[dave at farber.net: [IP] more on Can you be compelled to give a password? [was: Police Blotter: Laptop border searches OK'd]]

[mikeiscool]

It's interesting really.

Assuming one _did_ use some form of dual-key encryption such that key
a produces the real data, key b produces useless random noise, would
the feds smarten up such that they will analyse the decrypted result,
and, if they decide it's useless, force you to give up another key?

What if there were an N-Key system that (i.e. maybe OTP) where any
given key could give any given plaintext. Maybe they would force you
to try keys until they got a result they liked?

Is such a scenario possible?

-- mic


On 7/31/06, Eugen Leitl <eugen at leitl.org> wrote:
> ----- Forwarded message from David Farber <dave at farber.net> -----
>
> From: David Farber <dave at farber.net>
> Date: Sun, 30 Jul 2006 18:04:08 -0400
> To: ip at v2.listbox.com
> Subject: [IP] more on   Can you be compelled to give a password? [was: Police
>  Blotter: Laptop border searches OK'd]
> X-Mailer: Apple Mail (2.752.2)
> Reply-To: dave at farber.net
>
>
>
> Begin forwarded message:
>
> From: Andrew Grosso <Agrosso at acm.org>
> Date: July 30, 2006 4:58:41 PM EDT
> To: dave at farber.net
> Subject: Re: [IP] Can you be compelled to give a password? [was:
> Police Blotter: Laptop border searches OK'd]
>
> As a former Assistant U.S. Attorney, allow me to comment.
>
> Information may be obtained by the government from a person in one of
> four ways:  (1) it is voluntarily provided; (2) by regulation in a
> heavily regulated industry; (3) by subpoena; and (4) by a search and
> seizure warrant.   We are concerned with number 3, the subpoena.
>
> A person can refuse to produce incriminating information in response
> to a subpoena under the Fifth Amendment. Please note that the
> password is not protected.   If it is written down somewhere, the
> document on which it is written is not protected by the privilege.
> The *act* of producing the document or the password itself *may* be
> privileged, if such an act is itself incriminating.  For example, if
> the password was used in a crime, and the fact that you have the
> password in your possession tends to show that you participated or
> conspired in the crime, and then the Fifth Amendment privilege is
> applicable to protect you from implicating yourself in the crime.
> The Government *can* immunize you to the limited extent necessary to
> obtain the password - it cannot then use the fact that it got the
> password from you in order to prosecute you.  This is known as "Doe"
> immunity, and there is an extensive line of cases that has developed
> in this area.  Webster Hubbell, the former Associate Attorney General
> who was convicted of tax fraud by Ken Starr's IC Office, eventually
> had his conviction vacated because Starr's legal team failed to
> follow the rules when they obtained, from him (by subpoena), his tax
> records.
>
> If the government is not investigating a crime, then it may use an
> administrative or civil subpoena to try and get the password.  If the
> witness invokes the Fifth Amendment, then the government can immunize
> that person and compel production.
>
> The second point, above, concerning a regulated industry, applies to
> such areas as Medicare and Medicaid, Government contractors for
> procurement matters, industrial health and safety mattes,
> environmental concerns, etc.  The same analysis as above would apply.
>
> Border searches are a different animal, since the government has the
> right to inspect items crossing the border without a warrant.
> However, if the password is in the traveler's head, then that is not
> an "item" that can be inspected at the border.  The information on
> the laptop might very well be such an item, however, and if the only
> way to convince the government to allow you to cross the border is to
> show the border guards what is on the laptop, then the traveler might
> very well face the choice of turning on the laptop and opening
> files,, using the password, or not crossing the border.  I do not
> believe that, even here, the traveler would have to produce the
> password itself.
>
>
> Andrew Grosso, Esq.
> Andrew Grosso & Associates
> 1250 Connecticut Avenue, NW, Suite 200
> Washington, D.C. 20036
> (202) 261-3593
> Email: Agrosso at acm.org
> Web Site: www.GrossoLaw.com
> ----- Original Message -----
> From: David Farber
> To: ip at v2.listbox.com
> Sent: Friday, July 28, 2006 2:26 PM
> Subject: [IP] Can you be compelled to give a password? [was: Police
> Blotter: Laptop border searches OK'd]
>
>
>
> Begin forwarded message:
>
> From: "Patrick W. Gilmore" <patrick at ianai.net>
> Date: July 28, 2006 2:11:45 PM EDT
> To: dave at farber.net
> Cc: "Patrick W. Gilmore" <patrick at ianai.net>
> Subject: Can you be compelled to give a password? [was: Police
> Blotter: Laptop border searches OK'd]
>
> On Jul 28, 2006, at 1:32 PM, David Farber wrote:
>
> > I don't believe it is a crime in any US Federal or State law, or in
> > Canadian law, to set passwords and use encryption.  In the US, I
> > believe that a warrant would be necessary for law enforcement to
> > ask for your password, but I don't know if you have to comply.
> IANAL.
>
> That is a good question - Can you be compelled to give up a
> password?  Would you mind posting it to IP, I am interested in the
> answer.
>
> Seems there might be some 'self-incriminatory' arguments here.
> Perhaps even an "unreasonable search" argument.  But IANAL.
>
> --
> TTFN,
> patrick
>
>
> -------------------------------------
> You are subscribed as Agrosso at worldnet.att.net
> To manage your subscription, go to
>   http://v2.listbox.com/member/?listname=ip
>
> Archives at: http://www.interesting-people.org/archives/interesting-
> people/
>
>
> -------------------------------------
> You are subscribed as eugen at leitl.org
> To manage your subscription, go to
>  http://v2.listbox.com/member/?listname=ip
>
> Archives at: http://www.interesting-people.org/archives/interesting-people/
>
> ----- End forwarded message -----
> --
> Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
> ______________________________________________________________
> ICBM: 48.07100, 11.36820            http://www.ativel.com
> 8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
>
> [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]