It's interesting really. Assuming one _did_ use some form of dual-key encryption such that key a produces the real data, key b produces useless random noise, would the feds smarten up such that they will analyse the decrypted result, and, if they decide it's useless, force you to give up another key? What if there were an N-Key system that (i.e. maybe OTP) where any given key could give any given plaintext. Maybe they would force you to try keys until they got a result they liked? Is such a scenario possible? -- mic On 7/31/06, Eugen Leitl <eugen@leitl.org> wrote:
----- Forwarded message from David Farber <dave@farber.net> -----
From: David Farber <dave@farber.net> Date: Sun, 30 Jul 2006 18:04:08 -0400 To: ip@v2.listbox.com Subject: [IP] more on Can you be compelled to give a password? [was: Police Blotter: Laptop border searches OK'd] X-Mailer: Apple Mail (2.752.2) Reply-To: dave@farber.net
Begin forwarded message:
From: Andrew Grosso <Agrosso@acm.org> Date: July 30, 2006 4:58:41 PM EDT To: dave@farber.net Subject: Re: [IP] Can you be compelled to give a password? [was: Police Blotter: Laptop border searches OK'd]
As a former Assistant U.S. Attorney, allow me to comment.
Information may be obtained by the government from a person in one of four ways: (1) it is voluntarily provided; (2) by regulation in a heavily regulated industry; (3) by subpoena; and (4) by a search and seizure warrant. We are concerned with number 3, the subpoena.
A person can refuse to produce incriminating information in response to a subpoena under the Fifth Amendment. Please note that the password is not protected. If it is written down somewhere, the document on which it is written is not protected by the privilege. The *act* of producing the document or the password itself *may* be privileged, if such an act is itself incriminating. For example, if the password was used in a crime, and the fact that you have the password in your possession tends to show that you participated or conspired in the crime, and then the Fifth Amendment privilege is applicable to protect you from implicating yourself in the crime. The Government *can* immunize you to the limited extent necessary to obtain the password - it cannot then use the fact that it got the password from you in order to prosecute you. This is known as "Doe" immunity, and there is an extensive line of cases that has developed in this area. Webster Hubbell, the former Associate Attorney General who was convicted of tax fraud by Ken Starr's IC Office, eventually had his conviction vacated because Starr's legal team failed to follow the rules when they obtained, from him (by subpoena), his tax records.
If the government is not investigating a crime, then it may use an administrative or civil subpoena to try and get the password. If the witness invokes the Fifth Amendment, then the government can immunize that person and compel production.
The second point, above, concerning a regulated industry, applies to such areas as Medicare and Medicaid, Government contractors for procurement matters, industrial health and safety mattes, environmental concerns, etc. The same analysis as above would apply.
Border searches are a different animal, since the government has the right to inspect items crossing the border without a warrant. However, if the password is in the traveler's head, then that is not an "item" that can be inspected at the border. The information on the laptop might very well be such an item, however, and if the only way to convince the government to allow you to cross the border is to show the border guards what is on the laptop, then the traveler might very well face the choice of turning on the laptop and opening files,, using the password, or not crossing the border. I do not believe that, even here, the traveler would have to produce the password itself.
Andrew Grosso, Esq. Andrew Grosso & Associates 1250 Connecticut Avenue, NW, Suite 200 Washington, D.C. 20036 (202) 261-3593 Email: Agrosso@acm.org Web Site: www.GrossoLaw.com ----- Original Message ----- From: David Farber To: ip@v2.listbox.com Sent: Friday, July 28, 2006 2:26 PM Subject: [IP] Can you be compelled to give a password? [was: Police Blotter: Laptop border searches OK'd]
Begin forwarded message:
From: "Patrick W. Gilmore" <patrick@ianai.net> Date: July 28, 2006 2:11:45 PM EDT To: dave@farber.net Cc: "Patrick W. Gilmore" <patrick@ianai.net> Subject: Can you be compelled to give a password? [was: Police Blotter: Laptop border searches OK'd]
On Jul 28, 2006, at 1:32 PM, David Farber wrote:
I don't believe it is a crime in any US Federal or State law, or in Canadian law, to set passwords and use encryption. In the US, I believe that a warrant would be necessary for law enforcement to ask for your password, but I don't know if you have to comply. IANAL.
That is a good question - Can you be compelled to give up a password? Would you mind posting it to IP, I am interested in the answer.
Seems there might be some 'self-incriminatory' arguments here. Perhaps even an "unreasonable search" argument. But IANAL.
-- TTFN, patrick
------------------------------------- You are subscribed as Agrosso@worldnet.att.net To manage your subscription, go to http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting- people/
------------------------------------- You are subscribed as eugen@leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/
----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]