Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Man jailed over computer password refusal
View unanswered posts
View posts from last 24 hours

Goto page 1, 2  Next  
Reply to topic    Gentoo Forums Forum Index Off the Wall
View previous topic :: View next topic  
Author Message
notageek
Tux's lil' helper
Tux's lil' helper


Joined: 05 Jun 2008
Posts: 131
Location: India

PostPosted: Wed Oct 06, 2010 3:15 am    Post subject: Man jailed over computer password refusal Reply with quote

http://www.bbc.co.uk/news/uk-england-11479831

Quote:
Police seized his computer but could not access material on it as it had a 50-character encryption password.

_________________
"Defeat is a state of mind. No one is ever defeated, until defeat has been accepted as a reality." -- Bruce Lee
Back to top
View user's profile Send private message
wswartzendruber
Veteran
Veteran


Joined: 23 Mar 2004
Posts: 1246
Location: Idaho, USA

PostPosted: Wed Oct 06, 2010 3:16 am    Post subject: Reply with quote

Quote:
Drage was convicted of failing to disclose an encryption key in September.

Fuck you, motherfucker!
Back to top
View user's profile Send private message
Muso
l33t
l33t


Joined: 22 Oct 2002
Posts: 803
Location: The Holy city of Honolulu

PostPosted: Wed Oct 06, 2010 3:17 am    Post subject: Reply with quote

So he's jailed because they suck at their jobs?

That's pretty sad.
_________________
People Of Love

Kindness Evokes Kindness

Peace Emits Positive Energy
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1606
Location: U.S.A.

PostPosted: Wed Oct 06, 2010 3:21 am    Post subject: Reply with quote

wswartzendruber wrote:
Fuck you, motherfucker!

No, that's only 23 characters.
Back to top
View user's profile Send private message
cach0rr0
Moderator
Moderator


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Wed Oct 06, 2010 3:33 am    Post subject: Reply with quote

"I can't disclose the key, because I don't know it; it's a randomly generated string stored on a USB drive (which was really a micro-sd in an adapter, which I swallowed and shat out weeks ago). The USB key looks like $foo, you will have to find that drive because I don't know the key!"

problem solved.
Back to top
View user's profile Send private message
notageek
Tux's lil' helper
Tux's lil' helper


Joined: 05 Jun 2008
Posts: 131
Location: India

PostPosted: Wed Oct 06, 2010 3:36 am    Post subject: Reply with quote

Yeah right.

They'd either give you some high powered laxative or may even send a probe up yours to get it.
_________________
"Defeat is a state of mind. No one is ever defeated, until defeat has been accepted as a reality." -- Bruce Lee
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17502

PostPosted: Wed Oct 06, 2010 3:46 am    Post subject: Reply with quote

I know this has been discussed before, but in the US "I plead the 5th." It may not be allowed, but I call BS, because it what I tell them could implicate me, then it is essentially forcing you to testify against yourself.

So I guess the next step is to have a thermite based drive which activates if unplugged for more than <your UPS time here>.
_________________
It is what it is out there. So whatever it is, it is.
Back to top
View user's profile Send private message
cach0rr0
Moderator
Moderator


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Wed Oct 06, 2010 3:47 am    Post subject: Reply with quote

notageek wrote:
Yeah right.

They'd either give you some high powered laxative or may even send a probe up yours to get it.


you don't tell them you swallowed it :lol:

you swallow it, and by the time they realize your shit is encrypted, youve already flushed the evidence away.

at which point you pretend "oh yeah, the usb key is totally in the apartment, if you guys stupidly lost that, the data can't be recovered"

and of course when you're released you download the image you stashed on your buddy's server in Belgium.
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1606
Location: U.S.A.

PostPosted: Wed Oct 06, 2010 4:46 am    Post subject: Reply with quote

In the U.S., you can plead the 5th Amendment to protect yourself from a search, but the law in this area is not as simple as we might like to think, is being probed and tested in the courts, and you can screw up very easily in ways you'd never think of. For example, if you think you're going to be clever and say, "I forgot my password", you have probably just fucked yourself, if the prosecution is any good.

