Post Process

Everything to do with E-discovery & ESI

Archive for the ‘Encryption’ Category

Quantum Encryption: Cutting edge but far from Perfect

Posted by rjbiii on June 16, 2008

An interesting post on quantum encryption is found at arXiv. The post explains why quantum encryption is not bullet-proof:

Here’s one loophole. The security of quantum encryption schemes depends on our inability to make a copy of a quantum state. If that were possible, [the eavesdropper] could make a copy of the message and pass on the original without anybody being the wiser. But in the quantum world, copying anything destroys the original, so the sender and receiver can always tell if they’ve been overheard by examining the error rates in their message. If it rises above a certain limit, the line is not secure.
That would be pretty convincing were it not for our ability to make imperfect copies of quantum states without destroying the original. That’s a loophole that an eavesdropper can exploit to extract information from a quantum message without the sender or receiver knowing. It should work as long as Eve is careful to keep the error rate below the critical limit.

He then points to an outline of a quantum eavesdropper.

Posted in Articles, Computer Security, Encryption, Privacy | Tagged: | Leave a Comment »

Judge: 5th amendment extends to PGP Passphrase

Posted by rjbiii on December 15, 2007

Question: Is a PGP passphrase like a key to a filing cabinet, or is it more like an extension of the contents of your mind? Deciding the question determines whether or not a defendant can be compelled to reveal the passphrase. A Vermont Judge, U.S. Magistrate Judge Jerome Niedermeier, has made up his mind:

A federal judge in Vermont has ruled that prosecutors can’t force a criminal defendant accused of having illegal images on his hard drive to divulge his PGP (Pretty Good Privacy) passphrase.

U.S. Magistrate Judge Jerome Niedermeier ruled that a man charged with transporting child pornography on his laptop across the Canadian border has a Fifth Amendment right not to turn over the passphrase to prosecutors. The Fifth Amendment protects the right to avoid self-incrimination.

Niedermeier tossed out a grand jury’s subpoena that directed Sebastien Boucher to provide “any passwords” used with his Alienware laptop. “Compelling Boucher to enter the password forces him to produce evidence that could be used to incriminate him,” the judge wrote in an order dated November 29 that went unnoticed until this week. “Producing the password, as if it were a key to a locked container, forces Boucher to produce the contents of his laptop.”

Under the facts of the case, as reported in the article, it is hard to feel any sympathy for the defendant. Emotions aside, however, the issue has enormous implications for DA’s trying to collect evidence in a world that is ever more “virtual” in nature. More of our actions and deeds are recorded on some form of computer-based media than ever before. While I have personally decried the recent erosion of privacy rights, I have mixed feelings on this particular issue.

The ruling can be found here (pdf).
[HT: Slashdot]

Posted in 2nd Circuit, Articles, D. Vt., Encryption, Magistrate Judge Jermome J. Niedermeier, Privacy | Leave a Comment »

New U.K. anti-terror law used to demand encryption keys

Posted by rjbiii on November 15, 2007

A law billed by the British government as a tool for fighting terrorism has been turned against an animal rights activist, who has been informed that she must provide encryption keys so that police may decrypt files on her computer. If she fails to comply, she could face two years in jail. The twist in this story is that she claims that she never stored any encrypted files on her computer:

The contentious measure, introduced after years of consultation, was sold to Parliament as a necessary tool for law enforcement in the fight against organised crime and terrorism.

But an animal rights activist is one of the first people at the receiving end of a notice to give up encryption keys. Her computer was seized by police in May, and she has been given 12 days to hand over a pass-phrase to unlock encrypted data held on the drive – or face the consequences.

The woman, who claims to have not used encryption, relates her experiences in an anonymous posting on Indymedia.

[HT: Slashdot]

Posted in Articles, Document Retention, Encryption, Privacy | Tagged: , | Leave a Comment »

UK Government can demand decryption of data

Posted by rjbiii on October 3, 2007

So says a new article posted by Ars Technica. What happens if you don’t? Trouble.

New laws going into effect today in the United Kingdom make it a crime to refuse to decrypt almost any encrypted data requested by authorities as part of a criminal or terror investigation. Individuals who are believed to have the cryptographic keys necessary for such decryption will face up to 5 years in prison for failing to comply with police or military orders to hand over either the cryptographic keys, or the data in a decrypted form.

The max sentence is reserved for terrorism cases; all other cases carry a two year maximum penalty. There has, of course, been plenty of criticism:

The law has been criticized for the power its gives investigators, which is seen as dangerously broad. Authorities tracking the movement of terrorist funds could demand the encryption keys used by a financial institution, for instance, thereby laying bare that bank’s files on everything from financial transactions to user data.

There’s some irony present, as well:

Yet the law, in a strange way, almost gives criminals an “out,” in that those caught potentially committing serious crimes may opt to refuse to decrypt incriminating data. A pedophile with a 2GB collection of encrypted kiddie porn may find it easier to do two years in the slammer than expose what he’s been up to.

The intent of the law is, undoubtedly, valid. How it may affect companies’ decisions with respect to housing data within the U.K. will only be seen as events unfold.

[HT: Slashdot]

Posted in Articles, Data Management, Encryption, Laws, Trends | Tagged: | Leave a Comment »