he would deserve death for it (one grandpas opinion of child porn collectors), no excuses for that crap. Good luck hacking even a 16 character password. Still he doesn't have to testify against himself.

Sounds like they were fishing and wanted a judge to give them a peek without any evidence.

Strike one blow for rights and freedoms. Too bad this sick piece of garbage had to be a test case for guarding our rights to privacy and self-incrimination.
 
[citation][nom]HeadScratcher7[/nom]Perhaps the prosecutors knew they were going to eventually lose the case, but were able to use the contempt charge to at least incarcerate the defendant for 8 months.Which makes me wonder: Why don't judges just find ALL suspects in contempt for some reason or another and incarcerate them indefinitely? Seems like judges have the ability to side-step due process when they wish and I wonder what holds them back? Anyone know?Also I wonder, if the prosecutors WERE able to crack the encryption, would the information even be valid in court? Or would it be poison fruit from an illegal search? Or would it depend on the scope of the original search warrant and whether or not it was backed up by other compelling evidence of illegal activity? Anyone? Bueller? Bueller? lol.[/citation]

It's not an illegal search. The problem isn't getting the data, it's that if a defendant gives up the codes and such to get it decrypted, said defendant basically is helping to prosecute him or her self and a defendant can legally refuse to do that. A defendant can choose to give up his or her password, in which case the data is up for grabs by the prosecution, but that won't happen if there is incriminating evidence on the hard drive in question.

I'm no legal expert so take this with a grain of salt, but I am very sure that I'm correct. As for brute forcing? Well, like several have said here, it just isn't able to be done within a practical time line for some encryption standards. Now if something weak like DES is used, then it can be broken pretty quickly, but 128 bit or 256 bit AES is considered unbreakable right now and to my knowledge, hasn't been shown to be broken even once so far.

Other very strong encryption algorithms include Twofish/Blowfish and Serpent. If you ar ereally paranoid, then Truecrypt can do Blowfish, AES, and Serpent all in one go to keep stuff locked up pretty much perfectly.
 
Status
Not open for further replies.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom