TyperTech
Regular Member
- Joined
- Feb 26, 2024
- Posts
- 44
- Reaction score
- 0
- Status
- Offline
- Last Seen
Ok, so the purpose of this is to share a little bit about what Ive learned about the issue of Courts recently issuing rulings compelling individuals to decrypt devices for the purposes of LE investigations. This deals with US law and US Constitutional rights, as many other countries do not have these protections and in fact, have key disclosure laws requiring you to hand over the passwords to devices.
So the first thing here you should know is that your refusal to decrypt a device when LE has a valid search warrant is not a 4th amendment issue, its a 5th amendment argument against self incrimination.
The Fifth Amendment guarantees that no person “shall be compelled in any criminal case to be a witness against himself.” Under Supreme Court precedent, “[t]o qualify for the Fifth Amendment privilege, a communication must be testimonial, incriminating, and compelled.”
There is however, an exception to the 5th amendment called the “Foregone Conclusion Doctrine”. The foregone conclusion doctrine is basically: if the government knows something exists (a passphrase for example), knows you possess it or control it, and knows it to be authentic, then your act of producing it is not incriminating because its something they already know, and thus not protected.( See Commonwealth vs Gelfgatt, Commonwealth vs Jones, US vs Apple Mac Pro Computer)
Basically, compelling a person to hand over their passphrase can run into 5th amendment issues because the passphrase itself might be something like “I_buried_my_wifes_body_behind_the_park”, and thus be protected incriminating testimony. So the approach the government took in the above mentioned cases to get around this was to compel individuals to enter their password unobserved into a cloned device to decrypt their file.
Also in the previously mentioned cases its worth noting that the individuals (one of which was a lawyer) admitted to the ownership or control of the devices, admitted to encrypting them, and in some cases admitted that there would be files of interest on the devices. So if the government can show that you control the device, know what files are on it, and know the passphrase, they can compel you to decrypt it by subpoena, or hold you in jail in contempt of court until you do. At this point your super strong AES 256 with 12 word Diceware passphrase full disk encryption is only as strong as how long you are willing to sit in jail.
The courts are still divided on this issue, with some siding with the argument that decrypting those files is incriminating and thus protected by the 5th while others see the act of decrypting the files not protected, and to make matters worse there is no clear definition on how much evidence the government must show that you in fact own and control the devices in question, and know the password (I personally have encrypted thumbdrives that I cant for life of me remember the password for). But there are people who are currently being jailed indefinitely until they decrypt their devices (google Francis Rawls).
But the takeaway for me from all my reading on this subject is A) dont ever admit to owning the devices, or knowing about their contents or methods of encryption to LE. Only respond to questions from LE with “I would like to speak with my lawyer before answering any questions”, and nothing else. And B)- it might be wise to create a veracrypt encrypted volume with a hidden encrypted volume inside of that to store sensitive files as a countermeasure to forensics. In this method you use two passphrases- one for the outer volume and one for the hidden volume. If compelled, you enter the passphrase for the obvious outer (safe) volume. Place seemingly embarrassing files (e.g. nude selfies) or sensitive financial data in the outer volume while the hidden inner volume contains sensitive files-password manager databases, PGP keys etc, or say the images from which you run WHONIX (and make sure the OS does not keep logs that point to the location of those images). Veracrypt writes random data to the encrypted container that it creates so the existence of the hidden encrypted volume should be indistinguishable from the rest of the random data in the volume.
Also when creating encrypted volumes inside of full drive encryption dont use the same passphrases to prevent hash collisions.
So the first thing here you should know is that your refusal to decrypt a device when LE has a valid search warrant is not a 4th amendment issue, its a 5th amendment argument against self incrimination.
The Fifth Amendment guarantees that no person “shall be compelled in any criminal case to be a witness against himself.” Under Supreme Court precedent, “[t]o qualify for the Fifth Amendment privilege, a communication must be testimonial, incriminating, and compelled.”
There is however, an exception to the 5th amendment called the “Foregone Conclusion Doctrine”. The foregone conclusion doctrine is basically: if the government knows something exists (a passphrase for example), knows you possess it or control it, and knows it to be authentic, then your act of producing it is not incriminating because its something they already know, and thus not protected.( See Commonwealth vs Gelfgatt, Commonwealth vs Jones, US vs Apple Mac Pro Computer)
Basically, compelling a person to hand over their passphrase can run into 5th amendment issues because the passphrase itself might be something like “I_buried_my_wifes_body_behind_the_park”, and thus be protected incriminating testimony. So the approach the government took in the above mentioned cases to get around this was to compel individuals to enter their password unobserved into a cloned device to decrypt their file.
Also in the previously mentioned cases its worth noting that the individuals (one of which was a lawyer) admitted to the ownership or control of the devices, admitted to encrypting them, and in some cases admitted that there would be files of interest on the devices. So if the government can show that you control the device, know what files are on it, and know the passphrase, they can compel you to decrypt it by subpoena, or hold you in jail in contempt of court until you do. At this point your super strong AES 256 with 12 word Diceware passphrase full disk encryption is only as strong as how long you are willing to sit in jail.
The courts are still divided on this issue, with some siding with the argument that decrypting those files is incriminating and thus protected by the 5th while others see the act of decrypting the files not protected, and to make matters worse there is no clear definition on how much evidence the government must show that you in fact own and control the devices in question, and know the password (I personally have encrypted thumbdrives that I cant for life of me remember the password for). But there are people who are currently being jailed indefinitely until they decrypt their devices (google Francis Rawls).
But the takeaway for me from all my reading on this subject is A) dont ever admit to owning the devices, or knowing about their contents or methods of encryption to LE. Only respond to questions from LE with “I would like to speak with my lawyer before answering any questions”, and nothing else. And B)- it might be wise to create a veracrypt encrypted volume with a hidden encrypted volume inside of that to store sensitive files as a countermeasure to forensics. In this method you use two passphrases- one for the outer volume and one for the hidden volume. If compelled, you enter the passphrase for the obvious outer (safe) volume. Place seemingly embarrassing files (e.g. nude selfies) or sensitive financial data in the outer volume while the hidden inner volume contains sensitive files-password manager databases, PGP keys etc, or say the images from which you run WHONIX (and make sure the OS does not keep logs that point to the location of those images). Veracrypt writes random data to the encrypted container that it creates so the existence of the hidden encrypted volume should be indistinguishable from the rest of the random data in the volume.
Also when creating encrypted volumes inside of full drive encryption dont use the same passphrases to prevent hash collisions.