Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.



1332 posts

Uber Geek
+1 received by user: 152
Inactive user


Topic # 114320 15-Feb-2013 16:32 Send private message

I am interested in hearing from someone involved in criminal 'cyber' law or any related fields and/or computer forensics professionals.

I also expect a few IANAL posts too ;-)

I was wondering about encryption the other day and am interested to know how New Zealand law would or has handled cases in which alleged computer criminals have encrypted their hard drives with TrueCrypt or something similar.

Can (or has) a judge compel a person provide the keys required to decrypt the contents of the hard drive assuming it was evidence or potentially evidence?

How well would a "lol, I forgot da password" defence go down with a court? Is there really any way to punish someone (e.g. contempt of court) if it is impossible to tell whether they are lying or not?

As with many crimes of an electronic nature, if the evidence is on the encrypted drive in a computer and you have 'forgotten' the password would the case have to be dropped?

I remember reading about this case in which the police went to incredible lengths to secure an offender's computer while it was on and decrypted so they were able to analyse its contents. Would this mean a judge could not have ordered the drive's decryption or simply that the police wanted an easier time gathering evidence?

My interest is based on the rising number of crimes being committed online, from hacking to child pornography to copyright infringement, and the technical inability to crack such encryption systems when administered correctly.

TIA for any insight :)

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4
405 posts

Ultimate Geek
+1 received by user: 2

Subscriber

  Reply # 763291 15-Feb-2013 23:40 Send private message

A judge has an awful lot of power! If they issue a warrant ordering you to comply and you refuse or fail to comply - then you will be held in contempt. At that point, they have significant leeway to deal with you for failing to comply with the warrant. They are also not best known for their sense of humour!

In the circumstance that you refer to, whilst the case that might depend on the content of an encrypted disk might fail due to lack of evidence, that may not actually help you, because the consequences of the failure to comply with the warrant will probably be worse than the original issue.

Cheers Mike

2329 posts

Uber Geek
+1 received by user: 78


  Reply # 763304 16-Feb-2013 00:43 Send private message

As part of the Search and Surveillance Bill you are required to give up your encryption keys (or else!)..
SO yeah, great, thanks National for slipping that one through..

See http://techliberty.org.nz/jailing-people-for-remaining-silent/


25 posts

Geek
+1 received by user: 3


  Reply # 765223 18-Feb-2013 15:58 Send private message

kyhwana2 is correct.

See section 130 of the Search and Surveillance Act. 



109 posts

Master Geek
+1 received by user: 8


  Reply # 765607 19-Feb-2013 10:08 Send private message

Don't we have like a fifth amendment equivalent here in NZ?

2391 posts

Uber Geek
+1 received by user: 292
Inactive user


  Reply # 765619 19-Feb-2013 10:28 Send private message

kyhwana2: As part of the Search and Surveillance Bill you are required to give up your encryption keys (or else!)..
SO yeah, great, thanks National for slipping that one through..

See http://techliberty.org.nz/jailing-people-for-remaining-silent/



Very true.

Thats why truecrypt has the "Hidden Volume" feature:

As far as I know its not possible for anyone to determine if the encrypt volume has a hidden volume or not.

It may happen that you are forced by somebody to reveal the password to an encrypted volume. There are many situations where you cannot refuse to reveal the password (for example, due to extortion). Using a so-called hidden volume allows you to solve such situations without revealing the password to your volume.


The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it should be impossible to prove whether there is a hidden volume within it or not*, because free space on any TrueCrypt volume is always filled with random data when the volume is created** and no part of the (dismounted) hidden volume can be distinguished from random data. Note that TrueCrypt does not modify the file system (information about free space, etc.) within the outer volume in any way.


http://www.truecrypt.org/docs/

So you give them the password to the normal volume which contains stuff like your CV, etc..

759 posts

Ultimate Geek
+1 received by user: 129


  Reply # 765639 19-Feb-2013 10:58 Send private message

russelo: Don't we have like a fifth amendment equivalent here in NZ?


The US one hasn't stopped people being compelled to give up their passwords.

759 posts

Ultimate Geek
+1 received by user: 40

Subscriber

  Reply # 765649 19-Feb-2013 11:18 Send private message

I have a few that I have genuinely forgotten the passwords to (not that there was anything bad on there, just email backups). What happens then, I'm held in contempt for something that I have no ability to comply with?

Sadly, there is no way to prove that I don't remember so I have to wait until the Judge changes his mind?


2750 posts

Uber Geek
+1 received by user: 408

Trusted
Subscriber

  Reply # 765652 19-Feb-2013 11:29 Send private message

dolsen: I have a few that I have genuinely forgotten the passwords to (not that there was anything bad on there, just email backups). What happens then, I'm held in contempt for something that I have no ability to comply with?

Sadly, there is no way to prove that I don't remember so I have to wait until the Judge changes his mind?



