RE: Judge orders defendant to decrypt PGP-protected laptop - CNET News

["Craig S. Wright" <craig.wright () Information-Defense com>]

Slippery slope arguments as to how bad it can get such as this are inherently flawed.

True, you are playing a different game with some groups (and the KGB stopped existing well over a decade ago and I 
would think you mean "SMERrt SHpionam" for what you are implying as the group in the former Soviet bloc countries). 
KGB, Komitet Gosudarstvennoy Bezopasnosti (Committee for State Security) was a state police force (in the real-non-bond 
world) and as a suspected individual not of a civil bent (i.e. not Russian) you would likely face the Glavnoye 
Razvedyvatelnoye Upravleniye (GRU) - sorry Bond has it wrong (that is, the KGB and Jimmy Bond are a bad mix).

The GRU (which roughly means the Chief Intelligence Directorate of the General Staff) would have you directed to the 
Fifth Department for electronic intelligence collection under the: Radio Intelligence Regiment communications intercept 
(SIGINT) regiment. This is under a presumption that a key exists. This is if you can show an out. That is you have NOT 
destroyed it.

Had you gone about destroying data, this would have you moved from the Fifth Department to the Third Department 
(Spetsnaz). Spetnaz was responsible for psychological interrogation. Trust me, the third was not a choice you would 
have made with foreknowledge. The fifth was a better option. Both may be a desent into Dante's lower circle, but the 
5th is the outer ring whereas the 3rd would see a visit with Judas). (Both in the Fifth Directorate for clarification).

The issue is that encryption itself is illegal. Your destroying the key will make it worse, but you are fooling 
yourself if you think this an aide in such a regime.

So as for your "different game" - you are correct in asserting it as a different game. However, what you have missed is 
that by destroying evidence in this scenario, you have NOT found a means to freedom. 

...
Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ...
Information Defense Pty Ltd


-----Original Message-----
From: Kurt Buff [mailto:kurt.buff () gmail com] 
Sent: Friday, 20 March 2009 12:08 PM
To: Craig S Wright
Cc: security-basics () securityfocus com
Subject: Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News

Under normal circumstances, you are correct.

However, when dealing with the rough (!) equivalent of the KGB, Stasi,
whatever, you're playing a different game.

Just saying.

Kurt

On Thu, Mar 19, 2009 at 17:04, Craig S Wright
<craig.wright () information-defense com> wrote:
> 10 years plus The original charge or even more
>
> Basically the jury can be instructed to treat the destroyed evidence as
> containing the most highly incriminating evidence possible.
>
> It is never better to destroy evidence
>
> Sent from my iPhone
>
> On 20/03/2009, at 10:23, Kurt Buff <kurt.buff () gmail com> wrote:
>
> > While true, the penalty for doing this may be much less than the
> > penalty that would be imposed if the data is sufficiently
> > embarrassing.
> >
> > Kurt
> >
> > On Thu, Mar 19, 2009 at 14:01, Craig S Wright
> > <craig.wright () information-defense com> wrote:
> > > The intentional destruction of evidence is a crime.
> > >
> > > US law varies by state, but as an example, Australian federal law and
> > > Victorian state law would make this a criminal act that would itself be
> > > punished and also result in an instruction for the jury to treat the now
> > > unaccessable evidence as holding definstive proof of what you are being
> > > checked for in the first place.
> > >
> > > Your strategy makes you a criminal. It does not gain any benifit.
> > >
> > > Regards,
> > > Dr. Craig S Wright LLM. GSE-Malware...
> > >
> > > On 18/03/2009, at 20:04, Aarón Mizrachi <unmanarc () gmail com> wrote:
> > >
> > > > On Sábado 07 Marzo 2009 18:14:51 Shailesh Rangari escribió:
> > > > > Steve,
> > > > >
> > > > > I agree that their is a real possibility that a said user may forget
> > > > > the password owing to numerous reasons,
> > > > > But I am not aware of any technique that can prove beyond a reasonable
> > > > > doubt that the user has really forgotten his password or is pretending
> > > > > it to avoid a sentence.
> > > > > Seems like the case is bound to set a precedent in the interpretation
> > > > > of this law. Any which ways it would be worthwhile to observe whether
> > > > > the US courts follow a similar course of action as their UK
> > > > > counterparts.
> > > >
> > > > two factor authentication with micro-sd memory card that you preserve
> > > > all
> > > > the
> > > > time with you, and can be eated when you feel angry, or can be
> > > > incinerated
> > > > if
> > > > you smoke it on a cigar, or simply drop it. this sd memory card will
> > > > contain
> > > > bootstrap and encrypted key for two-factor cypher.
> > > >
> > > >
> > > >
> > > > http://upload.wikimedia.org/wikipedia/commons/8/8a/Cigar_tube_and_cutter.jpg
> > > > (Over 200 celsius degrees!!!)
> > > >
> > > > Then, the hardrive will only contain: RANDOM DATA.
> > > >
> > > > This is plausible?, this could be insulting for the judge, but, you must
> > > > allegate that before the raid, you do an "cat /dev/urandom > /dev/sda1"
> > > > for a
> > > > mantainance pourporse from a live cd... (i really didit before sell my
> > > > harddrive to prevent credit card and other private info leakeage).
> > > >
> > > > Look at:
> > > >
> > > > http://www.guardian.co.uk/technology/2009/jan/08/hard-drive-security-which
> > > >
> > > > This is plausible. You didn't consider your hard-drive as evidence
> > > > before
> > > > the
> > > > judge starts, because you never didit anything barely legal.
> > >
> > > ------------------------------------------------------------------------
> > > This list is sponsored by: InfoSec Institute
> > >
> > > Find the source of cybercrime! Almost every crime today involves a
> > > computer
> > > or mobile device. Learn how to become a Computer Forensics Examiner in
> > > InfoSec Institute's hands-on Computer Forensics Course. Up to three
> > > industry
> > > recognized certs available, online computer forensics training available.
> > > http://www.infosecinstitute.com/courses/computer_forensics_training.html
> > > ------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------