Silk Road forums

Discussion => Security => Topic started by: mito on November 06, 2011, 07:10 pm

Title: Encrypted data and evidence
Post by: mito on November 06, 2011, 07:10 pm
So let's suppose one day the DEA obtains a warrant and raids your home.

They find nothing, all your sensitive data is on an encrypted folder or separate encrypted USB (as many do here).

They ask you for the password, and you promptly deny.

If do not comply, isn't that obstruction of justice?




Title: Re: Encrypted data and evidence
Post by: mrgrey on November 06, 2011, 08:39 pm
in america we are protected by bill of rights, 5th amendment ...nor shall be compelled in any criminal case to be a witness against himself.
Title: Re: Encrypted data and evidence
Post by: mito on November 06, 2011, 08:51 pm
Does the same apply to Canada?

What if a terrorist or pedophile is caught with an encrypted HD, can he still be charged with obstruction if he doesn't comply?
Title: Re: Encrypted data and evidence
Post by: mrgrey on November 06, 2011, 09:52 pm
it applies to all americans, you are a canadian so i am pretty sure you have absolutely no rights at all, i could be wrong but i think i am on solid ground.
Title: Re: Encrypted data and evidence
Post by: wannabud on November 06, 2011, 10:12 pm
This is not just an american law. This is an axiom of the law. A legal/juridical principle which is followed in all western and free nations.

Depending on where you are and who you are, maybe they spank you until you say everything, but that's totally illegaly, and obvious it will not gonna happen in Canada.

Stay calm, they can't forced you to contribute with anything that can harm yourself by a legal procedure.

And remember, you are not a terrorist, an enemy of your contry, (there are particular codes to war and military crimes), you just ordered some small amount of drugs on internet.

Pedophilia generates a lot of social commotion around the crime. If your are accused of pedophilia, even if you are innocent, you will have a lot of troubles in your life, maybe receiving a "popular sentence" like be lynched. Order a small amount of drug don't attract so much attention from people.
Title: Re: Encrypted data and evidence
Post by: wannabud on November 06, 2011, 10:25 pm
http://en.wikipedia.org/wiki/In_dubio_pro_reo
http://en.wikipedia.org/wiki/Presumption_of_innocence

"Presumption of innocence" serves to emphasize that the prosecution has the obligation to prove each element of the offense beyond a reasonable doubt (or some other level of proof depending on the criminal justice system) and that the accused bears no burden of proof.

It's not just a juridical thought, but a logical thought too: http://en.wikipedia.org/wiki/Philosophic_burden_of_proof

Just some particular cases in Canada: http://en.wikipedia.org/wiki/Reverse_onus (I can't believe this happened)

Anyway, you just have to deny, they have to prove.
Title: Re: Encrypted data and evidence
Post by: sharetheroad on November 06, 2011, 11:07 pm
Whoaaa slow down com padres. In the United States the Judge CAN order you to decrypt personal information if they are presented with enough evidence to support reasonable suspicion. This is very much like presenting you with a search warrant.

Example, if they were to enter your home with a warrant and you had an uncrackable, penetrable safe that they believed you were hiding the contraband - the judge will order you to open it.

Here's the catch...

You can deny the request, and you will be held in contempt.

You can comply and proceed to fuck yourself.

Or you can tell them you forgot the code, it's 30 some-odd characters long and you ate the piece of paper it was written on when you heard your front door get knocked down. They can't do shit at this point, BUT they will probably still prosecute you based on the evidence they have... I've said this before, but if you're getting a knock on the door from the DE fucking A you better damn well believe that they're not just riding on your encrypted data for a successful prosecution.
Title: Re: Encrypted data and evidence
Post by: LexusMiles on November 07, 2011, 01:28 am
If you encrypt your whole partition or drive, and if you keep your truecrypt bootloader on a seperate CD or USB stick, then there is no way to match that CD or USB to any harddrive in your home (because truecrypt data is indestuinguisable from random data, its usually the bootloader that gives you away)... and they have zero to go on. This is the best way to go. It also stops the attack where your adversary tries to bug your bootloader.
Title: Re: Encrypted data and evidence
Post by: branflakes on November 07, 2011, 02:14 am
Apparently then can legally copy your drive but you still don't have to give them the key.

http://news.cnet.com/8301-13578_3-9834495-38.html
Title: Re: Encrypted data and evidence
Post by: sharetheroad on November 07, 2011, 02:54 am
Apparently then can legally copy your drive but you still don't have to give them the key.

http://news.cnet.com/8301-13578_3-9834495-38.html

Do some more research. Just google "judge orders defendant to decrypt hard drive", there are at least 3 cases in the past 3 years where this has happened.

