[cryptography] US Appeals Court upholds right not to decrypt a drive

James A. Donald jamesd at echeque.com
Fri Feb 24 20:43:03 EST 2012


Truecrypt supports an inner and outer encrypted volume, encryption 
hidden inside encryption, the intended usage being that you reveal the 
outer encrypted volume, and refuse to admit the existence of the inner 
hidden volume.

To summarize the judgment:  Plausibile deniability, or even not very 
plausible deniability, means you don't have to produce the key for the 
inner volume.  The government first has to *prove* that the inner volume 
exists, and contains something hot.  Only then can it demand the key for 
the inner volume.

Defendant revealed, or forensics discovered, the outer volume, which was 
completely empty.  (Bad idea - you should have something there for 
plausible deniability, such as legal but mildly embarrassing 
pornography, and a complete operating system for managing your private 
business documents, protected by a password that forensics can crack 
with a dictionary attack)

Forensics felt that with FIVE TERABYTES of seemingly empty truecrypt 
drives, there had to be an inner volume, but a strong odor of rat is no 
substitute for proof.

(Does there exist FIVE TERABYTES of child pornography in the entire world?)

Despite forensics suspicions, no one, except the defendant, knows 
whether there is an inner volume or not, and so the Judge invoked the 
following precedent.

http://www.ca11.uscourts.gov/opinions/ops/201112268.pdf

That producing the key is protected if "conceding the existence, 
possession, and control of the documents tended to incriminate" the 
defendant.

The Judge concluded that in order to compel production of the key, the 
government has to first prove that specific identified documents exist, 
and are in the possession and control of the defendant, for example the 
government would have to prove that the encrypted inner volume existed, 
was controlled by the defendant, and that he had stored on it a movie 
called "Lolita does LA", which the police department wanted to watch.







More information about the cryptography mailing list