back to article Feds unlock suspect's encrypted drive, avoid Constitution meltdown

Investigators have cracked the encryption key for a laptop drive owned by a Colorado woman accused of real-estate fraud - rendering a judge's controversial order to make her hand over the passphrase or stand in contempt of court irrelevant. The government seized the Toshiba laptop from Ramona Fricosu back in 2010 and …

COMMENTS

This topic is closed for new posts.
  1. Jad
    Joke

    "The Electronic Frontier Doundation"

    what some people will call their groups in order to get an acronym that they like ...

    strangely its not in: http://acronyms.thefreedictionary.com/EFD

    1. FartingHippo

      Re: "The Electronic Frontier Doundation"

      You're going to look a bit silly when they fix that :)

      1. Jad
        Happy

        Re: Re: "The Electronic Frontier Doundation"

        Na, I'll click on the button that removes my post, making every reply look odd :)

      2. FartingHippo
        Alert

        Re: Re: "The Electronic Frontier Doundation"

        Oh shit. You're just going to withdraw the post aren't you? Then I'll look foolish. That's ok, I'll withdraw mine too. But then there's this post! Oh shit. WHEN WILL THIS CYCLE OF MADNESS END!!

        1. Gannon (J.) Dick
          Pint

          Re: Re: Re: "The Electronic Frontier Doundation"

          WHEN WILL THIS CYCLE OF MADNESS END!!

          It won't we're all EF'Ded ... oh wait, that was he original joke. Make no sudden movements. Step away from the withdraw button. There.

  2. Alfie
    Trollface

    "or risk a spell begins bars for contempt of court"

    Was this story written on a phone with predictive text?

    Where is the squiggly red underline of shame when you need it?

    1. diodesign (Written by Reg staff) Silver badge

      Re: "or risk a spell begins bars for contempt of court"

      Whoops, indeed. More coffee needed. Typos fixed.

      C.

      1. Chris Beattie
        Facepalm

        Re: Re: "or risk a spell begins bars for contempt of court"

        "...or turn over a plain-text version of the data held on they machine."

        Have some more coffee!

    2. Anonymous Coward
      Anonymous Coward

      Re: "or risk a spell begins bars for contempt of court"

      You're thinking of the green line, as it's grammar related not spelling.

  3. The BigYin

    Any word...

    ...on the crypto that she used?

    1. NoneSuch Silver badge
      Black Helicopters

      Re: Any word...

      Am betting it was AES-256.

      US Government approved encryption being accessed by US Law Enforcement. It must have been a lucky guess.

      Yeah, that was it.

      1. Anonymous Coward
        Anonymous Coward

        @NoneSuch

        >lucky guess. Yeah, that was it.

        Nah, they've developed that luck serum off of Red Dwarf.

    2. Anonymous Coward
      Anonymous Coward

      Re: Any word...

      Truecrypt, if memory serves.

      1. SJRulez

        Re: Re: Any word...

        I bet she was using windows as well so every file will be filled with guid's and specific id's so the plausible denial defense wont stick either.

        1. The BigYin

          @SJRulez

          It's the same on any OS, easy enough to parse the logs and prove there is other data in the encrypted volume.

          Unless one takes specific measures.

      2. The BigYin

        @moiety

        If that's true, then that'll be the second public confirmation I've seen that TrueCrypt can be broken open.

    3. Old Handle

      Re: Any word...

      It was PGP Desktop actually. Anyway, we don't know they actually broke the encryption. It the password could have been weak, or as her lawyer speculated, obtained from he co-defendant (and eh-husband).

      1. Euripides Pants

        XKCD

        http://xkcd.com/538/

    4. Ammaross Danan
      Boffin

      Re: Any word...

      Just use a password that has a suitably long length. Likelihood in this case was she used a poor (short) password. TrueCrypt can offer great security, but it can't save you from yourself when your password is less than 10 characters or you don't use keyfiles.

      "Sorry Your Honor, my hard drive was encrypted with multiple keyfiles but I can't remember which ones they were as I had only just set it up the night before my house was raided..."

  4. The Ref
    Facepalm

    D'oh!

    "can be compelled to turn over a key to a safe possibly containing incriminating evidence, but is not obliged to supply the combination of a safe"

    Why do law makers have such an ability to create stupid inconsistencies - either they should both be in, or both out. While I dont expect politicians to be up to speed, their advisors should be and these stupid inconsistencies only cost everyone (time, money, stress, ...)

