What Happens When the Court Demands You Decrypt a Document and You Forget the Key?

Last month, a U.S. court demanded that a defendent surrender the encryption key to a laptop so the police could examine it. Now it seems that she's forgotten the key.

What happens now? It seems as if this excuse would always be available to someone who doesn't want the police to decrypt her files. On the other hand, it might be hard to realistically forget a key. It's less credible for someone to say "I have no idea what my password is," and more likely to say something like "it was the word 'telephone' with a zero for the o and then some number following -- four digits, with a six in it -- and then a punctuation mark like a period." And then a brute-force password search could be targeted. I suppose someone could say "it was a random alphanumeric password created by an automatic program; I really have no idea," but I'm not sure a judge would believe it.

Posted on February 13, 2012 at 5:20 AM • 117 Comments

Comments

An AnonFebruary 13, 2012 5:43 AM

But there is a password generator that generates very easily forgotten passwords.

APG (Automated Password Generator) is the tool set for random password generation

http://www.adel.nursat.kz/apg/

$ apg -MNL
mitgeuv3
yian5queki
8odsomveyn
ifjoibkib1
9ocyijobs
nagcewp1

SethFebruary 13, 2012 5:49 AM

> I suppose someone could say "it was a random alphanumeric password created by an automatic program; I really have no idea,"

Why not? I do this all the time. If I lose my password database, this will be exactly what happens.

So, are they going to torture the password out of her?

OttoFebruary 13, 2012 5:55 AM

Won't matter anyway, that case will never survive an appeal. The judge's order to decrypt the laptop is unconstitutional on the face of it.

Steve BennettFebruary 13, 2012 5:56 AM

Isn't it easiest to compare the problem with a physical analogy?

Suppose that the police suspect me of a crime, and they get a search warrant to search my home. They find something, maybe a safe or a locked door or something. I say that I have lost the key. Have I committed a crime by losing the key? I'm guessing that they would just break the door down.

What would happen if I lived in a house with a nuclear bunker, and the doors were like the blast doors that you see in the movies, and they were impractical to break down? Would "Sorry I've lost the key" be an offense then? Does the law require you to open locked doors if the police have a search warrant?

Similarly, what would happen if they found a book that was full of stuff that looked like code? Would I be required to explain the meaning of the stuff in the book?

DouglasFebruary 13, 2012 5:56 AM

>Why not? I do this all the time. If I lose my password database, this will be exactly what happens.
So, are they going to torture the password out of her?

I would be in the exact same position. The argument made by the prosecution in this case is understandable, but the judge is still wrong (the files were admitted to be on the computer). Compelling someone to reveal (potentially) incriminating evidence is wrong.

We are walking down a very slippery slope here, and we do not seem to using any saftey gear.

andyFebruary 13, 2012 5:59 AM

Well, they took the computer from her in 2010. She's had no access to it since. I'd have one helluva time remembering my password from over a year ago. I could give our corporate standard, and say "have at it".

In the past, they'd bring in a sfae cracker or locksmith. The court doesn't have it so easy now.

They can have my data when they pry it from my cold dead hands.

Bas GrollemanFebruary 13, 2012 6:00 AM

So I wonder what would happen if you would use a random password, written down somewhere and have it destroyed before the actual request.

Or better yet, a system that you need to check-in every day or it auto-destroys the password. So, if you are locked in for say 24 hours, it isn't even your fault.

AlanFebruary 13, 2012 6:03 AM

The judge could accept her explanation, or the judge could reject her explanation, find her in civil contempt and order her to be held in jail until she either produces the encryption key or the issue becomes moot (i.e., the case in which he key is needed is resolved). It is unfortunately completely up to the judge and the judge's decision is effectively unreviewable (meaning that a finding of contempt is essentially never overturned on appeal). For more information on civil contempt, see http://online.wsj.com/article/...

David H.February 13, 2012 6:06 AM

It is actually quite possible to forget a key. It happened to me. I created a true crypt container just to try it out but then forgot to delete it and also forgot the key I used. Or in other words, not everything that is encrypted is actually important. It might be that unimportant that you even forget the key. Without the key, it is difficult to proove that it really is unimportant.
Will be interesting how court ultimately decides.

foosionFebruary 13, 2012 6:07 AM

If the judge believes she's lying about forgetting her password, he can find her in contempt and jail her.

The main legal issue is whether the password is more like a key, which you can be compelled to produce, or like testifying against yourself, which is protected by the 5th Amendment.

Natanael LFebruary 13, 2012 6:13 AM

I have an RSA keypair I don't remember the password to. I'd be in the same position if somebody would send me an encrypted message and the police asked me to decrypt it.

gawaineFebruary 13, 2012 6:17 AM

[not-serious]
So, what if your key is "I am guilty of everything I am accused of and should go to jail for 173 years"

Then could you claim the fifth amendment?
[/not-serious]

jonFebruary 13, 2012 6:29 AM

I've locked myself out of plenty of places thanks to forgotten passwords (usually due to poorly thought-out and cryptic password hints) and often wondered what would've happened had I been ordered to unlock them. Hopefully whoever's doing the ordering is using a court order and not holding a chainsaw to my kneecaps or anything.

Sami LiedesFebruary 13, 2012 6:38 AM

The legal theory on which these cases have been premised on is that you can be compelled to decrypt -- not that you can be compelled to hand over the passphrase. Lower courts have taken somewhat conflicting positions on the issue, so it will have to be sorted in higher courts at some point.

The point is that the 5th amendment does not give you the right to not cooperate, only the right to not reveal information. So you can be compelled to hand over a document you have in your possession (for example in a safe), even if it contains incriminating information. You certainly can be compelled to open that safe if you are able to do so.

One issue that has been solved by the supreme court is that you can be compelled to affirmatively assist in the government obtaining incriminating evidence. In that case it was found that a court had the right to compel the defendant to sign a form requesting, IIRC, the release of his bank account details from a foreign bank that would not cooperate without such a document.

In these cases the courts that have ordered decryption have, to my knowledge, always ordered the defendant to decrypt the data, not to hand over the key. This can be done by letting the defendant type the password (and the prosecution would implicitly be barred from capturing that passphrase, not that that would matter too much after the data is decrypted).

Clive RobinsonFebruary 13, 2012 6:41 AM

To make it more interesting it is possible to design a system so that you never know the key thus cannot produce it (I out lined such a system a little while ago)...

The question is will a judge wake up and realise that there are somethings no mater how badly you want them you cannot have?

For instance a judge could command me to jump 20ft in the air as I stand in front of them...

However, as far as I'm aware nobody has ever done it without assistance of a pole and a run up, so asking me would be pointless, ludicrous and would if punishment was handed out for failing bring the judge, their court and the rest of the legal system into disrepute.

In effect it takes away the "choice" that is assumed of "free will" which the whole process of crime&punishment relies upon in an honest society.

Because if something is beyond your power to do then, punishing you for not being capable of doing it is a "cruel and unjust" process. The law in general becomes deminished, because people will lose respect for it, and in time turn against it either peacefully (where permited) or violently.

And any country that treats it's citizens that way is in effect a "Banana Republic" waiting for the inevitable down fall of those in charge.

Therefore in order to respect the law it becomes in effect your duty to uphold it and thus bring shame and approbation down on the head of any judge who would be so stupid as to bring dishonour upon their office, court and countries legal system.

And as we know the Internet can if used properly be a very very powerful way to get judges and politicians "to do the right thing".

KeeeesFebruary 13, 2012 6:41 AM

> If the judge believes she's lying about forgetting her password, he can find her in contempt and jail her.

Innovations like these could save an awful lot of time when applied to other types of cases. Defendant claims he didn't steal a car, judge says no I believe you're lying, *bang* case closed defendant goes to jail.

bronsFebruary 13, 2012 6:45 AM

For those thinking that she could plead the fifth, or that it's unconstitutional on the face of it, the legal situation is more nuanced. The question is what analogy and precedent rule. You cannot be forced to testify against yourself, but you can be forced to produce evidence. If physical documents were in a locked box, she could be ordered to give up the physical key. If the information in the documents were rather in her head she could not be forced to testify.

The judge decided that the password was more like a key than testimony. He is not obviously wrong. It may withstand appeal.

I lost access to some of my documents for several years because I had misspelled, unintentionally, a word in my passphrase, and had been habitually misspelling it for a time and then inexplicably learned to spell. Only when I tried again after years did my muscle memory reassert itself, and after I opened the document did I realize what had happened.

Had I been forced to give up the key, I do not know what i could have credibly done. The phrase was a rather long sentence. During the lapse the best I could have said is "I thought it was '...', but that doesn't work. It must be something else."

Luigi RosaFebruary 13, 2012 6:47 AM

The right answer could be "The password was a random sequence of letters and numbers written on a paper. I destroyed the paper before the judge ordered me to tell what the password is".

In this case the defendent does not have to reveal the password and the Court must prove that the paper really existed.

Vlad1m1rFebruary 13, 2012 6:49 AM

You Americans should count yourselves lucky you have your Fifth Amendment at all. In England where I live, there is a Regulation of Investigatory Powers Act which makes it an imprisonable offence to hand over a password to the Police (note the Police, not a court!).

The only workaround I can see to this would be to combine encrypted data with a keyfile, which automatically deletes itself/updates itself after a certain time, say every 24 hours unless you download and repost it.

That way you could credibly say that you're unable to retrieve the file as you'd have been under arrest when it needed to be renewed. Any thoughts?

NixFebruary 13, 2012 7:16 AM

Vlad1m1r, I think you mean the RIP Act makes it an imprisonable offence to *not* hand over a password to the police. An Act making it an offence to hand over a password to the police is... unlikely.

(And, yes, I forgot a password just last week, even though I type it all the time. This was a shared role account password, so I could ask someone else what it was. It turned out to be wildly different than what I remembered: a targetted password search would have been useless. And these days, everyone either has an insane number of different passwords -- easy to forget -- or one password they use almost everywhere -- insecure. Very few people use the third alternative, something algorithmic they use to generate appropriate passwords, partly but not entirely because it is hard to run through that in your head and putting the generator on another device is tantamount to putting all your passwords on that device anyway.)

ChristopherFebruary 13, 2012 7:17 AM

The nuance is artificial.

"For those thinking that she could plead the fifth, or that it's unconstitutional on the face of it, the legal situation is more nuanced. The question is what analogy and precedent rule. You cannot be forced to testify against yourself, but you can be forced to produce evidence. If physical documents were in a locked box, she could be ordered to give up the physical key. If the information in the documents were rather in her head she could not be forced to testify."

The 'evidence' forms the basis of testimony, and therefore runs in conflict with the 5th Amendment. Any other interpretation is just a maneuver to justify going around a person's right to not self-incriminate.

-C

John CampbellFebruary 13, 2012 7:20 AM

I have plenty of sympathy for someone forgetting their password... or even the formula for composing their own.

That being said, I can just imagine how this would be so very different if the Clipper Chip and Key Escrow being pushed during the Clinton Administration had become a (ahem) key standard.

I've (perhaps wrongly) believed that search warrants weren't vague enough for fishing expeditions... though, with the contents of a computer, I wonder if it *is* being treated as a "blanket" permission rather than a targeted mechanism.

IANAL... I am still uneducated enough to believe in common sense.

willFebruary 13, 2012 7:24 AM

The other issue at hand here is how tech-savvy the judge is or is not. If it's a case of "I understand that you cannot remember the key, so we are unable to do anything about this," that is one thing. But if it's a case of "You are a computer person, you should know how to do this because this is computery stuff we are talking about," it's another.

RoxanneFebruary 13, 2012 7:38 AM

This happened to me in a less serious context two weeks ago. We had a free Yahoo account providing a POP server for my Outlook account (you're the web guru; you tell me why it was set up this way; I have no clue). In any case, it stopped working, and I had forgotten the password. It locked up. The solution was to get another cheap address to provide the service and dump the first account - but we can't fully dump it, because we can't remember the password. Maybe someday Yahoo will flush it; it may be there until the end of the internet.

wumpusFebruary 13, 2012 7:44 AM

One odd factoid that has remained in my brain about the US legal system is that well coached defendants seem to use the "I don't recall" defense quite a bit. IBM executives were famous for this during their anticompetitive trial, one going so far as to "not recall" his age.

It seems to be popular with executives and politicians. Less equal citizens seem unlikely to get away with it.

ChristianOFebruary 13, 2012 7:48 AM

Isn't there usually a "I don't want to testify against myself." defense possible?

For germany thats totally valid for not giving out any passwords for encrypted drives and alike.

Captain ObviousFebruary 13, 2012 7:49 AM

I would ask the judge what the password to his first email accout was. If h esays I don't know, you say me neither. If he says 123456 or his wife's 1st name you appeal to have a tech idiot recused from the case.

Nearly all my passwords are in Password Safe, and I have no idea what they are. For the few that aren't in there, there's no way I could remember them after not using them for 3 months, let alone a year, let alone the keyfiles...

GregWFebruary 13, 2012 8:03 AM

Here's an angle I haven't seen others discuss yet so I thought I'd toss it in.

In terms of whether or not the defendant "forgot" her password, I think that's an interesting evidential (legal and scientific) question there that is more narrow and more addressable than many questions about "forgetting" and memory that come before the court!

A password, unlike ordinary facts or situations, is something that a person must demonstrate repeated memory of (and memory reinforcement of) to use such an encrypted computer functionally on a regular basis.

If I were a judge or prosecutor or jury member assessing the credibility of the "I forgot" claim, I would want to know A) did the defendant regularly use the computer, requiring repeated entry (and mental reinforcement) of the password over a sustained period of time? B) How long was that period? C) Is there any evidence indicating the likelihood (or unlikelihood) that the defendant had recently changed or had ever had a pattern, regular or irregular, of changing her passwords (and thus the time interval from period B might credibly be short)? D) Are there any scientific findings about how quickly memory of a password dissipates after X amount of use that might indicate the credibility of the defendant's forgetfulness? E) Is it reasonable that the defendant would remember fragments of the password or patterns related to it that would be sufficient for her to recover the content with the appropriate password cracking tool and have such attempts been sufficiently made to satisfy her legal obligations to provide documents?

Sure, new/fresh passwords I sometimes lose/forget. Passwords I used only once or twice I forget. Passwords I haven't used in a long time I forget. Longer more complex passwords are easier to forget. But passwords I use daily, even very complex ones, I do remember, and even after a delay of weeks or months, I remember fragments of them sufficient to greatly reduce the brute-force effort required to crack them. What are the values of these parameters that would describe the plausibility of the claim I forgot my password? That I don't know, but it seems like there are concrete probabilities there that are knowable and could, in theory, indicate the likely truthfulness of her claim.

As a matter of curiosity I wonder if any of that sort of reasoning will come up in her case.

GregWFebruary 13, 2012 8:07 AM

In terms of the legal angles, I am still a little unclear why subpoena powers from the Federal Rules of Civil Procedure would somehow trump the Fifth Amendment.

Perhaps the former is grounded in powers implied by the Fourth Amendment (no unreasonable search and seizure of papers... except with a warrant and probable cause (which are present here)) and/or other bits of the US Constitution?

wkwillisFebruary 13, 2012 8:12 AM

Of course, if the police have accidentally filled her computer memory with a random file and her password doesn't work, then it's going to look like she is concealing the password.
A better analogy is the police putting you in jail until you voluntarily tell them where the body is. They actually did this to some lady because she wouldn't tell them where her child was. They held her in contempt for about a year, I think.

vwmFebruary 13, 2012 8:22 AM

Naturally, the brute force attempt narrowed with "as much as the defendant remembers" might be a funny way to waste everyones time with wrong clues.

Wrong clues might also help to avoid a civil contempt. At least for some time.

PS: If you want a real-world analogy, think of a defendant who as buried some evidence (haul, instrument of crime, etc.), but does not [want to] remember the exact location.

reptileFebruary 13, 2012 8:47 AM

All this is going to do is bring down new legislation and compulsory new technology that works in conjunction with new laws - laws that make the 90's look like a picnic. Yes, we are on a very slippery slope here and didn't bring climbing gear. There's no way they're going to let this go. Defense is playing with fire.

trapspam.honeypotFebruary 13, 2012 8:54 AM

,A(,'qL55frMvhjovxfwXWK2xhokjyOGmYpHjNqxwUVr7FESBudcO0x06J0XBBlFogC4G0nXy9BTM8wtJ2JE/U5(R+Y_8n^f/(E+wmPy4fqXrQEid-;"7b@

41 Uppercase
48 Lowercase
17 Digits
20 Symbols

Exact Search Space Size
1,576,776,062,189,499,
858,227,860,784,670,491,
402,623,885,212,354,611,
320,489,496,600,653,597,
007,071,850,577,458,434,
224,812,324,786,105,361,
386,063,503,758,368,781,
529,671,141,244,969,611,
850,665,451,390,730,823,
772,224,422,181,202,378,
747,568,545,540,841,483,
575,217,133,055,660,554,
620,801,951,599,826,273,
369,662,305,142,017,120 count of all possible passwords with this alphabet size and up to this password's length

Search Space Size (as a power of 10) 1.58 x 10(power of 249)

Time Required to Exhaustively Search this Password's Space

Online Attack Scenario:
(Assuming one thousand guesses per second) 5.01 hundred million trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion centuries

It all goes down hill from here.

Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)

5.01 billion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion centuries

bobFebruary 13, 2012 8:57 AM

How is this any different from claiming to have forgotten your offshore numbered account?

Try that with your friendly local tax office.

I don't understand this USAian obsession with the sanctity of password. You accept that if the state thinks you've done something wrong, they can lock you up, question your wife, search your house, read your bank statements; but somehow, your password should be sacrosanct?

anonymousFebruary 13, 2012 8:58 AM

You have the right to remain silent. Anything you say or do can and will be held against you in a court of law.

JamesFebruary 13, 2012 8:59 AM

Alternately, "It was encrypted with a one time pad... here's the key". Oh look, it was just an encrypted copy of the 5th amendment.

I also wonder, does this mean that I over write a drive with random nonsense (for purposes of disposal), that I'd be wise to do it pseudo randomly and keep a copy of the seed. Are large random numbers now dangerous?

abadideaFebruary 13, 2012 9:07 AM

James: I find your suggestion to store nothing but an encrypted copy of the Constitution beautiful. Trolling is an art.

atriskFebruary 13, 2012 9:10 AM

I have encrypted files that, assuming no backdoors are in use by common platforms, will never be read again.
I used rsa keys and then switched system, taking the data but not he keys, stupid.
Reformated (the decent way).
I never ever even knew the private key so it would be impossible to produce it even if it could save my whole family.
I can tell you the passphrase that protected the private key allright.

muFebruary 13, 2012 9:14 AM

This relates to a fundamental flaw with TrueCrypt's "hidden partition" feature: nobody really leaves huge swaths of their drives unpartitioned and fills it with random bytes. There isn't much plausible deniability built into that system.

