Hacker News new | past | comments | ask | show | jobs | submit login
Compelled Decryption and the Privilege Against Self-Incrimination (ssrn.com)
109 points by mrleiter on Nov 14, 2018 | hide | past | favorite | 122 comments



> An assertion of privilege should be sustained unless the government can independently show that the suspect knows the password.

I strongly disagree with this interpretation. It's an old argument, I follow the reasoning behind it (I actually think the author does a good job arguing in favor of this position), but at the end of the day I'm just too uncomfortable with how this would work in practice.

During a normal search, they get a warrant, tell you to produce some documents, and if you don't comply then they go get the documents themselves. If they can't find the documents, then they can come back to you with obstruction or contempt charges, but this is the rare case.

With passwords, the rare case becomes the common case. Enough people are going to suddenly "forget" their passwords that law enforcement and judges are going to roll their eyes and throw the book at anyone who actually forgets a password.

I don't believe it's possible for anyone to prove that someone knows a password. People can forget at any time, for any number of reasons, including trauma.

What's going to happen when police have evidence that I did, at one point, know the extra-super-secret password to some old confidential document that I set up a pgp key to encrypt and promptly forgot about? What about when my harebrained DIY deniable encryption scheme means that I genuinely don't know which of the following hundred-thousand files I know the password to, even though I obviously must know, because I set it up in the first place?

There's no law against being a paranoid doofus.


I had an iPhone that I forgot the password to and it was a real pain in the ass. I ended up locked out of my phone and could never get past it. I have also played around with pgp and made an account and tried sending a couple encrypted emails to no one in particular. Now I forget how to even log into pgp. I also have several email address I have forgotten the passwords to. A device I used for years when the screen broke I used another phone for a month then forgot the password with out many tries. So I feel this is a concern. It is easy to forget a password. I don't use cat123, my password is like 20 characters long with capitals and special punctuation marks. Though I suspect many people would conveniently forget their password I have no doubt some would legitimately forget.


> I had an iPhone that I forgot the password to and it was a real pain in the ass.

I know this doesn't address your comment head-on (i.e lost password) - but it does address the issue of stolen phones which are apparently impossible to restore back to their factory settings.

Most people who rob iPhones are not technically savvy, but they know people who are, and they get those people to debrick the phones.

The real question is: who are these people who can unbrick iPhones?. Well it turns out: all you need to do is look on your town noticeboard and there are a slew of people who claim to 'unlock' or otherwise debrick iPhones.

Typically the tech they use to debrick the phones is readily available on the web, and god knows what other things they do to the phones once they are 'market ready' and ready to be sold (malware implants, either accidental or deliberate can be found on these devices).

I know from experience and know a few people in those circles who deal with stolen phones all day, everyday. There are also firms who demand proof-of-ID so that stolen phones can be tracked and tied back to an individual. The firms that don't require ID have something to hide (they typically ask for no ID and happily sell you a stolen phone for a cut price).


You can also use stolen phones for spare parts, though I suppose they're much less valuable as such.


Absolutely this. I had someone say "well my phone would be worthless anyways since it would be locked" I laughed at them. I said so your perfectly good screen has no value to me if mine is cracked? Your speaker in the phone worthless? And so on. I am typing this on an iPhone 4s that has had more donor parts then I can even fathom. You can buy unlocked motherboards as well, though with Apple locking things like the home button to the board not entirely sure how that would work but the point stands the phones are definitely with something locked or not.


I use a password manager, and I genuinely do not know the password for most of my accounts.


I use a very long, static password baked into a YubiKey (with some other measures), and I honestly don't know what the password is.

Q: What's your password?

A: I have no idea.

Q: How do you log into computers then?

A: I'm going to invoke my right to remain silent now, thanks.

[I am under no illusion that this actually helps the compelled decryption situation]


IRL you should be invoking your right by simply not answering the first question or any other.


You are correct.


This hurts the compelled decryption situation immensely. You have a physical key that you can be forced to turn over, and then they basically have everything.


There are other measures, such as a prefix or suffix ("PIN") that you can supply, so the physical key doesn't have the entire password. Otherwise, you're right.

It's also useful to be able to leave the physical key at home, or with another party.

... and if you hand it to your attorney, does that count as privileged communication?


If you ever actually get arrested, do not do this. Once you start answering questions, you forfeit your right to silence, and refusing to answer questions later can and will be taken as evidence against you. Just be silent from the beginning.


You can shut up any time; there's no "Oh, you were talking, now you can't stop talking."

Of course you cannot take back what escaped your mouth prior to asserting for right to remain silent.


