Is Decrypting Your Files for Law Enforcement Legal?

Rogerio Stefanoski

Commentary
update below of Federal Appeals 

Typically, you encrypt files for personal reasons. Maybe it's because you travel a lot, and don't want to risk someone ending up with your information, if you lose your device. Sometimes it's because you are holding sensitive information that can't be released. Maybe it's because you're a journalist and need to protect your sources identities, and anything else they may not want released.

The question though, should you be by law required to hand over the keys/passphrases to decrypt this information? 

Let's look over some basic citizen laws that are already in place.

The Fifth

This particular Amendment is a "silence" clause. It allows you to in-short "shut up." It also allows you to not give any evidence against yourself. In the situation that you are charged with a crime, you by law, should never have to provide any evidence that you don't want to. Even though this typically is not always used, most lawyers would agree to keep the "bad" things out as much as possible. That is another article though.

This particular Amendment is a "no private property should be used for public." In-short, and in this case, your encrypted files could be considered private. How? It has a password, first of all, and secondly the files are rendered unreadable which is clear enough to state they are meant to be private. 

Call me a "read between the lines" person, but this should mean that any thing on your computer that is encrypted, your online accounts (which have passwords), and practically anything else in your house should not be used within a case. If I'm wrong, then there are evidently tons of laws that are contradicting basic laws. (I've said that over half of the laws contradict previous laws, and most laws need to be revised to fit today's modern civilisation)

To build a successful case against someone, you need information. The information you obtain must indefinitely prove your point, and convince the judge or jury that whatever you say must be golden. However with what is going on with the laws, it's turned into a way to dive into anything you want to get whatever you want. Basically, you use whatever you can to make the other person look bad, even if it has nothing to do with the case (big tech companies do this all the time)

Sony did it with Hotz. Obtaining his information from various online outlets. Most (and I do) would call this invasion of privacy, and the invasion of privacy upon others. The accounts in-mind were used widely on the Internet, such as the YouTube video. All of the Internet Protocol addresses were supposedly collected - Tell me why the IP address I'm leasing from my ISP should be subjected to a case I am not associated with? (This is obvious abuse)

It's almost understandable why files would need to be decrypted for a case; Someone obviously wants these files to use against you, but who knows what else is in those files, right? It's not understandable that you should or could be "forced" to reveal those keys to access those files.

It's almost like saying your windows should not be tinted, others must be able to see you in your own car.


In other approaches, none of the above will apply if a judge decides to overrule. Some judges may be challenged afterward, but very few are.

Is there something I'm missing?


Feb. 24, 2012.

San Francisco - A federal appeals court has found a Florida man's constitutional rights were violated when he was imprisoned for refusing to decrypt data on several devices. This is the first time an appellate court has ruled the 5th Amendment protects against forced decryption – a major victory for constitutional rights in the digital age.

https://www.eff.org/press/releases/appeals-court-upholds-constitutional-right-against-forced-decryption

Some Information about Internet Censorship

There is a line that some may cross when dealing with Internet censorship. That line is reliance of ignorance, and not everyone is informed correctly.

The Protect IP Act, and Stop Online Piracy Act are dangerous bills, no doubt, but they also fail to mention some of the things that can be done if they were put into affect.

Domain Name System is a tough cookie, but not tough enough to crack. The World Wide Web works off asking what is where, who has what, and any one person or group can start one of these. The Dot Coms people use (or .ORGs, .NETs, etc) can easily be manipulated with a simple hosts file edit. It's practically no different than running a full blown server to compensate for the load difference (if you're hosting it for thousands of people).

Months ago there was talk about a decentralised DNS that could be polled via BitTorrent or some equivalent mark, on Torrent Freak. I'm assuming a D-DNS would work by only requesting and caching what the end-user wanted (or whatever the website they went to wanted). Not-so complicated?

iCANN (Internet Committee for Assigned Names and Numbers) is the most known and used address aggregator on the web. It's not the only one. The second one I'll speak of is OpenNIC. They run other "generic Top-level domain names" such as .geek. The reason you may not be able to access .geek when using an iCANN oriented network is due to iCANN not recognising OpenNIC's root servers. A slight form of censorship you may say, but only it isn't. This is the power of the web, the Internet. (Note, there is a huge difference between Internet and World Wide Web.)


How would you override a censored domain?

Get on-board with a network that does not filter it, or add the bare IP (Internet Protocol address) to your hosts following with the domain.tld. Typically, you don't need to do this, because well, it's already visible accordingly to your assisting (Domain) Name Servers.

There's also other routes, The Online Router network, among plenty of other proxy routes, but is that it? And is that the only way to override censorship?


This is a Hold-up! EVERYONE Move!

A large group of people could simply decide to hijack what part of the web there is, and branch their own network, at any given time. There's nothing anyone could do about it. because this is the anarchist system. People just happen to work together to bring what allows you to read this text.


It's all against the Law! (or could be)

However, if PIPA/SOPA were put into affect, we would never be able to have this universal approach to the Internet and World Wide Web. The Internet as a whole would not be able to receive the willfulness of information that is provided with it. People already work together to bring a synchronous network to you, that allows you to censor any part you want, at your local end.