I've suggested to them a way to improve this: on installation, ask everyone, by default, if they want to set up a fake hidden partition. It would partition off a chunk of the drive to contain random data, as if a hidden partition was stored there, but not put anything there.

This would give a real layer of plausible deniability. When someone says "why is 80 GB of your drive unpartitioned; do you have encrypted data there?", you have a very realistic response: "no, I just said 'yes' when TrueCrypt asked if I wanted to create an 80 GB garbage partition". Implemented correctly, it should be impossible to tell whether that's true or if there's a real hidden partition there.

The same principle can be applied to a lot of encryption, but the only way it can work is if it's put in the regular usage path of software, so the "I just clicked yes" claim is *genuinely* plausible, and will actually be true in many cases.

Increasing the amount of possibly-encrypted data lying around is a plus for everyone, as well, since it makes real encrypted data stand out less. That's why *all* internet protocols should be encrypted, regardless of whether the contents are sensitive or not. Bruce, make http://schneier.com redirect to https://schneier.com!

MarkFebruary 13, 2012 9:19 AM

@James

"Are large random numbers now dangerous?"

Well yes and no: Generate one big enough and the universe dissolves into quantum foam. But that's OK, as you can just extrapolate the whole thing over again from a piece of sponge cake.

@bob
Our government has enough power to do what ever it wants without compelling us to convict ourselves. It's usually best to stop or slow it's attempts to get more power.

lolsFebruary 13, 2012 9:35 AM

in my case, about 90% of my secret passwords and security questions are long, hard to guess pass-phrasses. And most of them do not reside in a crackable password safe .. If I plead the fact that I've genuinely and gradually forgotten a handful of them or misplaced my secret hard copies, "if any" of them.. I'd probably tell the judge I'd need hypnotherapy, rubber hose torture and a huge dose of truth serum and a polygraph test just to squeeze the long phrases out of me. The fact is, I don't regularly remember them as they are mostly gibberish. I am a genuine case of "having forgotten a pass-phrase". So should services such as pidder, and clipper be compelled to turn over crypted passwords to authorities why can't the authorities proceed to brute-force it as I would rather be shot than cooperate. I am sure that they would have mounted some extent of wiretapping and surveillance long before informing the prosecution that I have a 4096-bit and counting RSA keypair that can only be exorcised outta him (even if he has to die in custody)

Captain ObviousFebruary 13, 2012 9:47 AM

@Mu

Better yet, make it the default to have some random unformatted junk.

I dunno, I used TC to secure my tax records, maybe it set that up automatically. I don't really understand how the encryption works, do you?

NocommentFebruary 13, 2012 9:50 AM

Nah.. from now on i will use random.org and save the unique seed key and then tell them go-figure-it out since it is reproducible :-) .. Or tell them "I broke my lava lamp a while ago". I've got only two eyes, two ears and 20 digits.. losing all one by one due to torture and my sanity 2o electroshock therapy isn't worth the suffering of keeping a mater-passphrase or passphrasess-- six-feet-deep crypto.

Another Railroaded InnocentFebruary 13, 2012 9:51 AM

News Flash: Cops and judges can do whatever they want. If you're not rich, you can't afford decent representation. And if you are rich, they wouldn't have messed with you in the first place. Welcome to Lawyermerica, chump.

RichardFebruary 13, 2012 9:53 AM

Use a smart card rather than a password. "Accidentally" enter the wrong password a few times "because you're nervous" and the card will erase itself.

DanFebruary 13, 2012 9:59 AM

She's not refusing to give the password, she's testifying that she forgot the password.

Try her for perjury. Maybe a jury will accept that it is impossible for her to have forgotten a password over the course of two years.

Stephen WilliamsonFebruary 13, 2012 10:24 AM

@trapspam.honeypot: Though it doesn't have any substantial impact on your point, I thought you might be interested to know that it's trivially easy for someone to set up a system that can process 33billion passwords per second. The software is called whitepixel, and even that 33 billion figure was from over a year ago.

RonFebruary 13, 2012 10:26 AM

If she has (or claims to have) forgotten the password, a brute-force attack will not succeed. Remember she was not ordered to divulge the password, only to produce the decrypted files. In order to narrow the search space, she would have to say, "I'm pretty sure the password is 'open sesame - something - something'," but making that statement is clearly testimonial and protected by the Fifth.
So, assuming the judge accepts her forgetting, the prosecution's out of luck.

Anirban SenFebruary 13, 2012 10:28 AM

Or the password could somehow be set my a "friend" overseas who was instructed to share the password if the person was in a verifiable, safe location

kiwanoFebruary 13, 2012 10:45 AM

Ummm, is it too late for me to file an amicus curiae brief pointing out that I get my normal passwords from

dd if=/dev/random bs=1 count=9 | base64

and that my disk encryption password is two of these passwords concatenated.

I write them down on a piece of paper in my pocket until I have them committed to muscle memory by repeated use (about a week or two) and then burn the paper and scatter the ashes in a lake.

Because my password is committed to _muscle_ memory, I'm actually incapable of reciting it on demand, and after 2 years, I can be pretty confident that I'd have completely forgotten it (the longest I've gone without using my disk password and still been able to use it is just shy of 2 months--I haven't tried longer, but 2 months was already quite challenging).

On the other hand, my backup strategy does include "forgot my disk password" as one of the hazards to protect myself from, so I wouldn't be completely screwed in Ms. Fricosu's situation. (Doubly so, since I have a solid chunk of data which I consider it worse to have exposed than lost to a forgotten password; I expect that if I were engaged in criminal activity, most evidence would be in the "doesn't get backed up" folder).

JohnstonFebruary 13, 2012 11:26 AM

The "password reset" function on websites is used precisely because people forget passwords. Now, add to that mundane scenario a high-pressure situation with lots of stress, and a period of weeks or months in between an arrest, initial police investigation, several court appearances, and finally, a court-ordered password reveal, and what you have is nothing other than the perfect recipe for a forgotten password.

(People who use the same password for all or almost all of their logins wouldn't be able to understand. They're also the ones in charge.)

MoJoFebruary 13, 2012 12:03 PM

She should have gone for plausible deniability. Keep a corrupt floppy disk in the drive and claim the keyfile was on it. The police must have damaged the disk and it is now lost forever.

I never know some of my passwords to start with because I often wipe encrypted drives simply by changing the password to something random. It is a good way of doing it because you can be sure that the original key on disk was overwritten.

JustAnotherUserFebruary 13, 2012 12:20 PM

Haven't gotten round to reading all the comments yet but I wanted to add my own experience. I keep most of my passwords in a password manager too but there are a couple I just never got round to adding for encrypted files on the drive. Didn't access them for a while and next thing you know I genuinely can't remember the damn things - it's very easy to do. Thankfully nothing too important but they're gone now. It can and will happen and it'll happen more than people want to admit the less tech savvy they are.

.February 13, 2012 12:31 PM

There is no nuance. The Constitution and Bill of Rights were not written with the intention of being cryptic. Quite simply, the 5th Amendment provides that you will not be compelled to participate in your own prosecution, no matter what previous courts have decided. Slowly chipping away at these things with "nuance" in order to make law enforcement easier (which it should not be, as codified) is how we ended up where we are today.

If there was nuance, it would really suck if someone splattered a blob of random garbage onto your hard disk and framed you for something terrible. Of course you would say, "Yes, my files are on that disk" during questioning. Maybe even, "Yes, I have encrypted files on that disk." "Okay, decrypt this blob OR YOU GO TO JAIL FOR CONTEMPT FOREVER."

.February 13, 2012 12:35 PM

To clarify that last proposition and sound a little less outlandish, although it really isn't that outlandish, it wouldn't even need to be a frame job. It could just be forensics saying that something just looks too random to be anything but encrypted. The courts at this level almost never side with the little guy when a cop is on the stand.

anonymousFebruary 13, 2012 12:40 PM

This more-or-less happened to me in the UK — the police took my laptop, then interviewed me to ask for the encryption keys almost 2 years later. While asking for them, they informed me that it would be an offence under the Regulation of Investigatory Powers Act (RIPA) to refuse to disclose my keys once they had been requested. I had legitimately (as comments above predict) forgotten all the passwords, having not typed them in such a long time, and — with legal advice — said as much to the police in the interview. As it turned out, they decided not to pursue the case further (and didn't prosecute for not providing the keys, either); I don't know how the result might have differed if things had already reached court by that point.

Clive RobinsonFebruary 13, 2012 1:02 PM

@ Mu, Captin Obvious and others,

There are problems with crypto software packages that create random "containers" of various sorts, oddly I posted about it over on the current Squid about an hour before Bruce put up this thread,

http://www.schneier.com/blog/archives/2012/02/...

It also talks about one of the big defects of crypto software which is the "assumed single user" of laptops etc, whilst more relevant to Company Laptops it explains one way we can make plausable deniability work, which currently it does not.

And perhaps les oddly on Jan 29 I posted to the Blog thread that logicaly precedes this one an outline description of how you could prove you never needed to know a key or password for an encrypted container be it just a file, pertition or whole HD or server array,

http://www.schneier.com/blog/archives/2012/01/...

You will also find in my post above that one made a couple of days before, some of what is required to protect the key whilst on a computer mother board and how to implement a "deadmans switch" to ensure that even if the laptop etc is on and the LEO's come bursting through the door with guns drawn it won't do them any good.

http://www.schneier.com/blog/archives/2012/01/...

