Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.



1332 posts

Uber Geek
+1 received by user: 152
Inactive user


Topic # 114320 15-Feb-2013 16:32 Send private message

I am interested in hearing from someone involved in criminal 'cyber' law or any related fields and/or computer forensics professionals.

I also expect a few IANAL posts too ;-)

I was wondering about encryption the other day and am interested to know how New Zealand law would or has handled cases in which alleged computer criminals have encrypted their hard drives with TrueCrypt or something similar.

Can (or has) a judge compel a person provide the keys required to decrypt the contents of the hard drive assuming it was evidence or potentially evidence?

How well would a "lol, I forgot da password" defence go down with a court? Is there really any way to punish someone (e.g. contempt of court) if it is impossible to tell whether they are lying or not?

As with many crimes of an electronic nature, if the evidence is on the encrypted drive in a computer and you have 'forgotten' the password would the case have to be dropped?

I remember reading about this case in which the police went to incredible lengths to secure an offender's computer while it was on and decrypted so they were able to analyse its contents. Would this mean a judge could not have ordered the drive's decryption or simply that the police wanted an easier time gathering evidence?

My interest is based on the rising number of crimes being committed online, from hacking to child pornography to copyright infringement, and the technical inability to crack such encryption systems when administered correctly.

TIA for any insight :)

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4
409 posts

Ultimate Geek
+1 received by user: 2

Subscriber

  Reply # 763291 15-Feb-2013 23:40 Send private message

A judge has an awful lot of power! If they issue a warrant ordering you to comply and you refuse or fail to comply - then you will be held in contempt. At that point, they have significant leeway to deal with you for failing to comply with the warrant. They are also not best known for their sense of humour!

In the circumstance that you refer to, whilst the case that might depend on the content of an encrypted disk might fail due to lack of evidence, that may not actually help you, because the consequences of the failure to comply with the warrant will probably be worse than the original issue.

Cheers Mike

2329 posts

Uber Geek
+1 received by user: 78


  Reply # 763304 16-Feb-2013 00:43 Send private message

As part of the Search and Surveillance Bill you are required to give up your encryption keys (or else!)..
SO yeah, great, thanks National for slipping that one through..

See http://techliberty.org.nz/jailing-people-for-remaining-silent/


26 posts

Geek
+1 received by user: 3


  Reply # 765223 18-Feb-2013 15:58 Send private message

kyhwana2 is correct.

See section 130 of the Search and Surveillance Act. 



115 posts

Master Geek
+1 received by user: 8


  Reply # 765607 19-Feb-2013 10:08 Send private message

Don't we have like a fifth amendment equivalent here in NZ?

2391 posts

Uber Geek
+1 received by user: 292
Inactive user


  Reply # 765619 19-Feb-2013 10:28 Send private message

kyhwana2: As part of the Search and Surveillance Bill you are required to give up your encryption keys (or else!)..
SO yeah, great, thanks National for slipping that one through..

See http://techliberty.org.nz/jailing-people-for-remaining-silent/



Very true.

Thats why truecrypt has the "Hidden Volume" feature:

As far as I know its not possible for anyone to determine if the encrypt volume has a hidden volume or not.

It may happen that you are forced by somebody to reveal the password to an encrypted volume. There are many situations where you cannot refuse to reveal the password (for example, due to extortion). Using a so-called hidden volume allows you to solve such situations without revealing the password to your volume.


The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it should be impossible to prove whether there is a hidden volume within it or not*, because free space on any TrueCrypt volume is always filled with random data when the volume is created** and no part of the (dismounted) hidden volume can be distinguished from random data. Note that TrueCrypt does not modify the file system (information about free space, etc.) within the outer volume in any way.


http://www.truecrypt.org/docs/

So you give them the password to the normal volume which contains stuff like your CV, etc..

785 posts

Ultimate Geek
+1 received by user: 150


  Reply # 765639 19-Feb-2013 10:58 Send private message

russelo: Don't we have like a fifth amendment equivalent here in NZ?


The US one hasn't stopped people being compelled to give up their passwords.

778 posts

Ultimate Geek
+1 received by user: 41

Subscriber

  Reply # 765649 19-Feb-2013 11:18 Send private message

I have a few that I have genuinely forgotten the passwords to (not that there was anything bad on there, just email backups). What happens then, I'm held in contempt for something that I have no ability to comply with?

Sadly, there is no way to prove that I don't remember so I have to wait until the Judge changes his mind?


2820 posts

Uber Geek
+1 received by user: 522

Trusted
Subscriber

  Reply # 765652 19-Feb-2013 11:29 Send private message

dolsen: I have a few that I have genuinely forgotten the passwords to (not that there was anything bad on there, just email backups). What happens then, I'm held in contempt for something that I have no ability to comply with?

Sadly, there is no way to prove that I don't remember so I have to wait until the Judge changes his mind?