Warrants have to be specific, correct? If they asked for your Xyz password and you didn't know it, you explained you used a password manager- would they have to get an expanded warrant to compel you to disclose that password? Would that be considered an overly broad warrant?

I use my password manager to save things that are not passwords too- padlock combos, combo to my safe, medical info, parents wills, banking, all my dirty secrets... Seems wrong they could get access to all my info if the warrant is just for Xyz.


there could be language in a warrant to include that scenario.


Speaking of which, I have a computer with a locked screensaver which I've forgotten the password for. If anyone in the vicinity of Boston knows how to do a cold-boot attack and is interested in practicing on it, please get in touch. :-)

It doesn't really matter if the process fails, it would just be nice to regain access, and it would be interesting to learn how to do it.


Is it installing security updates? If not (you could even force it by disconnecting its Internet connection), then there's a good chance an exploit has already been discovered that you can use. This is probably easier than a cold boot attack.


No, it's not. Thanks for the suggestion. That sounds like something I could take a crack at myself.


Does it have memory encryption enabled? Or even an IOMMU?

Does it boot on its own, without entering a password?

I'm on the wrong side of the ocean, alas, but I'm betting this won't be too hard to crack.


Regarding the hardware questions, I don't know. FWIW, it's a Dell Inspiron i3531-1200BK.

It does have FDE, and requires a password on boot for that.


So, hang on. Do you know the FDE password?

If so, just take the disk out and plop it in another machine and-- you're done.

If not, then no cold-boot attack can possibly work.


No, I don't. The laptop was in suspend-mode for long enough that I forgot the password. It's been on a power supply since, to keep it from turning off. I can get it to a screensaver, and that's it, so far.


That makes everything much harder.

You know that, I suppose. You'll have to crack it by using FireWire or a similar method that lets you read/alter memory, or by opening it up and connecting probes directly to main memory. I have no problem telling you that the latter would be harder.

I certainly would not be able to do either.


And to clarify, since you mentioned cold boot attacks earlier -- yes, that could work, but there's also a very good chance that it clears memory during BIOS initialization.


https://github.com/carmaa/inception

This tool could help you, possibly.


Awesome, thanks.


Is the hard drive encrypted? If not, just take it out and... You're done.


Yes, otherwise it would be simple.


Indeed, the article doesn't address the question of forgetting. And generally, it over-complicates things.

Let's say that you don't know the password, and never did, because it's not your device. If ordered to decrypt, you just say: "I don't know the password." You don't plead the Fifth. Because you simply don't know the password, and the thought of self-incrimination would never occur to you.

Now let's say that it's your device, and that you did know the password, at one time. But maybe only for a few seconds after you set it, and then forgot to write it down. Or maybe you did that intentionally, to nuke a device before resale. Or maybe you have honestly just forgotten it. I have one or two old drives around like that, so hey ;) Anyway, in that situation, you'd just say: "I've forgotten the password."

But now, let's say that it's your device, and that you do in fact know the password. What do you say? If you plead the Fifth, that's basically an admission that you know the password. Because, as I've said, the thought of self-incrimination would have never occurred to you, if you didn't know it. So you don't do that. You just say that you've forgotten it.

There are, I admit, some concerns with that approach. First, you're lying to an agent, and penalties for that can be extremely severe. So it's your call to make. Also, if an agent testifies that you were using the device when swatted, that claim may seem iffy.

But if pleading the Fifth is no longer an option, what are the alternatives? You can at least claim trauma. And if you're old like me, a ministroke.


> If you plead the Fifth, that's basically an admission that you know the password.

Is this your opinion or from the article?


It's my own opinion. I mean, isn't it obvious?

In what circumstances, where you actually don't know something, would you plead the Fifth? Would you do that, just as a matter of principle, just because they're asking for something that they have no right to ask? That seems like asking for trouble.

I do understand the intent of the Fifth Amendment. To protect defendants from incriminating themselves. And, I believe, to forestall the use of torture.

But now, regarding passwords and access credentials, the Fifth is becoming unworkable. I mean, that Philly ex-cop is still in jail for contempt. And perhaps he actually has forgotten the password to his Apple storage device.


First, you can't legally take the fifth just because they are asking something they "have no right to ask". You can only legally take the 5th to prevent possible implication. You also only need to worry about the 5th during certain scenarios. Most of the time you can just refuse to speak. But if you've actually been charge and decided to take the stand and start to answer questions, you have waived your fifth amendment right because that would inhibit the cross-examination's questions.

"I mean, isn't it obvious?" That's a common misconception about the 5th amendment. In fact the US Supreme Court has said - "One of the Fifth Amendment's basic functions is to protect innocent men who otherwise might be ensnared by ambiguous circumstances."