Like I said, you can refuse and be held in contempt along with any other charges the prosecution. You can also tell them you simply forgot it, and hope your lawyers can successfully refute any other evidence they have against you.

Just an update to that link you posted, the Judge reversed the decision. He in fact ordered him to reveal the password.

http://news.cnet.com/8301-13578_3-10172866-38.html
Title: Re: Encrypted data and evidence
Post by: phubaiblues on November 07, 2011, 05:24 am
I think if it gets to that point, that it will depend more on how much fortitude you have...I mean, nobody knows...we have all kinds of good advice on protecting yourself, but many find that even if they know how that it's kind of a pain, and what the cops will do, no one knows...depends a lot on which cops, and what they are looking for, and who they start with....periodically we go down this rabbit hole, and usually come up empty...I did talk to one lawyer, a friend, not 'one of us' and he said that it sounded like a great legal case, and fun, but that it would never get that far...someobdy caught with the goods, will undoubtedly cop a plea to a lesser charge...or that's what people always do, anyway....always say they won't, tho...

My attitude, protect yourself as much as possible, particularly on main site, be reasonable, if it worries you too much, then don't do it anymore...but there won't be any real comfort on here, not for this....I get much comfort from how scattered everything is, from where we are, to the tools we use....more likely somebody'll get popped driving loaded, or yapping to some undercover cop in a bar...or some pal'll get busted and give up a vendor who talked too much...but as long as we play by the rules, don't do moneypaks and WU transactions 'off the grid' we'll be alright....IM not so HO
Title: Re: Encrypted data and evidence
Post by: wannabud on November 07, 2011, 06:06 am
Apparently then can legally copy your drive but you still don't have to give them the key.

http://news.cnet.com/8301-13578_3-9834495-38.html
Like I said, that's different kind of crimes.

If you are a terrorist, I really don't believe they will care so much about your defendant's rights independently where you are. Maybe you don't even receive a trial.

And pedophilia generates too much social hate. I don't know about this particular case, but if the case attracts media and appears on TV, people don't wanna know if the guy is innocent or guilty, if the defendant have right or this kind of things, people just wanna take his head.

Do you know some case that includes only drugs not related to any big cartel?
Title: Re: Encrypted data and evidence
Post by: Diamond on November 08, 2011, 09:49 pm
As far as I know, there's no precedent set yet in the matter of encrypted data. It's still something novel to the legal system.

One would think that the 5th and all it's subsequent protections apply here, but there's no reason it will be found to be that cut and dry in a court of law.

Your BEST bet is plausible deniability and hidden volumes. Remain silent unless your LAWYER directs you to do otherwise, and then give an outer volume password with some "embarrassing" information.

Your safest bet is an fully encrpyted volume (instead of a file container). "Oh that thumb drive? It needs to be formatted, officer."
Title: Re: Encrypted data and evidence
Post by: mito on November 08, 2011, 11:27 pm
What do buyers have to fear?

My Tor folder is encrypted with Windows encryption.     The only thing in there is the link to SR and the forum.    All cache is cleared on regular.

My GNU Privacy Assistant isn't encrypted, but I have keys only, no messages stored.

What evidence is there in my computer that could get me in trouble?

What should I really fear if cops seize my computer?   
Title: Re: Encrypted data and evidence
Post by: LexusMiles on November 08, 2011, 11:58 pm
Depending on your country and state, depending on your career aspirations, etc etc, buyer will have to fear prosecution for buying drugs. For some people it won't be a big deal, for others it will be life-changing. So.. its up to you as an individual to make that call.

