Now you can be forced to decrypt your hard drive?

Awhile back we noted a case where Ramona Fricosu, a woman accused of involvement in a mortgage scam, was asked, following a law enforcement raid in which her laptop was seized, to decrypt data on the device for use as evidence, potentially incriminating her. She pleaded the 5th Amendment protection against self-incrimination and refused to comply. Now a federal judge in Colorado has ruled, in what may be a precedent-setting case, that Ms. Fricosu must provde the PGP passphrase needed to decrypt her laptop, .

In the past, the 5th Amendment defense has been a standard response to law enforcement requests to decrypt devices. Apparently, PGP Destop Encryption has proven more than trivial to decrypt without the passphrase, much to the chagrin of law enforcement bodies throughout the U.S. (and world). If a forced decryption ruling does prevail, the court will have more latitude to compel decryption of devices and data by an accused person, providing a stronger precedent for less fettered access to protected data, to the chagrin of many privacy pundits.

At its core, the argument harkens back to the “Lock vs. Safe” argument, where a strongbox key can be considered physical evidence, and therefore is subject to subpoena, but a combination to a safe can be considered a “product of the mind” and is, therefore, exempt from subpoena. In this case, Ms. Fricosu’s passphrase might be found to be a “product of the mind”, making it difficult to compel her to produce it.

It will also be interesting to note whether Ms. Fricosu will be “able to remember” the passphrase. If she were not, it would be difficult to determine whether or not she had simply forgotten, or only claimed to.

The Electronic Frontier Foundation (EFF) has spoken vociferously in the past about the issue, and can be expected to weigh in as the case progresses.

The case also speaks to the high level of security provided by PGP. We frequenty read news stories of organizations being hacked, but PGP protection seems to make data access – good or bad – much more difficult.

Protecting your digital information with strong encryption will make it much more difficult for bad guys to get at. Also, encrypting your data erects an additional barrier to unauthorized access. If someone gains access to your encrypted media you may be alerted to attempts to access it, since they would need the passphrase to do so.

Author Cameron Camp, ESET

  • Bill Randle

    I live in Brazil but I am an American. I understand that passphrases can be "forgotten" especially when worried about your personal freedom. I have a problem regarding my evaluation version of ESET for linux. As I said, I'm in Brazil and when I try to order online I only have the page in Portuguese. I don't speak Portuguese and the option to change the language is not available. I can't seem to find a route to customer service, just choose my problem from a drop down list and then return to a "contact us" page. I like the product, but may be forced to uninstall. Any suggestions?

    • David Harley

      Responded by email.

  • ryu

    thermorectal cryptoanalysis is known for a long time as a very reliable way to recover the forgotten passwords.

    • David Harley

      @ryu but not, I think, a standard investigative technique in the US…

  • Josh

    I believe the issue here is that surveillance had detected her saying that there was incriminating evidence on the laptop. The basic idea was that revealing her passphrase wasn’t self incriminating since she had already incriminated herself. My understanding is that under US law you still can still take the 5th to avoid giving up your passphrase if it would actually incriminate you.

    At least that’s what I read in some other news articles. Perhaps someone with more knowledge on the issue can confirm.

    On a side note, I think I just made up some new variations of incriminate. I’m not a lawyer and have no idea what the proper wording is :-)

  • recuperação de dados

    First of all, she did not "forget" the password…she is deliberately not given the password up. I think authorities will be able to recover the data quickly and they do not actually need her cooperation. We'll see what happens.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

2 articles related to:
Hot Topic
24 Jan 2012
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.