To the best of my knowledge, Dan Terzian first used the term “Warrant-Proof” in this context
Basics+Background
tbd
Organizational Structure
- Historical Stuff, Pt I: Emails
- Historical Stuff, Pt II: My notes
- Potential Resources
Historical Stuff, Pt I: Emails
02016.05.13
EMAIL EXCHANGE BETWEEN MYSELF AND DAN TERZIAN - Part I: Initial Exchange
Hi Dan,
Just read your article on this subject and had a quick question: what if the password itself included incriminating evidence?
I work for a bitcoin company and passwords (or mnemonics) are often well over a hundred characters - sometimes up to 24 words. Some of those words could be incriminating, which would seem to make the password itself covered by the 5th.
Any thoughts?
Best, Chris
——
02016.05.13
Hi Chris. A few layers to my response.
- I think every court would agree that passwords are always protected by the Fifth Amendment (regardless of how simple, complex, or incriminating they are). Generally, the government can’t force you to create self-incriminating evidence, which is what would happen if the government forces you to write down your password. Several trial courts and one intermediate appellate court concluded that passwords are always protected. Also, the Supreme Court said in a 2000 decision that the government can’t force your to produce a safe combination, and a safe combination is virtually identical to a computer password. (Admittedly, this statement was more of an aside, and the Supreme Court could always change its position.)
- Theoretically, there may be a small exception allowing the government to force you to produce your password. If the government knows that you’ve already written down the password somewhere, the government may be able to force you to produce the document. No case has addressed this specifically. But as a practical matter, it’s highly unlikely the government would ever know that somebody’s written down their password (unless somebody tells it).
- Courts have differed on whether the government can force you to produce your decrypted computer (as opposed to producing the password): some courts generally conclude forced decryption is always unconstitutional because of the Fifth Amendment; others appear to conclude it’s always constitutional. I don’t think the password’s complexity should matter here, because in this scenario, you’re not telling the government what the password is. That said, it might be possible—no idea whether this is actually true—that a decrypted computer could store the password somewhere in a way that the government could recover it. (I recall a story years ago about how an encrypted Mac in sleep mode was not safe because somebody could recover the password from its memory.) I think this is the only scenario where a password’s complexity and incriminating nature could matter. Assuming this is possible and assuming an incriminating password, I think a court that believes forced decryption is constitutional would still allow forced decryption in this case. The court’s already decided that the government can constitutionally force you to produce your decrypted computer; the whole point of that is to find incriminating stuff, whatever the form. Plus, the main Fifth Amendment concern is absent: the government’s not forcing you to create evidence by writing down the password; the evidence is already existing data on the device. Note: I don’t believe there’s any cases on this issue; just my thoughts. BTW Awesome that you’re at Blockchain. Read about it a couple months ago; very interesting! Best, Dan
02016.05.13
Good stuff.
Thanks for the quick and thorough response.
That's a vital distinction between handing over a password and handing over a decrypted device. If you are just forced to decrypt, then they never need to know the password which destroys my entire approach.
One other related thought: In all this discussion about Apple, decryption, etc... I haven't ever seen multisignature technology mentioned. Basically multiple people hold keys and M of N need to sign in order to unlock. Could be 2 of 3 or 10 of 15 or 3 of 15 signatures needed to unlock. Not sure who the keys would be distributed to, but it's an interesting way to manage the unlocking threshold.
Best, Chris
p.s. I sent you some bitcoin just so you have some.
You’re welcome, and thanks for the bitcoin. It’s still unclear whether the government can force people to decrypt their computers. Most courts have held the Fifth Amendment bars it, but some have allowed it. There’s another case on this issue currently pending in the Third Circuit (an intermediate federal appeals court). That’s an interesting idea; also haven’t heard anything about it. Would be very secure if the persons with the keys aren’t related in an obvious way, and almost certainly the government can’t force you to say who holds the keys.
—
02016.05.13
EMAIL EXCHANGE BETWEEN MYSELF + KIT WALSH
Hi Kit,
Just saw the amicus brief in USA vs. Apple Macpro. I've been noodling this issue and wondered what if the password itself included incriminating evidence?
