Judge: Americans can be forced to decrypt their laptops [Archive] - Glock Talk

PDA

View Full Version : Judge: Americans can be forced to decrypt their laptops


TBO
01-24-2012, 03:04
http://news.cnet.com/8301-31921_3-57364330-281/judge-americans-can-be-forced-to-decrypt-their-laptops/

Oso
01-24-2012, 04:00
So what's the worst consequences if you refuse to decrypt? I guess you would have to decide if what you have encrypted is going to get you more or less time in the pokey.


Outdoor Hub mobile, the outdoor information engine

Booker
01-24-2012, 12:51
Blackburn can get stuffed!

CitizenOfDreams
01-24-2012, 13:44
It must be maddening for the law enforcement to have citizens who can hide something from them.

Chad Rogers
01-24-2012, 13:52
It's been so long I no longer remember the password. And, of course, I never wrote it down as a backup.

holesinpaper
01-24-2012, 16:46
Encrypt whole drive with Truecrypt, and create a hidden volume.

http://www.makeuseof.com/tag/create-hidden-partition-truecrypt-7/

http://www.schneier.com/blog/archives/2008/07/truecrypts_deni.html

TBO
01-25-2012, 02:38
It must be maddening for the law enforcement to have citizens who can hide something from them.
What about Criminals hiding something?

Oso
01-25-2012, 04:08
What about Criminals hiding something?

As long as there is a law against it, criminals won't hide anything. Eh?


Outdoor Hub mobile, the outdoor information engine

Misty02
01-25-2012, 05:38
I dislike the idea of criminals getting of a technicality, yet I see little difference in a person that uses the 5th amendment to not incriminate themselves by not providing statements that would later be used against them and not providing a password to access information that can later be used against them. My impression of the amendment is the idea of getting the accused to participate and assist in building a case against them. <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>
<o:p> </o:p>
I don’t like it one bit if it helps a dangerous person avoid justice, but I understand how one should not be expected to help authorities to build a case. <o:p></o:p>

.

CitizenOfDreams
01-25-2012, 07:40
What about Criminals hiding something?

If you had the proof of their crime, you wouldn't be so eager to read the data from their laptops. So we should use the word "suspects", not "criminals" at this point.

Misty02
01-25-2012, 16:00
If you had the proof of their crime, you wouldn't be so eager to read the data from their laptops. So we should use the word "suspects", not "criminals" at this point.

Naaaaa, many are criminals regardless of the amount of evidence that can be gathered (and is admissible) and what is proven in a court of law. There are criminals out there that have evaded justice and continue to harm others, lack of a conviction doesn’t change what they are it just changes what the courts/law can call them.

.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>

Sgt127
01-25-2012, 16:08
Texas Penal Code:

§ 37.09. TAMPERING WITH OR FABRICATING PHYSICAL
EVIDENCE. (a) A person commits an offense if, knowing that an
investigation or official proceeding is pending or in progress, he:
(1) alters, destroys, or conceals any record,
document, or thing with intent to impair its verity, legibility, or
availability as evidence in the investigation or official
proceeding;...
(c) An offense under Subsection (a) or Subsection (d)(1) is
a felony of the third degree.


If he refuses to divulge the password, is he not effectively concealing the evidence?

CitizenOfDreams
01-25-2012, 16:34
If he refuses to divulge the password, is he not effectively concealing the evidence?

If the accused produces documents that incriminate him, isn't it effectively "being a witness against himself"?

CitizenOfDreams
01-25-2012, 16:41
Naaaaa, many are criminals regardless of the amount of evidence that can be gathered (and is admissible) and what is proven in a court of law.

Me and you may call them criminals. The law enforcement may not call them criminals or treat them as such. Those are the rules. And, contrary to a popular opinion, those rules were not made to protect the criminals.

trashcat
01-25-2012, 16:52
A suspect has a safe, the prosecutors want to see the contents. The suspect says I will not assist you in gathering evidence against me by providing the combination.
The best safe cracker in town fails to open the safe, can he be forced to provide the combination?

Sam Spade
01-26-2012, 21:03
If the accused produces documents that incriminate him, isn't it effectively "being a witness against himself"?

I don't see how it's any more providing testimony against yourself than opening the door to your house when the search warrant shows up. The evidence is what's inside the house/laptop, not your having the key to the door. And if you're concerned that the jury will know you had the key, then we just won't tell them that.

Sam Spade
01-26-2012, 21:49
A suspect has a safe, the prosecutors want to see the contents. The suspect says I will not assist you in gathering evidence against me by providing the combination.
The best safe cracker in town fails to open the safe, can he be forced to provide the combination?

Yes. The 5th Amendment protects you against testimony. It's not a protection when you're subpoenaed to produce records, no matter how bad those records make you look. And in this case, the owner wasn't actually ordered to provide the key, she was ordered to provide the records stored in the safe. The exception is when there's doubt about the ownership of the safe/laptop and the records in it. That's not in play in this case; ownership isn't in question.

Related, from http://volokh.com/2012/01/24/encrytion-and-the-fifth-amendment-right-against-self-incrimination/
"If the police have a warrant to search the defendant’s office for documentary evidence of a criminal fraud and find a locked file cabinet, the warrant reaches the contents of that cabinet. Issues about: (1) “expectation of privacy” in a locked cabinet; or (2) “proof” of what the government believes is in the cabinet are now irrelevant issues. Whatever may be inside is reachable by the police because they already satisfied the Fourth Amendment and got a warrant. This is true even if the cabinet contains evidence of a wholly separate crime, like possession of child pornography."

