This Is Why Cell Phone Encryption Matters

This Is Why Cell Phone Encryption Matters

CHP officers play a "game" where they pass around explicit photos from telephones they have seized.

Officer Shawn Harrington called it a "game." Harrington says other officers at the Dublin precinct routinely distributed pictures from phones of female arrestees. Images were forwarded to other officers and "non-CHP individuals." Court documents also describe a second incident in which Harrington forwarded images from a DUI arrestee's phone while she was being x-rayed. 

Encryption by default keeps criminals out of people's phones, even the criminals that hide behind uniforms and the color of law. The same goes for the warrant requirement recently ordered by the US Supreme Court. In a typical DUI arrest, there's really no reason for a cop to be going through the suspect's phone. Evidence of drunk driving is usually contained within the arrestees themselves, not their phones. At best, any time a cop does this, it's a fishing expedition for bigger charges. At worst, it's Harrington and his complicit bro cops, passing around nudie pics just because they can. Access and ability are the worst enablers. 

When cops complain about falling behind in the tech race while arguing against warrant requirements and encryption, one wonders whether this isn't part of the "problem." It's not so much that the criminals have gotten smarter than the cops. It's that the phones have. The incidents leading to Officer Harrington's arrest both created digital paper trails leading back to the California Highway Patrol. The minimal effort made to cover his tracks wasn't enough. Maybe this is why some cops fear the relentless forward march of technology: covering up misconduct has never been harder. 

Continue reading
3414 Hits
0 Comments

In Re: Decryption of Seized Data

In Re: Decryption of Seized Data

In the United States District Court for the Eastern District of Wisconsin, case 13-M-449, titled "In the Matter of the Decryption of Seized Data Storage System," the court has held that the owner of several hard drives seized by the FBI cannot be compelled to come to court and decrypt the drives for the FBI, because that would violate the Constitutional protection against self-incrimination. 

From the opinion:

On January 22, 2013, a warrant was issued allowing the FBI to enter and search Feldman’s residence, including electronic storage media, for evidence of child pornography. The warrant was executed two days later. 

During the search, Banner spoke briefly to Feldman before he invoked his right to counsel.  Specifically, Feldman stated that he had lived at his current residence for the past 15 years, and that he was the sole occupant of the residence.  Other evidence showed that Feldman is the only person paying taxes and receiving mail at his residence.  Feldman has a computer science degree from the University of Wisconsin–Madison.  He is a longtime employee of Rockwell Automation, currently holding the title of Senior Software Development Engineer.  In 2010, Feldman filed as a co-inventor for a U.S. patent for a “system and method for interfacing with an enterprise resource planning system.” 

Agents seized 16 storage devices during the search.  Five devices showed no traces of electronic data, and two devices were not encrypted.  The remaining nine devices contained data inaccessible due to encryption.  The encryption programs on the storage devices appeared to be the sort that would lock or damage data if too many incorrect password guesses were made. FBI analysts have spent over four months attempting to access the encrypted files without success. 

On one of the unencrypted devices, a Dell computer, FBI examiners found a peer-to-peer software program called “eMule.”  Within eMule, log files indicated that 1,009 files were received, distributed, or stored using eMule, with most of the files having titles mainly indicative of child pornography.  Examiners also found evidence that some of these files had been downloaded to various devices connected to the Dell computer—particularly, the “F,” “G,” and “I” drives.  The “I” drive corresponded to one of two encrypted devices.  The “F” and “G” drives might correspond to any of the other connected devices.  The Dell computer’s login screen showed only one username, “Jeff.”

So it seems pretty clear that this guy has been downloading some child porn and most likely storing it on encrypted external hard drives.  The FBI apparently gave up trying to break through the encryption themselves and went to the court to force Feldman to do it for them.  But doesn't that violate his right to remain silent?

Yes it does, said the court: 

[T]he government has shown that the encrypted devices contain data. In addition, during the search of the unencrypted Dell computer, the government found a peer-to-peer software program whose log files indicated that 1,009 files were received, distributed, or stored using the program, with most of the files having titles mainly indicative of child pornography. Examiners also found evidence that some of these files had been downloaded to various devices connected to the Dell computer, including one of two encrypted devices. In short, the government already knows the names of the files (which indicate child pornography) and their probable existence on the encrypted hard drives. Under these facts, “[t]he existence and location of the [files] are a foregone conclusion.”

