 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Mon, 13 Oct 2008 10:23:19 -0500, Mueen Nawaz wrote:
> If, however,
> they're searching your computer for evidence about someone else's crime,
> I don't think you can plead the Fifth.
I would think that depends on the scope of the search; ISTR that in some
cases, you could be required to turn over the password, but only after
reaching an agreement about the scope of the search only applying to data
pertaining to the crime being investigated - the data couldn't be used
for other prospective crimes.
IANAL and all that, though.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Mon, 13 Oct 2008 10:32:17 -0500, Mueen Nawaz wrote:
> If you're on Linux,
> one often just has to look at your history file to see if you use the
> truecrypt command.
history -c is your friend....
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Mon, 13 Oct 2008 13:11:20 -0400, Tim Cook wrote:
> "Warp" <war### [at] tag povrayorg> wrote in message
> news:48f37469@news.povray.org...
>> Still doesn't prove that you have encrypted files. You could simply
>> say
>> that you installed it a long time ago just to see how it works, or
>> whatever.
>
> Ah, see, that'd be lying. I'm pretty sure I didn't have anything bad,
> and, quite frankly, if I *did*, I deserve to be punished. Simple as
> that.
Perhaps, but the way to state it is to invoke your right against self-
incrimination. That you do that - legally - is no basis to say you're
guilty of something.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Mon, 13 Oct 2008 11:36:03 -0600, somebody wrote:
> TrueCrypt sounds exactly like the type of program FBI would write and
> release, without disclosing the backdoor, of course.
Except that it's released under an open source license and all the code
is available for inspection.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Mon, 13 Oct 2008 13:20:26 -0400, Warp wrote:
> Of course there's little TrueCrypt can do about that.
Well, actually, it can - you just encrypt the entire disk. Of course,
then it's obvious you're using TrueCrypt (because it asks for a password
at boot time, at least from my read of the docs), but again you can do a
dual-partition setup where you have, say, a Windows install that you use
for innocuous things and a Linux install that you use for sensitive work.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Not that it matters; either way, they took the computers and I've not heard
about them since. What they do with them if I never get them back is
irrelevant, likewise if I *do* get them back, what they do with them is
irrelevant.
--
Tim Cook
http://empyrean.freesitespace.net
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Mon, 13 Oct 2008 16:01:08 -0400, Tim Cook wrote:
> Not that it matters; either way, they took the computers and I've not
> heard about them since.
Well, yeah, because you didn't encrypt the data, the point is kinda moot
for your specific situation.
> What they do with them if I never get them back
> is irrelevant, likewise if I *do* get them back, what they do with them
> is irrelevant.
Unless, of course, they find something they decide is prosecutable.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Darren New wrote:
> Mueen Nawaz wrote:
>> Fifth Amendment only works if you're being investigated. If, however,
>> they're searching your computer for evidence about someone else's crime,
>> I don't think you can plead the Fifth.
>
> I am not a lawyer, but I believe this is not accurate. I remember
> someone's secretary pleading the fifth when asked about her boss' stuff
> and getting away with it.
>
> The trick is, they can't really pursue *why* you are pleading the fifth,
> if you follow the logic.
I don't know it with any less uncertainty as you. Yes, I know you could
do that, but of course the actual fifth amendment is to protect yourself
from incriminating yourself. The DA could offer immunity, and then you
have to comply.
>> In the US, however, I believe you
>> don't have to hand over the password regardless.
>
> Actually, the case is new enough that I didn't find any appeals that
> would make it actual precedent, so I suspect it's still up in the air.
It's happened once or twice in the US.
http://yro.slashdot.org/article.pl?sid=07/12/15/1459243
Actually, that was a Fifth Amendment case. Maybe I was wrong...
This one's about the UK (although I've heard this a number of times
over the years):
http://yro.slashdot.org/article.pl?sid=07/10/02/1237215
--
"I think not," said Descartes, and promptly disappeared.
/\ /\ /\ /
/ \/ \ u e e n / \/ a w a z
>>>>>>mue### [at] nawazorg<<<<<<
anl
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Warp wrote:
> I think that even from a moral point of view honesty does not require
> you to divulge everything you do just because you are asked. There is this
> thing called privacy, and people are entitled to it. What you want to hide
> might not be anything illegal, but it can still be embarrassing, and nobody
> should be forced to divulge anything they don't want to, not from a legal
> nor from a moral point of view.