Case in point: Detective: "Do you know the victim?" Suspect: "Yeah, we've crossed paths a few times before - mutual friends" Detective: "Do you like him?" Suspect: "Not especially. He always seemed kind of arrogant." Detective: "Where were you Friday night?" Suspect: "I went out with a few friends to the Irish pub at the corner of 7th" Detective: "That's interesting because his body was found about a mile from there. And the body was located roughly halfway between that pub and your apartment."

Oops. Now you're screwed. You've confirmed your knew the person, didn't like them, and was in the area of the murder on the night it occurred. And your language even uses the past tense ("seemed kind of arrogant"). All of this would be used against you.


Sure, you can refuse to speak during police questioning.

However, if you're charged, you will asked to take the stand, and perhaps be deposed. I'm not sure that you can keep refusing to speak, without facing contempt charges, unless you plead the Fifth. But IANAL, so ???

My "isn't it obvious" comment was not about the innocent. But rather about someone who is arguably guilty, and knows it, but doesn't want to give that away.


Not sure if you live in the US or not, but in the US you are never required to be deposed or take the stand if you are the person being charged. A person charged with a crime can never be forced to take the stand at all. If they choose to do so, they make that choice knowing that they are waiving their fifth amendment rights and can not take the fifth as that would hinder the right of the prosecution to cross-examine them.

If a person is not the one being charged with the crime they can be required to appear in court and provide testimony but if during the course of testimony they would be giving an answer that exposes any illegal activity on their part, they can take the fifth. A good example of this is is someone witnessed a crime but they were buying drugs at the time when they happened to witness it and they were questioned about why they were at that location at that time and what they were doing there. Answering that question would force an admission of a felony on their part and would expose them to charges so they can legally refuse to answer by citing the fifth amendment. A lot of times this is rectified by being granted immunity in return for testimony since the criminal activity on the part of the person testifying is not usually of significance to the prosecution.


OK, but what about that ex Philly cop who's been in jail for a couple years, for contempt, for refusing to provide a device passphrase? His actual trial is basically on hold, until he answers. Unless the Supreme Court intervenes, anyway.


That's a fair point to bring up. The verdict is still out on that one, as far as I know. From what I remember the issue was that he wasn't going to incriminate himself because they already had separate evidence showing that there was child porn on that device and he was the one who downloaded it. So since this was already known to police it wouldn't be a violation of his 5th amendment rights since the information was already known.

There were other rulings for other individuals for whom the government didn't have the evidence against already and they wanted the device access to give them that evidence. In those cases, as I recall, it was said that a defendant could not be required to decrypt unless the device was crossing the border and was subject to the standard lack of privacy at the border. Otherwise, since they didn't have proof, what they needed was the "content of his mind" and that was privileged. As for the border, they might not even be able to require decryption if you are a US citizen. They might demand it and even confiscate the device. But if you are a US citizen, you can't be blocked from entry. So they might just keep the device in those cases and allow you in. I can't swear to the accuracy of that one, though. But I'm pretty sure that's mostly correct. Non-citizens can be turned down at the border for pretty much any reason, including refusal to submit to searches and other privacy-related issues.


Thanks. I didn't realize that they had independent evidence that there was child porn on the device.

Or at least, I didn't realize that they had valid independent evidence of that. As I understand it, they had data from a hacked version of the Freenet client, showing that his node had received pieces of child porn files. They knew that because they were serving those files, and could identify pieces by hash value. Their expert testified that, contrary to claims by the Freenet Project about random routing of file pieces, they could determine that the defendant's node was in fact the recipient, and not just a relay. But, according to the Freenet Project, that's bullshit, which is based on a misunderstanding (perhaps intentional) of the Freenet protocol and mechanism.

I wonder whether they have other independent evidence that's actually valid. But these are subtle points for a judge. And I'm guessing that the defendant doesn't have the expert muscle to dispute those claims. And/or that juries could follow any of that.


Remaining silent is (in the USA) evidence of nothing. The burden of proof is on the prosecution.

Actually pleading the fifth, to a specific question, may have different implications. IANAL.


Yes, "[r]emaining silent is (in the USA) evidence of nothing", but only regarding the facts of the case. But it can be evidence of contempt, and that can put you in jail. And because each refusal to answer is an additional act of contempt, there's effectively no limit to jail time. You're stuck in a contempt-of-court loop.


> But if pleading the Fifth is no longer an option, what are the alternatives?

Simple: just give the password!


But then the state has access to my linux iso collection....


That'd open up quite the can of worms, for me ;)

And I'm just a punter.