Which leaves you with the problem of if you have malware on the computer planted by the LEO's or othhers through the supply chain etc. That's an entirely different issue to do with medium to high security OS's or OS's that are unknown to the LEO's concerned but again is not that difficult to deal with if you know what you are doing, as a lot of the code you need has been writen for you by various Open Source projects (you could start with GRUB), you just need to put it altogether and re-flash the BIOS with it.

Matt from CTFebruary 13, 2012 1:22 PM

>The right answer could be "The
>password was a random sequence of
>letters and numbers written on a paper.
>I destroyed the paper before the judge
>ordered me to tell what the password
>is".

That's a really bad answer.

It's outright illegal if you "reasonably anticipate" any civil action at the Federal level to result, and a mortgage fraud investigation certainly meets that standard, to fail to preserve any relevant evidence.

Tearing up the password to an encrypted file is the equivalent of Arthur Andersen shoving Enron files through the shredders.

> "I don't recall" ... seems to be popular
>with executives and politicians. Less
>equal citizens seem unlikely to get
>away with it.

It sure helps a heck of a lot.

Wild guess, but I'm gonna bet 99.9% of plea bargains involve using a statement the person made instead of keeping their mouth shut. I might be low on that number.

=============
So what do you do that I haven't seen listed above?

Regularly and randomly change your password in a way that's easy for you to remember for a shortwhile, easy to forget within weeks, and that doesn't require destroying, altering, or allowing to be lost any physical or electronically stored components.

Judge "I order you to decrypt this volume."

Defendant, "I do not recall the key."

Judge "How can you not remember?"

Defendant, "Well, I made it a practice to change my password each week. I did this by going to my 1000 book library, picking a page at random, picking a phrase at random or sometimes a pattern like every word on the left, or 1st word on left, then 2nd word on left, then 3rd word. To that I'd then add something called a salt -- like a number I remember like a birthday or telephone number, or maybe a song I was listening to at the time, or someone in the news that week. Then all I had to do was remember which book, page, pattern, and salt...kind of a game and not terribly difficult. The next week I'd change the password again before I memorized it and selected a new one.

So maybe -- and I'm just giving an example -- my last password was the last word in the second sentence from the bottom of the PHP Cookbook, pages 10 through 20, to which I added "Whitney Houston."

And now I simply don't recall what combination of book, pattern, and salt I used last to encrypt the information you're requesting.

I haven't disposed of any books, I know some typical patterns I used though I can't recall all of them, and I recall some of the salts I've used -- I'd be happy to cooperate by providing those to the prosecution if they wish to try and reconstruct the password. I simply don't have the financial or technical resources to digitize all those books and a create all possible password combinations in a timely manner."

Now do most of us follow anything like this? Of course not.

But it provides a very reasonable system -- you only memorized patterns and changed them frequently.

Nothing, like a note you wrote it down on, has been destroyed. Nor did you allow any automated process, like an expiring password, simply continue uninterrupted to cause the loss of the data.

You simply forgot.

anonymouseFebruary 13, 2012 2:08 PM

Fun with layering.

The premises of the ruling is that forcing a defendant to decrypt something that they presumably have the ability to (confession to a snoop)...does not implicate the fifth.

Not quite ten years ago (wow, AES is already around over a decade), I used to have a system that ran two layers of crypto.

+FS1: DES (this was actually slower)
+----- 5thAmendment.txt
+----- README.txt
+----- AES.bin (FS2)

README.txt thanked the recipient for wasting ten to a hundred thousand of their budget cracking something uselessly and wished them better luck with AES.bin

Of course, the system was so slow as to be useful only for working with fairly small files.

In all seriousness though--I didn't have the password to the DES partition. The password was generated via a script I wrote and saved in an email account I'd log into to keep active every few months... as long as the box didn't reboot, things stayed in memory. If it did reboot...trip to the coffee shop with a linux livecd would let me login to hotmail and recover the perl script long enough for me to supply it to my server and then wipe the script.

It doesn't avoid the legal issue, but it's not bad as far as plausible deniability goes.

JeffFebruary 13, 2012 2:10 PM

If you hold encrypted data on a drive and claim you forgot the key, it's in the court's interest to imprison you - even if they believe you're telling the truth - just to discourage future defendants from trying that excuse. Since "normal" (computer-illiterate) people don't use disk encryption, there's no risk of political fallout.

ChristopherFebruary 13, 2012 2:23 PM

I'm shocked that so many people seem to be asserting that a truly random password is not just unlikely (which I would buy) but implausible. The overwhelming majority of my passwords are 16 character random strings chosen from an 83 character alphabet, stored in a database that is itself AES encrypted with a 16 character random string and used only for that specific task. The database itself has expiration information and will remove a password with no interaction from me if it passes the expiration date.

For passwords I have to type often enough that I want to remember them (which is maybe half a dozen) I use 4 words randomly chosen by a computer from a 2048 word dictionary plus 2 random three digit numbers, also keep them unique per account, don't store them anywhere, and change them every 6 months. I can guarantee that if you asked me what any of those was in 2010 (or even the one immediately before I last changed it) I would have absolutely no chance of remembering it. I could hand either of these algorithms over to the authorities (in fact, I pretty much just posted them to the internet) but I doubt it would be much help in cracking the password.

Clive RobinsonFebruary 13, 2012 2:44 PM

@ Matt from CT,

I did this by going to my 1000 book library, picking a page at random, picking a phrase at random or sometimes a pattern like every word on the left, or 1st word on left then 2nd word on left, then 3rd word...

My library is several thousand books, but importantly they are not in any recognisable order, only lossely grouped by subject, which can be added to your scheme.

When I take a book out to use it it usually goes back in the same place, unless I've bought a new book on the same subject area or have taken out two or more books from the same subject.

Basicaly my books can be thought of in the same way as the ARC4 storrage array or the deck of cards in a patience game. They get slowly stired in a way I can neither predict nor roll back.

Thus whilst I might pick the twentieth book in a subject area and in the short term it will stay twentieth in the long term who knows...

So when it comes to talking to the judge with,

I haven't disposed of any books, I know some typical patterns I used though can't recall all of them, and I recall some of the salts I've used -- I'd be happy to cooperate by providing those to the prosecution if they wish to try and reconstruct the password.

You mention you've actually augmented the number of books (I used to buy and read between three and five books a week) and you've spring cleaned a couple of times (not an unreasonable thing to do) so you realy have no idea of the order they were in two years ago.

And the chances are the prosecution has been through the books looking for evidence anyway and have mucked up the order without properly recording it...

But some important things to remember when you say,

I simply don't have the financial or technical resources to digitize all those books and a create all possible password combinations in a timely manner.

Don't mention "financial resources" the prosecution will jump on that as "electronic discovery" is the new way to "bankrupt you out of your legal rights".

When you mention the lack of technical resources quallify it with something along the lines of,

"I cann't think of anybody who has the sort of technical resources required, perhaps the NSA might, but no I guess even their resources would be stretched".

And slip the legal knife in at the end with,

"However even if I had the resources to digitize the books your honour, as you are fully aware it would be illegal for me to do so..."

And if either the judge or prosecuting counsel pushed it you simply ask them the question,

"Are you sugesting in court on the public record that I commit a known crime... Are you realy sure you want to be on record as even suggesting that let alone ordering me to do such a dishonest thing?"

Effectivly the result (as I once found out by looking a judge straight in the eye pausing and then asking in a quiet but clear voice if the judge was ordering me to knowingly purjure myself) is of a couple of hungery foxes dropping into a full hen house late at night, it sure wakes the court up and starts a flap. Especialy if you do what I then did which was to look the court recorder in the face and ask if they needed me to repeate myself so it goes correctly on the court record...

shadowfirebirdFebruary 13, 2012 2:50 PM

One of the things that bugs me about this whole thing is that it is technically possible -- not likely, I agree, but possible -- to be charged with failing to decrypt some random unused part of your hard drive.

In effect, if you can be prosecuted for forgetting a password (certainly true in the UK) then you are guilty until proven innocent.

Civil LibertarianFebruary 13, 2012 2:57 PM

@kiwano
I write them down on a piece of paper in my pocket until I have them committed to muscle memory by repeated use (about a week or two) and then burn the paper and scatter the ashes in a lake.

I'm chuckling because last week I realized that I inadvertently do the same thing. I had jury duty and took my tablet to check email -- something I haven't done in months because I pretty much always work at my desktop computer. Though I type my strong email passwords several times every day on my keyboard, I could not for the life of me input them via the touchscreen because muscle memory couldn't conform to the interface. And my conscious brain doesn't know what they are.

On the bright side, I got to catch up on my (offline) reading that day. Conscious brain was happy.

VadimFebruary 13, 2012 3:55 PM

>>The right answer could be "The
>>password was a random sequence of
>>letters and numbers written on a paper.
>>I destroyed the paper before the judge
>>ordered me to tell what the password
>>is".

>That's a really bad answer.

>It's outright illegal if you "reasonably anticipate" any civil action at the Federal level to result, and a mortgage fraud investigation certainly meets that standard, to fail to preserve any relevant evidence.

Matt how about:

"The password was a random sequence of letters and numbers written on a paper. The paper was seased by the police and i don't have it anymore."

nonegivenFebruary 13, 2012 4:10 PM

What if you keep your encryption keys or even just the secure files on an IronKey and by the time they get around to asking you to decrypt they've already bricked it?