As for deleting cache... unless you 'scrub' it, its never really deleted.. at least until Windows decides to overwrite the ghost data which could be tomorrow or never.. no way to be sure. I think the setup you described is the least secure contingency out there. Due to the OS leaking random data to swap files, temporary files, bugs, glitches etc, not to mention System Restore, and whatever unknown system services are doing to make your experience more 'convenient'... its pretty safe to say that a full surface scan (reading each sector) of your HDD would reveal a fair amount of your internet doings..

It all comes down to if you really care about the potential of being busted or not. If you don't care.. then the easy thing is to leave the OS unencrypted. If you do care, then encrypt the OS (easy.. install Truecrypt, then cick "full system encrypt").

Title: Re: Encrypted data and evidence
Post by: SR User on November 09, 2011, 03:48 pm
it applies to all americans, you are a canadian so i am pretty sure you have absolutely no rights at all, i could be wrong but i think i am on solid ground.

Ha! This is a joke right? America has some of the toughest anti-drug laws in the world. You're much better off in Canada and regardless of whether you release your password or not, the sentence will be much less in CAN than US.

As for not releasing your password, they may add time (or not reduce it) for not co-operating. Either way, if caught they'll make you pay for not sharing, it's your call to decide on whether releasing it will add more time/penalties than keeping it to yourself.

Also as a buyer, the risks are lower but definitely present. You're probably not looking at time (providing quantity is low) but it will affect your life, as someone has said already, depends on your hopes and career path.
Title: Re: Encrypted data and evidence
Post by: mito on November 09, 2011, 05:39 pm
Thanks guys for the input.

I was referring to Tor and the GNU Privacy Assistant only.

They have a warrant and raid my home, however, they find _no_ drugs whatsoever.    Well, only beer in the fridge.

Can they fuck me over an encrypted folder holding Tor and/or having a lot of public keys?

Thnaks!
Title: Re: Encrypted data and evidence
Post by: wannabud on November 09, 2011, 09:43 pm

Can they fuck me over an encrypted folder holding Tor and/or having a lot of public keys?


That's not illegal at all.
Title: Re: Encrypted data and evidence
Post by: g4bb3r on November 09, 2011, 11:39 pm
In some countries you can be forced to give up your passwords. Truecrypt hidden volumes fixes this.
Title: Re: Encrypted data and evidence
Post by: Cgault on November 10, 2011, 01:30 pm
Regarding trucrypt -

I am having a bear of a time under OSX 10.6.8 (Snow leopard) getting Trucrypt to work - I dont understand how to format and partition an SD card so Trucrypt can use it, and I do not understand the boot loader options...?????

OSX allows encrypted devices - I am sure that Trucrypt offers better removable device support. Can anyone post a mini how to for using trucrypt on OSx?
Title: Re: Encrypted data and evidence
Post by: Diamond on November 21, 2011, 06:31 pm
OSX allows encrypted devices - I am sure that Trucrypt offers better removable device support. Can anyone post a mini how to for using trucrypt on OSx?

I use OS X as my main home OS and I've never had too many issues with TrueCrypt. As it happens, I have an SD card I want to partition and encrypt. If all goes well I will take screen shots and post them to a new thread. Probably some time over the weekend.
Title: Re: Encrypted data and evidence
Post by: Spedly on November 22, 2011, 12:57 am
it applies to all americans, you are a canadian so i am pretty sure you have absolutely no rights at all, i could be wrong but i think i am on solid ground.

Is that what they taught you at school?

Wow. Just wow.

Title: Re: Encrypted data and evidence
Post by: rise_against on November 22, 2011, 04:40 am
just encrypt a microSD card with Truecrypt and load everything such as your TOR browser and links, etc. from there.  If there is a need to destroy it, i'm sure a microSD card can be destroyed pretty easily.
Title: Re: Encrypted data and evidence
Post by: Cgault on November 22, 2011, 06:27 am
OSX allows encrypted devices - I am sure that Trucrypt offers better removable device support. Can anyone post a mini how to for using trucrypt on OSx?
As it happens, I have an SD card I want to partition and encrypt. If all goes well I will take screen shots and post them to a new thread. Probably some time over the weekend.