The idea is to to go to jail for refusing the court order you can follow. I've personally forgotten quite a few complicated passwords over the years. Try it, set a password, it makes perfect sense, but if you don't use it for weeks, it's gone! Jail? Nope, I knew it but I really don't now. And since, I really may not know, and no one can be sure...jail should not be an option.


legitimate forgetting will rarely arise: law enforcement just captures the defendant entering the password (e.g. surveillance video).

Face ID is also hard to "forget" :-)


I personally have at least one Truecrypt volume whose password I've forgotten.

It contains a year or so's worth of journal entries, so I keep it around in case inspiration strikes, but so far I've had no luck opening it.

Were I investigated for a crime, it's not implausible that the police might take my hard drive and come back saying something like "here's a list of encrypted volumes we found, open them", and in at least that one case, I simply cannot.


Having old devices/HDD sitting around seems to be common in tech and non tech circles. So, I suspect 10+% of people already have an encrypted device in their home where they forgot the password. Now, given a few dozen tries they might be able to recall it, but it’s not something they can just hand out.


I'd be surprised if more than 10% of the population actually ever owned an external drive... (excepting diskettes)


That 10% is including old phones, tablets, computers, USB sticks, and external backup drives. I suspect old tablets and phones are going to make up the bulk of forgotten passwords, but the government is going to request every password for every device.


Say, “hey Siri, whose phone is this?” It will require that your password be entered to unlock the phone; Face ID won’t work.

You can also hold the power and volume up buttons for five seconds on the iPhone X.


know something have someting. password and key file. compromised kill file.

face id is something you have but is not very secure in compelled situations which does not have to mean police.


I'm actually one of those paranoid doofus. I have a few 2 TB backup hard drives encrypted with Truecrypt (before the Truecrypt devs decided to abandon the project), and I can't remember the password...

I tried to brute-force it using John The Ripper, but after a few hours trying to configure it with a dictionary, I just gave up. I'll need to get back to it some day !


Fun story. Back when I was a bit younger, I once forgot the 4-digit PIN of a cash card after a heavy night of drinking, even though I had used the card for many, many years almost daily. It was just gone, no matter how much I tried to remember it. (Then, getting a new card took 3 weeks or more, so I tried a lot.)

My guess is that some information is stored in the brain chemically in few brain cells, and when they're gong, it's gone.


This interpretation of the right to remain silent frightens me.

The example I was always given to point out the need of such a right is the police saying, "Alright, show us where you buried the body." And if they can "prove" that you buried the body but you cannot actually take them there because you didn't bury the body then you go to prison forever.

The government should not have the power to go on a fishing expedition through my device. If the government can already prove that something illegal is on my device, then they do not need that thing in order to convict me of a crime. It is just superfluous to compel me to do things and it is dangerous.


I really sympathize with the desire to have my computing device extremely protected against scrutiny because I like to think of it as an extension of my own memory and cognitive ability etc and don't want to worry about maintaining an airgap between in-brain capacity and external capacity for liability reasons.

However I am not very optimistic that this line of argument is going to fly. Why do you need to search my car for illegal drugs if you can't already prove that I have them? Why do you need insight into my finances if you can't already prove that I am evading taxes?

As long as we, in principle, give the legal system a mandate to investigate crimes, there is always going to be a point where arguments around reasonable suspicions are going to prevail against privacy concerns. Ultimately I don't think it's realistic to hope to create a comfortable relationship with a malevolent judicial establishment by adding some hoop or other for them to jump through before they get to fuck you over.


> Why do you need to search my car for illegal drugs if you can't already prove that I have them? Why do you need insight into my finances if you can't already prove that I am evading taxes?

The law already imposes those requirements, in theory. A warrant should only be issued, according to the US Constitution, if evidence is presented to a judge that it's more likely than not the search authorized by the warrant will find evidence of a crime. That usually means a non-consensual search is only allowed when there's already significant evidence of guilt.

If that sounds like a fairly high standard, you're right. It was intended to be. If it sounds like a higher standard than is often used in practice... well, you may be right about that too.


Yeah, so I think that imposing similar requirements for compelled decryption is not the way forward. There is limited use in instituting high standards if you fundamentally can't trust the people interpreting those standards.


I'd like to see more work on systems with plausible deniability. Many legal jurisdictions already have compelled decryption


Because there are other ways to get decryption keys. Old fashioned "over the shoulder" techniques still work: cameras, informants, even spyware. They just require effort. This is really about cops wanting easy and ready access rather than committing to oldschool detective work.

It is akin to cops wanting to measure a car's speed by directly accessing the data from it's speedometer. That may be far easier than hiding in a bush with a radar gun, but so is the price of constitutional rights.