Censoring at the global (national) level could cause serious damage. It could cause a lot of people who are not harming anything to be at fault. Damaging the structure of search engines, Internet service providers, web hosts, and in-general website operators. The Internet now, is an anarchist-democratic system.

If PIPA/SOPA: It would be in-reverse. Simple as. After reading all of this, which is a simple glance of the WWW/'net, I hope the loop has displayed the damage. No matter how universal, it could be against the law.

A Letter to Occupy

I've been watching you, communicating with you, and giving my opinions where I think I should, but I don't feel I've made my point(s) as clear as they should be. Several times have I seen mistakes being made, some of any Occupy cannot help. There are however tons of mistakes that could be avoided.

Media attention is an important thing for a protest, or any type of political event. How else are people going to know about what you're doing? Stop turning it away, and stop trying to direct it in your manner - It'll never work. It's very important to have an update system, but it's not important that you have a team that manages this. While having media team to walk around the camps, broadcast feeds, etc it is indefinitely not important for you to try to spawn your own media agency.

News syndication is the most notable thing when dealing with material. Stop attempting to shut down these syndications. It's a bad thing if a news source or blog speaks bad about you, but that doesn't mean they shouldn't be allowed to do this. You're still getting attention whether it's good or bad. I'm sure there's people out there that would willingly correct any errors, and report in a more unbiased state. Let the media ninjas and sharks do their jobs.

Take major action. Some Occupy have worked together to go to council meetings, file lawsuits, and much more. This just isn't a physical protest, but also a paper protest. Do both, not one - Else everything you're doing is a waste.

I'm not telling you to give your demands now, but it's evident at what people want. More jobs, more jobs within the U.S., bankers prosecuted, tax holes fixed, and so-on, but you really need to push this material to paper, too. It's not as if anything is failing with the protest, but paper, petitions, TV commercials, etc is all needed. If you want to fight the system, then use the system--it's already in-place.

While writing about it, calling some of the organizers, I notice that some of the Occupy organizers simply don't care to respond. Stop it! Respond to as many requests as you possibly can, or fix someone to do it for you. None-the-less, if one of the Occupy has a media team (that writes news, etc), then do so, and make sure you do plug other news sources (aka: syndication).

Occupy The Courts is already there, but what is going on? Let's get some information flying about, people contacted and outlets displayed.

Occupy Cincinnati has taken legal action, Occupy London has taken action, and there's others, but keep charging. It's winter, which makes it difficult, but it does not stop all forms of protesting. 

Next is the undeniable circus ring. Parading around doing nothing makes you look stupid. It does. Not the Fox News stupid, the you don't know what you're doing and wasting peoples' time stupid. Get some objectives together, and get to it. Not all of Occupy are circus rings. Occupy DC had a bad start, and while it's still touchy if it was a ploy to make ODC look bad, it still needs to be noted that is not how you treat the press[1], regardless of that press' bias.



These are just some things that I wanted to get off my chest, and have it here so I did not have to keep repeating it.


[1] http://www.journalfive.org/2011/10/occupy-dc-get-away-film-guy.html

Anti-SOPA Recap

For January 18, 2012 many websites have participated  in the protest to oppose the Stop Online Piracy Act & Protect IP Act. The websites I've discovered are: Reddit, Imgur, Wikipedia, Google, HypeM, and there is probably thousands of others.

First up is Hype Machine. A music oriented website, that indexes music blogs. Many artists end up here, being discovered, shared, and sales generated. I can't speak directly for the sales, but I can imagine they pick up a heavy fan base. If SOPA was in-affect, this website would most likely not exist.

Next, Google. An arguably powerful search engine that has served billions of queries to billions of key strokes ('er, humans). The Google team wishes to index and display the web as it is, and not how we want it. Again, SOPA would destroy the structure of any search engine, not just Google's.

Wikipedia. A digital user-based encyclopedia. A free one at that. Used by millions, and edited by millions. Wikipedia serves pages about history, and current events, ranging multiple subjects. While they didn't pick out bits of the website to be blacked, they did lay-over a big notice. SOPA would be in huge conflict with the linkage.

GoDaddy, once siding with SOPA has changed their minds. They are now opposing it. If I could make a guess, I would say it is because they started losing some customers (money) over it, or benefit of the doubt they have realised how damaging the bill is.

NameCheap has been anti-SOPA.There's been several people I know that have been migrating their domains to NameCheap (affiliated) or another domain registrar of their choice.

The flip-side of SOPA, and cybertised protesting, other websites have not been promoting the Stop Online Piracy Act. Almost as if it's non-existent.



Yahoo, Microsoft, AOL, Twitter have not promoted any of SOPA, however SOPA is on the Trending list of Yahoo, as-well as various hashtags on Twitter.