The government can argue that if it was difficult and complex enough to be likely to be forgotten, it is reasonable to suspect that you wrote it down. Turning over written information is not protected by the 5th Amendment. They can now subpoena the password, and if you fail to produce it, hold you in contempt of court. You can try to quash the subpoena, but the prosecution need only convince the judge that your claim not to remember your password is a lie -- what are the chances of somebody carrying around a laptop and then just happening to forget the password at the very moment when the authorities ask for it?).

At this point, you went from being a citizen protected by the Constitution to someone breaking the law. They can arrest you for being in contempt of court and keep you in jail without bail while you remain in contempt of court (people have been held in jail for as long as 14 years while in contempt). So, you could then turn around and say, "Okay, I do know my password, but I'm not going to incriminate myself.", but then they can prosecute you for various things related to the lie you told (depending on the circumstances: obstructing justice, impeding investigation, lying to a Federal investigator, contempt, etc.).

If you really want to understand the U.S. law in this area, in its current state of evolution, here is a good paper published just a few months ago in the Vanderbilt Journal of Entrepreneurial and Technology Law (it is 29 pages long, and if you're ever likely to need to use the 5th Amendment in this way, well worth reading every word):

The Weak Protection of Strong Encryption: Passwords, Privacy, and Fifth Amendment Privilege (pdf)

In Britain, people have no such right. If you refuse to give up your password, it's straight to jail for you:
http://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act_2000


Last edited by Bones McCracker on Wed Oct 06, 2010 4:58 am; edited 1 time in total
Back to top
View user's profile Send private message
Muso
l33t
l33t


Joined: 22 Oct 2002
Posts: 803
Location: The Holy city of Honolulu

PostPosted: Wed Oct 06, 2010 4:50 am    Post subject: Reply with quote

The courts also banned the pleading of the 5th on your federal income tax forms.


Bastards.
_________________
People Of Love

Kindness Evokes Kindness

Peace Emits Positive Energy
Back to top
View user's profile Send private message
cach0rr0
Moderator
Moderator


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Wed Oct 06, 2010 4:55 am    Post subject: Reply with quote

BoneKracker wrote:
In the U.S., you can plead the 5th Amendment to protect yourself from a search, but the law in this area is not as simple as we might like to think, is being probed and tested in the courts, and you can screw up very easily in ways you'd never think of. For example, if you think you're going to be clever and say, "I forgot my password", you have probably just fucked yourself, if the prosecution is any good.


but you never knew your password. It was randomly generated data, on a USB key.

"It's in my damn house, you guys should already have it in evidence, the whole point of it was not having to type a damn password every time. If it's not in your evidence cache, it's because you lost it. Fire your CSI drones for negligence, and let me get the fuck out, because I can't tell you something I simply don't know"

(which is of course a big fat lie, you swallowed the micro-sd card that has the key, and it's now floating in a sewer somewhere amidst your poop - but you don't cop to that. With the above defense, it's pretty damn difficult to do anything to you)
Back to top
View user's profile Send private message
notageek
Tux's lil' helper
Tux's lil' helper


Joined: 05 Jun 2008
Posts: 131
Location: India

PostPosted: Wed Oct 06, 2010 5:02 am    Post subject: Reply with quote

BoneKracker wrote:

...
For example, if you think you're going to be clever and say, "I forgot my password", you have probably just fucked yourself, if the prosecution is any good.

...

So, you could then turn around and say, "Okay, I do know my password, but I'm not going to incriminate myself.", but then they can prosecute you for various things related to the lie you told (depending on the circumstances: obstructing justice, impeding investigation, lying to a Federal investigator, contempt, etc.).
...
What if you went wswartzendruber in the first place?
_________________
"Defeat is a state of mind. No one is ever defeated, until defeat has been accepted as a reality." -- Bruce Lee
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1606
Location: U.S.A.

PostPosted: Wed Oct 06, 2010 5:17 am    Post subject: Reply with quote

cach0rr0 wrote:
BoneKracker wrote:
In the U.S., you can plead the 5th Amendment to protect yourself from a search, but the law in this area is not as simple as we might like to think, is being probed and tested in the courts, and you can screw up very easily in ways you'd never think of. For example, if you think you're going to be clever and say, "I forgot my password", you have probably just fucked yourself, if the prosecution is any good.


but you never knew your password. It was randomly generated data, on a USB key.

