CO Judge Orders Defendant to Provide Unencrypted “Copy” of Hard Drive (Non-Copyright Infringment Case)

CO Federal Criminal Case

First off, this is not a Copyright infringement Case.  This order comes from a Colorado Federal Judge in a Criminal case for real estate fraud.  Here is the article – http://www.informationweek.com/news/security/encryption/232500386  The CO court did not tell the defendant to give up her password, just provide a copy of the unencrypted hard drive.  This was based on information that the hard drive actually contained evidence and not a fishing expedition. 

While I still have to read and review the details of this order, I believe this ruling will be appealed and fought at a much higher level.  The right against self-incrimination under the Fifth Amendment cannot be so easily trumped!  I believe the Supreme Court will be looking at this in the future.  Here is a recent article on the Supreme Court ruling that the use of a GPS tracking device on a suspect required a search warrant (not just the whim of an investigator or prosecutor)(http://www.computerworld.com/s/article/9223646/Supreme_Court_GPS_ruling_called_a_win_for_privacy?taxonomyId=144).  Not the same issue, but still a core one concerning our rights.

So What Does This Mean For These Copyright Infringement Cases? 

Besides being a criminal case (not a civil one), this order only came after a full investigation, court authorized searches, and forensic analysis.  None of these are even close to the copyright infringement cases brought by the Trolls.  The only forensic examination I know of for these cases was from a “consent to search” obtained by a Troll in a CA case (https://dietrolldie.com/2011/12/14/named-defendant-in-prenda-law-inc-boy-racer-inc-case-211-cv-03072-mce-kjn-eastern-district-of-ca-ammended-complaint/).  We are slowly advancing to “some” named Does and the Trolls are continuing to say they are going to a full trial.  This is more Troll BS in my opinion.  As Rob Cashman stated in his Blog, when it comes to a deposition (happens before the trial phase), that opens the door for the Trolls “experts”  and methods to be deposed also.  This is going to open “Pandora’s box” for the Trolls and they know it.  Saying that, I want to go over a wonderful piece of software I have mentioned in previous posts – TrueCrypt.

“Well if the court is going to possibly make me provide an unencrypted copy of my hard drive, why use TrueCrypt?”

One feature of TrueCrypt is the ability to create a hidden volume.  This hidden volume is located within a standard TrueCrypt volume – AKA: “A dream within a dream” OR “Plans within plans.”  When I first read about hidden volumes years ago, I thought it was a really good option for people living in countries run by repressive governments.  I never thought it would be something to really consider using in the US. 

The idea being you first create a standard TrueCrypt volume on your computer.  It can be an entire hard drive or just a TrueCrypt file.  Once the primary TrueCrypt volume is created, you create a smaller hidden TrueCrypt volume  within this one.  This smaller hidden volume does not have a detectable signature – it looks like random data. 

Once the TrueCrypt volumes are created, you place all your sensitive files (Tax files, financial data, medical records, private pictures & movies of you and the wife (wink wink 😉 , etc.) in the “Known” volume.  In the hidden volume you now place any extremely sensitive files.  After adding your files to these volumes, you “dismount” the volumes until you need access.  What this hidden volume gives you is “plausible deniability.”

Plausible Deniability

Here is an example.  An adversary is looking at your system and they see you have TrueCrypt installed.  They may even determine which files and/or drives are TrueCrypt volumes.  This adversary forces you to open (unencrypt) the TrueCrypt volume.  They now see all you private information in the known TrueCrypt volume.  But they can’t see the hidden volume.  “But can’t a forensic examiner find the hidden volume????”  NO.  There is no indicators that a hidden volumes exists within the known volume.  The unused area within the known volume appears as  random data.  You have complied with the adversary and can plausibly deny any wrongdoing. 

Now I know some people are going to say, “what are you hiding?” & “what are you afraid of?” I love the line that if you are not doing anything wrong, you have nothing to fear.  What a load of crap!  Please tell me why our founding fathers wrote the Bill of Rights? – Nice TechDirt article on the matter.