Correct; if you've genuinely forgotten, you're stuffed: otherwise 'I forget' would just get everyone off scott free.




iPad Air + iPhone 5S + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

194 posts

Master Geek
+1 received by user: 37

Trusted

  Reply # 765655 19-Feb-2013 11:31 Send private message

We lost the "right to remain silent" as such many years ago, following the 911 attacks in the US.

At the time the new cyber-terrorism bill (as it was called) included a section on encryption that was passed into law without any problem whatsoever (only terrorists keep secrets, you see).

Judge David Harvey told me about it in 2003: No right to silence for computer users.

Basically it works like this:

Police officer (or similar) serves you with a warrant to search your PC.
Finds encrypted file in a drive somewhere.
Demands you decrypt it.
You say "beats me, I have no idea what that is".
Officer says "you must now accompany me to the station where you will be detained..." etc.

Great way to upset your buddies and get them locked up - install some encrypted file while they're not looking then dob them in. Hilarity ensues!

Compare this with a police officer serving a warrant in the real world.

Officer serves you with a warrant to search your house.
Officer searches your house, fails to find a secret room/locked cupboard/obvious collection of guns.
Officer leaves and you go on about your business.

There is no requirement that you incriminate yourself UNLESS you have a computer.

how ridiculous.



685 posts

Ultimate Geek
+1 received by user: 18


  Reply # 765670 19-Feb-2013 11:42 Send private message

Judge David Harvey told me about it in 2003: No right to silence for computer users.


I wish Judge Harvey was a member here on Geekzone, the guy is very smart and really sets the stage for how the legal system in NZ can embrace and understand technology.  If you ever have a chance, read his papers.

25 posts

Geek
+1 received by user: 3


  Reply # 765686 19-Feb-2013 11:59 Send private message

Just to play devil's advocate here for a bit -

Putting a piece of evidence into a safe will not generally put it beyond the reach of a search warrant.

Why should an encrypted disc be any different?

2750 posts

Uber Geek
+1 received by user: 408

Trusted
Subscriber

  Reply # 765693 19-Feb-2013 12:07 Send private message

muso: Just to play devil's advocate here for a bit -

Putting a piece of evidence into a safe will not generally put it beyond the reach of a search warrant.

Why should an encrypted disc be any different?


Because generally speaking in a democratic society, you cannot be forced to incriminate yourself. If you refuse to open a safe because it would incriminate you, the police can probably take to it with an oxy torch. If you refuse to unlock an encrypted volume [and it was done right] then there is in theory no chance it could be unlocked in less than the age of the universe.

In other words your cooperation is not needed to gain access to safe. It is needed to gain access to an encrypted file.




iPad Air + iPhone 5S + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

759 posts

Ultimate Geek
+1 received by user: 129


  Reply # 765695 19-Feb-2013 12:10 Send private message

muso: Just to play devil's advocate here for a bit -

Putting a piece of evidence into a safe will not generally put it beyond the reach of a search warrant.

Why should an encrypted disc be any different?


Beacause if you lose, or refuse to hand over, the key/combo to a safe, they can (if they really want to) brute-force it - lock picks, drills, dynamite, etc.
Brute-forcing decent encryption with current tech can take hundreds of years or longer, depending on how paranoid the encryptor is.

759 posts

Ultimate Geek
+1 received by user: 129


  Reply # 765696 19-Feb-2013 12:12 Send private message

SaltyNZ:

In other words your cooperation is not needed to gain access to safe. It is needed to gain access to an encrypted file.


OTOH - this: http://xkcd.com/538/ 

25 posts

Geek
+1 received by user: 3


  Reply # 765698 19-Feb-2013 12:19 Send private message

I'll rephrase: if you accept that the police are entitled to seize a safe (and the key, if its there, or if not, break the safe open), why shouldn't they be able to compel you to open an encrypted drive?

 1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Hierarchy of a mistake: Gerry Brownlee
Created by joker97, last reply by sdav on 25-Jul-2014 13:16 (47 replies)
Pages... 2 3 4


Geekzone giveaway: Thecus N2310 NAS
Created by freitasm, last reply by Dunnersfella on 24-Jul-2014 23:17 (81 replies)
Pages... 4 5 6


MH 17 "shot down" all dead
Created by joker97, last reply by ScuL on 24-Jul-2014 21:40 (203 replies)
Pages... 12 13 14


Is chorus going to deliberately slow adsl internet down
Created by rugrat, last reply by NonprayingMantis on 25-Jul-2014 13:00 (43 replies)
Pages... 2 3


Huge Fuss, didn't even make it a year.
Created by networkn, last reply by Glassboy on 22-Jul-2014 19:50 (121 replies)
Pages... 7 8 9


Sickening floral smell in car, What next?
Created by TimA, last reply by TimA on 25-Jul-2014 12:51 (38 replies)
Pages... 2 3


Skinny's new aggressive ad campaign
Created by Yabanize, last reply by Yabanize on 22-Jul-2014 23:35 (52 replies)
Pages... 2 3 4


Giving notice
Created by IlDuce, last reply by kharris on 24-Jul-2014 17:36 (15 replies)


Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.