CitizenOfDreams
01-26-2012, 23:27
And if you're concerned that the jury will know you had the key, then we just won't tell them that.

So, it would be a valid defence if the accused pleaded the Fifth in response to the question "Do you have the encryption key to the files on your laptop?"?

holesinpaper
01-27-2012, 03:25
can he be forced to provide the combination?

Not yet. You can just get locked up. Give it another couple years and then they will be water boarding US citizens on US soil.

:whistling:

Misty02
01-27-2012, 04:33
Me and you may call them criminals. The law enforcement may not call them criminals or treat them as such. Those are the rules. And, contrary to a popular opinion, those rules were not made to protect the criminals.

Sometimes I wonder about that, personal knowledge doesn’t seem to support it. <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>
<o:p> </o:p>
Nonetheless, I do believe there is little difference in this particular instance, an individual being required to provide a password or to facilitate information that is encrypted would be no different than providing a statement that would incriminate themselves. Either way, it would constitute assisting the prosecution in building a case against them. If discovery of that information is obtained without the active assistance of the person, then that is a different story.<o:p></o:p>

.

Misty02
01-27-2012, 04:38
I can follow and understand this. I don’t like it, but you have made it make sense in my mind.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>

I don't see how it's any more providing testimony against yourself than opening the door to your house when the search warrant shows up. The evidence is what's inside the house/laptop, not your having the key to the door. And if you're concerned that the jury will know you had the key, then we just won't tell them that.

Yes. The 5th Amendment protects you against testimony. It's not a protection when you're subpoenaed to produce records, no matter how bad those records make you look. And in this case, the owner wasn't actually ordered to provide the key, she was ordered to provide the records stored in the safe. The exception is when there's doubt about the ownership of the safe/laptop and the records in it. That's not in play in this case; ownership isn't in question.

Related, from http://volokh.com/2012/01/24/encrytion-and-the-fifth-amendment-right-against-self-incrimination/
"If the police have a warrant to search the defendant’s office for documentary evidence of a criminal fraud and find a locked file cabinet, the warrant reaches the contents of that cabinet. Issues about: (1) “expectation of privacy” in a locked cabinet; or (2) “proof” of what the government believes is in the cabinet are now irrelevant issues. Whatever may be inside is reachable by the police because they already satisfied the Fourth Amendment and got a warrant. This is true even if the cabinet contains evidence of a wholly separate crime, like possession of child pornography."

Misty02
01-27-2012, 04:45
So, it would be a valid defence if the accused pleaded the Fifth in response to the question "Do you have the encryption key to the files on your laptop?"?

Interesting. That part would require a statement, unless you are told to provide the access required in the warrant and not asked if you have the key? I guess I would expect my lawyer to fight it by any means possible without actually lying and saying I don’t have the key?<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>
<o:p> </o:p>
.

steve1988
01-27-2012, 07:00
Couldn't they just hack it with brute force? I will admit that I am fairly ignorant in this area (and totally ignorant of her encryption program), but a program that systematically generates encryption keys should be able to crack it before the court case is resolved. Also, wouldn't hiring the company that developed the encryption software to break into the computer be more expedient? Please educate me if I am mistaken.

Either way, it is a very interesting question that has been posed to the court, and I must confess that I am very conflicted about it.

John Rambo
01-27-2012, 07:21
http://news.cnet.com/8301-31921_3-57364330-281/judge-americans-can-be-forced-to-decrypt-their-laptops/

"Okay, let me decrypt this right he - oh man, I'm so sorry. The hard drive is 0ing itself out. You had better take the battery out and stop it, because the UI is totally locked up! Oh, guys, I'm so sorry, I don't know what could have happened. It just be that damn opensource software I had on it to encrypt the hard drive. Go blame the software manufacturer, who explicitly disclaims responsibility for data loss!"

John Rambo
01-27-2012, 07:21
Couldn't they just hack it with brute force? I will admit that I am fairly ignorant in this area (and totally ignorant of her encryption program), but a program that systematically generates encryption keys should be able to crack it before the court case is resolved. Also, wouldn't hiring the company that developed the encryption software to break into the computer be more expedient? Please educate me if I am mistaken.

Either way, it is a very interesting question that has been posed to the court, and I must confess that I am very conflicted about it.

No.

Two things.

1) Good hard drive encryption is very secure.

2) The government is totally inept when it comes to technology.

Sam Spade
01-27-2012, 08:47
"Okay, let me decrypt this right he - oh man, I'm so sorry. The hard drive is 0ing itself out. You had better take the battery out and stop it, because the UI is totally locked up! Oh, guys, I'm so sorry, I don't know what could have happened. It just be that damn opensource software I had on it to encrypt the hard drive. Go blame the software manufacturer, who explicitly disclaims responsibility for data loss!"

"Don't worry. We made a bit-by-bit copy of the encrypted drive. Try again. But before you do, let us brief you on the penalties for obstruction, contempt and destruction of evidence...they seem to be higher than the possible sentence for the original offense. Weird, huh?"

John Rambo
01-27-2012, 08:58
"Don't worry. We made a bit-by-bit copy of the encrypted drive. Try again. But before you do, let us brief you on the penalties for obstruction, contempt and destruction of evidence...they seem to be higher than the possible sentence for the original offense. Weird, huh?"

"Whoops. Same thing happened this time, too! I guess you better hand it off to your HIGHLY TRAINED government IT staff, smokey. Or contact the software vendor. Or you can try to prosecute me over a computer glitch. Let me know how that goes for you."

