Feeds

Feds unlock suspect's encrypted drive, avoid Constitution meltdown

Digital age plays havoc with 5th Amendment

Designing a Defense for Mobile Applications

Investigators have cracked the encryption key for a laptop drive owned by a Colorado woman accused of real-estate fraud - rendering a judge's controversial order to make her hand over the passphrase or stand in contempt of court irrelevant.

The government seized the Toshiba laptop from Ramona Fricosu back in 2010 and successfully asked the court to compel her to either type the key into the computer or turn over a plain-text version of the data held on her machine.

Her lawyer's argument that compelling her to hand over encryption keys would violate her Fifth Amendment rights against self-incrimination was rejected. Prosecutors offered Fricosu limited immunity in this case without going so far as promising they wouldn't use information on the computer against her.

The Electronic Frontier Foundation filed a brief supporting the defence in the case, arguing that Fricosu was being forced to become a witness against herself. District Judge Robert Blackburn refused to suspend his decision for the time it would take to convene an appeal. The regional 10th U.S. Circuit Court of Appeals refused to review his decision.

Fricosu was left with the stark choice of either coughing up her encryption keys by the end of February or risk a spell behind bars for contempt of court. Philip Dubois, Fricosu’s attorney, claimed that his client had forgotten the encryption passphrase.

The closely watched case set the scene for a legal showdown that would test the US Constitution's Fifth Amendment rights in the digital age. However the Feds handed the plain-text contents of the laptop to Dubois on Wednesday. It seems more than likely that the authorities had come across the right passphrase without Fricosu's forced assistance.

"They must have used or found successful one of the passwords the co-defendant provided them," Dubois told Wired.

Fricosu, and her ex-husband co-defendant Scott Whatcott are both accused of mortgage fraud.

The development comes days after a federal appeals court ruled in a separate case that a defendant did not have to hand over keys to decrypt a laptop drive believed to be storing images of child abuse. The ruling by the Atlanta-based US 11th Circuit Court of Appeals in the case of an unnamed Florida suspect upheld the defendant's right to resist forced decryption.

This was the first appellant court to rule on the balance between Fifth Amendment rights against compelled self-incrimination and the public interest in allowing police to potentially unearth evidence in criminal cases involved encrypted computers and storage devices. However the ruling is not binding in other regions, especially in the absence of a Supreme Court ruling on the issue.

The US Fifth Amendment holds that no one "shall be compelled in any criminal case to be a witness against himself". Supreme Court rulings have previously ruled that a criminal suspect can be compelled to turn over a key to a safe possibly containing incriminating evidence, but is not obliged to supply the combination of a safe to investigators. ®

Application security programs and practises

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.