I'd appreciate that = every time I try and format the SD in Disk util, when I use the trucrypt wizard, I get a waning and then I am not sure what options to use - even after reading everything. I forget half the stuff to ask, because I gave up weeks ago. OS X has the ability to encrypt a folder, which can then be moved to a SD card.   
Title: Re: Encrypted data and evidence
Post by: DrBenway on November 23, 2011, 02:18 am
In the US, you can probably be compelled to supply a password you know. Current case law makes an analogy between a password and the combination to a safe, which you can also be forced to give up. That said, if you are in the US and are asked for your password, your response should always be to refuse to speak further without a lawyer. Once you tell your lawyer you just set a new password and can't remember what it was, they can deal with the authorities in the lowest-risk way possible.
Title: Re: Encrypted data and evidence
Post by: avarice on November 25, 2011, 03:35 pm
In some countries you can be forced to give up your passwords. Truecrypt hidden volumes fixes this.

the most sure way to be safe is this. they can't force you to give up a password to something that doesn't exist ;)
Title: Re: Encrypted data and evidence
Post by: orson on November 25, 2011, 04:23 pm
I have always been advised just to keep my mouth shut whenever dealing with the fuzz :-)
Title: Re: Encrypted data and evidence
Post by: Dobbs on November 25, 2011, 05:23 pm
I think...but I may be wrong...that as long as the Patriot Act is in effect...we Americans have no rights at all.  Just my two cents on that. 

May I say on a side note I do enjoy lurking here! 

I have Truecrypt, with full disk encryption.  And they cant make me "remember" a password lol...no way.
Title: Re: Encrypted data and evidence
Post by: Dobbs on November 25, 2011, 05:26 pm
and OH YEAH...even if the cops approach you and say "we'd like to ask you a few questions"  Say NO.  If they persist, which they will, your next words are "I WANT TO SPEAK TO AN ATTORNEY".  supposedly you wont have to say anything else to them after that...but then again there's that pesky Patriot Act.
Title: Re: Encrypted data and evidence
Post by: Tommyhawk on November 27, 2011, 07:01 pm
An easy work around to never having your encrypted data is revealed is this.

First, there's an even safer method than to using an encrpyted flash drive.

With TrueCrypt, you can create a hidden volume that is basically a storage volume, disguised as a file.

What I do is.

I have a collection of ISO files on my computer, along with several fake ones, which read as ISOs, and are made the same size as an ISO file. They can't know these files are encrypted unless I tell them, or unless they do some serious searching through all the files on my computer. When I say serious searching, I mean investing the efforts of every cryptologist and computer expert that they have availible to their disposal. Unless they think I'm an international criminal that poses a threat to the country, not going to happen. They are going to have some trouble taking my computer in the first place if my house is just being raided for drugs and they find nothing, or maybe even some drugs here and there.

The encrypted fake.iso volume also requires 2 key files and a complex password. Up to this point, it's unlikely for them to find the encrypted volume. You can even take this steps further by making several fake-encrypted volumes, within an already hidden one, with many fake information etc. If by some insane miracle they do gain access to this data, they can't force you to decrypt them, you can merely say you downloaded that ISO file and had no idea what it was. There's too much leverage on your side with this method for them to say you encrypted it.

An easier way is, just have an encrypted file with a key file or 2 to go with it. When they ask you to decrypt it, tell them you deleted the key files when they began to raid your house which happen to be impossible to recreate ~ this can be absolutely anything unique that can't be remade. This leaves them in a position that is negotiate. They have no choice, and they can't charge you with distruction of evidence since you didn't really destroy any evidence.

You could even say you have a script set up in your computers cache to delete the key file after a certain amount of wrong password entries. Maybe they forced you to log into the computer and out of nervousness you entered the wrong password a few times. Nothing they can do about this.

Even better, with multiple key files, you can make up some crazy computer techy excuse as to why it's impossible to decrypt it now, and they have no way of proving it. If you have more than 1 key file, it's impossible for them to try every single file combination on your computer. It would be absolutely impossible for them to decrypt it by any means. This is given, they can even locate the encrypted volume!.

If you're clever enough, your encrypted data will never be revealed. I have provided several examples above of practically foolproof ways of thwarting their attempts. If you just have  USB encrypted with a single password, well, needless to say, you're not being very smart. You're just protecting against the average joe.