I work for a bitcoin company (Blockchain) and passwords (+ mnemonics) are often well over a hundred characters - 24 words or more. Some of those words could be incriminating, which would seem to make the password itself covered by the 5th.
I'm asking in part bcs I might modify an open source password generator to allow some incriminating statement to be added. More a lark than anything, but I do think it's interesting if the password could be transformed into evidence...
Curious to get your thoughts.
Best, Chris
P.S. I'm a huge fan of the EFF. Keep up the great work!
— 02016.05.15
Hi Chris, thanks for writing. When prosecutors in the US try to compel decryption, the standard procedure is to set up the encrypted drives and command the defendant to input their password. Sometimes prosecutors even promise they won't try to learn what the password is from the defendant's input. They're trying to frame the literal 'disclosure' of the password as the only thing implicating the 5th Amendment, and it's something they don't really care about - they just want the contents of the drives decrypted.
I'm not sure about the situation outside of the US. But in the US you might do yourself more harm than good creating an incriminating record in the password: if they discover the password without the defendant's cooperation, then the self-incrimination clause of the Fifth Amendment doesn't apply and it can be used as evidence if its discovery was otherwise proper.
— 02016.05.19
Hi Kit,
Thank you for explaining this. Sounds like the incriminating password approach won't work.
One other thought, in bitcoin there are "multi-signature" addresses, which require M of N signatures to spend the funds. If a decryption process required multiple passwords the defendant could provide their password (perhaps 1 of 3 passwords) but that wouldn't be sufficient to unlock the drive/file.
Would the defendant, by providing this one password, be in compliance with the court order? Or would they need to provide some level of proof that the other keys/passwords were controlled by third persons?
TrueCrypt offered cascading encryption - multiple passwords in succession in order to unlock.
And Shamir's secret sharing allows a secret/password to be broken into parts and shared among any number of people where some M of N threshold then unlocks. There was a service that helped do this (PassGuardian - main site down, only cache available) but I haven't seen an implementation that pulls off exactly what I'm talking about.
Anyway, it would be nice to outline a pathway to avoiding indefinite detention in these decryption cases so that, even if the tools don't exist right now, they could be built.
Not really sure if I'm on to something or just wasting your time :)
But sending in case there's something of value here.
Best, Chris
02016.06.21
EMAIL EXCHANGE BETWEEN MYSELF + DAN TERZIAN - Part II: Second Exchange
Hi Chris. Are you interested in co-authoring a short law review article (maybe 5-10 pages) on using multisignature technology to thwart government attempts at forcing you to decrypt your device? You made a good point that this is an effective protection mechanism that nobody's written on, and I think it's a pretty useful idea that's worth writing about. As I see it, the article would basically comprise three sections: technological background and why it's needed; Fifth Amendment implications (the government shouldn't be able to force you to identify the other keyholders); and why multisignature technology keeps your data safe from the government (a court shouldn't be able to hold you in contempt for not decrypting). Dan
02016.06.23
Hi Dan,
Thanks for the email, I'm definitely interested in working on this.
Some work needs to be done on the technology side, basically multisig (as it's implemented in bitcoin) wouldn't work. I think it would need to be Shamir's secret sharing which allows a secret/password to be broken into parts and shared among any number of people where some M of N threshold then unlocks. There was a service that helped do this (PassGuardian - main site down, only cache available), but I haven't seen an implementation that pulls off exactly what I'm talking about. Not that we'd need a live service to make the point, but we would need to do some research/consult with some crypto people who have a better understanding of the password splitting options so that we get that aspect right.
I'm out of town on vacation this week, back in LA on Sunday, happy to meet up sometime next week or the following week if that makes sense.
Chris
02016.06.23
Awesome. Will scope these links.
Yeah, let's plan on meeting up. Maybe sometime the following week? We can sort out after you get back.
Looking forward to this. Dan
02016.06.29
Shamir's secret sharing is cool. I played around with it on a website; really awesome.
For this to work, I think two things are key: (1) the person being ordered to produce the decrypted data must not know the password (or otherwise be able to decrypt it on his own) and (2) the government must not be able to identify a person/company who could easily produce the data.
It also may make sense to implement on the OS level. Maybe a new Android version that has two disk partitions: one partition containing core apps/data that can be unlocked by the user, and another partition containing all other data that must be unlocked through multisig.