Roger WolffFebruary 13, 2012 5:55 PM

I'm using a password that unix-crypts to something funny.

I had a program run "crypt" on random strings until it found one that matched the search string. The crypt string of my root password starts with "rootpw". So?

Well, they are more or less random strings. Unless often used they are easy to forget.

Anon Poster if BrucedomFebruary 13, 2012 6:16 PM

I'm sorry, your honor, the tribble-dongle requires me to be happy and free to function.

TonyFebruary 13, 2012 9:09 PM

The lessor of two evils.

Remembering the password will lead to multiple felony counts or having forgotten that darn password, a misdemeanor contempt? Tough choice.

RSaundersFebruary 13, 2012 9:10 PM

Not a plug, but ThinkGeek sells a disappearing ink pen that's really effective. Great for the trip through customs, write your new random password with it on a page in the middle of your poetry notebook. If you aren't stopped, you just change it back to the one you usually use. If you are, you decline to decrypt it and by the time they get a judge to order it you tell them you need your book. You turn to the page and type everything there. I know it was on this page ...

Maybe we need an "expiration date" on secure laptop drives Seagate makes. If the drive hasn't been decrypted correctly in 30 days, maybe it should zeroize itself. All the other firmware they've put in them, what's the cost of a real-time clock IC.

Wim LFebruary 14, 2012 12:34 AM

> Defendant, "Well, I made it a practice to change my password each week. I did this by going to my 1000 book library [...]

Guys, this is what systems like Diceware are for.

Clive RobinsonFebruary 14, 2012 12:44 AM

@ RSaunders,

Maybe we need an "expiration date" on secure laptop drives Seagate makes. If the drive hasn't been decrypted correctly in 30 days, maybe it should zeroize itself. Al the other firmware they've put in them, what's the cost of a real-time clock IC?

It's a bit more complicated than just adding an RTC IC to the HD after all PC's and Laptops have an RTC IC as standard but they don't/cann't zeroize the HD after 30days.

Firstly I'll ignore the obvious "lack of customer demand" and likewise several user issues as to why it's not done and go to some technical reasons.

First of which is power, you usually need a source of power to be used or removed to cause something to be overwriten or cleared depending on the memory type. Which means you need a source of power independant of the computer power supply, or a battery at some place connected to the HD electronics.

In the case of most HD's their memory is designed to retain without power and conversely they generaly need quite a bit of power to actually work for anything to be errased, this would require a large probably rechargable battery, not impossible but certainly not conveniently small or inexpensive.

In the case of RAM this is generaly designed to only retain information with a source of power connected. Most RAM is quite power hungry but some CMOS Static memory (SRAM) is designed specifficaly to retain information with very little power we see this in our PC motherboards with the battery backed SRAM storing configuration information. However to erase the SRAM or disconnect the power from it in a reliable way needs considerably more power than is just used to retain the data. Which again needs a battery that is going to be some what larger than the customary long life RL Button Cell, and would in all probability end up being a rechargable battery.

Now the problem with rechargable batteries is that their reliability is very price dependent, and unless the battery is used correctly it's performance degrades quite quickly. The sort of power cycles you would see for this "erase/clear" function on an HD would be very unfriendly to rechargable batteries (see "rechargable cell memory").

Even where smallish rechargable batteries get favourable power cycles such as in portable / mobile radio applications such as mobile/cell phones the life is not that good. With most of the batteries used by the mobile phone industry or PC laptop industry their effective half life is little more than 9-18months, unlike HDs where the reliability is now quoted in terms of 44K-260K hours MTBF (5-30years) some longer.

Secondly all memory is more "persistent" than we would like for this sort of thing. Put simply all types of static memory suffer from "burn in" where the value stored becomes steadily more permanent. Thus erasing the memory sufficiently securely may not be possible after a certain time.

There are techniques that can be used to prevent burn in for some memory types but they are all dynamic or active which means that the memory needs to be kept not just powered up but active, which brings us back to the battery issue again.

Thirdly the RTC IC does not stand alone it needs not just a source of power but a reliable time refrence as well. Such a time refrence is usually supplied by a small 32KHz "watch crystal" (XTAL). Thus either cutting the battery power to the RTC or playing with the XTAL circuit will either stop the thirty day count down or change it to some other time period, either way it's effectivly disabled.

There are quite a few other problems but from a security aspect you can see that the 30day countdown would be at best "illusory" in it's own right and easily defeated if it fell into "your adversaries" hands.

As I have said before you need a system whereby it can be shown that the user has no need to know the encryption key nor be able to use it if they did and this requires a tamper proof dongle with certain attributes one of which is "to go online to one or more trusted servers on the Internet in other jurisdictions".

For the HD to support the model in it's own right all it needs is a way to establish reliable and secure communications with the servers. If it has it's own Public key Certs built in this is quite easy to establish and more reliable than an RTC would be for ensuring the data remains unavailable to "your adversaries".

Put simply whilst the Judge can put judicial presure on you to effectivly compel you to comply with their wishes, the judge can not compel a person in another jurisdiction to comply as the courts writ does not extend outside of their juresdiction. And a Judge can only compel an entity it can communicate with, thus they would look somewhat silly trying to tell a piece of firmware that is going to jail.

The fly in the legal ointment as far as you are concerned is the courts in the juresdictions you have your secure servers in. They can compel the server administrators to comply with a foreign judicial request in places like Europe, or can have the administrators extradited to the juresdiction you are in if they have commited a crime (except with the ludicrous US-UK anti terror agreement where a US LEO only has to alledge a US crime was committed). However such a process can with appeals be extreamly lengthy, one current case has been going on for over ten years.

But you should assume that the administrators of your out of juresdiction secure servers will comply, or that the servers will be compromised in some way and thus design the way they work such that this does not matter, which can be fairly easily done.

It won't stop the judge throwing you in jail for contempt (nothing can do that except by being out oof his jurisdiction) but you will have the satisfaction of knowing your data is unreachable by your adversaries.

Oh and you can thank the idiots that drafted the UK RIPA legislation for the fact that their crass stupidity with foisting RIPA on the worlds population has caused such designs to come into existence.

The main idiot behind RIPA was a then UK politician called David Blunket who embroiled himself in several sex scandals causing him to resign from government and of more recent note the News International (owned by Rupert Murdoch) "phone hacking" scandal. Where Blunket put and still puts his own personal enrichment over both Public and National Interest by receiving what is in effect "hush money" payments for putting his name on a column in "The Sun" newspaper that is ghost written for him. So not exactly the most honest, upright or forthright individual you could find to be making decisions about the content of important legislation with very wide ranging scope for abusing individuals rights world wide...

PhilFebruary 14, 2012 6:22 AM

@Clive. Modern SSDs encrypt all the information being written to the flash with AES. "Erasing" the SSD is then simply a question of overwriting the 256bits of memory inside the drive which stores the AES key. Possibly a state-level agency could recover the key, but I suspect once that little bit of flash has been written to a few times, it's gone forever. (The secure erase on iOS devices uses the same design pattern IIRC.)

I doubt this requires very much in the way of internal power. Whether there are any devices available that implement this kind of self-erasure I've no idea.

.February 14, 2012 7:14 AM

Clive: A simple RC circuit with a time constant of around a week, two weeks, or whatever that could trigger a sufficiently powerful rechargeable battery (3x capacity, for good measure) to handle the encryption key overwrite, as Phil mentioned, along with automatic battery test logic as found in most quality battery-backed devices (write caches, UPSs, etc.), would work just fine. If the capacitor is not charged in whatever timeframe selected, due to it being on an evidence shelf, problem solved.

PaeniteoFebruary 14, 2012 8:57 AM

@mu: "This relates to a fundamental flaw with TrueCrypt's "hidden partition" feature: nobody really leaves huge swaths of their drives unpartitioned and fills it with random bytes. There isn't much plausible deniability built into that system."

You are confusing the specific "hidden volume" feature (which doesn't leave an unpartitioned area) with the principal Truecrypt feature that containers cannot be distinguished from random data.

Clive RobinsonFebruary 14, 2012 10:06 AM

@ .,

A simple RC circuit with a time constant of around a week, two weeks, or whatever that could trigger...

Have you ever designed and built an RC timer with a time constant between 600,000 and 2.6million seconds?

If so would you care to tell me the value and ESR of the cap you used, what PCB material and the effective input impedence of the level detecting electronics I realy am curious to know?

gfunkdaveFebruary 14, 2012 10:06 AM

The other thing is that the lady had previously refused to provide the password. This can be construed as evidence that the knows the password and is now just refusing to comply with the court order. The judge can therefore find her in contempt.

Clive RobinsonFebruary 14, 2012 10:42 AM

@ Phil,

"Erasing" the SSD is then simply a question of overwriting the 256bits of memory inside the drive which stores the AES key.

In theory yes, and I've tried it with memory cards secure memory cards and USB thumb drives, in practice it's a whole lot more difficult, as I've indicated in the past on this blog.

All of these devices use Flash Rom (usually NAND) and it is hidden away behind a striped down micro controller. The reason for this is there are two basic types of Flash used in these devices low density high reliability and high density low reliability. The micro controller usually carries out two functions, the first is to implement various wear leveling algorithms on the high density Flash and to put directory and other highly volatile information on the low density Flash. Often the low density flash has erase pages around 128bytes in size whilst the high density erase page is often 2K or more. Few of the micro controlers implement "write over" whereby an existing page that has been written to gets written to again prior to a page erase.