Still, however, there is an issue of possession and authenticity. Feldman has a computer science degree, is a longtime employee of Rockwell Automation (currently, he holds the title of Senior Software Development Engineer), and filed as a co-inventor for a U.S. patent for a “system and method for interfacing with an enterprise resource planning system.” Accordingly, unlike in Subpoena Dated March 25, 2011, here, the government has shown that Feldman may very well be capable of accessing the encrypted portions of the hard drives.

But the following question remains: Is it reasonably clear, in the absence of compelled decryption,7 that Feldman actually has access to and control over the encrypted storage devices and, therefore, the files contained therein? To be sure, the storage devices were all found in Feldman’s residence, where he has admittedly lived alone for the past 15 years. In addition, the unencrypted Dell computer, which showed connections to the encrypted storage devices, has a login screen with only one username, “Jeff.” Nevertheless, unlike in Boucher and Fricosu [cases], here, Feldman has not admitted access and control.

This is a close call, but I conclude that Feldman’s act of production, which would necessarily require his using a password of some type to decrypt the storage device, would be tantamount to telling the government something it does not already know with “reasonably particularity”—namely, that Feldman has personal access to and control over the encrypted storage devices. Accordingly, in my opinion, Fifth Amendment protection is available to Feldman. Stated another way, ordering Feldman to decrypt the storage devices would be in violation of his Fifth Amendment right against compelled self-incrimination.

So it seems that what really violates his Fifth Amendment protection is admitting that he can decrypt the drives, not necessarily the act of decrypting them.  If the officer had asked early on, "Can you decrypt these for us if you wanted to?" and Feldman had said yes, the case may have turned out differently.

From JSOnline:

FBI Special Agent Brett Banner suggested in an affidavit that the increasingly common use of encryption could become a real hardship for law enforcement if courts don't order suspects to decrypt possible evidence.

Well, yes, it could become a real hardship for law enforcement if citizens had a way to keep things private from the authorities.  That's the point, Agent Banner.  The point of the Constitution and the Bill of Rights is to protect citizens from government.  That means citizens don't always have to do what the government wants, no matter how much the government wants it.

Encryption is amazing stuff when used correctly.  I prefer TrueCrypt myself.  Use a strong key.

UPDATE:  TrueCrypt has fallen into disfavor since this blog post was published, although it still works for many functions.  Here are some alternatives to TrueCrypt:  https://www.comparitech.com/blog/information-security/truecrypt-is-discoutinued-try-these-free-alternatives/

Continue reading
4533 Hits
0 Comments

Statewide Roundup in Child Porn Sting

Statewide Roundup in Child Porn Sting

The Marietta Daily Journal is reporting that Georgia law enforcement executed a statewide roundup of online child pornography suspects: 

Cobb County Police were among almost 50 state agencies that came together Wednesday to show up at front doors with search warrants for 98 suspects accused of distributing child pornography over the Internet.

In Cobb alone, six warrants were issued and numerous computers were taken and submitted for forensic analysis, according to Officer Mike Bowman with Cobb Police.

“No physical arrests have been made at this time,” he said. “Charges may be forthcoming pending the completion of the computer analyses.”

As of 6:30 p.m. Wednesday, there have been 73 search warrants executed statewide and 41 arrests were made in connection with this continuing operation, according to John Bankhead with GBI.

I like these cases not because of the subject matter, but because of the technology. I would be just as interested in these cases if people were rounded up for downloading copyrighted song or movies, but those cases rarely get the attention of law enforcement. 

I used a computer hard drive graphic because that's what these cases will come down to.  The computers will be imaged and examined by bigger computers to see if there's anything on there that is illegal to possess.  After that, charges will be filed, people will be arrested, and the war will begin:

Considering the Peter Mallory just got sentenced to 1,000 years in south Georgia for child pornography, any person who had his computer seized in this raid should already be in a lawyer's office planning their defense.  These charges aren't to be taken lightly.