What's your schedule like next week? I'm down to grab a coffee on the West side and discuss. I'm free basically any morning or afternoon Tuesday through Friday (except late afternoon Tuesday and Wednesday).
Dan
02016.06.29
Hi Dan,
Next week is good for me (see my schedule below). Anywhere in Santa Monica or Venice would be great, but I can also move further east if that makes it easier for you.
In terms of the meeting that first condition, that the person being ordered to produce the decrypted data must not know the password (or otherwise be able to decrypt), I'm guessing they'd need to provide some evidence to support the claim that they don't know the password. It seems too easy to simply say: "I don't know the second password."
What evidence would be required in order to win over the court on this point seems like a critical issue. I don't know the law in this area well enough to make a guess at where that line would be drawn...
I like the idea of a layered approach, where the primary user has control over A-M, but needs a second password to unlock N-Q and perhaps a 3rd to unlock R-Z, etc...
Let me know what works for you next week. Looking forward to talking.
- Chris Tuesday: free from 10-2 Wednesday: I'm busy from 8-9am and 12-2pm Thurs: free after 9am Fri: all day
02016.06.29
Awesome. How about let's shoot for Tuesday at 10. I'm cool with Santa Monica or Venice. Maybe at Menotti's (Venice) or Elabrew (Santa Monica)? Just Yelp'd those, so if something else is better, name it. As for the evidence needed, the key is convincing the judge that you can't comply with the order. It may be enough to explain (in detail) the multisignature technology and how a second password is needed but is unknown. If necessary, I believe you could get derivative use immunity to prove why it's impossible (at which point you'd present the testimony of other keyholders). This is already coming up now in a couple forced decryption cases, where the defendant claimed to have forgotten the password. Obviously a bogus explanation in those cases, and the judges then jailed those defendants for contempt. I don't think there are any cases directly addressing what we'd be arguing. But there's a bunch of interesting cases involving offshore tax shelters that could be a starting point. In brief, those courts basically order the defendant to pay money from those offshore tax shelters. The defendant then essentially responds: "I can't. One term of the offshore trust is that if there's a 'state of emergency,' which is defined to include a court order directing me to pay money, I no longer have any control over the trust's funds. Instead that control belongs solely to the offshore trustee." Of the cases I've seen, the courts briefly confront the theoretical issue of whether this self-imposed lack of control could be enough for the defendant to avoid contempt (usually noting that it's a difficult question). But the courts ultimately leave it unresolved because they find that other evidence demonstrates that the defendant was still accessing and using money out of the trust, so he still had control. Dan
NOTE: Dan Shared a Google Doc: “Warrant-Proofing Data with Multisignature Technology”
02016.06.16
Email exchange with Brad W:
I'm co-authoring a paper on passwords and encryption, the kind of thing that was grabbing headlines a few months ago (FBI trying to decrypt the iphone of the San Bernardino guy). Anyway, as it stands now a court can order you to decrypt your computer (or a particular hard drive or just a file). And if you refuse to comply with that court order you can be detained indefinitely - there are people who have been held for multiple years for refusing to decrypt their computer. The court can't order you to provide the key, but they can order you to hand over a decrypted computer. Anyway, the theory of the paper is to distribute the key to more than one person. Then when the court asks you to decrypt it, you can plausibly say, "I can't" - then you can't be held in contempt. You could be asked to provide the identity of the other key holder(s), but it would also be possible to share the key with an anonymous person (where there's no real world identity on which to serve a court order). I wonder at the social value of an arrangement like this, does outlining a legal pathway to avoid contempt win us much? does it make the world better? worse? who the fuck knows. mostly I favor freedom, but it's not clear that's the right approach.
02016.07.05
Email to RGB - excerpt
“In other news, I had a meeting with some random lawyer who I had emailed a few months ago about the San Bernardino iphone case, asking about some system-level encryption idea I had. Now we're starting to write a paper about an idea I had, basically a way to still use full disk encryption and to avoid the likelihood of an indefinite (contempt-related) detention for refusal to decrypt. I'm both dreading that and excited about it..." ——
Potential Resources
https://www.usenix.org/legacy/event/lisa09/tech/full_papers/catuogno.pdf