Computer Encryption and Surrendering Your Password (merged)

HerrSchnaufer

HerrSchnaufer

Bluelighter
Joined
May 13, 2009
Messages
171
OK, so a friend and I are in his car, just turning around in the road (we were facing the wrong direction), and a police car sneaks up behind us. Follows us for a while (long enough to do a vehicle check and see that the owner has previous warnings related to cannabis, and was recently (last month) busted with 17 cannabis plants in his closet), and puts the lights on as we pull into a petrol station.

They tell us they've pulled us over because my friend pulled away a little quickly when he turned around. Of course, by this time they've had a snoop about and a smell in the car. Next thing, we're being given stop and search notices because the car smelt like what the police officer believed to be cannabis.

Thankfully, neither of us actually had anything substantial on us. My friend had various bits of paraphernalia - king skins, blunt wraps, empty baggies, he also had a set of scales he'd not used in the back, and because he's lost his wallet and practically lives out of his car, he had about £300 cash tucked away in a DVD case (of course this looks really bad, but it genuinely isn't linked to drugs at all).

So he's now been whisked off to the police station on suspicion of money laundering with possible drug links. I'm not too worried about that, the worst they can do him for is possession (and that's only if they can really be bothered to go to the effort of confirming the tiny trace amounts of cannabis in the baggies are infact cannabis), especially once they see that he's withdrawn the money from his bank account a few days prior, and has been spending small amounts since.

What bothers me is that in all of this, they've also seized my Macbook because there was "white residue" on the lid. Now, I do partake every now and again, but on the lid of my shiny new macbook? Fuck off. I don't even skin up on my macbook.

I've been told I'm allowed it back when they finish their investigation, and any subsequent investigations that may come of this one. I'm just curious as to whether anyone knows how long this sort of stuff generally takes? (I'm in the UK) Are we talking days, weeks, months? I'm sure they could prolong the process considerably if they wanted to, but we were both polite, considerate and cooperative throughout.

It's just so irritatingly pathetic. "White residue". Argh.
 
It all depends on how much of a dick they want to be but 6 months is not uncommon in cases I'm familiar with. Also you should be prepared for missing accessories, a cracked screen, deleted files or maybe your laptop won't even boot anymore. Police are not noted for being gentle or timely with suspect-owned evidence.
 
always always always encrypt your laptop. Whole disk encryption is best. A properly encrypted computer (with a good password) is basically uncrackable.

Look into Truecrypt. http://www.truecrypt.org (it's free!) but there are tons of other options too.
 
Sidenote: In the U.S., there is precedent for compelled decryption, meaning a judge could order you to unlock an encrypted computer. But keeping your data locked and private could still provide protection in instances where law enforcement is still looking for cause needed for such an order. In other words, if the police seized a computer only incidentally to an unrelated crime (like in the first post), there is a good chance a judge would require some additional evidence before ordering it to be decrypted. This means that protecting your computer before it was seized would have been a good thing.

As for the original question, I'm not sure how long it will take to get your computer back.
 
I recommend you change all your passwords, and delete any suspect e-mails you may have stored in any private e-mail accounts, in case they decide to snoop around through your webmail, Facebook, Bluelight, etc. looking for whatever they feel like. I believe UK law enforcement is legally allowed to 'hack' into accounts and computers without a warrant now, so it's always a possibility they will cyberstalk you if they think they're on to something.

When they do return your laptop, you should definitely format the drive and reinstall OS X. It's probably going to have a rootkit or other form of trojan horse malware installed.
 
Banquo said:
Sidenote: In the U.S., there is precedent for compelled decryption, meaning a judge could order you to unlock an encrypted computer. But keeping your data locked and private could still provide protection in instances where law enforcement is still looking for cause needed for such an order. In other words, if the police seized a computer only incidentally to an unrelated crime (like in the first post), there is a good chance a judge would require some additional evidence before ordering it to be decrypted. This means that protecting your computer before it was seized would have been a good thing.

As for the original question, I'm not sure how long it will take to get your computer back.
Click to expand...

And in the UK you're legally required to hand over decryption keys on demand or face prison, hope you didn't forget them.

http://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act_2000
http://cryptome.info/uk-cryptnot.htm
 
The UK law provides for a maximum penalty of two years in jail for failure to provide the decryption key(s), so it's up to the individual to guestimate whether the encrypted info will put him or her away for longer than that.

Of course, this doesn't help the truly innocent people who have actually forgotten their keys...
 
Criminals Busted Due to Unencrypted IMs?

So I know that encrypted e-mails can provide legal protection, but what about encrypted IMs? I've heard of people getting busted because of their texts/calls/e-mails, but what about IMs? Do they really need to be encrypted if one is discussing incriminating things?
 
^ Good question, IMO. I don't know the answer, unfortunately. I'd guess, yes.
 
Of course they need to be encrypted. Everyone should be using Off-The-Record messaging.
 
Bob, I would say in this day and age, it's best to treat ALL of your affairs as "private information," and maintain that stance with EVERYTHING you possibly can.

In a hypothetical scenario, in a possible future--where a judge may order you to give up an encryption key--you can then decide for yourself to do the two years (or whatever) for refusing to give up the key, or give it up and face the 10 to 20 for a crime that the decrypted information will net you.

The key here is: at least you will have a choice.
 
tobala said:
In a hypothetical scenario, in a possible future--where a judge may order you to give up an encryption key--you can then decide for yourself to do the two years (or whatever) for refusing to give up the key, or give it up and face the 10 to 20 for a crime that the decrypted information will net you.
Click to expand...

Fair point for sure. But it's worthwhile to know that OTR has: "Perfect forward secrecy - If you lose control of your private keys, no previous conversation is compromised."

http://www.cypherpunks.ca/otr/
 
Isn't there a way of encypting the file and getting a program to change it into something that no one can prove is an encrypted file?
 
^ Good questions and comments. I'm not on the cutting edge of encryption technology, that's what y'all are here for... :)
 
Thanks all :)

^^TrueCrypt (IIRC) can encrypt your harddrive with more than one partition, so if you are forced to give up a key, you can give up one that leads to a partition filled with embarrassing old lady, bbw, scat pr0n =D.

How can a judge order you to give up a key without violating your 5th Amendment rights though?
 
It's considered the same as forcing you to give up a safe combination. Which at least in the US is something you can be legally compelled to do, though I'm unsure of what caselaw supports it.
 
tobala said:
Bob, I would say in this day and age, it's best to treat ALL of your affairs as "private information," and maintain that stance with EVERYTHING you possibly can.

In a hypothetical scenario, in a possible future--where a judge may order you to give up an encryption key--you can then decide for yourself to do the two years (or whatever) for refusing to give up the key, or give it up and face the 10 to 20 for a crime that the decrypted information will net you.

The key here is: at least you will have a choice.
Click to expand...

Isn't it some unalienable right in the U.S. to never have to incriminate yourself?
 
In my country, IM conversations are frequently intercepted. They are rarely used as evidence though, usually they are used for intelligence gathering and setting up stings or searches or for getting warrants. Skype too has backdoors for governments from some articles I've read.

Encrypted data in itself can not be proven to be encrypted (unless the file format is thus identifiable). There are also ways of concealing it (steganography) or concealing one's ties with it (posting it on public places).

In the UK afaik there is a law forcing people to hand over encryption keys. In France and a few other EU countries too. But it is difficult to prove that a person knows a certain password and it can be made impossible to prove with some precautions.
 
You must log in or register to reply here.
Top