Crypted Disk Question

Brandon D. Valentine brandon at dvalentine.com
Fri May 16 16:06:25 PDT 2003 

On Thu, May 15, 2003 at 11:23:52PM -0700, Terry Lambert wrote:
> > 
> > You might just aswell claim GEOM is useless because they could
> > always torture the password out of you - both views are equally
> > meritless.

Which password will they torture out of you?  =)

There are disk encryption schemes which utilize multiple keys, each key
unlocking a different layer of information.  These systems are designed,
at least in part, to facilitate the partial release of information in a
coercion scenario.  Outwardly there is no way to determine whether the
key you have been given fully unlocked the disk or whether you were only
given partial access.  The only way to verify that you have full and
complete access to the disk contents is to already know the contents of
the disk.  That is information the key holder likely already knows but
the attacker is not likely to.  Even if the attacker knows you have
utilized a multilayered system he can never be certain that you have
given him complete access.  

There are also ways that key information can be distributed such that
different combinations of people are required to unlock different areas
of the disk and no group is capable of unlocking the entire disk at
once.  This makes it very difficult to compromise the entire system.
The number of people one would have to detain and coerce in order to
unlock a preponderance of the information presents a practical problem
for the attacker.

> That's incorrect.  If the password is in my head, a court order isn't
> going to recover the data on the disk.  If the password is recoverable
> with a court order because a court order gives physical proximity to
> the machine, then there is no reason to do it.

Just because the court orders you to unlock your disk you can choose not
to do so.  You will be held in contempt of court, possibly charged with
obstruction of justice and most definitely jailed until you produce the
key material.  But, if the privacy of the contents of your disk is worth
more to you than your freedom, you can continue to deny the court's
request.

However, hiding information from a court of law is generally not the
goal of encryption of this sort.  The primary goal is to thwart
espionage efforts -- either corporate or international.  You either want
to protect your trade secrets from your competitors or you want to
protect your national security assets from foreign powers.  Personal
information security is an incidental benefit of technology like this,
but your personal encrypted information is only secure so long as you
steer clear of the law.  A corporation under investigation can likely
get a gag order placed on the court record so that any proprietary
information is kept from competitors.  If you're personally under
criminal investigation you will likely be ordered to unlock your hard
disk, which you will do because otherwise you will spend life in jail
for contempt without the benefit of a jury trial (even if you're guilty
a jury might let you off, which is the advantage to unlocking your
drive).  It is likely that any pertinent information recovered from your
hard disk will be admitted into evidence and as a criminal defendant
unless there are trade secrets on your hard drive which are relevant to
the criminal investigation and which threaten your employer or personal
business, you will probably have difficulty getting the court record
sealed.  Your private information will be made public at least in part.

There are Fifth Amendment arguments that could be made in the United
States against coercing you to unlock your encrypted hard drive, but
they're on shaky ground because the key itself is not incriminating,
only the information the key unlocks is.  The court would tend to think
of that as ordering you to produce the combination to a safe which was
thought to contain a murder weapon.  The gun inside the safe
incriminates you, but the combination does not do so directly so the
Fifth Amendment does not apply. 

IANAL.

> A dongle is only useful if what you are talking about is something
> like a laptop.  Even the, the operation is *not* "automated", as the
> original poster was requesting: it requires the user to physically
> attach the dongle when they are booting a laptop.  At that point, it
> becomes the moral equivalent of a lock and key... which in no way gets
> rid of the act of applying the key to the lock, and so in no way could
> be termed "automatically unlocking the lock".

PHK's post in this thread explains one possible way to skin that cat.

Brandon D. Valentine
-- 
brandon at dvalentine.com                                 http://www.geekpunk.net
Pseudo-Random Googlism:  war is treason join the marijuana lawsuit

More information about the freebsd-hackers mailing list