As I scanned through the headlines at slashdot.org this morning, I ran across news that:After having first decided against forcing a suspect to decrypt a number of hard drives that were believed to be his and to contain child pornography, a U.S. judge has changed his mind and has now ordered the suspect to provide law enforcement agents heading the investigation with a decrypted version of the contents of his encrypted data storage systemSeeing how I was aware of only one case where the judge upheld a suspect's Fifth Amendment rights regarding disk encryption, I was pretty sure the above was a reference to a story I had blogged about, approximately one month ago.And, the more I read, the more I realized that the latest decision is not the judge "changing his mind." Under the circumstances, the judge pretty much had no choice but to give the green light to the request.
After having first decided against forcing a suspect to decrypt a number of hard drives that were believed to be his and to contain child pornography, a U.S. judge has changed his mind and has now ordered the suspect to provide law enforcement agents heading the investigation with a decrypted version of the contents of his encrypted data storage system
If you'll recall, the judge had originally ruled that, under the specific circumstances, the suspect couldn't be forced to decrypt his computer hard disks, which were believed to contain child pornography. It all boiled down to one thing: the government couldn't make the absolute, airtight case that the laptops and hard disks belonged to the suspect, which, I remind you, was the technicality of technicalities:
The computers and accessories were found in the suspect's domicile.
He lived alone for 15 years until the moment he was arrested.
The computer login name was the suspect's first name.
But the suspect didn't admit that the devices were his (it's surprising how effective the advice to "keep your mouth shut" happens to be, no?)
There is a twist to this story, however: On May 16, 2013, the government announced the finding of new information, noting:Since April 19, 2013, the FBI has continued to devote substantial resources to attempting to decrypt Feldman’s storage system. Recently, the FBI was able to decrypt and access a small part of Feldman’s storage system, namely a single hard drive. Unfortunately, the vast majority of Feldman’s storage system remains encrypted.The one single hard drive not only contained child pornography but also "detailed personal financial records and documents belonging to Feldman [the suspect]," including personal pictures of the suspect. And, just like that, the main obstacle to getting the suspect to provide the password, without compromising his Fifth Amendment rights, disappears.The suspect has until June 4, 2013 to comply.
Since April 19, 2013, the FBI has continued to devote substantial resources to attempting to decrypt Feldman’s storage system. Recently, the FBI was able to decrypt and access a small part of Feldman’s storage system, namely a single hard drive. Unfortunately, the vast majority of Feldman’s storage system remains encrypted.
I find it hard to believe that encryption was broken. What happened, more likely than not, was that the FBI managed to guess at the password that unlocks the laptop.When it comes to full disk encryption, the weakest spot tends to be the password. But, you can't get around not using a password. The encryption key, which is what actually protects encrypted data, must be long and very random in order to provide security (otherwise, it'd be easy to guess). But, the longer and more complex it is, the harder it is for people to memorize it.Thus, the presence of a password, which can be changed at will, personalized, and made as long or as short as necessary. But, again, its Achilles Heel is that it's much easier to be brute-forced (trying all combinations until exhaustion) than an encryption key, as well as trying other methods of shortening the attack.This is why AlertBoot's encryption software has settings for automatically wiping the encryption key if a preset number of wrong password entries are made. Once the encryption key is wiped, it doesn't matter if you know the password or not. Of course, we also backup the key to ensure access to your data in the event that a laptop is recovered.
Of course, seeing how the government could prosecute the suspect with the current evidence, one wonders why he has to provide the password to the rest of the "storage system."The answers are myriad. It could be that the government is trying to make its case airtight (they already know what can happen if they don't satisfy that particular condition). It could be that they're looking to find other suspects or associates. Or, perhaps they want to go through all images to ensure that there aren't new cases of a child being abused (governments the world over keep databases of child pornography, and compare newly found images to see if they're new abuse cases or just old ones being passed around).Perhaps the government is looking to set a precedent. Who knows? Regardless, there are plenty of justifiable reasons for taking a peek into the rest of the hard disks.
On the contrary. It's evidence that encryption works. How long has the FBI been working on cracking the suspect's encrypted storage? Well before April 19, 2013. The fact that they spent their resources and only managed to crack one (and possibly because of good luck) is ample evidence that your lost or stolen laptops and smartphones are secure from the average data breach.