Continue reading
4398 Hits
0 Comments

US DEA Can't Crack Apple iMessages (Yet)

US DEA Can't Crack Apple iMessages (Yet)

The United States Drug Enforcement Agency is mad they can't crack Apple iMessages, even with a search warrant.  Why?  Because Apple iMessages sent from Apple-to-Apple devices are not traditional text messages, and they are encrypted. 

iMessages are encrypted messages that can be sent between Apple devices, including iPhones, iPads and even Macs running the OS X platform. The service launched with iOS 5 in 2011and Apple publicly revealed that all sent and received iMessages would be securely encrypted.

DEA officials first discovered that iMessages could be a hinderance to their efforts when a real-time electronic surveillance under the Federal Wiretap Act failed to yield all of a target's text messages. The agency then discovered that the person was using iMessage, which bypassed the text messaging services of carrier Verizon.

 Apple revealed in January that it sees 2 billion iMessages sent each day from a half-billion iOS devices, plus Mac computers, which gained iMessage support last year. iMessage accounts allow users to send and receive their secure messages across all their Apple devices.

Apple's apparent stymying of the DEA was revealed in a government intelligence note . . .  which calls it "impossible" to intercept iMessages, even with a warrant. The note is entitled "Apple's iMessages: A Challenge for DEA Intercept." 

This is another example of the government publicly admitting that civilian encryption is very powerful stuff.  Don't confuse "encryption" for "passwords" because they are very different.  Passwords are apparently easy to defeat.  Encryption isn't. 

Article here.

UPDATE:  TrueCrypt has fallen into disfavor since this blog post was published, although it still works for many functions.  Here are some alternatives to TrueCrypt:  https://www.comparitech.com/blog/information-security/truecrypt-is-discoutinued-try-these-free-alternatives/

 

Continue reading
4486 Hits
0 Comments

You Are Probably A Child Pornographer, Part II

You Are Probably A Child Pornographer, Part II

To follow up my previous post "You Are Probably A Child Pornographer", we have a young Arizona couple who made the increasingly-unwise mistake of taking their family photos to a Wal-Mart: 

In 2008, Lisa and Anthony "A.J." Demaree took their three young daughters on a trip to San Diego. They returned home to Arizona and brought photos of their then 5, 4 and 1 1/2 year old daughters to a local Walmart in Peoria to be developed.
 
. . . Walmart employees reported the Demarees to the Peoria Police Department on the suspicion that they had taken pornographic images of their children. The police, in turn, called in the Arizona Child Protective Services Agency, and the couple lost custody of their daughters for over a month.

Apparently the Demaree's had photographed their children during and immediately after their baths because they thought their children were being cute.

A Maricopa County Superior Court judge ruled that the photographs were not, in fact, pornographic, and a medical exam revealed no signs of sexual abuse. The girls were returned to their parents.

Good for you, Judge.  But was it really necessary for a medical exam to probe these little girls' nether regions? 

The couple's named went on a central registry of sex offenders, and "We've missed a year of our children's lives as far as memories go," Demaree told ABC News.

So, having done nothing wrong; having been convicted of no crime; these parents were nevertheless branded as "sex offenders" and separated from their children while strangers probed their daughters' vaginas.

In 2009, the couple sued the city of Peoria and the State Attorney General's office for defamation. They also sued Walmart for failing to tell them that they had an "unsuitable print policy" and could turn over photos to law enforcement without the customer's knowledge.
 
A federal judge in Phoenix sided with Walmart, ruling that employees in Arizona cannot be held liable for reporting suspected child pornography. The Demarees appealed to the 9th Circuit Court of Appeals, and on March 6 the court held a hearing before three judges. It's unknown when the appeals court will rule on the case against the city and Walmart.

So expect Wal-Mart to look at your family photos. 

Walmart did not respond to an interview request from ABC News. But, according to Courthouse News the company's lawyer, Lawrence Kasten, argued that under Arizona statute employees who report child abuse without malice are immune from prosecution. He added that there was no indication of malice in this case.