Do we really rather want to end up in a world where the government is in the business of undermining computer security at large to get its spyware everywhere it wants it? I mean, but do we want this to be a thing the legal system does openly as part of its mandate?

I'm also not sure if I want the government installing cameras in all public spaces so they can, uh, catch speeding cars and definitely do nothing else, maybe uploading car telemetry when you're on public roads is an okay price to avoid that.


> Do we really rather want to end up in a world where the government is in the business of undermining computer security at large to get its spyware everywhere it wants it?

I very much want to end up in a world in which they have to contend with the rest of the computer industry's efforts to secure systems. That's a world in which a few high-profile targets might have to worry about having zero-days burned on attacking them, but most people are safe.


Too late. They are already doing that and will continue to do so even if they get everything they want in telemetry.

The solution is to push back on everything because they never yield power unopposed.


> And if they can "prove" that you buried the body but you cannot actually take them there because you didn't bury the body then you go to prison forever.

Not only that, it assumes you know something you may not. There is video of you digging a hole, that doesn't mean you know where it is. Someone else was driving while you were sleeping, or it was some time ago and you don't remember.

What happens if you legitimately can't remember your password?

And it becomes a method of punishing anyone arbitrarily. Just keep asking questions until you find one they don't know the answer to, then throw them in jail indefinitely for not answering it.


> The example I was always given to point out the need of such a right is the police saying, "Alright, show us where you buried the body." And if they can "prove" that you buried the body but you cannot actually take them there because you didn't bury the body then you go to prison forever.

I often say that Franz Kafka was not a littérateur, but a crown witness (he indeed studied law).


If it gets really bad then security products where there are (n) keys, several that decrypt to a relatively blank slate and one that decrypts to your real data can be used by the truly clever.


The precedents on snooping that have served us up to the 1970s are outdated for several reasons.

On one hand, it's true that where in the past most people would have sent letter and kept physical record books that could be siezed, the modern equivalents are often encrypted.

On the other hand, modern phones don't only contain the letters and records someone in the 1970s would have kept. People have GPS location records, records of things they've read, heart rate monitor records, naked photos of their lovers, and all the credentials needed to empty their bank accounts.

There is also a change in scalability; while in principle monitoring on 0.01% and on 99.99% of the population may be equivalent, in practice a quantitative difference of so many orders of magnitude is quantitatively different. In the 1970s, trailing someone everywhere was so expensive large-scale monitoring was impossible, and rules to keep tabs on the impossible weren't needed. In the modern age, the costs have dropped to a fraction of a penny, but the protections against abuses haven't kept pace.

Achieving a reasonable balance will be difficult.


Aside from GPS logs, which of those things wouldn’t have been on your desk, when the police raided your home office for papers in the 1970s?

The problem is with overly broad warrants, that allow for whole device imaging — though we sometimes see that with real warrants too, which just grab everything.


"This paper solely addresses the Fifth Amendment framework for compelling acts of decryption by entering passwords without disclosing it to the government. Compelled use of biometrics and compelled disclosure of passwords raise different Fifth Amendment issues."

Are we to believe that typing it in the presence of officers of the court doesn't communicate the password to officers? This seems questionable. I'm sure judges love, technically we are violating your clients rights but as long as officer smith looks over that away we TECHNICALLY wont be.

Further one can argue both having forgotten a password AND the fifth amendment. You can argue that the act of trying to unlock it is testimonial AND that you don't know the password. Prove them wrong.

You could argue that the authorities have presented you with a device that has had the password changed. If they actually do this do they just get to lock you up for however long they feel like?

It's probably true in many cases that you can establish that a device was used by a person, bought by a person, that that person PROBABLY knows the password. This isn't enough for it to be a foregone conclusion.

This reads like complicated wishful thinking designed to relieve the prosecution of the burden of doing intelligent police work.


> You could argue that the authorities have presented you with a device that has had the password changed. If they actually do this do they just get to lock you up for however long they feel like?

I am strongly against compelled decryption, but haven't come across this argument before. I think it's a brilliant point.


Argument that represents unlikely logical possibility rarely wins.


Except when fear comes into play. You might enjoy reading this: https://psychology.stackexchange.com/questions/9200/why-do-p...

In this particular case, there is a fear that one could get a severe sentence (e.g. capital punishment) without having even committed a crime, all due to the police changing their password. If a person is afraid enough of that (unlikely) potential outcome, they may ignore statistics all together and follow their fear.

For more examples of how much people ignore probability, consider https://money.cnn.com/2017/08/24/news/economy/lottery-spendi... and https://www.quora.com/How-much-does-a-casino-make-daily


How that fear is supposed to help with court cases? Defendant being fearful does not help his case.