>
> Sure, sometimes the right to privacy may be abused to hide illegal material
> (eg. child porn or terrorist plans), but I still don't think that privacy
> should be lifted from everybody simply because a few individuals abuse it
> to hide illegal material. Nobody should be forced to reveal encryption keys
> simply because they *might* be hiding something illegal. That's a very
> dangerous road which we don't want to follow.
I wish the law agreed with you. As it is, for people like me, getting
caught lying would put me in much more trouble (jail time) than losing
my privacy, or getting in trouble with anything I currently have to hide
(i.e. not much).
--
"I think not," said Descartes, and promptly disappeared.
/\ /\ /\ /
/ \/ \ u e e n / \/ a w a z
>>>>>>mue### [at] nawazorg<<<<<<
anl
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Warp wrote:
> That may give them a hint that you might have encrypted files in your
> system, but they have no way of knowing which ones they are. TrueCrypt
> itself leaves no history anywhere.
They will depending on how you use it. The command line way of doing
things is:
truecrypt /path/to/file
That path will show up in the history. Of course, perhaps that's poor
usage - but last time I checked, the docs didn't mention the potential
problem.
In any case, fine: Let's say he doesn't use the command line.
If he navigated to the directory where it was mounted recently, that'll
show up in the history, and may give clues to its content. This will
give them a strong indication that there is a TC volume somewhere, and
they could ask him about it.
>> Or they could look to see if you have truecrypt installed.
>
> Still doesn't prove that you have encrypted files. You could simply say
> that you installed it a long time ago just to see how it works, or whatever.
Won't work if you navigated into it recently (command history).
>> Or they could look to see if you have unmounted truecrypt directories.
>> I tried it and at least on my computer, truecrypt doesn't automatically
>> delete those directories.
>
> You can choose whatever directory names you want to mount a TrueCrypt
> file system. Just use /tmp/tmp/ or whatever. Nothing suspicious about that.
Will have to look into that - been a while. I *do* recall that
initially TC wasn't working as expected, and *did* leave stuff around in
/tmp. Perhaps nothing too important, other than showing that TC did
exist and was being used. It doesn't anymore (don't remember what the
problem was).
>> As for hidden partition, I don't know the details. I believe an
>> analysis was done and they only guaranteed true hiddenness if you used
>> FAT as the filesystem of the hidden partition. More precisely, it was
>> shown that if you use ext3, there will likely be data elsewhere on the
>> HD that will hint that there is a hidden partition somewhere.
>
> Then use FAT? What's the problem?
Not obvious to folks on Linux that they shouldn't use ext3 on a TC
volume. Last I checked, the docs didn't imply additional security if you
use FAT.
>> There are other analyses. Let's say you make your "outer" TC partition
>> 30 GB. And inside it you make your hidden partition 10 GB. I read
>> somewhere that TC makes that 10 GB block contiguous. So when you give
>> the password to your outer TC, if they look they'll see that your data
>> (if you have enough of it), will be all over that 30 GB except for this
>> big block of 10 GB which has random data (which, to the FS, appears to
>> be free space). Now you could say that you just deleted a 10 GB file,
>> explaining that big unused contiguous block, but...
>
> AFAIK TrueCrypt puts random garbage at every free block for the precise
> reason that it's impossible to tell whether it's just that, random garbage,
> or a hidden partition.
Yes, but I think you miss my point. Or I don't understand how things
are stored on the HD.
The area occupied by the hidden partition will have random stuff in
it, but will appear to be "free" space by the FS (as in space available
for writing). A contiguous block of 10 GB, especially with actual data
around it, will look suspicious. Regardless of whether that space has
random data.
It's as if you just deleted 10 GB worth of contiguous material.
Possible, but not likely.
Of course, they can't *prove* anything with what I'm saying. And if you
think you could get into real trouble, it is of course better to just
deny. However, there is a risk in lying, and if you really don't have
much to hide, that risk can be quite high (at least in the US - say when
you're crossing the border).
--
"I think not," said Descartes, and promptly disappeared.
/\ /\ /\ /
/ \/ \ u e e n / \/ a w a z
>>>>>>mue### [at] nawazorg<<<<<<
anl
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