    1. Keep Refrigerated
      Boffin

      Re: D'oh!

      I am by no means an expert or a lawyer, but I think it probably has something to do with a key being a physical property which can be seized as evidence; whereas a combination is an intangible property, unable to be seized and instead must be volunteered by the mind possessing it.

      As such, only the accused has knowledge of whether or not they have knowledge of the combination. If the accused does not have knowledge of the combination and yet are prosecuted, well it's a bit like saying:

      "You are lying and therefore you'll give up the combination to save yourself from contempt of court".

      You can see examples of that logic in American history:

      "You're a witch and therefore you'll save yourself from drowning".

      1. Anonymous Coward
        Anonymous Coward

        @Keep Refrigerated

        Welcome to the UK. That's just how it workss there. You must provide the key to any random garbage on your drive or else you'll get thrown in jail until you do so. No trial nor proof needed that the garbage is encrypted data.

      2. Anonymous Coward
        Anonymous Coward

        Re: Re: D'oh! @Keep Refrigerated

        > You can see examples of that logic in American history:

        > "You're a witch and therefore you'll save yourself from drowning".

        I think you will find that we, in the UK, were drowning, burning, stoning and generally not being very nice to witches for a couple of centuries before we even knew there was an America. They simply copied our logic.

  5. Anonymous Coward
    Anonymous Coward

    Given enough time and resources

    Most encryption can be cracked. I'd like to see them add five years on to her prison sentence for attempted denial of justice.

    1. Dan White
      FAIL

      Re: Given enough time and resources

      For "enough time", substitute, "a significant proportion of the age of the universe", assuming the protocol is implemented correctly and the password wasn't something like, "letmein1".

      However, "Attempted denial of justice" sounds very much like thought crime. It is the job of the state to prove guilt beyond reasonable doubt. The defendant is not obligated to help them in any way, and is in fact protected from doing so in many cases.

      You, sir, sound like a bit of a tool...

    2. This post has been deleted by its author

  6. SJRulez

    Forgot the key.....

    Hey that old chestnut,

    I forgot the key officer.... When did that happen? About the same time you started banging the door!

    1. Morphius

      Re: Forgot the key.....

      Perfectly reasonable... Caused by *flips over calendar* Solar radiation reflected off of your highly polished boots disrupting the electro signals in my brain, Officer.

  7. Killraven

    Ignoring the obvious

    It's absolutely ludicrous that a defense of self-incrimination could be used in this situation. Keeping her records on her laptop is only a format difference from keeping those same records on paper in a filing cabinet, which law enforcement has always been able to access. Opening that filing cabinet doesn't become self-incrimination just because she put a padlock on it.

    1. Ken Hagan Gold badge

      Re: Ignoring the obvious

      It's not a format difference. There's nothing stopping law enforcement from reading the hard-drive. It's a translation. After they've read the drive, they still need the contents of your brain to figure out what they mean. Apparently the Supreme Court has decided that the inside of your head is protected by the US constitution.

      Perhaps *that* is ludicrous, on the grounds that those who wrote the prohibition on self-incrimination were considering that the incriminating material might be inside your head and not just a key to incriminating material. (The combination, or password, is not in itself incriminating.) Perhaps, but since the Supreme Court have taken the opposite view, I think it is not ludicrous to expect that lesser authorities should be bound by the restriction.

      1. Killraven

        Re: Re: Ignoring the obvious

        Ken, I get where you're coming from on this, but the entire situation still seems a bit weird.

        It appears that what is happening, is we (in America) say that crime is okay as long as you're clever enough to cover your tracks in such a way that nobody else can speak against you.

        1. ph0b0s

          Re: Re: Re: Ignoring the obvious

          "It appears that what is happening, is we (in America) say that crime is okay as long as you're clever enough to cover your tracks in such a way that nobody else can speak against you."

          No, what you in America do is put in safeguards to protect the innocent from prosecution. That means that some who are guilty are also spared. I and most prefer that to the opposite, where all guilty people are punished, but some of the innocent are as well.

          The fact that some innocent people are still being prosecuted, is actually an argument for more protections rather than less....

          1. Anonymous Coward
            Anonymous Coward

            Re: Re: Re: Re: Ignoring the obvious

            > The fact that some innocent people are still being prosecuted, is actually an argument for more protections rather than less....