"It's in my damn house, you guys should already have it in evidence, the whole point of it was not having to type a damn password every time. If it's not in your evidence cache, it's because you lost it. Fire your CSI drones for negligence, and let me get the fuck out, because I can't tell you something I simply don't know"

(which is of course a big fat lie, you swallowed the micro-sd card that has the key, and it's now floating in a sewer somewhere amidst your poop - but you don't cop to that. With the above defense, it's pretty damn difficult to do anything to you)


Better to simply invoke your right to silence, get an attorney, and discuss pleading the 5th.

For the sake of argument, in your case, forensic examiners would be able to tell if you were, in fact, using a thumbdrive for the key. That information might be available in your initrd or the Windows equivalent. So if you plan to use that approach, then you really should put your key on an external device for real. Even then, they may be able to charge you with various things for impeding the investigation, etc., as above (and the onus would be on you to convince them you had actually destroyed the only key, or they might just hold you in contempt for a few years in an attempt to sweat it out of you).

Also, it should go without saying, but the most obvious way to screw yourself is to give them a valid reason to suspect you have encrypted files that are evidence of a crime (e.g. you have trace evidence of your evil in your browser cache or something), then they may simply be able to subpoena the decrypted copies of the files and hold you in contempt if you fail to comply. This would analogous to pot seeds in the car ashtray justifying a full search of the vehicle and your person. (So if you're in this situation, encrypt everything, not just a data drive or a volume.)

Another item worthy of note is that, I believe Obama signed an Executive Order re-authorizing Bush's 2008 random searching (searching without any requirement of "reasonable suspicion") of data storage devices crossing the border, under the aegis of National Security. So if you're crossing the U.S. Border, I don't think "5th Amendment" is going to help you, and it's likely to cause serious inconvenience, unless you're in the mood to take the Government to court. And if you're thinking, "I'm not a terrorist and I don't have any kiddie porn", don't forget about all your pirated videos or your cracked iPod. The ACLU is suing the Obama Administration over this, but for the time being, that policy stands.
http://arstechnica.com/tech-policy/news/2010/09/aclu-sues-over-warrantless-border-laptop-searches.ars

And if you're looking at kiddie porn you're a pervert to begin with, no matter what Alex Libman says. :lol:
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1606
Location: U.S.A.

PostPosted: Wed Oct 06, 2010 5:29 am    Post subject: Reply with quote

notageek wrote:
What if you went wswartzendruber in the first place?

What do you mean? :lol:
Back to top
View user's profile Send private message
notageek
Tux's lil' helper
Tux's lil' helper


Joined: 05 Jun 2008
Posts: 131
Location: India

PostPosted: Wed Oct 06, 2010 5:31 am    Post subject: Reply with quote

BoneKracker wrote:
notageek wrote:
What if you went wswartzendruber in the first place?

What do you mean? :lol:
Reference to his comment on this thread.
_________________
"Defeat is a state of mind. No one is ever defeated, until defeat has been accepted as a reality." -- Bruce Lee
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1606
Location: U.S.A.

PostPosted: Wed Oct 06, 2010 5:40 am    Post subject: Reply with quote

notageek wrote:
BoneKracker wrote:
notageek wrote:
What if you went wswartzendruber in the first place?

What do you mean? :lol:
Reference to his comment on this thread.


Oh yeah. :lol:

He's the kind of guy who gets rich after suing the cops for beating him senseless on video. :P
Back to top
View user's profile Send private message
notageek
Tux's lil' helper
Tux's lil' helper


Joined: 05 Jun 2008
Posts: 131
Location: India

PostPosted: Wed Oct 06, 2010 5:43 am    Post subject: Reply with quote

:lol: Ha! :lol:
_________________
"Defeat is a state of mind. No one is ever defeated, until defeat has been accepted as a reality." -- Bruce Lee
Back to top
View user's profile Send private message
cach0rr0
Moderator
Moderator


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Wed Oct 06, 2010 6:14 am    Post subject: Reply with quote

BoneKracker wrote:

For the sake of argument, in your case, forensic examiners would be able to tell if you were, in fact, using a thumbdrive for the key.