I'm not saying people should take the stand and say they're afraid... perhaps we have different interpretations of the quote from appleflaxen that was quoted and that you responded to. Here it is:

"You could argue that the authorities have presented you with a device that has had the password changed. If they actually do this do they just get to lock you up for however long they feel like?"

I interpreted that quote to be used as potential horror story that could be created by compelled decryption. As such, the fear that story creates could make it used as an argument against compelled decryption ("if a court can compel you to decrypt your files, then $HORROR_STORY is possible! We need to all fight against compelled decryption!").

A good number of people will get behind that argument, even though (as you said) that argument depends on an "unlikely logical possibility". And those people using the fear of that horror story to dislike (and maybe even rally against) compelled decryption is what my point was about.


I guess I should have mentioned that my comment was about argumentation in the court.


What is the intelligent police work that you think should be done instead of compelling unlocking?


The same police work that they would have done before the existence of smart phones.

As an observer it seems to me as if law enforcement agencies are lazy and believe that investigation of crimes should be simplified by ubiquitous use of technology rather than frustrated. But technology is a tool which serves its master, and as long as users remain the master of their technology it will serve their interested and frustrate other actors.

Police investigations don't need to rely on access to this technology and can be pursued through the same methods they have been for centuries.


You're avoiding the point - a smartphone is a place where evidence can now exist where it couldn't before.

Suppose a child discloses to a teacher that their father raped them and filmed it on his iPhone, specifically what actions would you take as a detective tasked with that case?


Firstly you would do the same thing you would do in the overwhelming number of cases in which they tell their teacher their father raped them and didn't film it on their iphone.

In most instances the perpetrator wont have obligingly kept evidence for you. This is something like the scenario in which we defend torture by positing a ticking time bomb scenario.

Sure we want to break the terrorists fingers and lock away the pedophile until he brings forth evidence of his evil deeds but that doesn't make it it a good model to arrange our life and laws on.

Logically you would secure the child so he couldn't come to harm. Interview him, interview the perp, other family members, other adults who interacted with the child say at school. Have a therapist/psychologist analyze the child's behavior.

If you believe you need access to the phone/computer you could seize it while its unlocked, attack their phone, attack their home computer and use it to attack their phone, plant a bug/physically surveil them.

In cases where it was vital cops seem to have been able to do this so far. They just wish they could do it more easily.


Get a warrant and set up surveillance. As soon as the surveillance captures the iPhone password, seize it.


This logic can also be applied to restricting police from searching motor vehicles, since they could just do the same police work that they would have done in the centuries before the existence of personal motor vehicles.


The argument isn't that you can't search phones/computers its that they are not a special case. The accused does not lose existing rights because it would be convenient for law enforcement. The issue would not come up with a car because the door could merely be jimmied.


> The issue would not come up with a car because the door could merely be jimmied.

This isn't a counterargument for why phones/computers should be considered a special case exempt from a search warrant. The inability for the door to be jimmied doesn't make the car deserving of a special exemption.


A bit meta, but the abstract employs a very interesting rhetorical device:

"An assertion of privilege should be sustained unless the government can independently show that the suspect knows the password."

On the surface it almost looks like it argues for the opposite position by using the "Always do A unless exceptional conditions are met" form, but then guts that by making the "exceptional" condition pretty damn trivial.


This completely ignores one of the purposes of the Fifth Amendment, which is to remove the incentive for law enforcement to torture suspects for information. The fact that you know they have the password has no bearing on that.


There may be technological solutions to this.

Say your encrypted files need two secrets, one in your possession, one in possession of a third party.

To decrypt your file, use your secret and ask the third party for their secret. To get their part of the secret, either call them or type a password or use some other private key. It can be automatic and fast.

The role of the third party is to block the secret retrieval at any suspicion of law enforcement involvement. Second secret then cannot be retrieved and the files are safe.

Also, if you type the wrong password, the third party blocks retrieval and will reactivate it after investigating whether you are in law enforcement company.

Law enforcement may try to compel the third party to give the second secret. Having third party in another country, or multiple third parties in multiple countries may solve this.

Another idea is that the third party is your lawyer. You shared that second secret with your lawyer and told him to stop sharing or destroy the second secret if you ever meet law enforcement.

You get arrested, stay silent, your lawyer is called; before anything else the lawyer blocks retrieval of the second secret. This may be attorney/client privilege and would block law enforcement from compelling the lawyer to give the second secret.

Add some randomness (retrieval of second secret gets blocked with probability 1/10 when the correct password is entered) to get plausible deniability.

Some people could be interesting to pay Apple a lot to implement this. Or some law firms could start selling such lawyer phones.