            Not necessarily. In any imperfect system a balance has to be struck and in the case of the legal system the balance should minimise the number of victims. Victims not only means those punished for crimes they did not commit, it also means those who become victims due to the guilty not being punished.

          2. Phalamir

            Re: Re: Re: Re: Ignoring the obvious

            "No, what you in America do is put in safeguards to protect the innocent from prosecution."

            Well, it is a little more complicated than that. The guys arguing for the Bill of Rights (Us, not Willie the Dutchie) protections we see in the 4-8th Amendments were guilty little criminals, specifically smugglers (gotta love New England scalawaggery). They were responding to stuff the Brits had been using to crack down on smuggling pre-AmRev. It wasn't to protect the innocent, but to protect the oh-so-guilty. Now, it has the delightful side-effect of protecting the innocent, but the reason was to force the new American government to have to work for that conviction, as opposed to the pre-AmRev Brits getting to solve the Gordian Knot the Alexander Way. The innocent get out of trouble because if you can't get the bad guys unless they have their metaphorical tits hanging out, the innocent definitely don't get punished (assuming law-abiding prosecutors, which - admittedly - is like assuming pigs fly)

        2. Anonymous Coward
          Anonymous Coward

          Re: Re: Re: Ignoring the obvious

          "crime is okay as long as you're clever enough to cover your tracks in such a way that nobody else can speak against you."

          So what you're saying is it's okay to be a criminal so long as there's no evidence against you? And that, by the fact you're complaining about that, is that you want the government to be able to lock people up for unspecified 'criminality' with no evidence?

          Yeah, that's a good idea. *slow clap*.

    2. Clive Galway
      Stop

      Re: Ignoring the obvious

      If the contents of the filing cabinet are written in a code, are there laws to make you hand over that code?

      I am guessing not.

    3. Yet Another Anonymous coward Silver badge

      Re: Ignoring the obvious

      It's because of the next step.

      Providing a combination is obviously the same as a safe key.

      A passkey isn't much different

      But beyond then when do you stop having to provide a key?

      A text message saying "see you tomorrow" - does that decode to "we are going to rob the bank" ?

      If there was a bank robbery do you have to provide that 'decryption' and so admit guilt?

      How do you prove that "see you tomorrow" doesn't mean anything?

  8. Sporkinum

    Not cracked..

    In the article they alluded that the password was probably not cracked.

    "It seems more than likely that the authorities had come across the right passphrase without Fricosu's forced assistance.

    "They must have used or found successful one of the passwords the co-defendant provided them," Dubois told Wired."

    1. Anonymous Coward
      Anonymous Coward

      Re: Not cracked..

      "Passwrod"?

  9. Steve Evans

    No such luck in the UK

    Failure to provide a password to the police when requested is a criminal offence. 2 years.

    It hasn't been greatly tested in court yet, and I don't remember ever hearing "I've forgotten it" being tested.

    Slightly alarming as I'm sure we all have several files which we have no key too, usually parts of software installs which will look like total gibberish to the cops and could easily invite a "what's the password?" when it might not even be an encrypted file, just a binary with an odd file extension.

  10. asdf
    FAIL

    from the crowd

    Ever notice most of the people for the state being able to compel you to give passwords through up to and including water boarding if you bust out the terrorist word, are those that think everyone ever charged with anything is guilty and that the state never makes mistakes (or at least when it does it almost always against poor people). Bless the right.

    1. Ferret
      Mushroom

      Re: from the crowd

      In the United States, the authorities doing anything to anyone is acceptable to a majority of the populace - so long as it's happening to someone else.

      1. LaeMing
        Unhappy

        Re: Re: from the crowd

        I think that is most places, not just the US.

  11. ph0b0s

    Alternatives

    Well this just goes to prove that their are alternatives in gathering the evidence you need, rather than stepping on peoples civil liberties.

  12. Anonymous Coward
    Anonymous Coward

    Someone is headed for prison

    I hope they have a nice stay at the Iron Bar Hotel.

  13. chris lively

    The difference between cops getting a key to a safe versus the combination from you is a simple one.

    The police are allowed to retrieve pretty much any evidence they can. However they cannot compel you to help them. In other words they can go digging around and find a body in your backyard; but they can't force you to tell them where the body is buried.

    The primary difference is that when the police find a body in your backyard, they still have to prove that you did it. However, if you say "it's over by the shed.". Then the very fact that you know where it is adds weight that you were involved.

