Antarctica Starts Here. - Memories of things that haven't happened yet, predictions of things that have come to pass.

« Living on the run: Ca… | Home | Judge rules that Torr… »

Federal judge decrees that divulging your PGP passphrase violates the fifth amendment.

Thursday 20 December 2007 at 2:37 pm
I can't say that I'm wild about the circumstances behind this (in fact, it's taken two days to calm down sufficiently to write about it without ranting), but the ramifications of this ruling are far-reaching and not a bit relevant these days.

In 2006, a Canadian citizen named Sebastien Boucher crossed the border into the United States and was stopped. His laptop was searched by US Customs agents. Allegedly, thousands of images related to child pornography were found on the drive (in case you haven't heard, US ICE (Immigration and Customs Enforcement) reserves the right to examine and make disk images of laptops these days). Following his arrest, the laptop was powered down and seized as evidence. A week later they booted it back up and discovered that the partition on the hard drive containing the images was encrypted with PGP Disk and could not be examined. What probably happened was that they caught him with the software accessing the encrypted partition, but when they shut it down they lost access to the data because the passphrase was wiped from RAM. Oops.

To cut to the chase, US Magistrate Judge Jerome Niedermeier ruled that Boucher could not be compelled to divulge the passphrase to the encrypted disk partition because it constituted a violation of his fifth amendment rights, the right to freedom from self-incrimination.

Now, this is interesting for everyone else in the country who doesn't like the idea of strange people poking around inside their laptops while traveling. First of all, more and more people carry business-related information with them on the road. If you have a laptop, chances are you don't have a choice because you could be called upon to work anywhere, anywhen. By allowing them to take images of your laptop's hard drive you run the risk of exposing that data, and consequently running afoul of any NDAs that you've had to sign. Secondly, why in the hell would they want to be poking around in there without probable cause? When last I checked, personal privacy was a concept predicated on the idea that what you do on your own time was nobody else's business unless you made it public, and not on the idea that wanting to keep something private meant that you were hiding something.

Used tags: borders, canada, court, crypto, disk_encryption, fifth_amendment, pgp, precedent

Fight Spam! Click Here!

Trackback link:

Please enable javascript to generate a trackback url

three comments recorded.

Well, I’m very glad for the ruling. I also note that using any tool or software, or guessing at the password, would constitute a violation of the DMCA and render the evidence inadmissible. Almsot seems like they’ve painted themselves into a corner there.

As to why they’d want to be poking in without probable cause, I can think of two reasons:
1) This encourages a feeling of paranoia, which can in turn be used to justify further erosion of freedoms.

2) These disk images can be analyzed and used to fill the database which certain parts of the government have been attempting to create.

Oddly, I’m told that in Canada they also need probable cause to perform a search – but refusing to submit to a voluntary search constitutes probable cause.

Hasufin - 20 12 07 - 16:55 - Reply to comment?

Using such a tool might not be construed as a violation of the DMCA, that’s usually reserved for people who develop such software. As for attempting to crack passwords, if there is sufficient cause to seize equipment it’s generally considered a free-for-all to get in. You do make a good point about rendering evidence inadmissible if the data forensics techs screw up (or if they don’t follow the laws, which can be pretty crazy (such as the state of Virginia’s)) but that’s easily avoided by not actually altering the storage media, but a forensic image therof.

1) I think you’re on to something there – they like keeping people looking over their shoulders. It’s getting to the point where no one knows what’s illegal and what isn’t anymore.

2) An excellent point. Think of the data that could be added to a social network analysis system if you copied the contents of someone’s inbox cache from the drive. Or their IM logs.

I’ve heard the same thing from a couple of friends up there.

The Doctor (URL) - 27 12 07 - 14:16 - Reply to comment?

I believe that a reasonably skilled lawyer could get the evidence thrown out of court – they’ve got somethign which a) wasn’t really obtained with probable cause b) wasn’t handled properly (if it had been, they’d have copied the information then and there, not taken the laptop for later examination) c) the owner of the evidence did not provide consent and d) was broken into in violation of the letter of a federal law.

I’m sure somewhere in there is justification to toss that evidence.

1) You’ve read 1984, right? One of the points near the end was, the main reason for “The War” was psychological – it gave an enemy to focus on, and a reason to be without freedoms.

2) Yeah. Makes me want to encrypt my hard drive if I ever again travel abroad. Or possibly swap in a dummy HD for them to image. Ideally something with a nice little worm on it, for their database pleasure.

Yeah, the “Asserting your rights nullifies them” kinda blows my mind. Might as well not have the right, if that’s the game they play.

Hasufin - 28 12 07 - 00:02 - Reply to comment?

Name:

Remember personal info?
Yes
No

Email:

URL:

Comment:

/ Textile

(Register your username / Log in)

Notify:		Yes, send me email when someone replies.
Hide email:		Yes, hide my email address.

Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.