People have been going on about this for a year or more, but in the last week it has been flared up consistently. This is good, due to the awareness it'll hopefully receive more bad attention, and shifted out for the already existent Digital Millennium Copyright Act.




http://support.godaddy.com/godaddy/go-daddy-many-other-internet-leaders-oppose-sopa-pipa/?ci=56582


Update, January 19, 2012: According to Ars Technica, eighteen senators now oppose PIPA.  Read more here: http://arstechnica.com/tech-policy/news/2012/01/pipa-support-collapses-with-13-new-opponents-in-senate.ars

Anti-SOPA Blackout Day

A few websites noted off hand will be participating in a blackout day (January 18, 2012), to publicly oppose the Stop Online Piracy Act. Websites include Reddit, Wikipedia, Imgur, and possibly others. If you know any, feel free to leave them in the comments. Journal Five will also be participating in the blackout.

Commentary

Opposing SOPA is everyone's best interest. There's no reason a company should be able to single handedly, without court procedure shut down a website, or any portion of a website, or disconnect a user's privileges of a website for the purpose of self-interest. While there could be people flying around posting Copyright materials, it's best if the DMCA is used.

Stop Online Piracy Act simply complicates this, or more-so overlaps it. It's no one's fault the DMCA may be ignored, but from my understanding the majority of the time it is not, and those that receive it follow it accordingly.

YouTube, being arguably one of the most active and used video platforms on the web is at major stake for such a law. Even though YouTube may have the technology to monitor videos, review reports, etc, this does not mean they can do it exactly when a video is uploaded, and respond within ten minutes to every takedown notice.

To the more serious concerns of these bills, news sites may be at risk for their reporting. The way I see it, is the news agency will be at risk for losing their website for the material they report, because someone may not want something published -- Contradiction? That's what news reporting is supposed to be--following behind ethics.



http://wikimediafoundation.org/wiki/English_Wikipedia_anti-SOPA_blackout
https://imgur.com/blog/2012/01/16/imgur-joins-blackout/

further (this is a detailed explanation. I encourage you to read it) :
http://blog.reddit.com/2012/01/technical-examination-of-sopa-and.html

So, back to the Opinions

I started Journal Five in-hopes to be able to display news in an unbiased manner, fulfilled with as much information as possible, at any angle. While I feel I've did that, I also feel that strong urge to comment (or give commentary) on the things I do cover. Whether it's first-hand, second-hand (relay) or whatever, it's very hard to not comment, because I feel so passionate about the things I do write about.

So today, I'm making it official that this is no longer labeled as a "news" source, but rather an outlet for "news commentary." But obviously the unbiased part will stick, but I'll still voice my opinion along with it.

Sprint Orders Removal of Carrier IQ

According to Geek.com Sprint has ordered OEMs remove Carrier IQ from all of its devices. Carrier IQ, which is an intelligence gathering, and diagnostics program that helps cellular carriers obtain various information about their customers' mobile devices. Included, but not limited to most used applications, how much memory the applications are using, call dropping, and any other metrics the cellular carrier may implement. However there has been lawsuits filed against HTC, and Samsung regarding the usage of Carrier IQ, that it was allegedly recording private information on the mobile device, and transmitting the private information.

The lawsuit filed followed with:

In mid-November, software developer Trevor Eckhart published a video blog illustrating the operation of the CIQ software recording keystrokes, including information sent to secure websites using HTTPS security protocols used in e-commerce and other security-sensitive sites. After Eckhart published his discovery and documents he found on CIQ’s website, CIQ accused him of copyright violations and threatened legal actions unless he capitulated to the company’s demands. The Electronic Frontier Foundation, a public-interest digital rights watchdog stepped in to defend Eckhart and CIQ later apologized to Eckhart and rescinded its demands. -- Hagens Berman

December 12, 2011 a document was released in response (PDF below) about the usage of Carrier IQ, and what cellular carriers may implement. It goes on to state that the data collected may vary depending on the agreements made by that Network Operator to the customer. 

Tutorials have surfaced revealing forcible ways to remove Carrier IQ from a mobile device on a customer's demand, while Sprint (at the time of writing this) have said they will be removing the software. Verizon spokesman Jeffry Nelson said they do not utilize Carrier IQ, however there are still other cellular carriers unaccounted for. AT&T has been noted to use the mobile intelligence and diagnostics program on a select number of devices, including their own called Mark The Spot. Mark The Spot, unlike Carrier IQ may be downloaded by the customer's choice, according to Phone Arena.

Carrier IQ, AT&T, Sprint, Samsung, and HTC have been discussing the usage and reach of the mobile software. U.S. Senator of Minnesota, Al Franken said he was "still very troubled by what's going on," according to Bloomberg.

To read further about the discussion (with documents) visit Bloomberg's article, http://www.bloomberg.com/news/2011-12-16/carrier-iq-response-on-privacy-falls-short-u-s-senators-say.html.

https://twitter.com/#!/VZWjeffrey/status/142387582951632896

http://www.phonearena.com/news/AT-T-uses-Carrier-IQ-and-its-own-tool-called-Mark-the-Spot_id24844

http://www.geek.com/articles/mobile/sprint-orders-all-oems-to-strip-carrier-iq-from-their-hardware-20111216/

http://www.journalfive.org/2011/12/carrier-iq-with-possible-illegal.html 

http://www.bloomberg.com/news/2011-12-16/carrier-iq-response-on-privacy-falls-short-u-s-senators-say.html

http://www.hbsslaw.com/newsroom/?nid=2143