Local What if one passphrase decrypted many files/computers? What if the decryption pointed to more encrypted files “in the Cloud?” Where does this end?
Prosecutors Demand Laptop Password in Violation of Fifth Amendment
July 8, 2011 by Dissent
The Electronic Frontier Foundation (EFF) urged a federal court in Colorado today to block the government’s attempt to force a woman to enter a password into an encrypted laptop, arguing in an amicus brief that it would violate her Fifth Amendment privilege against self-incrimination.
A defendant in this case, Ramona Fricosu, is accused of fraudulent real estate transactions. During the investigation, the government seized an encrypted laptop from the home she shares with her family, and then asked the court to compel Fricosu to type the password into the computer or turn over a decrypted version of her data. But EFF told the court today that the demand is contrary to the Constitution, forcing Fricosu to become a witness against herself.
“Decrypting the data on the laptop can be, in and of itself, a testimonial act — revealing control over a computer and the files on it,” said EFF Senior Staff Attorney Marcia Hofmann. “Ordering the defendant to enter an encryption password puts her in the situation the Fifth Amendment was designed to prevent: having to choose between incriminating herself, lying under oath, or risking contempt of court.”
The government has offered Fricosu some limited immunity in this case, but has not given adequate guarantees that it won’t use the information on the computer against her.
“Our computers now hold years of email with family and friends, Internet browsing histories, financial and medical information, and the ability to access our online services like Facebook. People are right to use passwords and encryption to safeguard this data, and they deserve the law’s full protection against the use of it against them’” said EFF Staff Attorney Hanni Fakhoury. “This could be a very important case in applying Americans’ Fifth Amendment rights in the digital age.”
For the full amicus brief: https://www.eff.org/files/filenode/us_v_fricosu/fricosuamicus7811.pdf
[From the brief:
Neither the Encryption Password Nor the Decrypted Contents of the Laptop Is a Foregone Conclusion
The good news: Credit card numbers were encrypted. The bad news: Passwords apparently were not.
Kiplinger Warns Customers Hackers Got Account, Credit Card Information
July 8, 2011 by admin
Michael Riley reports:
Kiplinger Washington Editors Inc., the publisher of Kiplinger’s Personal Finance, is warning customers that account data, including credit card numbers, was stolen on June 25 by hackers who breached its computer network.
Doug Harbrecht, the company’s director of new media, said the attackers stole user names, passwords and encrypted credit card numbers from as many as 142,000 subscribers to the magazine or the company’s various newsletters, including the Kiplinger Letter.
Read more on Bloomberg.
Note: It took me a while, but I found their FAQ on the breach. Bloomberg’s coverage isn’t wholly accurate, perhaps, as the FAQ indicates that Kiplinger’s discovered the hack on June 25. They don’t actually say when it occurred.
It is possible that a foreign power could compel their manufacturers to install spyware. It is also possible that a US company would limit their testing to confirmation of their requirements (i.e. not waste time looking for “extra” functions in the software or hardware.)
DHS: Imported Consumer Tech Contains Hidden Hacker Attack Tools
BY Neal UngerleiderFri Jul 8, 2011
A top Department of Homeland Security official has admitted to Congress that imported software and hardware components are being purposely spiked with security-compromising attack tools by unknown foreign parties.
… Supply chain security is a growing worry for both the federal government and business. According to White House documents, the executive branch is actively studying the risk of nation-states purposely installing sleeper, one-use attack tools in software and hardware components marketed in the U.S.
Some light summer reading...
"Surveillance or Security?: The Risks Posed by New Wiretapping Technologies is a hard book to categorize. It is not about security, but it deals extensively with it. It is not a law book, but legal topics are pervasive throughout. It is not a telecommunications book, but extensively details telco issues. Ultimately, the book is a most important overview of security and privacy and the nature of surveillance in current times."
Read below for the rest of Ben's review.
This could be useful
From Your Clipboard To Just About Anywhere: Sharing Files In One Click.to
… If you’re anything like me, you use the CTRL-C command a lot. What Click.to does is display an ‘action bar’ whenever you copy something to your clipboard – whether it’s a photo, text or an Excel spreadsheet – that enables you to share the file in question to a variety of social networking and other online services, or other Web-based and even desktop applications.
Head on over to clicktoapp.com and give it a whirl.