/boot, grub, all on micro-sd => USB (although, I use a passphrase currently, but for the sake of argument, say i use that setup, but with a random string of data)

setup being as such:

Code:

/dev/mapper/root       20G  3.8G   15G  21% /
shm                   4.0G  2.2M  4.0G   1% /dev/shm
/dev/mapper/share     932G   34G  898G   4% /share
/dev/mapper/kvm       699G   41G  659G   6% /kvm
/dev/mapper/btrfsvol  677G   74G  603G  11% /tmp
/dev/mapper/btrfsvol  677G   74G  603G  11% /usr
/dev/mapper/btrfsvol  677G   74G  603G  11% /var
/dev/mapper/btrfsvol  677G   74G  603G  11% /opt
/dev/mapper/btrfsvol  677G   74G  603G  11% /home
/dev/sde1             509M   92M  392M  19% /boot


Code:

# ls -l /dev/disk/by-id/ |grep sde$
lrwxrwxrwx 1 root root  9 Sep  5 02:29 usb-_USB_Reader_123456789ABC-0:0 -> ../../sde




BoneKracker wrote:
and the onus would be on you to convince them you had actually destroyed the only key


why in the sam hell would you admit that? as opposed to simply saying "look, it's on a usb key, it's in my house, it's there, i left it there, you cunts lost it"

BoneKracker wrote:

(So if you're in this situation, encrypt everything, not just a data drive or a volume.)


well yes, that's the idea. Completely encrypted disk. rootvol, everything. The whole idea, is that when a forensics team looks at your disk, they see nothing but a huge hunk of random data, and a handful of luks headers, nothing more.

If I lose this key and power my system off - when I move to using a key file, that is - the only way to recover my data will be to call a friend in another country, tell him to add my new SSH keys (which will also be lost with my data) to his server, so I can login, copy usb.img over, and put it on another thumb drive.

Why would I be dumb enough to tell any prosecutor about that, though?
Back to top
View user's profile Send private message
erm67
Apprentice
Apprentice


Joined: 01 Nov 2005
Posts: 255
Location: Where the black men cannot enter

PostPosted: Wed Oct 06, 2010 6:15 am    Post subject: Reply with quote

pjp wrote:
I know this has been discussed before, but in the US "I plead the 5th." It may not be allowed, but I call BS, because it what I tell them could implicate me, then it is essentially forcing you to testify against yourself.

So I guess the next step is to have a thermite based drive which activates if unplugged for more than <your UPS time here>.

A default grub entry that sends an ata-6 security erase command :-) Dangerous but might be more useful, there are also some electronic devices with a small button that does the same. System diffused among hackers, than just make them waste time until deletion occurred. Now with big drives it takes too long.
_________________
True ignorance is not the absence of knowledge, but the refusal to acquire it.
A posse ad esse non valet consequentia
Πάντα ῥεῖ
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1606
Location: U.S.A.

PostPosted: Wed Oct 06, 2010 6:18 am    Post subject: Reply with quote

Remember this from last year? He knew his rights too! But it got him tased, battered, arrested, detained, and charged with crimes.

What started it was they asked him if he was a citizen of the United States, and he refused to answer, stating it was his Constitutional right. Then, the officers brought out dogs and claimed the dogs alerted on his vehicle (he claims they didn't alert, and the officers pretended they did so they could search and harass him). There's video from that point in the link below.

Quote:
The father of four says he exercised his constitutional right not to be searched without a warrant. He says that's when he claims agents broke out his passenger and driver side windows.

"Both windows shattered in the same instant," says Anderson.

The pastor claims an agents smashed his head into the door and then another threw him on the ground, stepped on his head and tased him once again, causing excruciating pain.

http://cbs13.com/local/Pastor.Beaten.And.2.987065.html

In August this year, he was finally acquitted of all charges against him.
http://www.dailypaul.com/node/142392

Now he has lawsuits pending against the Border Patrol, the local police department, and the individual officers who tased, battered, and arrested him.
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1606
Location: U.S.A.