    For this case, the cops still need to prove it was her laptop. They will also need to prove the files are hers or that she had knowledge of the contents. This latter part is a sticking point. If she provides a decryption key then it will be very hard for her to defense attorney to argue that didn't know anything about it.

    Now, let's look at this from a different perspective. If the decryption key came from her husband, then it stands to reason that the device may have been his in the first place. It could also be argued that she was an innocent bystander. Which may or may not be the case; I don't know anything about this beyond this article.

    Another crinkle, is if the password was actually cracked by the FBI then she can still feign ignorance on the contents. So the prosecutor still has to establish that it is hers and the files are hers as well and that it wasn't tampered with without her knowledge.... By the husband.

    1. dssf

      His or hers?

      His providing the password to her doesn't prove his ownership. She could have bought it and asked him to set it up, if he is the IT person in their marriage/franchise.

      Even if he bought it as a gift/efficiency tool outside of their franchise (bed or business), a preponderance of her own files, with dense, chronological timestamps of creations and edits, on it makes her the regular user -- especially if the machine is devoid of apparent activity by him.

      But, since it appears they both are being charged with RE fraud, it is possible or plausible that they both had access to the machine -- unless they intentionally mentally firewalled themselves in the event of investigation or arrest. (WOW! Only 1 part this post....)

      But, as for the password... I bet those who willingly, consciously, deliberately purchase laptops with the intent to willfully commit crime will avoid buying those having fingerprint/biometrics access. The cops could just restrain the suspected or known owner to a chair, numb their arm (but not blood flow) to minimize resistance, then press the thumb.

      Now, for those with finger/thumb readers AND cameras that look for facial recognition, they better hope that it is possible to enter the password by eyelid flapping/blinking, or by eyelid reversal, display of a specific tooth, pressing the thumb, pursing the lips, two forced farts (of a certain duration, pitch, and quality/ripeness), a belch, and a specific exhalation or grunt/groan. Under duress, or even normal circumstances, syncopating that to gain access would be pretty tough to perform.

      (Yeh, i know, don't give ideas... well, I'm being an "equal opportunity idea giver" both have something to gain and lose, hehehehe) (WoW, only 1 part this post...)

  14. Anonymous Coward
    Anonymous Coward

    Soft, not hard

    Back to basics- don't they take a copy of the laptop drive then guess the password? No hardware required, just proof of source.

  15. Anonymous Coward
    Anonymous Coward

    No breach of constitutional rights

    You are not required to incriminate yourself - verbally, but you are going to be required to provide a password to encrypted HDs. Count on it.

    1. This post has been deleted by its author

    2. ph0b0s

      Re: No breach of constitutional rights

      "Count on it."

      Or not, in the case of the guy facing the same issue in Florida. The courts are conflicted on this issue. But of course you, with your arm chair law degree, know better? Please.....

      The only place your 'Count on it works', is the UK, where the innocent do not have as many rights.

  16. P. Lee

    I'd laugh

    if she was innocent.

    What makes me sad is the complete disconnect between this and Industrial-scale mortgage and insurance fraud which warrants a bailout.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not funny IMO

      Hang them all - the crooked politicians, hackers, those who perpetuate fraud of all kinds, pirates, paid liars - the whole lot.

      1. Anonymous Coward
        Anonymous Coward

        Re: Not funny IMO

        Pirates? if you are referring to music 'pirates' then they don't need hanging, the RIAA execs are the ones that need hanging for clinging onto old obsolete business models.

    2. wayne 8
      Big Brother

      Re: I'd laugh

      She is not part of the club. Someone has to go to jail. And it won't be anyone from Goldman Sachs, Bank of America, Countrywide, Freddie and Fannie, et al.

  17. Aqua Marina

    I seem to recall

    A case where the judge ruled that you cannot force a defendant to hand over the password, for the simple reason that the password might be incrmination within itself.

    Main point being.

    The police are convinced a man accused of torturing, raping then murdering a woman has evidence of his crime in an encrypted file on his hard disk. When forced to hand over his password, it turns out that his password is "I hate you you bitch, you are going to die begging me to stop".

    At this point, irrespective of if any evidence is found, the man would be assumed guilty because of his password, and could not receive a fair trial or a thorough investigation, i.e. his password would be used as evidence of guilt.

    I just wish I could remember where I've read this ruling before, because it's quite relevant.

