Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News

[Aarón Mizrachi <unmanarc () gmail com>]

On Jueves 19 Marzo 2009 18:53:02 Kurt Buff escribió:
> While true, the penalty for doing this may be much less than the
> penalty that would be imposed if the data is sufficiently
> embarrassing.
That's the point.

In laws, there are two sides:

- defendant
- accuser

Every side will take sides (redundant), and every side know (based in facts 
and statistics) how to incriminate or defend.

The defendant will try to minimize the sentence. not to embarrase himself with 
information. And a lawyer is the best player on this game, choosing what is 
best for his client. 

We cannot take real sides as writers... (Is not my job). We have to put 
everything on the table, and accept a reasonable disccusion.

> Kurt
>
> On Thu, Mar 19, 2009 at 14:01, Craig S Wright
>
> <craig.wright () information-defense com> wrote:
> > The intentional destruction of evidence is a crime.

You are taking asumption that this "random data" are evidence. In a judge, you 
need to prove that. And... evidence are evidence since a criminal act was 
commited, not before. Then, we (all of us) can "cat /dev/urandom > /dev/sda" 
anytime without worry about "evidence destruction" if we are not in a court 
acussed of anything and we didnt anything bad.

Legally, the only proof of your point are the destruction of the MicroSD after 
the raid... But again, you need to prove that this microSD card was destroyed 
after the raid, because it's not considered evidence before...

BTW... Some Info:

Some cryptos, like LUKS (Included in many linux distributions), have a 
"visible encryption header"... Some cryptos like ncrypt or cryptoloop not, and 
are statistically random data.

> > US law varies by state, but as an example, Australian federal law and
> > Victorian state law would make this a criminal act that would itself be
> > punished and also result in an instruction for the jury to treat the now
> > unaccessable evidence as holding definstive proof of what you are being
> > checked for in the first place.

You need to prove that is not random data. "Presumption of innocence, base of 
modern democracy, amendments: 5th 6th 14th "

Otherwise, every picture on your harddrive can be taken as unaccessable 
evidence, with a proof on stegano... (Today, steganography can mask bytes on 
pictures, sometimes without leading a real proof of existence, sometimes looks 
like a real picture with a very low noise, hand-move, or camera effect, and 
good stegano systems have countermeasures for statistically analisis). 

How do you prove that your camera noise or picture hand-move are random?

The responce is: Presumption of innocence, the judge need to prove that the 
defendant hide data on this file. 

> > Your strategy makes you a criminal. It does not gain any benifit.
Only if you are inoccent or your charges are not so bad. 

Im only trying to show that this problem is more complex that we know, those 
cryptosystems where designed for stress situations, more hard than a simple 
judge, where you only have to loose n years of your life without torture or  
prosecutions.

In other situations, many times out of your country, those two-factor and 
other technologies on cryptosystems save lives and make heroes.

Other cryptosystems where only designed to protect my data from my wife...

In a democratic world, judges with crypto and computer obtained information 
are more complex that we think. Sometimes are too easy for the judge, when you 
buy pgp and pgp installs a bootstrap saying: HELLO, THERE IS A PGP INSTALLED 
SYSTEM... (loudly)... 

But sometimes we are treating with steganography, sometimes with files that 
looks as random data, sometimes with foreing servers, sometimes there is not 
so easy for the judge...

Taking the side of accuser... 

Our job as security or forensic speccialist is not to say: oh, random data, 
looks like encrypted data. (That is a mediocre analysis)

Our job is to find with statistics, the probability that this random data are 
encrypted data. Some bad cryptosystems will lead flaw to us to detect that, 
like cryptofiles not initialized (will look as chunks of random data mixed with 
zeroes...), or bad cypher algorithm (Will look as diferent noise type that 
random data), or a header signature that reveals that there are an encrypted 
container.

This info, mixed with a good detective work, can correlate scenarios (like a 
microsd card fire-burned), with your probability analysis, increasing or 
decreasing the probability to be innocent or guilty of every charge.

Forensics analysis will say if the microsd was burned after or before the 
judge... 

> > Regards,
> > Dr. Craig S Wright LLM. GSE-Malware...
> >
> > On 18/03/2009, at 20:04, Aarón Mizrachi <unmanarc () gmail com> wrote:
> > > On Sábado 07 Marzo 2009 18:14:51 Shailesh Rangari escribió:
> > > > Steve,
> > > >
> > > > I agree that their is a real possibility that a said user may forget
> > > > the password owing to numerous reasons,
> > > > But I am not aware of any technique that can prove beyond a reasonable
> > > > doubt that the user has really forgotten his password or is pretending
> > > > it to avoid a sentence.
> > > > Seems like the case is bound to set a precedent in the interpretation
> > > > of this law. Any which ways it would be worthwhile to observe whether
> > > > the US courts follow a similar course of action as their UK
> > > > counterparts.
> > >
> > > two factor authentication with micro-sd memory card that you preserve
> > > all the
> > > time with you, and can be eated when you feel angry, or can be
> > > incinerated if
> > > you smoke it on a cigar, or simply drop it. this sd memory card will
> > > contain
> > > bootstrap and encrypted key for two-factor cypher.
> > >
> > >
> > > http://upload.wikimedia.org/wikipedia/commons/8/8a/Cigar_tube_and_cutter
> > > .jpg (Over 200 celsius degrees!!!)
> > >
> > > Then, the hardrive will only contain: RANDOM DATA.
> > >
> > > This is plausible?, this could be insulting for the judge, but, you must
> > > allegate that before the raid, you do an "cat /dev/urandom > /dev/sda1"
> > > for a
> > > mantainance pourporse from a live cd... (i really didit before sell my
> > > harddrive to prevent credit card and other private info leakeage).
> > >
> > > Look at:
> > > http://www.guardian.co.uk/technology/2009/jan/08/hard-drive-security-whi
> > > ch
> > >
> > > This is plausible. You didn't consider your hard-drive as evidence
> > > before the
> > > judge starts, because you never didit anything barely legal.
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: InfoSec Institute
> >
> > Find the source of cybercrime! Almost every crime today involves a
> > computer or mobile device. Learn how to become a Computer Forensics
> > Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to
> > three industry recognized certs available, online computer forensics
> > training available.
> > http://www.infosecinstitute.com/courses/computer_forensics_training.html
> > ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> This list is sponsored by: InfoSec Institute
>
> Find the source of cybercrime! Almost every crime today involves a computer
> or mobile device. Learn how to become a Computer Forensics Examiner in
> InfoSec Institute's hands-on Computer Forensics Course. Up to three
> industry recognized certs available, online computer forensics training
> available.
>
> http://www.infosecinstitute.com/courses/computer_forensics_training.html
> ------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------