TBO
01-27-2012, 09:21
http://i40.tinypic.com/2wpmm8p.jpg

John Rambo
01-27-2012, 09:25
^ Ah yes, TBO, the all-knowing troll of the Civil Liberties forum, who knows his highly trained and specialized law enforcement bretherin could best us in all situations, despite probably not being able to tell a RAID controller from a WLAN radio card himself.

TBO
01-27-2012, 09:35
http://i42.tinypic.com/20syhd1.png

CitizenOfDreams
01-27-2012, 10:16
Couldn't they just hack it with brute force?

No, and that's what drives them crazy. The usual tactics of busting the front door before the guy has time to flush his marijuana joint or to eat his 1970 nudist magazine does not work anymore.

steve1988
01-27-2012, 10:20
No, and that's what drives them crazy. The usual tactics of busting the front door before the guy has time to flush his marijuana joint or to eat his 1970 nudist magazine does not work anymore.

I was talking about the hard drive. I was assuming that they have a relatively substantial amount of time to work on the seized hard drive before the trial begins (extended because the defendant refuses to grant access).

ETA: A brute force hack attempts to input all possible key combinations systematically. The idea is that the algorithm will eventually "guess" the correct key. This is not a sophisticated system penetration (hence the "brute force" name, and the importance of the amount of time).

John Rambo
01-27-2012, 10:25
I was talking about the hard drive. I was assuming that they have a relatively substantial amount of time to work on the seized hard drive before the trial begins (extended because the defendant refuses to grant access).

ETA: A brute force hack attempts to input all possible key combinations systematically. The idea is that the algorithm will eventually "guess" the correct key. This is not a sophisticated system penetration (hence the "brute force" name, and the importance of the amount of time).

It won't work. The keys are simply too large and complex.

Sam Spade
01-27-2012, 10:28
"Whoops. Same thing happened this time, too! I guess you better hand it off to your HIGHLY TRAINED government IT staff, smokey. Or contact the software vendor. Or you can try to prosecute me over a computer glitch. Let me know how that goes for you."

You don't think the "I don't know" and "its not my fault" approaches haven't already been tried and shot to pieces in other proceedings? Your responses pretty well define "contempt of court"; don't even need to convince a jury on that charge...you'll have the judge smacking his gavel in nothing flat.

steve1988
01-27-2012, 10:28
Does anyone know how long the key actually is? That is very important for calculating how long a brute force algorithm would take to crack it.

John Rambo
01-27-2012, 10:31
You don't think the "I don't know" and "its not my fault" approaches haven't already been tried and shot to pieces in other proceedings? Your responses pretty well define "contempt of court"; don't even need to convince a jury on that charge...you'll have the judge smacking his gavel in nothing flat.

Fair enough. If thats all you've got, its probably preferable to letting you have the hard drive. I'd have my lawyer filing a writ of Habeas Corpus before I was in orange.

John Rambo
01-27-2012, 10:32
Does anyone know how long the key actually is? That is very important for calculating how long a brute force algorithm would take to crack it.

You're saying, "The key" like its one key in one algorithm for everything. Its all variable. Which encryption algorithm are we talking about?

Agonizer
01-27-2012, 10:33
What about Criminals hiding something?

The price of freedom, IMHO.

Outdoor Hub mobile, the outdoor information engine

CitizenOfDreams
01-27-2012, 10:36
ETA: A brute force hack attempts to input all possible key combinations systematically. The idea is that the algorithm will eventually "guess" the correct key. This is not a sophisticated system penetration (hence the "brute force" name, and the importance of the amount of time).

The keyword is "amount of time". The number of key combinations in a strong encryption scheme is too high for a brute force attack. It would take an unpractically long time to try them all.

Encryption schemes eventually become crackable when computers get fast enough, or when vulnerabilities/backdoors are discovered. But at the current level of science and technology, a good encryption scheme with a strong password is non breakable by brute force.

steve1988
01-27-2012, 10:38
Caveat: I am not very well-read on this subject.

As I understand it, an algorithm is a method for solving a problem. A brute force key generating algorithm would generate and input keys that fit the parameters of the program (e.g. 16 character key consisting of at least two lowercase letters, two uppercase letters, two numbers and two special characters). In other words, the algorithm would "guess" passwords until the correct one was "guessed." Forgive me and educate me if I have erred in terminology or concept.

ETA: Saw your reply and appreciate the info. I like to learn.

John Rambo
01-27-2012, 10:40
Caveat: I am not very well-read on this subject.

As I understand it, an algorithm is a method for solving a problem. A brute force key generating algorithm would generate and input keys that fit the parameters of the program (e.g. 16 character key consisting of at least two lowercase letters, two uppercase letters, two numbers and two special characters). In other words, the algorithm would "guess" passwords until the correct one was "guessed." Forgive me and educate me if I have erred in terminology or concept.

You have an understanding of the basic concept. There are other aspects to consider, many way beyond my ability to explain, but thats the layman's version.

And the layman's answer is the key is too complex. Computers aren't powerful enough to crack it. Even specialized cracking computers built with a gargantuan array of graphics cards to offload the calculations to because GPUs are better at cracking than CPUs. Hell, even cracking basic internet encryption is a massive undertaking which requires the participation of computers across the world. There used to be a website that hosted just that exact thing. They set it up and invited people to join in and crack it. I don't know if they ever actually cracked it.

steve1988
01-27-2012, 10:45
That answers my question perfectly. I appreciate it.

