Episode-830- Listener Feedback for 1-30-12 — 33 Comments


    Hi Jack,

    Here is a free encryption software that has a primary encrypted container and a hidden encrypted container for your files. You can use plausible deniability and only give the thugs the primary encryption while maintaining there is no other hidden encrypted folder.

      • TrueCrypt can use a hidden encrypted container within the main encryption container. If the courts force you to give up your password you can give them the main encryption password. They can not force you to give up your hidden encryption password because there is no proof you even have a hidden container. If they use the regular encryption password then they will find some documents which should not cause you harm.

        • There is no way to determine if there is a “hidden” volume using TrueCrypt’s “plausible deniability” feature– it is indistinguishable from empty space (i.e. pseudorandom data with high entropy.)

          However, to say that a court cannot force you to reveal itis incorrect. To deny the existence of the hidden volume would be perjury.

          Bottom line, talk to a lawyer, don’t take legal advice from a podcast comment. 🙂

        • That said I think the silver bullet defense here would be, “I don’t recall the key”. I think it would be all but impossible to prove otherwise. I am also beginning to feel the judge is wrong here. It isn’t cut and dry BUT the more I think about it being asked to “give the key” is being asked to give evidence. I think it is up to them to “cut the lock” not for you to open it for them.

      • I’d weigh my options. Is a contempt of court charge(for not recalling the password) better or worse that what they’ll find on the hard drive?

  2. To me this is a nope. If they want the data, they should have to be the ones to dig into it. If they have other evidence to hold the guy in jail, then they should do that, however, I think the 5th amendment fully applies here, and if they can’t afford a decent computer forensics specialist, then the crime probably isn’t worth it.

    • I agree. If the cops can’t force the guy to open the box and therefore resort to cutting it open, then they should have to “cut open” the encrypted hard drive too! If they don’t have the tools to do that, it’s their problem and they need to work on that!

  3. Jack,

    I used to be a cop. Your advice about dealing with the aftermath of shooting a bear differs from that which I give when advising others on how to deal with the aftermath of a justified use of force for self defense regardless if the force is directed against man or beast. My advice is to leave the area immediately and keep you mouth shut. DO NOT TELL on yourself. There is absolutely nothing you can tell a cop or game warden that will help you in ANY way. And if you find yourself facing those “hard questions” there is nothing you can say as well as a competent attorney can say it on your behalf.

  4. Regarding the 5th amendment issue I think that by requiring you to decrypt the drive it is a violation. Using your scenerio with the missing key, the responsibility for procuring the evidence falls upon the LEOs who eventually cut the lock. Applied to a digital drive, you maybe have “misplaced” the pass and it would fall upon the officers to “cut the lock” by their own devices.

    He could have also used an encryption software that wiped the drive after three incorrect password attempts 🙂

    • “He could have also used an encryption software that wiped the drive after three incorrect password attempts :)”

      Which would do absolutely no good whatsoever. Before any investigation into a digital data container is done, multiple COPIES are made first..for this VERY REASON. All work is done on the COPY, not the original. Yes, anything and everything on a digital storage device can be copied regardless of any type of encryption/copy-protection schemes used.

  5. Congratulations to the guy who was able to outsmart the system. Let him go until the prosecutors have sufficient evidence against him. Now could the court could do is keep the hard drive as evidence and continue to work on decrypting the hard drive? Eventually they should be able to get into it and then they can reopen the case. In the mean time the guy should be let go until they do have the evidence they need.

  6. Great show, Jack.

    A couple things:

    1. as mentioned above, truecrypt allows for multiple encryption levels to be created. They “market” the software to people who travel to not-so-friendly areas of the world where someone finding their encrypted information would be very bad, even deadly. The tactic is to have enough information in the “public” encryption area that the thugs/authorities/bad guys will be satisfied by what they find.

    2. as a Google user, I regularly use mail, reader, calendar, youtube, etc. I have just started using Ghostery and Disconnect to block cookies and trackers. The level of segregation of Google services has become very evident. I have to log into every service every time I visit a Google service. I can see why Google is moving to aggregate these services, but the mechanism is still through a locally stored cookie which I will continue to block. This means that I will probably not see any “improvement” in my access to Google services.

    3. I used to download everything from my email server to my local PC, which is great until you loose a hard drive or change ISPs. After changing jobs and locations several times, I moved completely to web based email services which saves me a lot of hassle when I need to see an email from a couple years ago.

    Now with concern to any added security of downloading your emails and deleting from the server, this is completely false. The moment your email lands on your server, it WILL be recorded and maintained in backups and logs for the limits of DARMA requirements. The ONLY way to avoid a digital finger-print is to avoid the digital world. This is pretty much impossible for pretty much all of us, except maybe if we exist online under a pseudonym as Richard Stallman would suggest. Alternatively, if you could find an email service that completely purges their logs and storage periodically, that would be the way to go, but I doubt even they would completely erase all your emails and information.

    For my part, I am torn between cutting completely from the internet and resigning to the fact that the world around us wants as much control over my life as it can manage. For all the advances in technology, we are still stuck in the old feudalistic, authoritarian systems of old. The more things change, the more they stay the same.

    Stay safe, keep telling us how it is.


    • @Drew, I bet you are an IT guy, LOL. You are wrong about DARMA from my understanding anyway. This is about being required to store employee emails for US companies. Not about ISPs saving email.

  7. Congratulations to the guy who was able to outsmart the system. Let him go until the prosecutors have sufficient evidence against him. Now could the court keep the hard drive as evidence and continue to work on decrypting the hard drive? Eventually they should be able to get into it and then they can reopen the case. In the mean time the guy should be let go until they do have the evidence they need.