Edit: typos, last sentence


> Another idea is that the third party is your lawyer.

Then that isn't your lawyer; rather your co-conspirator.

I'm pretty sure that if you're in a conspiracy with your "lawyer", you'll be charged together and you'll need another actual lawyer to represent you.


That's called "key escrow" - they tried that with the Clipper chip back in the 90's. It was mostly rejected because nobody trusted the third parties - and in hindsight, they were correct not to.


These arguments almost always seem like encryption is about access to information but isn't encryption about understanding information? If they are asking for a key to decrypt then they already have access to the data. If you write a note nobody will ever have access to- say you slipped it onto Voyager 1, there would be no point in encrypting it. Encryption is to protect against (possibly) accessible data.

Old-school though experiment- I encrypt all my paper notes using a simple substitution cipher. They seize my notes and have full physical access to them. If they don't understand my notes can I be forced to explain my cipher?

If I comply and the unscrambled contents are "RedFalcon has delivered the ApplePie to the EndOfTheRainbow". This is basically another substitution cipher. Can I be forced to explain this under threat of jail if I don't explain it in a way they accept?

I realize modern encryption is way beyond this, and way beyond my understanding. Has the basic principle of access vs understanding changed?


Exactly. It'd like to make this analogy myself: Forcing somebody to decrypt a drive is like forcing somebody to keep rearranging a bunch of papers/notes (he or she supposedly produced) until a punishable offence is noticed. Are you not able to compose a satisfactory result? It's jail for you because you are hiding something.


A rare example of a document which you can tell is definitely mistaken without going any further than its title.

US civics-class-takers will naturally remember learning about how the first ten amendments to the constitution are commonly referred to as the "Bill of Privileges".


There's no legal/moral/ethical silver bullet here.It's a difficult enough problem even without allowing for the possibility of a tyrannical/abusive state (which you could argue is a failure mode of a democracy, and is less rare than you think).


Encryption is a human right.

We all agree that we shouldn't be compelled to testify against ourselves. Right?

Ok... now let's think of Geordi La Forge.

Were he to commit a crime, could the government compel him to produce encrypted recordings from his visor?

And hopefully you'll come to the conclusion, "No, because that visor is part of him. He shouldn't have to give up his sight just to maintain his ability not to testify against himself."

And from there it's just a few steps towards, "Yes, I do need my cell phone to be a productive human... and yes, tech I need to be a productive human should be covered under the same protections as I am."

Plenty of other ways for cops to catch the bad guys.


> Encryption is a human right.

Who said so? UN? Some Constitutions? Who?


Well, I assert that encryption is a type of arms, and that it's the right of every free man (so, children/prisoners/&c. are excepted) to own, bear & use arms peaceably.

In the U.S., one can make an argument that the Second Amendment protects the right to encryption.

But even if no constitution or law in the world protects a right, it's still a right — just a right without legal recognition.


> Well, I assert that encryption is a type of arms

I wouldn't. Arms helps you kill or hurt people. Encryption hides information. Both functions can be used as a means to protect yourself, but its really a stretch to compare arms and encryption. Da-Vinci's mirror writings were as comparable to a rapier than AES-CGM is comparable to a hand gun. That is, not at all in my opinion.

As a citizen, I would argue that the right for encryption is closest to freedom of thought. My private thoughts don't have to be confined to my brain, I should have the right to memory prosthetics (I mean a computer) as well.

(Edit: of course, the decision to classify encryption as munition was ridiculous. How it combines with the second amendment (which I happen to mostly disagree with), is just a fortunate coincidence.)


[flagged]


Genocide is far harder when a significant portion of the population you want to remove possess small arms and the will to use them.


A key part of true "rights" is the ability to do it anyway: you may be subsequently punished by an oppressive state, but you don't need compelled assistance nor permission to do it.

One can speak, publish, make weapons, be quiet, associate, ... and encrypt, all without asking or compelling others first.

Rights are natural, existing without someone else saying so.


Rights are not conferred by authorities, they exist a priori. Governments can only take them away.


Most notably, Amnesty International.

* Encryption: A Matter of Human Rights || https://www.amnestyusa.org/reports/encryption-a-matter-of-hu...


I agree with the principal that encryption should be a human right, and I agree that I can construct thought experiments that "prove", or more correctly, show sound reasoning for, the principal. However, nation-states do not run off of principals. They run off of enough people agreeing on something that they get to decide what is right.


i don't understand how this can be an argument regarding the 5th amendment right against self incrimination if it doesn't address schmerber vs California (https://supreme.justia.com/cases/federal/us/384/757/) which found "Since the blood test evidence, although an incriminating product of compulsion, was neither petitioner's testimony nor evidence relating to some communicative act or writing by the petitioner, it was not inadmissible on privilege grounds."