The problem isn't Wal-Mart. They are in a no-win situation because of "mandatory reporting" laws.  Most states have laws that not only encourage the reporting of suspicions of crimes against children but punish the failure to report it.  (Apparently, our governments do not believe that we citizens are moral enough to report such things voluntarily and thus must be threatened with punishment for failing to do so.)  Wal-Mart is trying to error on the side of caution by reporting anything that might remotely be criminal, lest their employees face criminal charges for not reporting it. In other words, the law has left no room for common sense.

The story is here.

So if you are a parent of anyone under 18, remember that Big Brother is watching.  Big Brother has also conscripted Wal-Mart, teachers, doctors, and anyone else they can to help keep an eye on you through "mandatory reporting" laws.  Do not photograph or video your children doing anything without appropriate clothing.  If you do have such videos or photographs, do not email or text them, or post them on the internet.  Keep them on an encrypted hard drive with a strong key.  And if anyone from the government asks for permission to search, the correct answer is "no." 

Protecting yourself from government stupidity begins with protecting yourself from the government.

Continue reading
3494 Hits
0 Comments

Wireless Telephone Tapping

Wireless Telephone Tapping

In many criminal cases the police use "tapped" cellular telephone data to help build their case.  Unfortunately, this can sometime be done even without a warrant. 

"[T]he Senate voted to grant blanket immunity to companies like AT&T, which conspired with the NSA to monitor American digital conversations without government oversight after 9/11. Today's vote continues that immunity, and provides further carte blanche for the American intelligence-gathering apparatus. Phone calls, texts, and emails are all fair game—and a judge doesn't have to give the OK, so long as it's in the name of counterterrorism. Which is a very easy guise.

Read more here.

Compare this to the FBI's Carnivore program from the late 1990's. 

Continue reading
4359 Hits
0 Comments

Man Sentenced to 1,000 Years

Man Sentenced to 1,000 Years

A Troup County judge has sentenced Peter Mallory to serve 1,000 years in the Georgia Department of Corrections for having a bunch of dirty pictures on his work computer. 

Mallory was charged with 60 counts of sexual exploitation of children, invasion of privacy and tampering with evidence. Troup County Superior Court Judge Dennis Blackmon sentenced Mallory to 20 years on 50 of the counts and ordered him to serve a concurrent sentence of five years for each of the remaining 10 counts.

He is eligible for parole in . . . seven years.

O.C.G.A. § 42-9-45(b)

An . . .  inmate serving a felony sentence or felony sentences shall only be eligible for consideration for parole after the expiration of nine months of his or her sentence or one-third of the time of the sentences, whichever is greater. . .  inmates serving sentences aggregating 21 years or more shall become eligible for consideration for parole upon completion of the service of seven years.

Continue reading
3917 Hits
0 Comments

"You have the right to remain silent about your encryption key . . ."

"You have the right to remain silent about your encryption key . . ."

A U.S. Court of Appeals has upheld your right to remain silent about the key to your encrypted hard drive: 

The 11th Circuit Appeals Court has issued an important ruling on the question of whether or not a defendant can be forced to decrypt a hard drive when its contents could provide additional incriminating evidence. The case in question refers to the actions of a John Doe who was compelled to testify before a grand jury in exchange for immunity from prosecution. Doe was ordered to decrypt the contents of his laptop as part of that testimony, but was told that his immunity would not extend to the derivative use of such material as evidence against him. Doe refused to decrypt the TrueCrypt-locked drives, claiming that to do so would violate his Fifth Amendment right against self-incrimination.

The 11th Circuit’s ruling reverses the lower court's decision to hold Doe in contempt and affirms that forcing him to decrypt the drives would be unlawful. It also states that the district court erred in limiting the immunity it granted Doe to only apply to grand jury testimony and not the derivative use of the evidence in question. The ruling on misapplied immunity means that the 11th Circuit could’ve punted on the Fifth Amendment issue, but the court opted not to do so.

The applicability of the Fifth Amendment rests on the question of what the government knew and how it knew it. Federal prosecutors admitted at trial that while the amount of storage encrypted exceeded 5TB, there was no way to determine what data was on the hard drive — indeed, if there was any data whatsoever. Plaintiffs were reduced to holding up numerical printouts of encryption code that they said “represented” the data they wanted, but were forced to admit that there was no way to differentiate what might be illegal material vs. legal.

The question at hand is whether or not decrypting the contents of a laptop drive is testimony or simply the transfer of existent information. The court acknowledges that the drive’s files are not testimony of themselves, but writes “What is at issue is whether the act of production may have some testimonial quality sufficient to trigger Fifth Amendment protection when the production explicitly or implicitly conveys some statement of fact.” (emphasis original)

Previous court cases have established that merely compelling a physical act, such as requiring a defendant to provide the key to a safe, is not testimonial. Actions are also non-testimonial if the government can invoke the “foregone conclusion” doctrine by showing with “reasonable particularity” that it already knew that certain materials or content existed.

By decrypting the drives, Doe is admitting “his knowledge of the existence and location of potentially incriminating files; of his possession, control, and access to the encrypted portions of the drives; and of his capability to decrypt the files.” The court dismisses the argument that the contents of Doe’s hard drives are a foregone conclusion, noting that “Nothing… reveals that the Government knew whether any files exist or the location of those files on the hard drives; what’s more, nothing in the record illustrates that the Government knew with reasonable particularity that Doe was even capable of accessing the encrypted portions of the drives.”

“The Government has not shown, however, that the drives actually contain any files, nor has it shown which of the estimated twenty million files the drives are capable of holding may prove useful… we are not persuaded by the suggestion that simply because the devices were encrypted necessarily means that Doe was trying to hide something. Just as a vault is capable of storing mountains of incriminating documents, that alone does not mean that it contains incriminating documents, or anything at all.”

The strength of this decision is the balance it strikes between the rights of the government and the individual. Rather than focusing on the nature of the pass phrase defendants are ordered to provide, it emphasizes the issue of what the prosecution knows and how it learned it. If the prosecutors had had sufficient data to indicate that illegal materials were stored on Doe’s hard drives, forcing him to testify would’ve been valid under the foregone conclusion principle.

The decision is noteworthy for the nature of Doe’s alleged infraction. Doe was called before the grand jury to testify because an IP address corresponding to multiple hotel rooms where he stayed was found to have accessed child pornography via YouTube. Child pornography is a despicable crime, but deriving legal precedents from a desire to punish someone makes for lousy jurisprudence. The 11th Circuit decision heaps no small amount of scorn on the district court’s attempt to immunize Doe’s testimony without immunizing the defendant, deriding it as akin to asking for “manna from heaven,” in which squeaky-clean testimony mysteriously appears on the courthouse steps without any troublesome questions into how it was obtained.

This decision doesn’t make it impossible for the government to use the contents of an encrypted drive, but it requires that the prosecution demonstrate a knowledge of the contents and data contained therein before being allowed to issue a blanket demand. It’s a fair call, and given the increasing number of similar cases, an important one.

This is very important as more and more poeple encryt their computers using free encryption software like TrueCrypt.  Not only can the government not break in to an encrypted computer with a good encryption key, they also can't force individuals to turn over the key.

UPDATE:  TrueCrypt has fallen into disfavor since this blog post was published, although it still works for many functions.  Here are some alternatives to TrueCrypt:  https://www.comparitech.com/blog/information-security/truecrypt-is-discoutinued-try-these-free-alternatives/

Continue reading
3472 Hits
0 Comments

Cracking Bin Laden's Hard Drives

Few technological advances have been as successful at protecting information from government as the technology of encryption.  I think it is fair to say that the US Government will use everything in its power to defeat whatever types of security Osama Bin Laden used on his computers.  But even that may not be enough:

"If you're doing encryption on the drive properly, meaning you've done your research, looked at the solutions, you follow best practices, have a strong key, and don't have a weak passphrase, then it will probably never be decrypted. Because drive encryption done properly is extremely difficult, it ends up being a brute-force problem," said Hoglund.

In the attorney-client arena, I think it is imperative for an attorney to encrypt client information.  Encryption software like TrueCrypt is free and easy to use.  A computer with an encrypted hard drive stolen in a burglary of a lawyer's office is unlikely to reveal any client secrets to the burglar.  The client is protected, as is the attorney-client privilege.

Continue reading
3754 Hits
0 Comments