    1. wayne 8
      Headmaster

      Re: I seem to recall

      Or the password is something that relates to an unrelated crime than the one for which the search warrant was issued.

  18. Mike48US

    "If one would give me six lines written by the hand of the most honest man,

    I would find something in them to have him hanged."

    Cardinal et Duc de Richelieu (9 September 1585 - 4 December 1642)

  19. Bruce Grunewald
    Thumb Down

    The bigger picture

    I don't have a problem with the police trying to prove mortgage fraud against these two small fish, but could we go after some of the people that stole billions from the American people?

    Eric Holder? Barack (I don't think they did anything illegal) Obama?

    If the American sheeple don't wake up, there won't be a Bill of Rights anymore. GW Bush started using it to wipe his @ss after they passed the "Patriot Act", possibly the most ironically named bill ever.

    I strongly disagree with the judge's decision to demand the encryption key. If it goes to the US Supreme Court I am pretty confident that it would be reversed, but that won't prevent you from rotting in jail and spending all your money on lawyers for the years that it will take.

  20. pealla

    If mind reading technology progresses to the point that legal sense can be made of thoughts where does it leave this defence? If you cannot be compelled to implicate yourself would that be sufficient or would a mind reading session be viewed as simply another form of interrogation?

  21. Anonymous Coward
    Anonymous Coward

    No one is losing their civil rights

    Forcing the defendent to disclose her PC password is not a violation of her civil rights. This will get confirmed by a contitutional decision.

    As far as Bama and the Wall Street criminals, they should all be convicted and sent to prison like any other criminal. They should be cellmates with Mr. Bill, Assange, Anon members and all the rest.

    1. ph0b0s

      Re: No one is losing their civil rights

      "This will get confirmed by a contitutional decision."

      If being forced to hand over a combination to a lock / safe has already been ruled out by the Supremes, it's anyone's guess how they will rule on this scenario. Certainly not the forgone conclusion you think it is....

  22. Anonymous Coward
    Anonymous Coward

    How's that denial working?

    It would appear that denial isn't working any better for this woman than it did The Pirate Bay Boys, Assange, Mr. Dotcom and the numerous Anon members who have been arrested.

    You are entitled to be in denial just as you are entitled to three hots and a cot in a prison cell.

  23. kain preacher

    Wow some people must read very few articles on el reg .Are forgetting about the article were the courts ruled that you do not have to turn over your password. It did go to the SCOTUS and SCOTUS refused to hear the case.

    http://www.theregister.co.uk/2012/02/27/forced_decryption_ruling/

    1. Anonymous Coward
      Anonymous Coward

      Just because it has not been ruled on then it does not mean it's constitutional

      It don't work that way. The Supremes pick and choose what cases they want to hear. Just because they didn't hear the case in the past doesn't mean they will refuse to hear it in the future. They will be forced to hear it from public outcry and the criminals won't be happy with the decisions.

  24. Shane 4

    Would have been nice to read,

    "Feds crack password using Cray supercomputer 24/7 for one month, It was 123456789!" ;)

    1. Crisp
      Coat

      That's amazing!

      I've got the same combination on my luggage!

  25. Adam Inistrator

    A lot of candidates for inquisitor general post here. If you think the prohibition on self incrimination is simple to understand then you prolly fit in that category.

  26. Anonymous Coward
    Anonymous Coward

    I'll bet the perps ain't so confident in encryption now days

    People are really naive if they think encrypting a HD is going to save them from prosecution for a crime. Any encryption can be undone.

  27. SJRulez

    Safe Code vs Encryption Key

    Seems a bit strange to compare the two to begin with, we are all aware that safe's can be cracked\broken and also that encryption can be broken..... It seems this is more down to the amount of time it would take and resources required to do so. With a safe its a case of hand it over or we will crack it within a few hours where as the encryption is hand it over or we might break it in a day or a 100years.

  28. Anonymous Coward
    Anonymous Coward

    As long as they go to prison it doesn't matter

    Bank fraud should get these folks off the streets for a few years.

  29. Anonymous Coward
    Anonymous Coward

    Another bad day for criminals

    What goes around...

  30. Twits R 4 Twats
    Mushroom

    Does not compute

    "Computer, please execute this search in line with the patriot act, but don't violate the constitution."

    Does-not-compute--Does-not-comp'--Bzztr-plip-krkkk.

    *sparks*smoke*

This topic is closed for new posts.

Other stories you might like