On Tue, 03 Mar 2009 12:26:32 -0500 "Perry E. Metzger" <pe...@piermont.com> wrote:
> > Quoting: > > A federal judge has ordered a criminal defendant to decrypt his > hard drive by typing in his PGP passphrase so prosecutors can view > the unencrypted files, a ruling that raises serious concerns about > self-incrimination in an electronic age. > > http://news.cnet.com/8301-13578_3-10172866-38.html > I would not read too much into this ruling -- I think that this is a special situation, and does not address the more important general issue. To me, this part is crucial: Judge Sessions reached his conclusion by citing a Second Circuit case, U.S. v. Fox, that said the act of producing documents in response to a subpoena may communicate incriminating facts in two ways: first, if the government doesn't know where the incriminating files are, or second, if turning them over would "implicitly authenticate" them. Because the Justice Department believes it can link Boucher with the files through another method, it's agreed not to formally use the fact of his typing in the passphrase against him. (The other method appears to be having the ICE agent testify that certain images were on the laptop when viewed at the border.) Sessions wrote: "Boucher's act of producing an unencrypted version of the Z drive likewise is not necessary to authenticate it. He has already admitted to possession of the computer, and provided the government with access to the Z drive. The government has submitted that it can link Boucher with the files on his computer without making use of his production of an unencrypted version of the Z drive, and that it will not use his act of production as evidence of authentication." In other cases, where alternative evidence is not available to the government, and where government agents have not already had a look at the contents, the facts (and hence perhaps the ruling) would be different. --Steve Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com