Security Basics mailing list archives
RE: Judge orders defendant to decrypt PGP-protected laptop - CNET News
From: "Craig S. Wright" <craig.wright () Information-Defense com>
Date: Fri, 20 Mar 2009 21:21:29 +1100
Slippery slope arguments as to how bad it can get such as this are inherently flawed. True, you are playing a different game with some groups (and the KGB stopped existing well over a decade ago and I would think you mean "SMERrt SHpionam" for what you are implying as the group in the former Soviet bloc countries). KGB, Komitet Gosudarstvennoy Bezopasnosti (Committee for State Security) was a state police force (in the real-non-bond world) and as a suspected individual not of a civil bent (i.e. not Russian) you would likely face the Glavnoye Razvedyvatelnoye Upravleniye (GRU) - sorry Bond has it wrong (that is, the KGB and Jimmy Bond are a bad mix). The GRU (which roughly means the Chief Intelligence Directorate of the General Staff) would have you directed to the Fifth Department for electronic intelligence collection under the: Radio Intelligence Regiment communications intercept (SIGINT) regiment. This is under a presumption that a key exists. This is if you can show an out. That is you have NOT destroyed it. Had you gone about destroying data, this would have you moved from the Fifth Department to the Third Department (Spetsnaz). Spetnaz was responsible for psychological interrogation. Trust me, the third was not a choice you would have made with foreknowledge. The fifth was a better option. Both may be a desent into Dante's lower circle, but the 5th is the outer ring whereas the 3rd would see a visit with Judas). (Both in the Fifth Directorate for clarification). The issue is that encryption itself is illegal. Your destroying the key will make it worse, but you are fooling yourself if you think this an aide in such a regime. So as for your "different game" - you are correct in asserting it as a different game. However, what you have missed is that by destroying evidence in this scenario, you have NOT found a means to freedom. ... Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ... Information Defense Pty Ltd -----Original Message----- From: Kurt Buff [mailto:kurt.buff () gmail com] Sent: Friday, 20 March 2009 12:08 PM To: Craig S Wright Cc: security-basics () securityfocus com Subject: Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Under normal circumstances, you are correct. However, when dealing with the rough (!) equivalent of the KGB, Stasi, whatever, you're playing a different game. Just saying. Kurt On Thu, Mar 19, 2009 at 17:04, Craig S Wright <craig.wright () information-defense com> wrote:
10 years plus The original charge or even more Basically the jury can be instructed to treat the destroyed evidence as containing the most highly incriminating evidence possible. It is never better to destroy evidence Sent from my iPhone On 20/03/2009, at 10:23, Kurt Buff <kurt.buff () gmail com> wrote:While true, the penalty for doing this may be much less than the penalty that would be imposed if the data is sufficiently embarrassing. Kurt On Thu, Mar 19, 2009 at 14:01, Craig S Wright <craig.wright () information-defense com> wrote:The intentional destruction of evidence is a crime. US law varies by state, but as an example, Australian federal law and Victorian state law would make this a criminal act that would itself be punished and also result in an instruction for the jury to treat the now unaccessable evidence as holding definstive proof of what you are being checked for in the first place. Your strategy makes you a criminal. It does not gain any benifit. Regards, Dr. Craig S Wright LLM. GSE-Malware... On 18/03/2009, at 20:04, Aarón Mizrachi <unmanarc () gmail com> wrote:On Sábado 07 Marzo 2009 18:14:51 Shailesh Rangari escribió:Steve, I agree that their is a real possibility that a said user may forget the password owing to numerous reasons, But I am not aware of any technique that can prove beyond a reasonable doubt that the user has really forgotten his password or is pretending it to avoid a sentence. Seems like the case is bound to set a precedent in the interpretation of this law. Any which ways it would be worthwhile to observe whether the US courts follow a similar course of action as their UK counterparts.two factor authentication with micro-sd memory card that you preserve all the time with you, and can be eated when you feel angry, or can be incinerated if you smoke it on a cigar, or simply drop it. this sd memory card will contain bootstrap and encrypted key for two-factor cypher. http://upload.wikimedia.org/wikipedia/commons/8/8a/Cigar_tube_and_cutter.jpg (Over 200 celsius degrees!!!) Then, the hardrive will only contain: RANDOM DATA. This is plausible?, this could be insulting for the judge, but, you must allegate that before the raid, you do an "cat /dev/urandom > /dev/sda1" for a mantainance pourporse from a live cd... (i really didit before sell my harddrive to prevent credit card and other private info leakeage). Look at: http://www.guardian.co.uk/technology/2009/jan/08/hard-drive-security-which This is plausible. You didn't consider your hard-drive as evidence before the judge starts, because you never didit anything barely legal.------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized certs available, online computer forensics training available. http://www.infosecinstitute.com/courses/computer_forensics_training.html ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News, (continued)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News vulcanius (Mar 06)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Stephen Mullins (Mar 09)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Shailesh Rangari (Mar 09)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Aarón Mizrachi (Mar 19)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Craig S Wright (Mar 19)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Kurt Buff (Mar 19)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Craig S Wright (Mar 20)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Kurt Buff (Mar 20)
- Message not available
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Kurt Buff (Mar 24)
- RE: Judge orders defendant to decrypt PGP-protected laptop - CNET News Craig S. Wright (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News vulcanius (Mar 06)
- RE: Judge orders defendant to decrypt PGP-protected laptop - CNET News Craig S. Wright (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Devnull (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Aarón Mizrachi (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Aarón Mizrachi (Mar 24)
- RE: Judge orders defendant to decrypt PGP-protected laptop - CNET News Craig S. Wright (Mar 25)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Aarón Mizrachi (Mar 25)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Ansgar Wiechers (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News William Warren (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Jeffrey Walton (Mar 20)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Dave Koontz (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Deano (Mar 24)