Now because the high density flash is low reliability and only good for a few tens of thousands of erase cycles per page, the manufacture puts in between ten and twenty percent more flash memory than is advertised on the packet. It uses this extra memory in the wear leveling algorithms in a sort of round robin arangment behind a virtual memory translation table stored in the low density high reliability flash, with frequently modified areas migrated to the low density flash (ie FATs etc).

Now if you are buying in somebody elses flash device technology you don't have control of where your AES key gets put... If it gets put onto the high density flash then the chances are you cannot reliably erase it unless you entirely erase / overwrite the whole flash memory twice (or three times the advertised memory size). This sort of erase is inherantly slow and quite power hungry.

Now on some USB flash drives it is very very easy to remove the case, and then moderatly easy to issolate the high density flash chips from the controler and read them out (I've actually done this in the past which is why I know the AES key can be easily not overwritten...).

I'll put my hand up to not having looked into modern Solid State Hard Drive replacment units because their manufactures regard the internal behaviour as a "trade secret" as do the controler chip manufactures and neither will release the required info under NDA. However the information about these systems that has leaked out does not fill me with any kind of confidence from the security aspect.

JardaFebruary 14, 2012 11:09 AM

Of course, you can forget a password. You say you changed it just few days before they confiscated the notebook. Than the notebook was in police possession and as you weren't using it + all the stress with the police knocking down your door including the front wall of the house, interrogation,...., damn and now you can't even remember what's your birthday, even less some password. Try to prove that I am lying.

Anonying MooseFebruary 14, 2012 12:04 PM

Just gonna throw my two cents in there.

The 5th amendment states that you can't incriminate your self, which she did when she told a jail house informant (my memory is kinda rusty so forgive me if I got that detail wrong) that she has the documents essential to the court proceedings on her hard drive.

It'd be the same as if someone hid their murder weapon in a safety deposit box and bragged that they hid it in there. If they didn't mention the existence of it the court would have nothing to go off of. Since they mentioned that they are in possession of the evidence and are now withholding it from the court.

.February 14, 2012 12:09 PM

Clive: You can get (low ESR) 1F caps for about $30. PCB type (3-layer FR-4, probably, if that makes you happy) and level detection aren't even issues worth discussing. If you want to attack details instead of the overall idea, you can use a microcontroller if that will make you more comfortable. It's fine that you are defending your "I can't think of any way to do it, so it's impossible" stance, but it's actually pretty straightforward. There are even a few research papers and proofs of concept on the subject of cryptographic filesystems on flash. As for the hardware, if you can't find a COTS flash device with a controller that is documented and capable of addressing physical blocks, you may have to build one with your own with a raw MTD, ONFI, or other device along those lines with a driver and perhaps a little userspace software. If you want faster erase, string up a bunch of them, write multiple copies of the key across the entire array so you can recover from multiple bit errors, avoiding going deeper than the first block, and erase in parallel. It's LEGOs, man, not rocket science.

-BFebruary 14, 2012 12:20 PM

>A better analogy is the police putting
>you in jail until you voluntarily tell them
>where the body is.

Sheldon was held in contempt until he gave it. In his case all it took was the realization that he'd have to use the lavatory without any privacy.

-BFebruary 14, 2012 12:33 PM

>The question is will a judge wake up
>and realise that there are somethings
>no mater how badly you want them you
>cannot have?

I see you've never worked with/for a judge. If you had you'd know that answer was easy: NO. A judge will never accept anything that runs counter to their self-perception of godhood.

Peter A.February 14, 2012 12:56 PM

One idea how to 'time bomb' your data:
1. Keep your 'important' data in the cloud, encrypted. Use it securely, so it does not touch any local storage device, for example use RAM-based LiveCD to access the data.
2. Do not configure automatic recurring payments for your cloud account. Always extend your subscription by hand, a month a time.
3. Make sure your cloud provider is quite large (i.e. has lots of data in their keep and lots of clients), lies in a different jurisdiction and does not keep your data after your subscription expires - test that by deliberately missing a payment and than asking them to 'help'.
4. If you get arrested try to prolong the investigation for a month or two (shouldn't be difficult) and then 'surrender', tell them where your data is and the encryption password.
5. Oops, the account has expired... You forgot to pay the subscription fee because of all that stress. Indeed you could not - you were in detainment, your credit cards and accounts were blocked etc.

What do you think?

SeanFebruary 14, 2012 3:26 PM

It's pretty easy to forget a password. I only see one when its initially created by my password safe and used to be entered into whatever it goes into (WinSCP, FTP client, website, etc). If I delete the login entry in my password safe, I'm kind of SOL if my safe backups get lost as I don't bother remembering these things anymore. Now I can't really claim to have lost the password safe password as I use that daily. So, it depends...

Clive RobinsonFebruary 14, 2012 5:02 PM

@ -B

... easy: NO. A judge will never accept anything that runs counter to their self- perception of godhood

Yup that's why I stopped having anything to do with judges where ever possible ;-)

However to be fair some of those at less senior levels in London tend to have a fairly good grasp of the way life runs and are not frightened of sending various "payed from the public purse" types off with their tails between their legs (if they've not cut them of at the knees prior to that).

Clive RobinsonFebruary 14, 2012 5:29 PM

@ Peter A.,

5. Oops, the account has expired... You forgot to pay the subscription fee because of all that stress. Indeed you could not - you were in detainment, your credit cards and accounts were blocked etc

It's certainly got potential for an individual, however you might need to "realy check their tech support"...

Let's put it this way there is only a limited amount tech support will do for a lowly account holder who is late paying the account.

However they can magicaly pull out the dog and pony show to jump through hoops of fire when there's an unpleasent looking type standing there with a "go straight to jail" card.

Many ISP's and Hosting organisations for their own legal protection will keep backups for more than a year...

Then stuff gets archived for no apparent reason and turns up compleatly unexpectadly any body remember the EMails at Oliver North's trial back in the 1980's?

Clive RobinsonFebruary 14, 2012 6:49 PM

@ .,

You can get (low ESR) 1F caps for about $30

Good luck getting that one past the engineering manager. Remember that even solid state hard drives and secure digital cards are considered Fast Moving Consumer Electronics (FMCE).

The whole point of FMCE design is to remove any and all expensive components and any components that can be replaced by either a bit of software or macros dropped onto the IC mask of a System On a Chip.

The obvious example of this is the use of "Direct Sequence Spread Spectrum" (DSSS) techniques to get spurs in a PC's RF spectrum that would fail the EMC spectrum mask to be spread and thus meet the mask, instead of using decoupling components costing just one or two cents each.

There are even a few research papers and proof of concept on the subject of cryptographic filesystems on flash.

Yes and I've probably read some of them whilst doing research into the subject (see my reply to Phil above).

It's fine that you are defending your "I can't think of any way to do it, so it's impossible" stance, but it' actually pretty straightforward.

Sorry I don't have a NIH / impossible stance with regards RSaunder's suggestion I was simply pointing out it was neither a reliable or cost effective way to do it. And as you have shown with your $30 cap, what can appear a "pretty straightforward" solution in theory can be anything but cost effective, or even particularly reliable in practice.

The big problem with RSaunder's suggestion simple fact is once your adversary has their grubby hands on your hard drive it's game over for any systems attached to it, as they will be able to disable them. Effectivly it's an "offline system" and they cannot be reliably made secure as it keeps both the encrypted data and the key together, thus it's just a question of the adversaries resources.

As for the hardware, if you can't find a COTS flash device with a controller that is documented and capable of addressing physical blocks, you may have to build one with your own with a raw MTD, ONFI, or other device along those lines with a driver and perhaps a little userspace software

I thought the point of the comments in this thread is how would "ordinary mortals" not "design engineers with manufacturing capability" go about resolving the issue of a judge ordering encrypted files decrypted. Ordinary mortals implies COTS almost as an axiom.

As I've noted this is already a solved problem as far as securing the data is concerned (if the user never knows the key they cann't reveal it, and if it's not in the hardware it cann't be dug out). Also putting the key beyond the judge's reach is within reason a solved problem as well (it's fetched from online secure servers in another juresdiction).

What however is not a solved problem, is getting judges to understand that technology can make them and their precious legal system not just impotent but irrelavant. And thus using contempt against the user is not going to work and is thus cruel and unjust punishment and something that is actually against international agreaments that politicians have put their signitures on.

I have mentioned just one method by which it can be done, others have sugested other ways. Looking for holes in all these schemes is a time honoured system of either making them more secure, or phoenix like giving flight to new and better schemes from the ashes of the old.

.February 14, 2012 7:18 PM

Clive: Okay, how about an EDLC at $3? My intent was to put forth an idea that fails safe, preferably as physically and with as few moving parts as possible. It would only need to be small enough to fit into someone's PC case. If it sits too long without power, no more keys. Doing anything like this would almost certainly entail some homebrew hardware, so I was trying to keep it as simple as possible (hence, RC circuit) so it's at least within design reach of "ordinary mortals". Interfacing this key storage mechanism to the crypto filesystem is another issue, but also within reach if someone wants to modify existing OSS drivers. Sure, once they have their hands on it, before the erase cycle, they could try and figure out what was going on with it, until they disconnected the power. However, they will muck it up in almost every case. You could always keep it on a UPS, turn the timer down to 1 hour, and hope your battery never runs out. Anyway, it's doable with the right amount of motivation.

I also don't believe that anything is outside of US jurisdiction anymore. Also, most judges cannot be fixed by any legal means.

