in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Disk Encryption Legalities: Massachusetts Court Orders Lawyer To Decrypt Laptop

The Massachusetts Supreme Judicial Court (MSJC) has ordered a lawyer to decrypt his laptop computers.  The lawyer, one Leon Gelfgatt, is a criminal suspect in an ongoing case involving Russians and mortgage fraud, and as far as I can tell (as a non-lawyer), his biggest mistake was in not following the aged maxim: "don't speak unless you have a lawyer present."

MSJC Rules: Foregone Conclusion

A long story short: Gelfgatt faked "mortgage documents to sham companies," making over $13 million in the process.  When arrested, he told state troopers that "[e]verything is encrypted and no one is going to get to it."  In fact, you've got to read it for yourself, because it almost sounds like Gelfgatt was gloating about it (although I could just be reading too much into it). From arstechnica.com:
During his postarrest interview with State police Trooper Patrick M. Johnson, the defendant stated that he had performed real estate work for Baylor Holdings, which he understood to be a financial services company. He explained that his communications with this company, which purportedly was owned by Russian individuals, were highly encrypted because, according to the defendant, "[that] is how Russians do business." The defendant informed Trooper Johnson that he had more than one computer at his home, that the program for communicating with Baylor Holdings was installed on a laptop, and that "[e]verything is encrypted and no one is going to get to it." The defendant acknowledged that he was able to perform decryption. Further, and most significantly, the defendant said that because of encryption, the police were "not going to get to any of [his] computers," thereby implying that all of them were encrypted.
The above summary by the MSJC, is followed by their conclusion that the information held within these laptops are "foregone conclusions" and not testimony.  That means that forcing Gelfgatt to decrypt the data does not impinge upon his Fifth Amendment rights (that of self-incrimination).

How can that be?  Because of the magic words, foregone conclusion.

Foregone Conclusion

This is what I wrote in a previous post regarding encryption and the Fifth Amendment:
I had never before looked into what the Fifth Amendment really protects.  I had a general idea, and I'd read the unwashed masses' opinions, comments, and whatnot, but never have I gone straight to the source (and supporting legal opinions) and read it.  What I've read today shows me that a lot of people out there, including myself, have a good, general idea of what it's about, but it's the technical exceptions that can trip us up.

For example, everyone knows the government compelling one to produce incriminating evidence is illegal.  Sounds about right, right?  But, it turns out that the government compelling you to produce incriminating evidence can be legal (not is but can be).

It's a question of what the government knows, and to what degree.  Under the "foregone conclusion doctrine," if the government already knows (not thinks it knows, or assumes, or believes it to be highly likely) about a particular piece of evidence and knows that you have it (and can prove that you have it), they can force you to present it.
Now, take the above and re-read the MSJC's summary.  Note how our suspect:
  • Had admitted to working for the Russians.
  • Noted that his laptop computers were encrypted.  In fact, all of his laptop computers were protected.
  • Stated that he could decrypt the laptops.

If Gelfgatt had kept his mouth shut, he wouldn't be in this situation.  Granted, not speaking or admitting to anything wouldn't have made it a slam-dunk case against forcing him to decrypt the data; however, by admitting to these three things, he made it easy for the prosecutors to make their case.

Especially the second and third points, in my opinion.  A lot of the "the government forcing you to decrypt your laptop or putting you in jail" controversy (like in the UK's RIPA) stems from whether someone is put under duress unfairly.  For example, what if a person forgot his password?  It's not that he doesn't want to comply with the courts orders – it's just that he literally can't.

Also, some have pointed out that the act of admitting to knowing the password to encrypted data lends to the foregone conclusion that you also knew what was contained in that data (since you encrypted it); hence, providing a password would be self-incriminating testimony.  But this is only true if you haven't admitted to knowing it.  Or admitting that it's your laptops, for that matter.

Why Gelfgatt did what he did is a mystery.


Related Articles and Sites:
http://arstechnica.com/tech-policy/2014/06/massachusetts-high-court-orders-suspect-to-decrypt-his-computers/
 
<Previous Next>

Data Security: US Supreme Court Says Warrants Needed For Cellphone Search

Is Bitcoin the answer to your business security woes?

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.