OnPoint: Legal Context
14 Responses
-
Normal encryption doesn’t help, as you can be legally compelled to give up the password.
However, if the penalty for conviction on whatever charges the encryption is delaying is higher than the two-year maximum for failing to release a password, you're better to stay mum and face the music (which will probably be home-D music at that) for withholding your password.
-
Would the use of some sort of duress alarm to destroy data (or encryption keys) be contempt?
-
Nick Russell, in reply to
Yes. You might also be liable for damages for despoiling evidence. If a Court orders you to deliver up evidence the only valid defence is privilege. If the evidence isn't privileged, you cannot avoid the order by uttering magic words or destroying the evidence.
-
Thomas Goodfellow, in reply to
Ignoramus response: actively using a duress password seems like contempt at best or plausibly destruction of evidence (since that surely includes materials due for searching, not merely materials already known to contain relevant evidence). But of course the penalty may still be less than that which may be due for the offense being investigated.
But how about a deadman's switch, i.e. a self-powered drive that makes itself physically corrupt if not properly unlocked within some interval? It might be harder to show that stalling on the unlock ("I need to talk to my company lawyer first") was deliberate vandalism than using a corrupting password since it can be seen that the drive says "DEAD" before starting password entry, as opposed to password entry appearing to succeed and then yielding a reset drive. Of course such a needy device would be an utter pain to live with, since the deadman interval needs to be short enough to prevent it being recognised and countermeasures applied (remove power, freeze, ablate chip housings, have Superman fly backwards around world until the drive is unlocked again...)
But it will take scrupulous discipline to ensure that the only solid evidence is on that drive - many a hacker has been bagged for tradecraft slips. However unless a conviction for evidence destruction is served in addition to sentence the underlying offence attracts then it could be a sensible gamble (practically, not morally - given this I hope such sentences are consecutive?)
-
“At rest” huh? So, traveling through space at a gizillion miles per hour counts as not at rest? I’ll give Einstein a call on that one.
So if I had 2, 3 or many more “clouds” that constantly shuffled my data around so it was never “at rest”, would that count? What constitutes the “minimum time” of “at rest”? It might be an interesting discussion.
Does a letter sitting in a letter box constitute it being “at rest”? In the postie’s bike bag? Sitting on my table unopened? Opened, read and put on the table?
Are the words sitting on the screen in front of me “at rest”? Oops…they’ve gone again….
Bizarre. And its a nightmare.
-
Ian Dalziel, in reply to
restive missive or Shrodinger's catalogue entry?
Does a letter sitting in a letter box constitute it being “at rest”? In the postie’s bike bag? Sitting on my table unopened? Opened, read and put on the table?
Neither particle, nor wave, the letter exists at all points in the journey (alpha to omega) and none of them...
yrs Half-full Glasshopper
-
Moz,
So does a search warrant require you to obtain stuff for the police? In other words, if your data is in the cloud are you required to download it for them? Or do they have to run off to the cloud and get it from the cloud provider? I'm specifically thinking of the encrypted, distributed storage schemes. No one person or location has all the data, none of it is in your house, but it's all accessible to you.
-
I have some pgp keys and files encrypted with them on one or other of my hard-disks, which time and the fallibility of memory have erased the passphrases from my memory.
If my hard disks were searched and a theoretical investigator asked for the passwords, I'm assuming that since none of those files are less than 4 or 5 years old, claiming to have forgotten the passphrase is a plausible defence against charges of contempt for failure to decrypt?
I've occasionally forgotten the passphrase to a key that's merely days old. I guess it's less plausible in that case, though still (obviously) it has happened to me.
What level of evidence does a court need to decide if you're showing them contempt in this sort of situation? What possible evidence could you use to prove that you really have forgotten?
-
Ross Mason, in reply to
I’ve occasionally forgotten the passphrase to a key that’s merely days old. I guess it’s less plausible in that case, though still (obviously) it has happened to me.
Oh you mean like writing the password down on a piece of paper and swallowing it.
I presume that means you are safe as it is not at rest, rather, it is in motion....
-
-
From the wiki link:
In the same year the High Court also clarified that Norwich Pharmacal orders should not be granted for "fishing expeditions". In Arab Satellite Communications Organisation v Saad Fagih & Anr [2008] Middle Eastern inter-governmental organisations applied for an order against a Saudi dissident for the identification of individuals that "may have been involved" in the broadcast of political material. The High Court refused to grant an order which would compel a third party to make a judgement about who "may have" done something, and ruled that "Norwich Pharmacal does not give claimants a general licence to fish for information that will do not more than potentially assist them to identify a claim or a defendant".[17]
Does this mean that this could be the reason Kim Dotcom has't been served with one of these to find those "culprits" who might have used Mega to "hide" their music???
-
nzlemming, in reply to
Does this mean that this could be the reason Kim Dotcom has't been served with one of these to find those "culprits" who might have used Mega to "hide" their music???
It's more likely because he hasn't had access to the servers since the raid.
-
It seems kinda silly to have a law that only protects sources and journalists who don't own cellphones or computers, eh. Almost like someone should be thinking of some amendments there, sometime.
Not that it'll matter once the GCSB's running the infrastructure. It's not like they bothered about warrants before they had all that power.
Still, enjoy your attempts at cloak & dagger folks, and good luck picking software, operating systems, and hardware that the NSA hasn't built any backdoors into for the whole world to browse.
-
Post your response…
This topic is closed.