Feds Back Down from Forced Decryption Effort

But issue is still very alive


Federal prosecutors have formally dropped demands that a child-porn suspect give up his encryption keys in a closely watched case, but experts warn the issue of forced decryption is very much alive and is likely to encompass a larger swath of Americans as crypto adoption becomes mainstream.

"I think we're going to see more of this in the courts," said Hanni Fakhoury, a staff attorney with the Electronic Frontier Foundation.

The question of whether the government can force a suspect to decrypt hard drives was thrust into the limelight earlier this year when federal authorities suspected a Wisconsin man of downloading child pornography from the file-sharing network e-Donkey. One federal judge ordered the defendant to decrypt as many as nine hard drives seized from the suspect's suburban Milwaukee apartment. Another judge put that decision on hold to analyze the implications of whether the demand breached the Fifth Amendment right against compelled self incrimination.

NEXT: Is Bombing Syria Necessary to Save "the Future of Civilization"? Or, It's Always 1938 Somewhere.

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. I’m pretty sure the courts will eventually rule that people have a right not to give up their encryption keys and the government will just have to accept the new reality that they can no longer count on invading people’s private data in hopes of uncovering a reason to charge them with something.

    Hahahahahahahaha! Just kidding. The courts are the government, so I think it’s a foregone conclusion who they will eventually side with. That’s one of the nice things about our form of government. We let the government decide what rights people have so we don’t constantly have this uncertainty about who’s in charge.

  2. Whatever the feds and courts decide, this will have a technology fix. No worries. What you need here is an encryption system that is deniable, i.e. for your encrypted stream of bits, they could decrypt into something else given a manufactured key. So, for example, you encrypt the secret plans for Coca-Cola, and when the judge demands you turn your key over to authorities, you give them a key that decrypts your vacation pictures. This might not be the right encryption scheme for most applications, but for those where the cost of your data being discovered by others drastically exceeds the cost of completely losing your data, it could work well.

      1. From what i remember is that they now can see the hidden volume under forensic research and that it is no longer valid. I remember someone telling me that on notebookreview

    1. that is an interesting idea. I like the idea but i am unsure if that can work.

      Also i am waiting for the day for Truecrypt to support super special characters….i forget the real name but i want to use daggers and all sorts of wierd characters because it’ll be easier to remember and be infinitely harder. a 9 character password could be trillions of times harder than a 12 or even a 20 character password. I did the math once but forgot. It was such a large difference that it was just a really high powered e 🙂

  3. Not exactly, Cyto. TrueCrypt’s plausible deniability is about whether a hidden volume contains something. What I’m talking about is that with one key it contains A (might be nefarious) and with another key it contains B, something completely benign. In fact, with the right key, it could contain anything.

    SomeGuy, you’re talking about unicode characters. Many of those are multibyte, so instead of measuring the number of characters, measure the number of bytes. Call than “n”. You have roughly 2 ^ (8 * n) possible keys.

    Anyway, I’m sure the idea I expressed can work because I have a working prototype. It’s really just a very large one-time pad. Again, this is not the right scheme for most applications. But for those applications where an adversary discovering the data you are hiding is more expensive than losing the data, it’s perfect. Imagine David Miranda telling British authorities to go sexually penetrate themselves because he’s carrying vacation pictures and giving them the key to unlock vacation pictures. Meanwhile, if he makes it home, that data unlocks as Snowden files with the preferred key.

    1. What you do is create a 2 gb encrypted partition with TrueCrypt. Inside that partition you put 700mb of embarrassing-but-not-really stuff like vanilla porn videos or tax records. Then you use the rest of the space to create another encrypted partition inside the first encrypted partition. On this partition you have an entire operating system and any files that you are interested in keeping secret.

      Without the second key you can’t even tell that there is a second, secret partition. So you reluctantly turn over an encryption key which proves that you like to watch amateur girl-on-girl action. Blush profusely and you are done.

      Someguy’s comment about forensic analysis would be tougher if it proves true. According to the TrueCrypt community it is mathematically impossible to prove that the random data inside the encrypted partition contains a second encrypted partition. Perhaps the weakness is due to common use cases (in which the host OS would be accessing the second encrypted drive, possibly leaving behind breadcrumbs about it’s existence)

Please to post comments

Comments are closed.