"In my country, reasonable got men killed, it is only the cautious men who survived"

When you're breaking the law, or people want to thwart you, it's much better to be cautious and anticipate any event, than to base your efforts only on what could 'reasonably' happen
Title: Re: Encrypted data and evidence
Post by: DrBenway on November 28, 2011, 03:39 am
A couple things. First, the cops in the US must stop questioning you if you ask for a lawyer only if you are under arrest, for the most part. That said, you don't have to answer any of their questions even if they ask them all day, which they won't be able to do anyway if you aren't under arrest because they can't compel you to stay near them to listen, and in any case you can just refuse to answer (with the exception that they can get a search warrant which compels you to give up your password if you remember it, but that requires probable cause that the encrypted files contain evidence of a crime and would come much later when you have had the opportunity to get a lawyer).

Second, the ISO idea doesn't sound very effective to me. The entropy of an encrypted file will be much higher than that of most ISOs, and LE can easily calculate the entropy of all your files once they have them. TrueCrypt hidden volumes are much safer, although if you don't use them correctly they can be found too (for example, you must never use quick format when creating hidden volumes or their containers). If you are going to rely on TC hidden volumes, read http://www.truecrypt.org/docs/?s=hidden-volume-precautions very carefully.
Title: Re: Encrypted data and evidence
Post by: Tommyhawk on November 28, 2011, 05:10 am
A couple things. First, the cops in the US must stop questioning you if you ask for a lawyer only if you are under arrest, for the most part. That said, you don't have to answer any of their questions even if they ask them all day, which they won't be able to do anyway if you aren't under arrest because they can't compel you to stay near them to listen, and in any case you can just refuse to answer (with the exception that they can get a search warrant which compels you to give up your password if you remember it, but that requires probable cause that the encrypted files contain evidence of a crime and would come much later when you have had the opportunity to get a lawyer).

Second, the ISO idea doesn't sound very effective to me. The entropy of an encrypted file will be much higher than that of most ISOs, and LE can easily calculate the entropy of all your files once they have them. TrueCrypt hidden volumes are much safer, although if you don't use them correctly they can be found too (for example, you must never use quick format when creating hidden volumes or their containers). If you are going to rely on TC hidden volumes, read http://www.truecrypt.org/docs/?s=hidden-volume-precautions very carefully.

When I talked about the ISO idea I meant having the truecrypt hidden volume named "xxxxx.iso" or whatever.
Place it with a bunch of other real ISO files, the only way they can see if each is encrypted is to mount it, or extract each one, even so, the one that wont extract could just be presumed to be corrupted. They wouldn't have the time to figure out if it's encrypted or corrupted.
Title: Re: Encrypted data and evidence
Post by: TravellingWithoutMoving on December 06, 2011, 05:45 am
2 points :-

data;
distributing your stuff on encrypted usb drives etc for the purpose of quickly destroying to somehow prove you dont have some data etc is a good idea.
putting sensitive data on an encrypted drive can also be deleted in a hurry if need be achieves the same thing.
hiding images amongst data is less of a good idea as time can still be spent at it  if you are a big enough fish or they want you to go down.

law:
a No of bits of "evidence" will make up the case.



lesson:
cover your tracks no matter what you do.

Title: Re: Encrypted data and evidence
Post by: ttot on December 06, 2011, 04:30 pm
don't do moneypaks and WU transactions 'off the grid' we'll be alright....

Why do you say that?  Because of plausible deniability?
Title: Re: Encrypted data and evidence
Post by: calcium on December 06, 2011, 10:22 pm
If do not comply, isn't that obstruction of justice?

IANAL but I have researched this particular question, so this is a semi-expert opinion. US only, I don't know shit about international law.

1. The law varies by region. Different appeals courts (which control different groups of states) have reached different conclusions. So the simple answer is, you have to first check your local rulings.

2. There's a trick that the prosecution can and does use, EVEN IF the password is considered to be covered by 5th amendment (ie the appeals court for your jurisdiction think it's more like a secret you know [clearly 5th] than a physical key [not protected at all]).

Namely, they give you a full immunity for evidence based DIRECTLY on the fact that you knew the password or that it was your account, ie they agree not to tell the jury "you should convict because Mito's account has records showing drug sales".

HOWEVER, they then get to force you to disclose the password (because you have immunity on this, remember).