– It is because our history has shown over and over again that abuses of power do occur and will occur again.  The Trolls are abusing the courts by filing these mass John Does cases under the claim of protecting the rights of copyright owners.  This is not an effort to protect anyone, it is a business model to generate as much money as possible regardless if the public IP address owner did anything. 

DieTrollDie 🙂

“Some ships are designed to sink…others require our assistance.”

Check this out if you come and go across the US border – https://www.eff.org/wp/defending-privacy-us-border-guide-travelers-carrying-digital-devices

About DieTrollDie

I'm one of the many 'John Does' (200,000+ & growing in the US) who Copyright Trolls have threatened with a civil law suit unless they are paid off. What is a Copyright Troll? Check out the Electronic Frontier Foundation link - http://www.eff.org/issues/copyright-trolls
This entry was posted in Encryption and tagged , , , , , , , . Bookmark the permalink.

8 Responses to CO Judge Orders Defendant to Provide Unencrypted “Copy” of Hard Drive (Non-Copyright Infringment Case)

    • DieTrollDie says:

      No I have not read this one. I will read and provide comments. Thanks

      DTD 🙂

    • DieTrollDie says:

      OK. Long but good read. On 23 Feb 12, the 11th Circuit Court of Appeals filed the following ruling –

      “We hold that Doe properly invoked the Fifth Amendment privilege. In response, the Government chose not give him the immunity the Fifth Amendment and 18 U.S.C. § 6002 mandate, and the district court acquiesced. Stripped of Fifth Amendment protection, Doe refused to produce the unencrypted contents of the hard drives. The refusal was justified, and the district court erred in adjudging him in civil contempt. The district court’s judgment is accordingly REVERSED. SO ORDERED.”

      So the Government basically errored in NOT giving this defendant enough immunity for decrypting the hard drives. If they would have done this, then the forced decryption of the hard drives (and his contempt charge for failing to do this) would have been fine.

      The court also made it clear that the “act of production” (producing the unencrypted hard drives) did have testimonial aspects and thus required immunity IAW the 5th Amendment.

      I bet the Government will now correct its error and give this defendant the proper immunity and try to get him to decrypt the hard drives.

      DTD 🙂

  1. Daniel says:

    I know it is not your primary focus, but do you think that the Fifth Amendment, Truecrypt and government immunity could come into play in a civil copyright case?

    You can also plead the Fifth in a civil copyright case, and the plaintiff can’t promise you any immunity from criminal prosecution.

    If it is a criminal copyright case, the government may compel me to decrypt, if it grants me immunity, but a civil plaintiff can’t grant me immunity under 6002.

    So what hhappens if a civil plaintiff discovers that I have an encrypted partition, and I plead the Fifth Amendment right against self incrimination because my testimony may incriminate me in another criminal proceeding?

    If the quantity of proof is only that an IP address might have shared plaintiff’s copyrighted work, it would seem that the plaintiff could neither benefit from the foregone conclusion exception nor overcome the Fifth Amendment by promising me any immunity.

    • DieTrollDie says:

      Interesting questions. I have some thought/views on this and will get back to you – another task is at hand. 🙂

      DTD 🙂

    • DieTrollDie says:

      As far as the 5th Amendment, you can invoke it in a civil case, BUT a negative inference can be drawn from the silence (i.e. Prenda law crew in Judge Wright’s court). Plaintiff would simply point out that a person has an encrypted partition on the hard drive and will not disclose the contents or simply state what is it it. Based on the other evidence they will present, they will say the partition holds the evidence. As the person is holding their tongue, they can’t saying anything to counter this.

      What a Plaintiff can do is make an agreement with a person – full disclosure of information for a dismissal with prejudice and a promise of no further actions. There of course would need to be a good reason for such a deal. Prenda tried this with one of the Does in the Lightspeed hacking case – the benefit was getting the Doe to agree to release all BT data, as well as helping Prenda get a GIANT subpoena for thousands of ISP subscribers.