Sam Spade
01-27-2012, 11:03
Fair enough. If thats all you've got, its probably preferable to letting you have the hard drive. I'd have my lawyer filing a writ of Habeas Corpus before I was in orange.

Ignoring the (unfounded) assumption that things like this haven't already been addressed by the system, you're right that everyone has the opportunity to make a risk-benefit analysis of the ups and downs of complying with the law. Sam's prediction: if the .gov is thwarted often enough, you'll see new legislation jacking up the penalties for refusing to comply with such subpoenas.

Kinda like the guy who spent 17 years or so in the clink on a civil contempt finding when he didn't disclose assets in his divorce.

ETA: Sorry, 14 years. http://jonathanturley.org/2009/07/11/pennsylvania-man-released-after-record-14-year-incarceration-for-contempt/ He was released when he was in his 70s.

John Rambo
01-27-2012, 11:41
Ignoring the (unfounded) assumption that things like this haven't already been addressed by the system, you're right that everyone has the opportunity to make a risk-benefit analysis of the ups and downs of complying with the law. Sam's prediction: if the .gov is thwarted often enough, you'll see new legislation jacking up the penalties for refusing to comply with such subpoenas.

Kinda like the guy who spent 17 years or so in the clink on a civil contempt finding when he didn't disclose assets in his divorce.

ETA: Sorry, 14 years. http://jonathanturley.org/2009/07/11/pennsylvania-man-released-after-record-14-year-incarceration-for-contempt/ He was released when he was in his 70s.

:wow:

TBO
01-27-2012, 15:11
As I said...http://i40.tinypic.com/2wpmm8p.jpg

John Rambo
01-27-2012, 15:40
As I said...


As I said. TROLL.

We can find one-off wacky cases like that for everything under the sun. The chances of that happening are about the same as the chances of you needing a spare magazine in a civilian self-defense situation.
:couch:

windplex
01-27-2012, 15:52
"Don't worry. We made a bit-by-bit copy of the encrypted drive. Try again. But before you do, let us brief you on the penalties for obstruction, contempt and destruction of evidence...they seem to be higher than the possible sentence for the original offense. Weird, huh?"

Sam, thanks for the explanations.

I am curious. Historically illegal operations carried two sets of books -- one looks real and is for government types and for tax purpose and the other is the real one.

Historically when the second set of books was found from a similar search -- often written in a code to protect the info -- did the bad guys cough up the key? if not what p-enalties were imposed?

I am guessing this happened more than once in org crime history.

thanks! Brian

windplex
01-27-2012, 15:55
If they found an audio recording during a similar search in a language they could not find an interpreter for would the suspect be required to translate what he clearly tried to obfuscate? seems similar to encryption only in audio form and Im guessing the suspect could not be forced to translate: provide the key so to speak. Please correct me if wrong in any way. thanks!

"I think it's a matter of national importance..."

first time ive read this term. does it have a legal meaning?

TBO
01-27-2012, 16:07
As I said. TROLL.

We can find one-off wacky cases like that for everything under the sun. The chances of that happening are about the same as the chances of you needing a spare magazine in a civilian self-defense situation.
:couch:
You are the one who is a troll. You have a post history of following me around and calling me names (troll for one).

This is a thread started by "me". If you have an issue with "me", stay out of my threads. If you can't do that, the problem is "you".

Sincerely,

TBO

Mister_Beefy
02-04-2012, 16:37
You are the one who is a troll. You have a post history of following me around and calling me names (troll for one).

This is a thread started by "me". If you have an issue with "me", stay out of my threads. If you can't do that, the problem is "you".

Sincerely,

TBO



heh, welcome to my world.

Brucev
02-05-2012, 07:08
You don't think the "I don't know" and "its not my fault" approaches haven't already been tried and shot to pieces in other proceedings? Your responses pretty well define "contempt of court"; don't even need to convince a jury on that charge...you'll have the judge smacking his gavel in nothing flat.

It would depend entirely on who was the judge holding the gavel. There are many judges who make their rulings without any regard for the COTUS... some of them are even sitting on the SCOTUS. And... given such party hacks who make their rulings as directed by their handlers, complete and absolute contempt is the only legitimate and proper response.

John Rambo
02-05-2012, 09:38
You don't think the "I don't know" and "its not my fault" approaches haven't already been tried and shot to pieces in other proceedings? Your responses pretty well define "contempt of court"; don't even need to convince a jury on that charge...you'll have the judge smacking his gavel in nothing flat.

Since this thread got bumped I figured I'd reply, since you had a valid point about getting in some kind of trouble either way. I'm a damn good IT guy, but I haven't really ventured into InfoSec yet in my career - at least not more than any other IT guy. InfoSec is its own division and is maddeningly complex and requires constant reading and study to keep up with the times. Thats why InfoSec is its own career path that most don't want to bother with.

Anyways, enough about InfoSec. I've been learning about TrueCrypt after we discussed the topic of data recovery in this thread. Its a little freeware utility that can encrypt your drive and does so much more.

How about a hidden partition? When the computer starts, you enter a password and load one of your OSes. Depending on which password you enter in, you either get a decoy OS or you get the real OS. The idea being the real OS and its filestores are hidden on the disk when the decoy loads and look like nothing but regular old scrambled bits and peices from randomly deleted files unless you have the cypher. Not only that, but you don't even have to keep the TrueCrypt on the hard drive - you can keep it on a CD or flash drive, in which case the computer would boot normally, with no need for a password and no trace of TrueCrypt ANYWHERE (registry, dlls, program files, nothing) until you popped in the disk/stick and were able to decrypt and mount the hidden partition.

These are things I found out within a couple hours of reading about some two-bit freeware software.

The rejects in .Gov IT don't stand a chance against anyone who does their homework.

wprebeck
02-05-2012, 18:13
Since this thread got bumped I figured I'd reply, since you had a valid point about getting in some kind of trouble either way. I'm a damn good IT guy, but I haven't really ventured into InfoSec yet in my career - at least not more than any other IT guy. InfoSec is its own division and is maddeningly complex and requires constant reading and study to keep up with the times. Thats why InfoSec is its own career path that most don't want to bother with.

Anyways, enough about InfoSec. I've been learning about TrueCrypt after we discussed the topic of data recovery in this thread. Its a little freeware utility that can encrypt your drive and does so much more.

How about a hidden partition? When the computer starts, you enter a password and load one of your OSes. Depending on which password you enter in, you either get a decoy OS or you get the real OS. The idea being the real OS and its filestores are hidden on the disk when the decoy loads and look like nothing but regular old scrambled bits and peices from randomly deleted files unless you have the cypher. Not only that, but you don't even have to keep the TrueCrypt on the hard drive - you can keep it on a CD or flash drive, in which case the computer would boot normally, with no need for a password and no trace of TrueCrypt ANYWHERE (registry, dlls, program files, nothing) until you popped in the disk/stick and were able to decrypt and mount the hidden partition.

These are things I found out within a couple hours of reading about some two-bit freeware software.

The rejects in .Gov IT don't stand a chance against anyone who does their homework.

Yep, you're the man. There is absolutely NO ONE who draws a ggovernment paycheck that could possibly overcome what you can do with freeware. Guess we should pack up the NSA, and just stop all our ELINT activities, because the bad guys can just download a bit of freeware and have instantly secure communication. Maybe you should tell the CIA about your discovery, as I'm sure they'll be relieved to havecompletely secure comms to and from our embassies now, not to mention all the field operatives who can use your unbreakable tech.

John Rambo
02-05-2012, 19:06
Yep, you're the man. There is absolutely NO ONE who draws a ggovernment paycheck that could possibly overcome what you can do with freeware. Guess we should pack up the NSA, and just stop all our ELINT activities, because the bad guys can just download a bit of freeware and have instantly secure communication. Maybe you should tell the CIA about your discovery, as I'm sure they'll be relieved to havecompletely secure comms to and from our embassies now, not to mention all the field operatives who can use your unbreakable tech.

1) If you understood the concepts at work here, you'd understand that there is NO ONE that could do anything about that. Its not like the movies, guy, there aren't some super hackers who press a few buttons and hack the world.

2) Government IT is, in every way, inferior to private sector IT. That includes IT in the NSA.

3) If you have no knowledge of the subject at hand AND no intention to do anything other than make sarcastic, ignorant, annoying posts, just don't click the "submit" button.

wprebeck
02-05-2012, 23:18
1) If you understood the concepts at work here, you'd understand that there is NO ONE that could do anything about that. Its not like the movies, guy, there aren't some super hackers who press a few buttons and hack the world.

2) Government IT is, in every way, inferior to private sector IT. That includes IT in the NSA.

3) If you have no knowledge of the subject at hand AND no intention to do anything other than make sarcastic, ignorant, annoying posts, just don't click the "submit" button.

You're right, of course. Government never hires, and pays exorbitant amounts of money to, geeks at MIT and other tech schools. Nor do they have buildings full of expensive machines dedicated to cracking codes. Further, the capabilities, costs, and numbers of machines the NSA et al have aren't classified, and children such as yourself have complete and unfettered access to them.

I'm reminded of a line from one of Mr. Clancy's novels...to paraphrase - do you really think the government allows people to have access to codes that they cannotbreak themselves?

Again, I'll alert the NSA and CIA that some random poster who admittedly knows nothing about this side of tech, has assured everyone that freeware exists that can't be broken.

And, as far as me not knowing anything about the topic at hand - that little factor hasn't ever stopped you from blathering on about police work. Why should it stop me?

Outdoor Hub mobile, the outdoor information engine

TBO
02-06-2012, 01:58
Good point.

RussP
02-06-2012, 04:57
2) Government IT is, in every way, inferior to private sector IT. That includes IT in the NSA.How exactly do you know that?

John Rambo
02-06-2012, 07:31
How exactly do you know that?

Worked with them and viewed their work on many occassions. Not only that, but there was just a thread in the lounge where government guys freely admitted something like, "In a world where an excellent IT guy makes 150k, we've got the best IT 50k can buy."

John Rambo
02-06-2012, 07:32
You're right, of course. Government never hires, and pays exorbitant amounts of money to, geeks at MIT and other tech schools. Nor do they have buildings full of expensive machines dedicated to cracking codes. Further, the capabilities, costs, and numbers of machines the NSA et al have aren't classified, and children such as yourself have complete and unfettered access to them.

I'm reminded of a line from one of Mr. Clancy's novels...to paraphrase - do you really think the government allows people to have access to codes that they cannotbreak themselves?

Again, I'll alert the NSA and CIA that some random poster who admittedly knows nothing about this side of tech, has assured everyone that freeware exists that can't be broken.

And, as far as me not knowing anything about the topic at hand - that little factor hasn't ever stopped you from blathering on about police work. Why should it stop me?

Outdoor Hub mobile, the outdoor information engine

:rofl: You really think its like the movies, huh?

wprebeck
02-06-2012, 08:13
:rofl: You really think its like the movies, huh?

Umm, no. Unlike you, I realize that movies and TV are fiction, and don't look to them for answers when wondering how things should be done.

What I "do" understand is that our government spends hundreds of millions of dollars on both securing and breaking communications. I understand that there is a highly classified agency, whose sole purpose is to monitor and break foreign communications of all types. I also understand that this is one area that has a LOT of money thrown at it, and that heavily recruits the very best mathematicians and cryptographers in the world. Secure comms are, quite literally, life and death for our field operatives, soldiers, sailors, airmen, and a host of other people risking their lives for our country.

I understand tthat, in all likelihood, our government has the ability to monitor literally every phone call, email, or other electronic emission in this, or any other, country, should it choose to do so. Be iit thru brute force attacks on a code, using the vast array of computers designed for such, or by forcing code writers to provide an alternate means of accessing the algorithm (backdoor, etc), our government CAN read or listen tto anything it chooses.

While this efficiency goes against the typical government work ethos, one must understand something about governments work in general. It's usually NOT the front line workers that are lazy and inept, but rather, are held back by inane and stupid policies and supervisors. Our country is second to none in dealing death via combat arms. Our military is literally the very best the world has ever known. Their training, equipment, and will to fight have no equal on this planet, and should our government choose to use it properly, there isn't a country on this rock that would stand against us for long, were we to wage unrestricted warfare.

The world of cryptography and secure communications is much the same. We buy the very best in the business. Since you're not working tthere, one can draw a conclusion as to your skillset. Bureaucracies only go so far - they can hamstring action, sure....but, make no mistake - when allowed to, our government can do their jobs with frightening effectiveness.

Again, do you really believe some open source code will render a multi-billion dollar agency and all the toys and smart folks in it, ineffective? If so, you're quite the chump, and I feel sorry for the folks who've entrusted their computers and networks to you.

John Rambo
02-06-2012, 08:17
Umm, no. Unlike you, I realize that movies and TV are fiction, and don't look to them for answers when wondering how things should be done.

What I "do" understand is that our government spends hundreds of millions of dollars on both securing and breaking communications. I understand that there is a highly classified agency, whose sole purpose is to monitor and break foreign communications of all types. I also understand that this is one area that has a LOT of money thrown at it, and that heavily recruits the very best mathematicians and cryptographers in the world. Secure comms are, quite literally, life and death for our field operatives, soldiers, sailors, airmen, and a host of other people risking their lives for our country.

I understand tthat, in all likelihood, our government has the ability to monitor literally every phone call, email, or other electronic emission in this, or any other, country, should it choose to do so. Be iit thru brute force attacks on a code, using the vast array of computers designed for such, or by forcing code writers to provide an alternate means of accessing the algorithm (backdoor, etc), our government CAN read oor listen tto anything it chooses.

While this efficiency goes against the typical government work ethos, one must understand something about ggovernments work in general. Its usually NOT the front line workers that are lazy and inept, but rather, are held back by inane and stupid policies and ssupervisors. Our country is second to none in dealing death via combat arms. Our military is literally the very best the world has ever known. Their training, equipment, and will to fight have no equal on this planet, and should our government choose to use it properly, there isn't a country on this rock that would stand against us for llong, were we to wage unrestricted warfare.

The world of cryptography and secure communications is much the same. We buy the very best in the business. Since you're not working tthere, one can draw a conclusion as to your skillset. Bureaucracies only go so far - they can hamstring action, sure....but, make no mistake - when allowed to, our government can do their jobs with frightening effectiveness.

Again, do you really believe some open source code will render a multi-billion dollar agency and all the toys and smart folks in it, ineffective? If so, you're quite the chump, and i feel sorry for tthe folks whove eentrusted their computers and networks to you.

:rofl:Dear God, your ignorance on this subject is awesome. Please, continue. This is a great way to start my Monday.

But answer me this. Do you even know HOW encryption is cracked?

Here you go, tough guy. The FBI was unable to crack TrueCrypt encryption after a year of trying.
http://www.webcitation.org/query?url=g1.globo.com/English/noticia/2010/06/not-even-fbi-can-de-crypt-files-daniel-dantas.html


Now, please, continue talking to me about the government geniuses who can crack anything, anytime, anywhere. I want to hear more about this.

wprebeck
02-06-2012, 08:20
By the way, while I realize that Enemy of the State was just aa work of fiction, you should probably know that NYPD Blue and The Andy Griffith Show were both fictional, and stop basing your "knowledge" of police procedures on those shows.

wprebeck
02-06-2012, 08:23
:rofl:Dear God, your ignorance on this subject is awesome. Please, continue. This is a great way to start my Monday.

But answer me this. Do you even know HOW encryption is cracked?

Here you go, tough guy. The FBI was unable to crack TrueCrypt encryption after a year of trying.
http://www.webcitation.org/query?url=g1.globo.com/English/noticia/2010/06/not-even-fbi-can-de-crypt-files-daniel-dantas.html


Now, please, continue talking to me about the government geniuses who can crack anything, anytime, anywhere. I want to hear more about this.


So, a report from aa foreign newspaper that claims the FBI couldn't break a code is accepted as fact? Hmm. Because newspapers get it right, aand ththe government would never lie about having cracked secure encryption, right?

John Rambo
02-06-2012, 08:28
So, a report from aa foreign newspaper that claims the FBI couldn't break a code is accepted as fact? Hmm. Because newspapers get it right, aand ththe government would never lie about having cracked secure encryption, right?

:rofl:Please, don't give up. Whatever you do, don't give up.

http://www.theregister.co.uk/2010/06/28/brazil_banker_crypto_lock_out/
http://news.techworld.com/security/3228701/fbi-hackers-fail-to-crack-truecrypt/
http://www.riskmanagementmonitor.com/cryptographic-lock-baffles-the-fbi/

Keep going. If you try hard enough you'll be right. You can do it! :rofl:

wprebeck
02-06-2012, 08:33
Here's a couple of links, both iffy in my opinion (but that doesnt seem to bother you),talking about Truecrypt. The first claims a way to break it, the second questions whether the program is a CIA type venture.

http://www.lostpassword.com/hdd-decryption.htm

http://www.privacylover.com/encryption/analysis-is-there-a-backdoor-in-truecrypt-is-truecrypt-a-cia-honeypot/

John Rambo
02-06-2012, 08:37
Here's a couple of links, both iffy in my opinion (but that doesnt seem to bother you),talking about Truecrypt. The first claims a way to break it, the second questions whether the program is a CIA type venture.


YES! Now we're getting somewhere!


http://www.lostpassword.com/hdd-decryption.htm


From the website itself:

NOTE: If the target computer is turned off and the TrueCrypt/BitLocker volume was dismounted during the last hibernation, neither the memory image nor the hiberfil.sys file will contain the encryption keys. Therefore, instant decryption of the volume is impossible. In this case, Passware Kit assigns Brute-force attacks (http://www.lostpassword.com/attacks.htm) to recover the original password for the volume.


Brute force is one step below what the FBI tried. You'd be there for a very, very long time.



http://www.privacylover.com/encryption/analysis-is-there-a-backdoor-in-truecrypt-is-truecrypt-a-cia-honeypot/

Dude...got your tinfoil?

wprebeck
02-06-2012, 08:39
:rofl:Please, don't give up. Whatever you do, don't give up.

http://www.theregister.co.uk/2010/06/28/brazil_banker_crypto_lock_out/
http://news.techworld.com/security/3228701/fbi-hackers-fail-to-crack-truecrypt/
http://www.riskmanagementmonitor.com/cryptographic-lock-baffles-the-fbi/

Keep going. If you try hard enough you'll be right. You can do it! :rofl:

Ever hear of government lying to people?

Which makes more sense - the FBI telling everyone that they can't break a code, and bbeing hhonest, thereby encouraging everyone to use said algorithm for encryption...or, the Bureau lying, so that everyone uses said code, which they can really decrypt?

Further, that's the FBI you're talking about. You're aware the NSA is a seperate agency, with a seperate mission, and likely doesn't talk much to the feebs. The NSA could be holding the key in their hands, and unless forced to, likely wouldn't share it with the Bureau. Criminal cases aren't the purview of the CIA or NSA, and anyone who understands government knows that, short of being forced to via court order or on pain of death, agencies guard their turf very jealously.

John Rambo
02-06-2012, 08:56
Ever hear of government lying to people?

Which makes more sense - the FBI telling everyone that they can't break a code, and bbeing hhonest, thereby encouraging everyone to use said algorithm for encryption...or, the Bureau lying, so that everyone uses said code, which they can really decrypt?

So you assert that the FBI has some super secret abilities which defy the very foundations of how computers operate and process data with which they can break encryption. Well...okay. :rofl:


Further, that's the FBI you're talking about. You're aware the NSA is a seperate agency, with a seperate mission, and likely doesn't talk much to the feebs. The NSA could be holding the key in their hands, and unless forced to, likely wouldn't share it with the Bureau. Criminal cases aren't the purview of the CIA or NSA, and anyone who understands government knows that, short of being forced to via court order or on pain of death, agencies guard their turf very jealously.

So NSA and CIA has the super hackers, and the FBI has the junk? Is that where we are going with this? What about the international governments who attempted to crack it and were unsuccessful? Are super hackers only born in the US?

RussP
02-06-2012, 10:12
2) Government IT is, in every way, inferior to private sector IT. That includes IT in the NSA.How exactly do you know that?Worked with them and viewed their work on many occassions.So you work(ed) with .gov IT at the very highest levels?

Not only that, but there was just a thread in the lounge where government guys freely admitted something like, "In a world where an excellent IT guy makes 150k, we've got the best IT 50k can buy."I missed that one. How about a link to it... Thanks.

John Rambo
02-06-2012, 10:32
So you work(ed) with .gov IT at the very highest levels?


Define 'very highest levels'. The likely answer is no, but I'm not sure what you mean by 'very highest levels' so I can't properly answer your question. The 'very highest levels' of IT may indicate people who are, in fact, not technical at all but rather managers. Or it may indicate the CCIEs in Cisco networking. Or it may indicate their UNIX sysadmins. Or it may indicate their career InfoSec guys.


I missed that one. How about a link to it... Thanks.

http://glocktalk.com/forums/showpost.php?p=18525802&postcount=4

You're welcome.

RussP
02-06-2012, 11:55
Define 'very highest levels'. The likely answer is no, but I'm not sure what you mean by 'very highest levels' so I can't properly answer your question. The 'very highest levels' of IT may indicate people who are, in fact, not technical at all but rather managers. Or it may indicate the CCIEs in Cisco networking. Or it may indicate their UNIX sysadmins. Or it may indicate their career InfoSec guys.No, not talking about non-technical GS-'god' managers.

Does/did your work require a security clearance? What level? That better defines what I mean.http://glocktalk.com/forums/showpost.php?p=18525802&postcount=4

You're welcome.Here is the post at that link. The thread in now closed. [Originally Posted by 9mmNJ] The cyber divisions of law enforcement are mostly comprised of rejects and failures from the private sector. ie they are bumbles. The private sector has the $$$ to draw the best talent.[Originally Posted by series1811]
We used to say, "In a world where a really good IT person gets $150,000 per year, we have the best that 50,000 per year can buy."With all due respect, seriously, to series1811, I'd probably ask him to elaborate on his post before accepting and applying it across too broad a plain.

windplex
02-06-2012, 12:07
what i find interesting is this -- partially a guess

if you encode a record book of illegal activities you likely cannot be forced to decode it as it would be self encriminating -- your could take the 5th. am i wrong on this point?

contrasted with forced decodeing of encripted computer is not self encrimination.

John Rambo
02-06-2012, 13:00
No, not talking about non-technical GS-'god' managers.

Does/did your work require a security clearance? What level? That better defines what I mean.


Nope. But I'll point out that if you think 'security clearance' equates with proficcency you're sorely mistaken. There are Level 1 helpdesk (Think "Geek Squad" level) jobs on Dice.com in the sandbox all the time. Level 1 helpdesk is like that guy in your office you ask what to do when your Outlook won't load. Security clearance has nothing to do with how skilled you are, as you undoubtadely know. Its just a background check for sensitive government data - the private sector does such background checks all the time. We do have a guy in our office who used to have a security clearance in government IT, though. He moved to the private sector to, you guessed it, further his career and make more $$$.


Here is the post at that link. The thread in now closed. With all due respect, seriously, to series1811, I'd probably ask him to elaborate on his post before accepting and applying it across too broad a plain.

I don't need to ask him to elaborate. His post is supporting information. I know exactly what he means, because I've experienced it for myself. Government IT is crap.



While we're on the subject, what are your credentials in this subject? You've been very quick to try and poke holes in mine, I would hope you're IN government IT or something similar.

TBO
02-06-2012, 13:19
Nope. But I'll point out that if you think 'security clearance' equates with proficcency you're sorely mistaken. There are Level 1 helpdesk (Think "Geek Squad" level) jobs on Dice.com in the sandbox all the time. Level 1 helpdesk is like that guy in your office you ask what to do when your Outlook won't load. Security clearance has nothing to do with how skilled you are, as you undoubtadely know. Its just a background check for sensitive government data - the private sector does such background checks all the time. We do have a guy in our office who used to have a security clearance in government IT, though. He moved to the private sector to, you guessed it, further his career and make more $$$.



I don't need to ask him to elaborate. His post is supporting information. I know exactly what he means, because I've experienced it for myself. Government IT is crap.



While we're on the subject, what are your credentials in this subject? You've been very quick to try and poke holes in mine, I would hope you're IN government IT or something similar.
Pretty darn limiting, IMHO.
The Fed Gov is quite L A R G E and I doubt you've gotten the "whole experience".

I fully believe you that your experience was such, but that doesn't mean it's valid across the board. Same way that seeing careless gun handling on a gun range by a number of folks doesn't mean everyone is like that.

Working in one branch/building/org doesn't mean that all Gov branch/building/org are like that.
IT for inside networking for the Post Office is likely much different than for the Pentagon.

jmho

RussP
02-06-2012, 14:38
No, not talking about non-technical GS-'god' managers.

Does/did your work require a security clearance? What level? That better defines what I mean.Nope. But I'll point out that if you think 'security clearance' equates with proficcency you're sorely mistaken.Of course it doesn't. Would you agree that those employees at government agencies working at the highest security levels, Top Secret and those special access, need-to-know levels would require higher levels of proficiency and experience to achieve success at those levels?There are Level 1 helpdesk (Think "Geek Squad" level) jobs on Dice.com in the sandbox all the time. Level 1 helpdesk is like that guy in your office you ask what to do when your Outlook won't load. Security clearance has nothing to do with how skilled you are, as you undoubtadely know. Its just a background check for sensitive government data - the private sector does such background checks all the time. We do have a guy in our office who used to have a security clearance in government IT, though. He moved to the private sector to, you guessed it, further his career and make more $$$.True, the security clearance you have may not be a true indicator of your skills, but it may be required for you to practice your skills. Those with minimal skill sets often do require a clearance to enter areas containing sensitive information not related to their job descriptions.Here is the post at that link. The thread in now closed. With all due respect, seriously, to series1811, I'd probably ask him to elaborate on his post before accepting and applying it across too broad a plain.I don't need to ask him to elaborate. His post is supporting information. I know exactly what he means, because I've experienced it for myself. Government IT is crap.So if one single post supports your position, you see no need to explore the statement to determine if your interpretation and broad application is accurate or not? Hey, series1811's comment may be a proper statement applicable globally. My experience with such statements does not support blind acceptance, again, no offense series1811.While we're on the subject, what are your credentials in this subject? You've been very quick to try and poke holes in mine, I would hope you're IN government IT or something similar.IT credentials? No, not me.

Poke holes in your credentials? Where have I done that? I do not know what credentials you hold. All we know is you work in the IT field for a non-government company.

You keep saying you know government IT is crap. That is based on what experience? Where have you worked and how long did you work with those crap government IT programs?