    • If by “eventually” you mean “a few hundred million years after our sun goes dark” then yeah, they will crack the encryption “eventually.” (Obviously, I’m being facetious, this is how long it would take with 100 modern computers, but with Moore’s law on your side you might be able to do it in a fairly short time– at least in geological terms.)

      Decrypting modern cryptography without access to the key is computationally infeasible if appropriate key sizes and cryptographically random keys are used.

  8. Right on about Iran. Please, lets NOT go have another wild goose chase for weapons of mass distraction in the sand again. Here the military hasn’t even hardly shook the sand out of the last 10 year CF and already the chicken hawks and neocons want another war.

  9. Because the disc is so well encrypted, then doesn’t that fact present as stronger evidence that, if something is found, it MUST belong to the key holder?

    Compare to the locked box, someone might present the possibility that something was “planted” as a defense, but if the lock is “perfect”, then that defense becomes tenuous.

    I would say that from a legal stance, that is at least one issue with providing the encryption key…

  10. About the 3-year rule:

    It’s a bit of a misunderstanding that any business HAS to show a profit every 3 years.

    The real rule is that you must have an intent to have a profit or else the IRS may treat you as a hobby (which changes how you can get certain deductions). But it can be difficult to prove “intent”.

    So the IRS has this rule where if you show a profit every 3 years, then that is enough to demonstrate the sought-after “intent.”

    SO…in the mind of many people you MUST show a profit every 3 years, but that’s not really true, there is a bit more to it and there are other ways to demonstrate intent.

    If you truly have a business plan and want to understand how to plan your business in consideration of taxes, you should really consult with a practicing CPA and/or tax lawyer.

  11. This is for the gentleman who’s looking for a bear capable sidearm. EAA makes their Witness line in 10mm and it’s available in both steel and polymer frames. I think the Witness line is one of the CZ-75 clones so the gun is probably close to what he’s familiar with.

    As far as ammo I’d suggest something from Corbon, Buffalo Bore or Double Tap. It looks like they all make suitable loads.


  12. Anyone who wants to know more about the Iran issue should checkout the film “Iranium.” Israel WILL use force to prevent Iran from becoming a nuclear power and at that point USA will be at war with Iran because we’re their ally.

  13. Jack,

    Once again your comments on the expense of electric baseboard heaters has me questioning the availablity of “off-peak” programs through your electric utility?

    At my co-op, we offer exceptional rates for interruptible electric heat. The cost to operate is much cheaper than propane or fuel oil and mostly equal to natural gas. Something for listeners to keep in mind!!

  14. Is there a email client or service that has built in encryption? I used to use PGP with Claris Emailer back in the day on my mac. It was a pain because everyone had to use it for it to work. Would be nice if it was part of the protocol and everyone could use it.

  15. I have read some of the responses here with regards to potential 5th Ammendment violations here and I have to respectfully disagree with some of the comments.

    I don’t see where having to provide a key to a computer for access WITH a warrant is any different than having to allow police access to your home or car with a warrant. That’s especially true if there a items that are specifically laid in the warrant like there is supposed to be. If the warrant SPECIFIES access to the computer and its files, then the owner must grant full access.

    The same arguments for 5th Ammendment protection against compelled self-incrimination have been tried involving drunk driver cases in which breath/blood/urine samples were obtained. I have also seen cases where it was argued that obtaining DNA samples from a suspect was also a violation. What these defendants and their attorneys argue is that without this evidence (the suspect’s biologicals) then prosecutors would not have a case.

    Just some food for thought.

  16. And I hope all of you using TrueCrypt, or the built-in encryption in Windows or Mac OS X, or Linux dm-crypt, are aware that ALL are vulnerable to a cold boot attack where the machine is rebooted and the memory dumped using a special boot device (like a USB key). It’s then trivially easy to find the encryption key searching through the memory dump.

    Not only that, but memory reliably holds its contents for 30 seconds to a few minutes after power off. So even if booting off USB is disabled, the memory can be inserted into another machine and dumped. This can be extended to an hour or so by cooling the memory down to -50 (use a can of compressed air on it).

    If you’re concerned, keep your machine off or in hibernate. Sleep keeps the memory alive and counts as on.

    There exists two kernel patches for Linux that avoid the key-in-memory attack by keeping the decryption key inside the CPU only (it never gets passed out to RAM once read). The better is TRESOR but it’s not supported on all CPUs. On the CPUs it doesn’t support, Loop-Amnesia. is available. Both require recompiling the kernel, and I’m not aware of any distribution that supports them out of the box, so I would categorize them for advanced users or aspiring spooks only.

    And of course, all encryption setups are vulnerable to the $5 wrench.

  17. Pingback:Episode-830- Listener Feedback for 1-30-12 | U.S. Survival News

  18. Jack,

    I am glad you addressed the issue of Iran. I am kind of a bit freaked out about it and I am surprised a little that there are so few other comments on here about it. I am not sure it even has gotten alot of attention on the forums.

  19. My view….

    They have a warrant, they can search the hard drive. It’s encrypted, they can crack it.

    But forcing the owner to turn over the key I believe is violation of the 5th.

    I like your idea of the key. I think the way to do it is to have a passcode in addition to the key. Enter passcode and the files are decrypted. Enter the passcode in reverse, and the data is erased.

    In fact, I was discussing this with a co-worker. And how ATMs should allow you to enter a reversed PIN number. If you use your reverse PIN, the bank ATM will function as normal, provide the cash, and act as a normal ATM with one exception. A call immediately goes to 911 alerting police to respond.