      Criminal copyright infringement is a possibility, but IMO it is HIGHLY unlikely. It would have to be brought by a Federal US Attorney. From my limited knowledge and experience with US Attorneys, they would never take a one of these cases. US Attorney have limited time/efforts to spend on real investigations. They also have a certain threshold for taking a case, such as significant monetary loss (Not Bogus Copyright loss claims), significant public safety issues, or significant public/political concern/interest. IMO a US attorney taking such a case would be a public affairs nightmare.

      As the burden of proof is lower in a civil case, I don’t think I would easily take the 5th Amendment route. It has its place, but I would be very careful.

      DTD 🙂

  2. Daniel says:

    Thank you, also my take.

    In A criminal case, Griffin v. California limits the negative inferences which can be drawn from a defendant’s exercise of his Fifth Amendment right against self incrimination.

    Do you think that a parallel due process based argument might be successfull in a civil case wherein the evidence for the troll’s allegation is near zero – namely that you have invoked your Fifth Amendment right or that you possibly might be hiding something?

    I think of a case in which the troll only has an IP address+encrypted/random data partition+the fact you have invoked the Fifth.

    If the evidence for infringement is otherwise near zero but your still get an adverse civil judgment because you have invoked the Fifth Amendment it’s a further problem because in order to defend yourself against the troll, you must waive your shield against criminal prosecution for copyright infringement which as far I remember has a five years statute of limitation.

    The immunity the government must grant to overcome the Fifth Amendment is very broad, and data found on the computer might incriminate you in a lot of settings and copyright infringement is the least of my worries.

    But the government must not grant you immunity if it’s already a foregone conclusion.
    If you have already let the cat out the bag and not pled the Fifht in the civil case, the feds or any local or state government could later use the data to incriminate you for any crime.

    If you have already admitted to the testimonial aspects regarding custody and possession in the data found on the computer in the civil case, can you later invoke the Fifth Amendment or will the government simply argue that it’s too late because it’s a foregone conclusion?

    • DieTrollDie says:

      I’m no lawyer, but I don’t think that would help in a civil case. The amount of negative inference from invoking your 5th Amendment rights in a civil case will depend on the Judge/jury and their feelings/belief based off all the testimony and evidence up to that point. I think Judge Wright was very clear in his belief from Prenda taking the 5th.

      For your scenario: IP address recorded/encryption/taking the 5th, IT will depend greatly on the Troll lawyer and what he presents/claims. If the troll makes no claim except that they recorded your IP address and that you have an encrypted part of the hard drive, I think that would be a hard sell on their part. Most Trolls (and especially Malibu Media/Troll Lipscomb) are going to bring out anything and everything that even vaguely looks bad or questionable for the Doe. They will make the point that they tried to contact the Doe and get their side of the story, but the Doe wouldn’t even state he was innocent. They will see if they can tie the Doe to any of the other files (non-Plaintiff movies/files) that were being shared via BT. Example: They find multiple eBooks on computers and system administration and the Doe works as a system administrator OR The Doe is from a Brazil and they find multiple Braziian TV shows/Movie being shared, etc.). They may even send an investigator to do some WiFi sniffing around the Does’ residence to see if they is any “Open” WiFi connections. A finding of NO open WiFi will be claimed to show that the Does’ WiFi was password protected and thus was likely him. They will also present experts that say the chance that someone hacked the Does’ Internet connections is extremely slim.

      For a civil case (preponderance of evidence standard – 51%+), all the Troll has to do is paint the picture that it is MORE likely that a Doe did it – nowhere near “beyond a reasonable doubt.” Couple this Troll paint-job with the fact that a Doe invokes the 5th and it isn’t too hard to reach that standard. Note: Prenda kind of tried this (Hatfield case) and the judge slapped them down for being idiots and making weak-ass claims. What the Troll paints has to make some sort of sense.

      I believe a Doe can invoke the 5th at any time, even if they have previously said things. The previous statements will of course be used against the Doe. I wouldn’t even worry about a possible criminal case ever being brought against a Doe that only non-commercially infringed copyrights. Now if you were making and selling tens of thousands of bootleg DVDs (10K DVD at $10 = $100,000), there is a chance a AUSA might be interested – and if the MPAA made a hard-sell campaign.

      DTD 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s