If you do comply, then they DO get to use the evidence they find in your encrypted files if they can tie it to you some OTHER way than the fact that it was in your files, or if it leads them to find some other evidence that they can independently confirm. This happens a lot.

If you don't comply, that's almost always contempt of court (though could be obstruction). Technically, it's indefinite, because as long as you continue to refuse to comply, you're reoffending. People HAVE been convicted of this, and the penalty for just this is often worse than whatever they were originally going to prosecute for.


So the simple advice:

1. Contact the EFF immediately. Their attorneys specialize in this, and they're good people. They are the BEST resource you could have on your side for this kind of legal case. See eg https://www.eff.org/cases/us-v-fricosu

2. If you're advanced enough in skills to do this, make it so that you actually can't recover your password even if you wanted. For instance, you can set systems up such that they require a keyfile that's stored in a very temporary manner, that unless it's actively being maintained, poof it's gone. Then you can say you're cooperating, but sorry it's not *possible* for you to give them what they want, have fun trying to crack the crypto.

3. Make sure that you do defense in depth. If your keys are revealed, NOTHING they find can get tied to you IRL anyway.

4. Usually it only makes sense to refuse to give your password if what they would find would net your more than a few years in jail anyway. Ask your lawyer.

Hope that helps.
Title: Re: Encrypted data and evidence
Post by: Dobbs on December 07, 2011, 05:55 pm
From personal experience, I can honestly say, cops in the USA can do whatever they want to.  There's a "stop", there's a "seizure", there's "arrest".  If its a stop, you can walk away.  If its a seizure, you may not walk away.  arrest is obvious.

I hate LE with all my heart.  They do not follow the law themselves, they do whatever they feel like doing and lie in court.  The only thing I can do to protect myself is clam up and shut down.

Title: Re: Encrypted data and evidence
Post by: phubaiblues on December 09, 2011, 03:36 am
From personal experience, I can honestly say, cops in the USA can do whatever they want to.  There's a "stop", there's a "seizure", there's "arrest".  If its a stop, you can walk away.  If its a seizure, you may not walk away.  arrest is obvious.

I hate LE with all my heart.  They do not follow the law themselves, they do whatever they feel like doing and lie in court.  The only thing I can do to protect myself is clam up and shut down.

You're so right, Dobbs and the real truth--unless people are 'street savvy'--is that they will freak out and start talking, and cops know exactly what buttons to push to get a citizen who is frightened to start blabbing away.  Most people simply cannot sit quietly, when they think that if they talk and get friendly, that they might get to go home...and when people are sitting with some uncomfortable cuffs on, in the back of some miserable squad car, you better believe most of them will talk and talk and talk.  The genius of this site, is to realize that most people are going to chatter away, and just to protect the vendors thru the use of bitcoins, so the buyer has nothing to give up.

If you've been in the life, yeah, u know that nothing you say is going to help, and just settle down for a long long wait in the squad car and the holding tank, and maybe, within a day or two, if it's not a weekend, to go before a judge, and get your bail lowered, and get a bondsman and a public defender....it's really an unhappy time, and god help you if you're on methadone or have a standing opiate habit...try to get a bottom bunk...

But most people on here anyway, I don't get the sense they've done time, and they identify with citizens, not crooks, and are going to have a really hard time keeping their mouths shut...it's not weakness, it's just human nature.  Cops don't want to go to court with this shit, they'd play hell proving anything, unless they want to spend a ton of time and money getting serious hackers to go thru it all...

Use Tails(http://tails.boum.org/index.en.html) and your local coffeeshop for main site...  Don't tell your friends about it.  Call a local bondsman and establish a relationship.  You can worry about the lawyer after you get out...a PD can get your bail lowered, most people probably can get OR'ed anyway (out on your own recognizance)  Don't get cracked on a friday :)
Title: Re: Encrypted data and evidence
Post by: wrathgorgon on December 15, 2011, 09:10 pm
I think...but I may be wrong...that as long as the Patriot Act is in effect...we Americans have no rights at all.  Just my two cents on that. 

May I say on a side note I do enjoy lurking here! 

I have Truecrypt, with full disk encryption.  And they cant make me "remember" a password lol...no way.

LOL what do you mean "as long as"? It's never going away now. The power grab happened, and now it's going to stay here forever.