Correct; if you've genuinely forgotten, you're stuffed: otherwise 'I forget' would just get everyone off scott free.




iPad Air + iPhone 5S + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

194 posts

Master Geek
+1 received by user: 37

Trusted

  Reply # 765655 19-Feb-2013 11:31 Send private message

We lost the "right to remain silent" as such many years ago, following the 911 attacks in the US.

At the time the new cyber-terrorism bill (as it was called) included a section on encryption that was passed into law without any problem whatsoever (only terrorists keep secrets, you see).

Judge David Harvey told me about it in 2003: No right to silence for computer users.

Basically it works like this:

Police officer (or similar) serves you with a warrant to search your PC.
Finds encrypted file in a drive somewhere.
Demands you decrypt it.
You say "beats me, I have no idea what that is".
Officer says "you must now accompany me to the station where you will be detained..." etc.

Great way to upset your buddies and get them locked up - install some encrypted file while they're not looking then dob them in. Hilarity ensues!

Compare this with a police officer serving a warrant in the real world.

Officer serves you with a warrant to search your house.
Officer searches your house, fails to find a secret room/locked cupboard/obvious collection of guns.
Officer leaves and you go on about your business.

There is no requirement that you incriminate yourself UNLESS you have a computer.

how ridiculous.



715 posts

Ultimate Geek
+1 received by user: 21


  Reply # 765670 19-Feb-2013 11:42 Send private message

Judge David Harvey told me about it in 2003: No right to silence for computer users.


I wish Judge Harvey was a member here on Geekzone, the guy is very smart and really sets the stage for how the legal system in NZ can embrace and understand technology.  If you ever have a chance, read his papers.

26 posts

Geek
+1 received by user: 3


  Reply # 765686 19-Feb-2013 11:59 Send private message

Just to play devil's advocate here for a bit -

Putting a piece of evidence into a safe will not generally put it beyond the reach of a search warrant.

Why should an encrypted disc be any different?

2820 posts

Uber Geek
+1 received by user: 522

Trusted
Subscriber

  Reply # 765693 19-Feb-2013 12:07 Send private message

muso: Just to play devil's advocate here for a bit -

Putting a piece of evidence into a safe will not generally put it beyond the reach of a search warrant.

Why should an encrypted disc be any different?


Because generally speaking in a democratic society, you cannot be forced to incriminate yourself. If you refuse to open a safe because it would incriminate you, the police can probably take to it with an oxy torch. If you refuse to unlock an encrypted volume [and it was done right] then there is in theory no chance it could be unlocked in less than the age of the universe.

In other words your cooperation is not needed to gain access to safe. It is needed to gain access to an encrypted file.




iPad Air + iPhone 5S + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

785 posts

Ultimate Geek
+1 received by user: 150


  Reply # 765695 19-Feb-2013 12:10 Send private message

muso: Just to play devil's advocate here for a bit -

Putting a piece of evidence into a safe will not generally put it beyond the reach of a search warrant.

Why should an encrypted disc be any different?


Beacause if you lose, or refuse to hand over, the key/combo to a safe, they can (if they really want to) brute-force it - lock picks, drills, dynamite, etc.
Brute-forcing decent encryption with current tech can take hundreds of years or longer, depending on how paranoid the encryptor is.

785 posts

Ultimate Geek
+1 received by user: 150


  Reply # 765696 19-Feb-2013 12:12 Send private message

SaltyNZ:

In other words your cooperation is not needed to gain access to safe. It is needed to gain access to an encrypted file.


OTOH - this: http://xkcd.com/538/ 

26 posts

Geek
+1 received by user: 3


  Reply # 765698 19-Feb-2013 12:19 Send private message

I'll rephrase: if you accept that the police are entitled to seize a safe (and the key, if its there, or if not, break the safe open), why shouldn't they be able to compel you to open an encrypted drive?

 1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Moment of Truth?
Created by BarTender, last reply by DravidDavid on 22-Sep-2014 10:04 (409 replies)
Pages... 26 27 28


Festival of Democracy
Created by gzt, last reply by Geektastic on 21-Sep-2014 23:11 (117 replies)
Pages... 6 7 8


Predict E(l)ection 2014 & win
Created by nakedmolerat, last reply by networkn on 22-Sep-2014 08:51 (80 replies)
Pages... 4 5 6


IOS8 - Network Load
Created by FireEngine, last reply by raytaylor on 20-Sep-2014 16:55 (45 replies)
Pages... 2 3


Maybe some politicians should go back to school?
Created by jarledb, last reply by DarthKermit on 18-Sep-2014 18:27 (31 replies)
Pages... 2 3


Capital gain tax on property vs other investments.
Created by rayonline, last reply by Geektastic on 22-Sep-2014 09:51 (29 replies)
Pages... 2


Will My VDSL gets better?
Created by coconuts, last reply by Saranis on 21-Sep-2014 11:54 (29 replies)
Pages... 2


6.6Mb/s "in spec" for Torbay, Auckland?
Created by theasset13, last reply by theasset13 on 20-Sep-2014 17:13 (28 replies)
Pages... 2



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.