Matt from CTFebruary 14, 2012 8:56 PM

Clive wrote:

>You mention you've actually augmented the
>number of books (I used to buy and read between
>three and five books a week) and you've spring
>cleaned a couple of times (not an unreasonable
>thing to do) so you realy have no idea of the
>order they were in two years ago

Nonegiven wrote:
>What if you keep your encryption keys or even
>just the secure files on an IronKey and by the
>time they get around to asking you to decrypt
>they've already bricked it?

Rsaunders wrote:
>Not a plug, but ThinkGeek sells a disappearing
>ink pen that's really effective.

Peter A. wrote:
>2. Do not configure automatic recurring payments
>for your cloud account. Always extend your subscription
>by hand, a month a time.

This is Alabama specific, but it's safe to say in generally applies to Federal and other state courts:

[begin quote]
The spoliation inference is a theory of guilt-consciousness.1 That is, one who destroys or suppresses evidence has something to hide. A spoliator destroys evidence because it would reveal his wrongdoing. Examples of spoliation include: altering records2, threatening witnesses to not testify3 and losing or destroying physical evidence4.

The offended party must submit circumstantial or direct evidence sufficient to support the inference that spoliation occurred5. When the facts are sufficient to support the inference of spoliation, the issue goes to the jury. If proven, the court may charge the jury that the spoliator's guilt (in criminal cases) or liability (in civil cases) may be inferred from the mere act of spoliation. Why? Because the act of spoliation is deemed an implied admission of guilt or liability6.
[end quote]

You have a postive duty, in both criminal and civil cases, in the examples above to record the order of the books, to make a copy of the keyfile that won't expire, to keep your account paid, or to photograph the invisible ink note before it disappears.

You need to preserve what you will need. What you don't have to do is write down what you might happen to forget. "I was waiting for my attorney to tell me to reveal the passphrase to the prosecution, but by the time we were ready I forgot it..."

.
Vadim wrote:
>Matt how about:
>
>"The password was a random sequence of letters and
>numbers written on a paper. The paper was seased by
>the police and i don't have it anymore."

Not a problem. They provide you access to the evidence or copies thereof to gather what you need.


Clive wrote:
"However even if I had the resources to digitize the books your honour, as you are fully aware it would be illegal for me to do so...

Federal judge looks over his glasses at you, "I decide what is or is not fair use, not you. Copy the books."

Ok, so to cover his butt for appeals he'll ask your attornies to state their case how it violates copyright, then he'll articulate why it's fair use (using wording like, "Copying the works in this situation is a compelling public interest to assure that evidence may be evaluated and analyzed, and such copying will not materially harm the commercial potential of the works in question.") and you all move on, with the Judge being a bit annoyed for wasting his time on a spurious argument.

I can't think of any situation copyright would prevent evidence from being entered or processed by a court; there may be extremely rare situations that court places a non-disclosure seal...maybe the evidence at hand was the unknown and yet unpublished last manuscript of Hemingway in which case there's an argument it would violate fair use because public disclosure in a court transcript would materially harm it's value when you go to auction it to pay your defense bills.

Matt from CTFebruary 14, 2012 9:13 PM

I have been trying to think of a clever way to build a "self destruct" that can be used in a way to not implicate yourself in spoilation.

I'm looking at this:

http://www.forwardedge2.com/pdf/bestpractices.pdf

And thinking, OK...so if one of the first steps they are trained to always do is pull the power plug...what if battery backup is built into the unit and some custom circuits, in the event it detects a loss of the ground from the power cord:
1) Switch to internal battery
2) Lock screen if not already locked
3) Fire up a program like Eraser
4) Securely delete the keyfile needed to decrypt a volume
5) Now you can shut down.

I'm thinking something like a Gutman 35 passes over a 1kb keyfile would happen too fast for the police to realize what's happening and unlock a sealed case.

What I am not sure in this case is:

a) Whether you could simply exercise your right to remain silent;
or
b) If the police asked you if anything was unusual about the computer, you would need to disclose that there was a special procedure to shut down the PC that you would need to talk them through.

I think it would be really hilarious if you offered (at risk of breaking the silence rule), "May I help you shut down my equipment properly?"

And then the police decline.

And then you simply tell the Judge, "I'd decrypt if I could your honor, the password is Supercalifraglisticexpealidicous, but it also needs a keyfile which was destroyed by the anti-theft system installed on the computer which was activated when the police followed their standard procedures and refused my offer of assistance to shut down the system properly. The keyfile was randomly generated and I have no way to recreate it."

DavidFebruary 15, 2012 5:39 AM

@Clive...

"Are you sugesting in court on the public record that I commit a known crime... Are you realy sure you want to be on record as even suggesting that let alone ordering me to do such a dishonest thing?"

Effectivly the result (as I once found out by looking a judge straight in the eye pausing and then asking in a quiet but clear voice if the judge was ordering me to knowingly purjure myself) is of a couple of hungery foxes dropping into a full hen house late at night, it sure wakes the court up and starts a flap. Especialy if you do what I then did which was to look the court recorder in the face and ask if they needed me to repeate myself so it goes correctly on the court record...

Clive, you're a nasty, evil, cunning person. I loved it!

However, more to the topic at hand... as several have suggested, one should always assume that those who's "day job" has them regularly inside a court house should be positioned in one of the lowest possible percentiles when it comes to the understanding of technology. With that in mind, any data hiding scheme that relies on the cunning use of technology will automatically label you as a "smarty pants" and an obvious target for their wrath.

Instead, it is best to use much simpler schemes.

Perhaps we should store such things (encrypted of course) in multiple cloud-based locations and access then ONLY (as anonymouse suggested) from a random coffee lounge via a Linux Live-CD.

Although you would have to have a scheme to manage the passwords (which could-well be related to unique information in the physical room or even on the menu), the men-in-low-hats would have to demonstrate that the data existed before contemplating getting out the rubber hose.

RaduFebruary 15, 2012 6:07 AM

Hello Schneier,

What I would like to propose is a new encryption tool where you can set 2 kinds of passwords:
- regular password
- quick erase password

So, all of the judges in the world can not make you give the right password as they will have no proof that you entered the other password.

And then, you'll also have the perfect excuse:
- I don't remember exactly the password, I think it was: dummy1, erase passwd, dummy2.

If the law is adapted, the tools should just follow.

Clive RobinsonFebruary 15, 2012 7:07 AM

@ Matt from CT,

The spoliation inference is a theory of guilt-consciousness.

The problem with this is it second guesses after the event, and is thus subject to the test of reasonable behaviour.

For instance there is no legal time point at when you can destroy old records with impunity. However there is also no requirment to keep records after they are finished with. The question becomes what is "reasonable behaviour". In many cases there is a period of seven years that has become "accepted custom and practice".

You see seven years pop up in alsorts of places like "statuts of limitations", "presumption of death" on missing persons and others.

And in many cases basic financial records such as recipts are only kept for 18months after closing the accounting period with the tax authorities, less basic records such as the aggregated business records (books) are kept for seven years after the accounting period has closed and taxation and other payments resolved.

In actual fact some documentation won't actually survive six months (some thermal printer recipts fade that quickly) and some "self harm" (photocopies stored ink2ink under moderate preasure will glue together). Even some ordinary "office stationary" paper due to internal acids etc slowly self combust to steam in time periods ass short as a couple of decades (this will become faster as the drive for "bio-degradable" goes up).

Thus a time period defined by "custom and practice" is an accepted face of realising that all things suffer entropy, and the cost of keeping records becomes an unfair burden on "entities" (persons legal or natural).

Now if we look at many password policies they require them to be changed every month and be of sufficient complexity that many users write them down.

What time period is reasonable to "remember" the password for? many people cannot even remember their own phone number and quite a few cann't remember the four digit pin number for their bank card.

If you do go against "password policy" and basic security practice and write the password down, again what is reasonable to keep it for?

It is why I like the idea of seperating encrypted files from the encryption keys and the passwords or other authentication tokens used to acccess the keys or files.

1, Because a reasonable period for retaining an encryption key is "as long as the encrypted file is in use" which,

2, is way way longer than any password policy you see defined for a "corperate account login" of 30days.

3, Now if the user never knows the encryption key all they can do is use the password to access the account.

4, If the account expires within 30 days they cannot access it as would "reasonably be expected from the password policy".

The question falls to what processes are in place to recover the encrypted files from their storage location, and likewise what processes are in place to recover the encryption keys, and are they reasonable?

However as noted by @ Peter A., above these policies reasonable or otherwise may be beyond the control of the user. However as I noted the actual policies may be different for the user and a man standing there with a "comply or die in jail" letter.

So the next stage is to work out a way to remove the issue of "unexpected backups that might be subpoenaed" from the equation.

The trick there is to make the information held on the server usless in some way. We know that the files are protected by encryption how about doing the same thing for the keys?

Well we could do it a number of ways, the one I favour is by a M of N key sharing protocol and multiple servers in multiple jurisdictions.

This puts a considerable load onto the judge because there is no way for them to be able to tell if they have sufficient shares to meet M or if any of the holders of shares are cheating by sending a false share (this might be pre-aranged as part of a "duress protocol").

But further the issue can be made worse what if the shares contain other information and are then encrypted by PubKey encryption as pre-made tokens and the user has one of those anoying little tamper proof smart cards that stores the PubKey and PriKey, but neither can be read out from the card (only put in).