PostPosted: Wed Oct 06, 2010 6:45 am    Post subject: Reply with quote

cach0rr0 wrote:
BoneKracker wrote:
and the onus would be on you to convince them you had actually destroyed the only key


why in the sam hell would you admit that? as opposed to simply saying "look, it's on a usb key, it's in my house, it's there, i left it there, you cunts lost it"

Because that falls into the same category as "I forgot my password". If the judge doesn't believe you, and they issue a subpoena, you are held in contempt (perhaps for years). If you convince them you destroyed it, then the most they can charge you with is something like destroying evidence or obstructing justice, which may be a preferable alternative to indefinite confinement in a county jail.

Regardless, unless they have grounds to subpoena the contents of the disk (which requires a higher standard of proof than simple "reasonable suspicion"), you are more well-protected simply by invoking your right not to incriminate yourself. You could ALSO have swallowed your microsd card, but you don't need to reveal that unless you are subpoenaed.

Bottom line: don't think you're smart and volunteer information. Invoke your right to remain silent, and get a lawyer, before blurting stuff out.

Since you've gone to the trouble of employing encryption, you should probably read that document.

Also, I helped my brother create a similar setup last year, and we set it up with a binary keyfile on an external device. If you're going to do that, I thought this (from my notes) might be useful, I seem to recall having to dig to figure it out:

Quote:
If you plan to use a key-file (say, on a thumbdrive) to access your encrypted
system w/o having to supply a passphrase, you can add this key to your system
as follows:
# cryptsetup luksDump /dev/sdaX

(copy and paste the "salt" string from the output)
# salt="<paste-here>"

(the variable is an initialization vector for the following)
# hashalot -s "$salt" -x -n32 "ripemd160" > mykeyfilepath

(this adds your key to the next open key slot for your device)
# cryptsetup luksAddKey /dev/sdaX mykeyfilepath

At this point, you still have your original passphrase key in slot 0 - you can delete that from slot 0
or keep it as a fall-back means of accessing the encrypted volume if you have lost or destroyed
the thumbdrive.
Back to top
View user's profile Send private message
notageek
Tux's lil' helper
Tux's lil' helper


Joined: 05 Jun 2008
Posts: 131
Location: India

PostPosted: Wed Oct 06, 2010 6:58 am    Post subject: Reply with quote

Basically, prosecutors at your door, shred, shred, shred like hell*. Otherwise when they see huge chunks of encrypted data, their eyes would light up like a kid in a candy store.

*Of-course, write a script that can automate this task.
_________________
"Defeat is a state of mind. No one is ever defeated, until defeat has been accepted as a reality." -- Bruce Lee
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1606
Location: U.S.A.

PostPosted: Wed Oct 06, 2010 7:05 am    Post subject: Reply with quote

There is only one answer:

http://opensource.dyc.edu/tinhat
Back to top
View user's profile Send private message
cach0rr0
Moderator
Moderator


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Wed Oct 06, 2010 7:06 am    Post subject: Reply with quote

notageek wrote:
Basically, prosecutors at your door, shred, shred, shred like hell*. Otherwise when they see huge chunks of encrypted data, their eyes would light up like a kid in a candy store.

*Of-course, write a script that can automate this task.


takes too long on any reasonable sized disk. You should have taken care of that beforehand, and seeded your disk with random data. If you've already employed full volume crypto, your best friend is shutdown -h now
Back to top
View user's profile Send private message
notageek
Tux's lil' helper
Tux's lil' helper


Joined: 05 Jun 2008
Posts: 131
Location: India

PostPosted: Wed Oct 06, 2010 7:19 am    Post subject: Reply with quote

It will take a lot of time to shred a drive, but if you have any reasonable knowledge of a raid before it happens, then shredder is the best option.

Or booby-trap the hard-drives with small charges of dynamite.
_________________
"Defeat is a state of mind. No one is ever defeated, until defeat has been accepted as a reality." -- Bruce Lee
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Off the Wall All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum