Category Archives: Cryptography

UK Prepares to Enforce Crypto Export Control Against Academics

Posted on December 16, 2007 by Michael Froomkin

Commonly, the UK is the place where US anti-crypto policies get a dry run.

So pay attention to Ross Anderson's UK Crypto Export Duplicity:

Officials promptly did an end-run around this by making regulations to pass into UK law an EU regulation controlling the export of dual-use intangibles (reg 1334/2000), thus in effect defeating the will of parliament with a classic piece of policy laundering. We argued repeatedly at the time that the introduction of such regulations would criminalise many academics – for example if I put a remark on our security mailing list about cryptanalysis and it goes to George at Microsoft via Redmond – and also criminalise many software developers, who use algorithms such as AES much like duct tape. A government peer told me, “Look, dear boy, you can never get laws to fit the boundaries exactly – just trust us and keep proper records.” Officials said that they had no plans whatsoever to use export control laws against academics.

Earlier this year I was invited to a meeting at DTI along with folks from the Royal Society and UUK. The officials gleefully announced that they'd realised that academics weren't using the export control procedures and asked our opinion about how we could help them `raise awareness' and `market' their services. I reminded them that they'd promised not to. They denied this to my face. They also claimed that it had always been illegal to export intangibles and that the Act had made no difference. I reminded them that until the Export Control Act was passed they had no sanctions available against someone who exported crypto electronically, as the Export of Goods (Control) Order on which they'd previously relied applied only to physical goods. In fact the whole Act was justified to parliament by this arguement. They denied this to my face – even though I'd sat through the debate in the Lords, in the opposition experts' box.

Posted in Cryptography | Comments Off on UK Prepares to Enforce Crypto Export Control Against Academics

Passphrases and the Fifth Amendment

Posted on December 15, 2007 by Michael Froomkin

Declan has the scoop, Judge: Man can't be forced to divulge encryption passphrase:

A federal judge in Vermont has ruled that prosecutors can't force a criminal defendant accused of having illegal images on his hard drive to divulge his PGP (Pretty Good Privacy) passphrase.

U.S. Magistrate Judge Jerome Niedermeier ruled that a man charged with transporting child pornography on his laptop across the Canadian border has a Fifth Amendment right not to turn over the passphrase to prosecutors. The Fifth Amendment protects the right to avoid self-incrimination.

Niedermeier tossed out a grand jury's subpoena that directed Sebastien Boucher to provide “any passwords” used with his Alienware laptop. “Compelling Boucher to enter the password forces him to produce evidence that could be used to incriminate him,” the judge wrote in an order dated November 29 that went unnoticed until this week. “Producing the password, as if it were a key to a locked container, forces Boucher to produce the contents of his laptop.”

Full text of the decision in In Re Boucher, 2007 WL 4246473 (D. Vermont, Nov. 29, 2009).

Long ago I wrote a lot about encryption keys, and touched on this issue. You can read the articles at The Metaphor is the Key: Cryptography, the Clipper Chip and the Constitution, 143 U. Penn. L. Rev. 709 (1995) and especially It Came From Planet Clipper, 1996 U. Chi. L. Forum 15.

The heart of the argument is that things in your head are not like objects in your possession: the core value of the Fifth Amendment is that you can’t be made to speak in ways that indicate your guilt. Giving up a passphrase to an encrypted message ties you to the encrypted information; if the info is, say, child porn, it creates a very strong inference that you knew what the data were and that you possessed them (there are exceptions, including email some else sent to you that is decryptable with you private key, but ignore those scenarios for now).

Other people, notably the redoubtable Orin Kerr, who argue that there is no Fifth Amendment issue here tend to focus on the analogy of possession of a physical key to a physical lock. The law is pretty clear that you can’t stop the cops from taking a physical key on the grounds that the stuff inside that safe will tend to incriminate you.

But the law is also clear that the Fifth Amendment protects you from having to make an oral or written disclosure which is “testimonial” – that, is, whose content might tend to tie you to crime. (Note that “content” means “informational content” – you can be forced to give a meaningless writing sample for handwriting comparison purposes.) This is why the cops are not able to force suspects to take them to the dead body.

It seems to me that the pure compelled disclosure case is not that hard, and that this Magistrate Judge got it right. Note, however, that this decision, emanating from the lowest-level official in the federal court system, is not precedential for other courts; and since it is pretty brief its persuasive power may not be all that great either.

Nor do I think that making a defendant decrypt something without divulging the key would in any way solve the problem, as it still ties the defendant to the content.

The hard case for me would be if the police provided limited “use immunity”: they would promise not to make the fact that your key decrypted the info any part of the prosecution. Thus, for example, the indictment would just say the information was on your hard drive, without mentioning that you had the only key to decrypt it. I think, given the current state of doctrine, that courts might well hold this to be consistent with the Fifth Amendment, making the underlying provision little more than a fairly cumbersome technicality. Doctrinally, that is not such a hard result to foresee, but it is not as simple to explain why this would apply to a coded message and not a dead body.

The flip side of the hard case is when the government provides use immunity and the suspect/defendant claims he doesn't know or has forgotten the passphrase. Then what?

In fact, I do have one ancient PGP key for which I seem to have forgotten the passphrase, so I know it can happen. But in most cases the police are likely to view this sort of memory malfunction as unduly convenient.

Posted in Cryptography, Law: Constitutional Law | 4 Comments

How to Use Google to Crack Passwords

Posted on November 17, 2007 by Michael Froomkin

Google as a password cracker. Amazing.

Posted in Cryptography | 3 Comments

NSA Pushing Randomization Standard that has a ‘Back Door’

Posted on November 15, 2007 by Michael Froomkin

Schneier on Security brings us The Strange Story of Dual_EC_DRBG. it seems that one of the new randomization standards being pushed by NIST originated in the NSA and is capable of being engineered to produce numbers that look random but are not.

Since random numbers are frequently used to seed cryptographic algorithms, this is a fairly big deal to the crypto community. The NSA isn't talking, but I'm guessing this was no accident.

Posted in Cryptography | 2 Comments

Radar Profiles John Young

Posted on August 14, 2007 by Michael Froomkin

John Young posts the text of Radar Magazine's generally sympathetic profile under the (ironic? paranoid? both?) title of Radar Smears Cryptome.

Previous John Young/Cryptome-related posts:

Posted in Cryptography | 1 Comment

What a Movement Looks Like

Posted on May 3, 2007 by Michael Froomkin

Wired has some great photos of the ways in which regular folks engaged in AACS civil disobedience: Photoshop Rebels Rip Great HD DVD Clampdown.

Posted in Cryptography, Law: Copyright and DMCA | Comments Off on What a Movement Looks Like