Re: subpoenas of personal papers
I just saw a news story that bears on one of the perpetual questions on this newsgroup: can you be compelled to turn over your encryption key? In Doe vs. U.S. (93-523), the Supreme Court declined to rule on
Just thought that I'd throw in my somewhat unrelated $.02... Here at Penn State University, a hacker/crakcer/whatever was caught on one of our mainframes back in 89 or 90 and he had some files encrypted with DES on his minidisk. The authorities asked him for the passphrase and told him that if he refused that they'd crack it with a Cray in something like six hours. He ultimately gave in but I wonder if it would have been legal for the authorities to brute force a passphrase on the file...this is relatively unbroken legal ground. Of course, this is DES which was made weak enough to be breakable. PGP is a much different story. -- --**--**-- R X T 1 0 9 @ E M A I L . P S U . E D U --**--**-- Bob Torres Use an electronic envelope... plato@phantom.com Support the use of cryptography. PGP public key available..
like six hours. He ultimately gave in but I wonder if it would have been legal for the authorities to brute force a passphrase on the file...this is relatively unbroken legal ground.
Breaking a cipher with brute force (or whatever) without cooperation from the suspect is certainly *not* "unbroken legal ground". See Kahn's "The Codebreakers" for several stories about rum-runners and other Prohibition violators who used relatively weak codes and ciphers that were cracked by the authorities and used against them in court. See if you get the same sense of deja-vu that I got. What *is* unbroken legal ground is the original question of whether a court could compel you, under threat of contempt, to divulge an encryption key to decrypt information that could then be used against you. Mike Godwin, who unlike me *is* a lawyer, has forcefully argued that a strong legal case could be made that the Fifth Amendment would *not* protect you, while I've heard other lawyers (including a law school prof who specializes in the Fifth Amendment) say exactly the opposite. Ah, lawyers. Where would they be if they all *agreed*? :-) Anyway, even Mike concedes that the specific facts may be very relevant. For example, I might do much better by refusing to concede that I even know the key to the file in question, as opposed to admitting that I do know it but am standing on my Fifth Amendment right to not reveal it. But this might be hard to do if the file were encrypted with PGP in the public key mode, especially given PGP's fondness for user-friendly error messages like: "This message can only be read by Phil Karn <karn@unix.ka9q.ampr.org>" On the other hand, if the file in question were encrypted with PGP with the -c (conventional cryptography only) option, then I'd have a somewhat better chance of claiming that I didn't know the key. I could claim that it belonged to my, uh, uncle (now conveniently deceased, alas) who, uh, asked me to hold onto it for safekeeping and, uh, I just hadn't had the heart to delete it yet. It would be even better, of course, to use encryption that leaves *no* identifying markings of any kind on its ciphertext. Just flat, random binary data. This way you don't even have to concede that it *is* ciphertext. Perhaps you were playing with your new PC sound card, and you must have accidentally recorded some interstation noise from the FM radio, yeah, that's it... And, of course, there's no real reason why you have to leave yourself at all vulnerable to compelled key disclosure when it comes to encrypted *communications* (as opposed to stored information) given the existence of things like authenticated Diffie-Hellman key exchange... Phil
On Mon, 24 Jan 1994, Bob Torres wrote:
Just thought that I'd throw in my somewhat unrelated $.02...
Here at Penn State University, a hacker/crakcer/whatever was caught on one of our mainframes back in 89 or 90 and he had some files encrypted with DES on his minidisk. The authorities asked him for the passphrase and told him that if he refused that they'd crack it with a Cray in something like six hours. He ultimately gave in but I wonder if it would have been legal for the authorities to brute force a passphrase on the file...this is relatively unbroken legal ground. Of course, this is DES which was made weak enough to be breakable. PGP is a much different story.
I'm going to look at this in the light of past cases with reporters: When a judge demanded the names of informants/sources, and reporters declined, they got slapped with Contempt of Court charges. This rarely happens anymore, since reporters get some defense from the Bill of Rights. But for us, in these days of cutting edge legal battles, we could come out on the bottom. Had that student refused his key, they could have probably charged him with CofP, and kept that charge in place even after they had broken the key. "It's better not to get caught than to frustrate the feds with evidence they don't understand." -ck
I'm going to look at this in the light of past cases with reporters: When a judge demanded the names of informants/sources, and reporters declined, they got slapped with Contempt of Court charges.
The Fifth Amendment applies only when *self*-incrimination is involved. With only a few exceptions, it's always been the case that you can be compelled to testify against someone else, whether you want to or not. The exceptions are limited to a few special relationships such as those with your lawyer, spouse or priest. There was a flurry of laws during the 1970s that extended somewhat similar privileges to reporters and their sources, but they don't seem to have held up very well since the Big Lurch to the Right. Phil
There was a flurry of laws during the 1970s that extended somewhat similar privileges to reporters and their sources, but they don't seem to have held up very well since the Big Lurch to the Right.
Phil
As I mentioned in the second paragraph of my original letter (The one you didn't quote in your reply), I stated that those cases didn't hold against reporters because of constutional backing (i.e. Freedom of the Press). A protection which we do not have, unless you happen to publish. -ck
participants (4)
-
Chris Knight -
Phil Karn -
Phil Karn -
rxt109@psu.edu