It can be shown with further steps that not only does the user not know the encryption keys, they cannot get access to them. They use the tamper proof card to get the encrypted shares "online" the card uses the shares to build the encryption key internaly and will then, when presented with an encrypted file decrypt it for the user. The minute the user powers down the card the password is lost.

The card on decrypting the shares could find one of them infact contains a token that tells it to erase the PriKey... (as per the duress protocol)

Now imagine that the tamperproof card is actually part of a tamperproof token that is also location and time aware (such devices do exist for vehicle tracking and logging). The possability of what can be done is immense.

And all the processes required to implement such a system can be automated in a way such that no human can ever see or know the encryption keys. And all the shares/tokens can be generated long long before they are needed and the PubKey can be destroyed after they are generated, thus making it (theoreticaly) impossible to generate new tokens etc so people cannot be compelled by court order.

As I said the other day you can thank the idiots behind the UK's RIP 2000 Act for the design of such systems.

And you can also thank those who have talked up China APT for starting making the use of such systems "reasonable custom and practice"...

vasiliy pupkinFebruary 15, 2012 10:18 AM

"One issue that has been solved by the supreme court is that you can be compelled to affirmatively assist in the government obtaining incriminating evidence. In that case it was found that a court had the right to compel the defendant to sign a form requesting, IIRC, the release of his bank account details from a foreign bank that would not cooperate without such a document".
That decision does not generate respect to US Constitution (with all due respect to Supreme Court) and contradicts the 5th amendment.
Burden of proof is not on defendant, but on prosecution/court.
Solution? There are international agreements of mutual judicial assistance. Court should ask Court/prosecutor office of foreign jurisdiction for assitance in obtaining incriminating evidence out of foreign bank. The problem is the word 'mutual'. US Court should provide same type of help to foreign court by reciprocity. It never worked one way street attitude in international relations regardless of branches of power involved.

MarkHFebruary 15, 2012 10:59 AM

Thanks to Matt, for the info about spoliation -- this is news to me! I read the linked article. Though it does mention "criminal" a couple of times, it is very plainly focused on civil cases.

In my layperson understanding, whereas the USA standard for conviction in criminal cases is "guilt beyond reasonable doubt," the standard for a civil finding is "preponderance of evidence."

Accepting that there can be criminal penalties for destruction of evidence, it seems to me that a person can only be convicted of a separate crime on the basis of spoliation, if their legal defense is negligent.

As a thought experiment, imagine a murder conviction based on the defendant's destruction of evidence. If there is any plausible motivation OTHER than concealing the alleged crime, that might account for the destruction of evidence, then a reasonable doubt must exist.

If my reasoning matches the practical workings of the law, then spoliation is much more relevant to civil than criminal proceedings. Certainly, there have been many well publicized cases, especially those involving organized crime or other large organizations, in which destruction or concealment of evidence, including gross witness tampering, have come to light. I don't remember any case in which conviction for a distinct crime was based on destruction of concealment of evidence.

.February 15, 2012 4:49 PM

In the case of auto-destructing potential evidence, you may have the obligation to notify someone that the potential evidence will be destroyed or otherwise ensure that it is preserved. However, you also have the right to remain silent. I wonder how that would play out.

Tony BradleyFebruary 16, 2012 9:26 AM

In my opinion, the judge got this wrong. Requiring the person to surrender the encryption key is tantamount to forcing them to incriminate themselves. If I know that my encrypted data contains relevant evidence that will get me convicted of something, why on Earth would I willingly help the authorities access that information?

As for "losing" the key. They can hold you in contempt, but for how long? Indefinitely until you "remember". I doubt the person really did "forget" the key, but assuming they did, no amount of holding them in jail is going to make it magically appear.

StaudenmaierFebruary 16, 2012 12:42 PM

The fantasy continues . . . First, the user has complete control over the contents of his hard drive, now the government thinks they do.

AlkeeFebruary 16, 2012 8:28 PM

Here's my suggestion:

First: don't say anything in front of law officers or other officials. First and foremost rule, always, ever. Whenever asked, just demand to contact your lawyer. No, you haven't even forgotten anything. End of discussion. Where's my lawyer?

Then, after a couple of months (probably during your trial) you tell them it was a long and completely random password, and you give them a couple of (barely remembered) fragments to show your good will.

But sadly, you had that password written down on a paper note lying on your desktop (or maybe even sticking to your computer), and after clearing up the mess from the police search, you couldn't find it anymore! You didn't seriously search it anyway, as you assumed (and still assume) it had been taken away along with your computer. Meaning that I can't give you my password as your noble officers already have it, your honor! If not - no, that can't be! That means I've thrown that note away, along with anything else that was messed up during the police search!

OMG! Now how will I ever retrieve my own data? I'm going to sue you!

Sounds probable enough for a judge? He may not believe me in his heart, but there won't be enough evidence to lock me up for contempt. May even work in front of a British judge. Doesn't everyone know that police officers are NOT perfectly reliable in safely keeping acquired evidence?

Argue against it.

AlkeeFebruary 16, 2012 8:36 PM

PS. I'm mystified by all the people suggesting some kind of time-dependent password self-destruct feature. "You have to access it every 24 hours, or else..." So what if you're away from your home or office PC for more than 24, or 48, or 480 hours? Sometimes people have to got to a hospital, or computers are breaking down and repairing them will take a couple of days ... Not feasible at all.

Jeremy ArdleyFebruary 16, 2012 9:54 PM

I work as a forensic information analyst in Western Australia.

I have already been involved in a case where the password was forgotten. In that case probably genuinely.

The State law explicitly denies the defendant the right to plead self-incrimination and imposes up to 5 yeas prison unless you can prove you don't know the password. i.e. the reversal of the onus of proof.

Here are the relevant parts out of the Criminal Investigation Act

CRIMINAL INVESTIGATION ACT 2006 - SECT 57
57 . Terms used

In this Part —

data includes any record, any computer program, and any part of a computer program, in a digital, electronic or magnetic form;

data access order means an order issued under section 59;

data storage device means a thing that contains or is designed to contain data and it does not matter —

(a) if the thing is a fixed or removable part of another thing; or

(b) if the data it contains can be used or retrieved by the thing itself or not; or

(c) if the thing is separate from, but the data it contains can be used or retrieved by, another thing;

serious offence means an offence the statutory penalty for which is or includes imprisonment for 5 years or more or life.

61 . Data access order, effect of

(1) A data access order has effect according to its contents.

(2) A person who is served with a data access order and who, without reasonable excuse (the onus of proving which is on the person), does not obey it commits a crime.

Penalty: imprisonment for 5 years.

Summary conviction penalty: a fine of $24 000 and imprisonment for 2 years.

(3) It is not a defence to a charge of an offence under subsection (2) that information required to be given under the data access order would or may have incriminated the accused.

Jeremy ArdleyFebruary 16, 2012 10:08 PM

Further to my post on Western Australian law, I've previously spent some time thinking how to avoid conviction.

The best solution is to set up your device so it can only be unlocked remotely. You get an associate in another country who knows the password, not you.

Each time you want to unlock the device you ask them to remote access it and unlock it for you.

However before they do they ask you "are you under coercion" you can honestly say yes or no, and no amount of Police pressure can force you to lie. If you say yes they will not unlock the device.

It's better to do this phase while in a video interview with Police and even better if your contact with your associate is via live video.

vasiliy pupkinFebruary 17, 2012 9:58 AM

Dear Jeremy,
Do you have in Australia Constitution as Supreme Law of the land which contains something like Bill of Rights, and all other legal acts including you've cited should not contradict Constituiton?
Did Australia signed international agreements related to human rights where burden on proof should not be on defendent in criminal case?

I lived in a country where for a long period of the history law enforcement, prosecutors and courts considered Constitution as just a piece of paper with no inforcement of its provisions, and internal documents (often secret) of political and criminal police overrided Constitutional provisions in LO day-by-day activity. The name of the country was USSR.

aaaaaaFebruary 17, 2012 5:39 PM

I can't believe nobody has brought up the point that she was given immunity from prosecution for the contents of the laptop. Thats why the court was willing to order her to decrypt it, so the prosecution could use it against someone else. The 5th amendment only protects her from incriminating *herself*, it does not protect her from having to surrender evidence that incriminates someone else!

Jeremy ArdleyFebruary 18, 2012 3:00 AM

Hello vasiliy pupkin,

Australia has no Bill of Rights. However it generally follows British law (and to some extent American law).

Originally the onus of proof was on the prosecution and the right to not incriminate yourself was in the law.

Now legislation has allowed the onus of proof in some cases to be on the defendant, and in some cases the defence of self incrimination has been removed.

There are many other common law rights that have been removed.

Australia is moving towards statute law and removing common law. In my view this is being driven by the Police and is being meekly accepted by the legislature.

Whereas Apple iPhone 'has an app for it'. Australia 'has a law for it'

posimoshFebruary 19, 2012 12:04 AM

Hey, instead of talking about how bad a55 your password creation scheme is, or riding the slippery slope to hell that starts, "...Well if I'm not doing anything wrong.... What do I have to hide." Follow the links provided, see the case-law, realize the 4th and 5th amendment doesn't exist in practice, jump in front of a bus.... Some of you miss the lead so bad its embarrassing, especially because by explaining (in this case) logarithmic cyphers and their implementation in a hypothetical, demonstrates that their is intelligence present, but man, the point is not the password, or the girl forgetting, or her motivations....

SkukkukFebruary 19, 2012 2:47 PM

Aaaaaa, see the original thread, particularly this. She was not given immunity from prosecution based on the contents of the laptop.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..