I'm not an expert, but I'd note that Fisher Vs. United States which gets brought up several times was about the accused individual's lawyer producing documents the individual had given them. And a large part of the judgment in the case is the difference between ownership and possession (as seen in the decision of couch vs. united states which it relies on).

In any case fisher said that you couldn't be compelled to testify to affirm the truth of the contents of the documents sought and that the password would decrypt them. But decrypting files is affirming a truth in the documents sought, as the government lacked testimony of their encrypted existence on that hard drive and of the passwords ability to unlock them.


The problem in my mind comes in when you look at what type of systemic abuse you enable by throwing "common sense" out the window.

Suddenly, every chunk of 0's and 1's in the hands of an unscrupulous/ambitious/pressured prosecutor becomes a ticket to indefinite incarceration.

For every criminal this practice may help collar, I see too much potential for and utility as a form of political and civic suppression. Someone being problematic? Have the geek find evidence of what might be an encrypted volume and order the problematic person to supply the keys to open it. Presto. Enjoy your time in the Klink.

You can't let such harmful precedents stand. Heck, who is to say someone doesn't just write a worm to create small encrypted caches on everyone's machine? Does that then put everyone in a Spartacus situation?

This is dangerous ground in which the courts are treading, and no less than 2 Constitutionally defined rights are in conflict.

Personally, I prefer a system with maximum difficulty with regards to the cessation of Rights. A government empowered to ignore your Rights is well on the road to hell. There is a balance somewhere, but I am at a loss as to where it is at the moment. Where ever it is though, it isn't on indefinite cessation of freedoms just because the State has a hunch there might be something relevant they can't read.


I'd also recommend this other interesting read by the same author and co-authored by Bruce Schneier: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2938033


This will be an unpopular opinion, but hopefully enough people were paying attention in school when they taught the concepts of mutually assured destruction. Hopefully a percentage of the population have time based countermeasures moving along in the event that the courts get too muddied by poorly defined laws, or laws with excessive intentional wiggle room for interpretation. I am probably fantasizing. It might explain why I enjoy dystopian films. My fantasy is that people will rise above a broken system rather than playing their game.


The paper is arguing FOR self-incrimination, not against it.


Author: Orin S. Kerr


Am I supposed to know who that is?


Kerr is a law professor who not only has a career in prestigious institutions but also an engineering background.


If you follow this stuff, arguably yes.


Why should I need prior knowledge to follow the conversation?

Just describe who that is, and why it is relevant to mention it.


I'd say that one needs prior knowledge to follow maybe 70% of HN posts. And some of it's quite arcane.

I could have linked the Wikipedia article, but that's getting pretty close to LMGTFY, no?


Passwords are keys. Providing a key to your safe is not self incrimination. The 5th is unquestionably specific to self incriminating testimony.


Providing the combination to your safe seems like a closer analogy, and I believe it is protected from compulsion by the Fifth Amendment.


A safe can always be opened by force.

An encrypted file cannot, assuming a suitably complex password.


Until you get to an encrypted file that has such a complex password it would take all of the energy and longer than the heat death of the universe to compute, it's just that you can't open it by force within a suitable timeframe.


An encrypted file cannot, given P!=NP (and a host of other assumptions, but P!=NP is the foundation), be decrypted.

So require proof that the file is not decryptable by other means before you can compel entering a password ;)


So citizens are being asked to give up fundamental freedoms because law enforcement is failing to do its job?


does the fifth guarantee some universal concept of mental privacy or does it prevent that information from being used in court?

You can’t take the fifth before a grand jury. I think there is a certain presumption that the actors are gentlemen that the law assumes. If you feel really strongly about that sort of privacy, you’d be well served to not find yourself in a criminal court trial.

There is both ambiguity and case law here.


It’s not


Not providing a key not in your possession is not a crime.

If I have a locked container that belongs to my dad, don’t have the key or combo because he is incapacitated, am I a criminal for not giving the police they key and combo?

The police can have a reasonable suspicion that something is in that box, why should that make me a criminal?


The full argument in TFA, however, is the scenario in which it can be proven that you do have a key.


The nuance is that a password is something I know, not something that I have. How can it be proven that I know something at a given point in time?

The law enforcement argument is "That is ridiculous, the suspect entered the password 50x a day until we seized the device". (And they are probably correct) But justice is supposed to be about "beyond a reasonable doubt". As a juror, I couldn't convict someone of a crime because he asserted that he does not remember a fact.


It is self incrimination, just a form the US constitution might not protect against.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: