tag:blogger.com,1999:blog-21633793.post8165734065341655495..comments2023-12-12T03:19:42.467-05:00Comments on CYB3RCRIM3: Postcards, Emails and Unauthorized AccessSusan Brennerhttp://www.blogger.com/profile/17575138839291052258noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-21633793.post-8011980564287965662010-05-17T11:17:09.830-04:002010-05-17T11:17:09.830-04:00With permission of Susan W Brenner...
I've be...<i>With permission of Susan W Brenner...</i><br /><br />I've been seriously concerned about personal privacy challenges in the digital world for over a dozen years. In response to the comment: <b><i>"First of all, if you're going to offer an easy way to encrypt email, I'm delighted . . . I've been waiting for that to happen."</i></b> the description of our software on the <a href="http://www.keybeam.com" rel="nofollow">KeyBeam</a> website and in the <a href="http://www.youtube.com/watch?v=soyFUxZ0200" rel="nofollow">Beams</a> YouTube video is:<br /><br />For bright Windows users exchanging sensitive information via the Internet, Beams are an easy to use alternative to e-mail. The look and feel is intentionally similar, but even while creating data, everything is guarded from intruders inside an encryption envelope endorsed by the NSA. Click SEND and your files are further password protected during compression and then digitally signed using still another encoding algorithm. To assure maximum secrecy and authentication, public key/private key cryptography adds a deeper layer of security immediately prior to the creation of an enciphered path. And rather than the extremely vulnerable, central switchboard design of e-mail, Beams travel a one-time tunnel guaranteed free of spam, spyware, viruses and snooping. Like a direct dial, person-to-person call, Beams find the shortest, fastest path between two points eliminating web site server copies for sale or surrender. Beams assure every communication is swift, safe and virtually untraceable. When Privacy matters, Beam it.<br /><br /><b>My post here is not an endorsement of the software by Susan W Brenner.</b>Unknownhttps://www.blogger.com/profile/05575283711106005997noreply@blogger.comtag:blogger.com,1999:blog-21633793.post-62425808667999941612010-05-15T15:06:35.258-04:002010-05-15T15:06:35.258-04:00"First of all, if you're going to offer a...<i>"First of all, if you're going to offer an easy way to encrypt email, I'm delighted . . . I've been waiting for that to happen."</i><br /><br />Please check your <b>.edu</b> e-mail account.Unknownhttps://www.blogger.com/profile/05575283711106005997noreply@blogger.comtag:blogger.com,1999:blog-21633793.post-43776127082132033282010-05-15T10:41:16.274-04:002010-05-15T10:41:16.274-04:00First of all, if you're going to offer an easy...First of all, if you're going to offer an easy way to encrypt email, I'm delighted . . . I've been waiting for that to happen. <br /><br />I don't quite agree with you as to the scenario set out above. It would be resolved under the 4th Amendment if the government could independently obtain the communications and their contents without having to ask the student or me for an encryption key. As I've noted in other posts, the 4th Amendment applies when (i) the government is investigating criminal activity and (ii) the government seeks to obtain physical evidence by searching a place and seizing that evidence. So if there's nothing on the ISP or elsewhere for the government to search for and seize pursuant to a warrant or an exception to the search warrant requirement, the 4th Amendment essentially (note that) wouldn't apply.<br /><br />I'm assuming that in your scenari the government has been able to obtain the encrypted emails . . . and wants to be able to read them. If that's not the case, and if the government wants me and the student to testify as to what was in the emails (or produce them in hard or soft copy), we're into the 5th Amendment . . . because the grand jury subpoena process is how the government goes about obtaining testimony and/or the production of testimonial or non-testimonial evidence from people. Here, the act of production as implicating the 5th Amendment would come up . . . and if there's no way the student and/or I can show that producing the emails would incriminate us in a crime, we'd have to comply or go to jail for civil contempt.<br /><br />If the emails no longer exist and the government wants to interrogate us about their contents, then that implicates the due process voluntariness standard and the Miranda rules, both of which apply to police interrogation of people. If the government want to use the grand jury subpoena process, then we're back to the 5th Amendment (because neither of those interrogation rules applies to grand juries).<br /><br />Did you read the posts on the Warshak case? . . . that was a civil case that tried to establish a 4th Amendment right of privacy in stored emails . . . you might check them out.Susan Brennerhttps://www.blogger.com/profile/17575138839291052258noreply@blogger.comtag:blogger.com,1999:blog-21633793.post-19881552562709193422010-05-15T09:18:54.817-04:002010-05-15T09:18:54.817-04:00Thank you Susan. I appreciate your insight. If I...Thank you Susan. I appreciate your insight. If I may, could I ask your opinion on a nuance? <br /><br />I read the 5th amendment as only pertaining to criminal activity.<br /><br />What if a student communicates with you about your recommendations for summer reading material via a digital methodology that travels directly from computer to computer sans an e-mail server; and, most importantly, employs enough layers of encryption to essentially be unbreakable?<br /><br />Not to be redundant nor put too fine a point on the inquiry:<br /><br />1) While the transmission utilizes the Internet and the connection to the Internet is via a 3rd party in the form of an Internet Service Provider, the ISP functions solely as a conduit and not as a repository. Ipso facto, neither you nor the student chose to leave a communication in an "unencrypted and therefore readable state" on an ISP's servers.<br /><br />2. In theory, neither you nor the student have engaged in criminal behavior which leads me to believe the alternative, encrypted communication approach <b>sans e-mail server</b> requires resolution solely on interpretation of the 4th Amendment as you originally alluded to in your first response.<br /><br />I hope this discussion is not perceived as pedantic inasmuch as there are myriad of communications which I believe should be sacrosanct: family, business, medical, financial, military, etc. As I read in one of your other posts, a student opined the reason people didn't use encryption was it was a time consuming challenge. By automating the entire process, we hope to offer an easily used alternative.<br /><br />I imagine my attorney - at Duane Morris, LLP - is only to happy to take this to court should it come to that. Today, I'm simply in search of perspective.Unknownhttps://www.blogger.com/profile/05575283711106005997noreply@blogger.comtag:blogger.com,1999:blog-21633793.post-18488279375899846922010-05-15T08:15:47.464-04:002010-05-15T08:15:47.464-04:00Robert,
If you read my post on the second Boucher...Robert,<br /><br />If you read my post on the second Boucher ruling, you know I don't think much of it. The government modified the subpoena, which gave the judge a way to claim that complying with the subpoena didn't violate the 5th Amendment. As I believe I said in that post, I don't buy that at all . . . it shifted the focus to the encryption key itself, but that isn't the point. <br /><br />The early cooperation isn't as specious (IMHO) . . . it's a basic principle of 5th Amendment law that if you once cooperate with law enforcement, you waive the 5th Amendment privilege -- you "open the door" -- on that issue. So that, I think, was Boucher's Achilles heel. Since he did cooperate, the issue there becomes the scope of his cooperation and the scope of the consequent waiver of the 5th Amendment privilege . . . assuming it applies. <br /><br />Actually, since this judge applies the waiver-loses-5th-Amendment-privilege-protection concept, he's at least implicitly finding that the 5th Amendment privilege DID apply here . . . .Susan Brennerhttps://www.blogger.com/profile/17575138839291052258noreply@blogger.comtag:blogger.com,1999:blog-21633793.post-60556001583843744122010-05-14T17:13:53.222-04:002010-05-14T17:13:53.222-04:00The more I delve into the Boucher case, the less i...The more I delve into the Boucher case, the less inclined I am to believe the latter ruling spoke to the nexus of my question. It seems the court's opinion was from a different perspective: <br /><br />"A District Court judge agreed with the government, holding that, <b><i>given Boucher's initial cooperation in showing some of the content of his computer to border agents, producing the complete contents would not constitute self-incrimination.</i></b><br /><br />This actually avoided any ruling on the applicability of the 5th Amendment by in effect stating the Boucher had already revealed the contents and thus the password and encryption were a non issue. <br /><br />Have I misread this?Unknownhttps://www.blogger.com/profile/05575283711106005997noreply@blogger.comtag:blogger.com,1999:blog-21633793.post-89433267261671306762010-05-14T16:24:56.864-04:002010-05-14T16:24:56.864-04:00Thank You for both comments. I read the Boucher p...Thank You for both comments. I read the Boucher posts and hoped a more current decision might have been decisive.Unknownhttps://www.blogger.com/profile/05575283711106005997noreply@blogger.comtag:blogger.com,1999:blog-21633793.post-47871340959579312302010-05-14T14:41:12.850-04:002010-05-14T14:41:12.850-04:00Robert,
First, I agree with Ercoupe415 . . . that...Robert,<br /><br />First, I agree with Ercoupe415 . . . that there hasn't been a definitive ruling on passwords and the 5th Amendment. If you reach my two Boucher posts, you saw that a federal court in Vermont reached opposite conclusions on the issue (magistrate's opinion versus federal district judge's opinion).<br /><br />Other than that, there really hasn't been a case on encryption and passwords/keys.<br /><br />One of the arguments as to why unencrypted email isn't protected by the 4th Amendment is the fact that you leave it, in its unencrypted and therefore readable state, on an ISP's servers. If you have an alternative to that, it may make the analysis more complex.<br /><br />As to a definitive opinion, you'd need to consult with a retained lawyer and see if he/she can help you out.<br /><br />Good luck.Susan Brennerhttps://www.blogger.com/profile/17575138839291052258noreply@blogger.comtag:blogger.com,1999:blog-21633793.post-37041897155976137752010-05-14T14:15:47.433-04:002010-05-14T14:15:47.433-04:00Robert,
As far as I know there has not been a def...Robert,<br /><br />As far as I know there has not been a definitive ruling on whether your password is testimonial in nature. If it is then you can refuse to answer and are protected by the 5th amendment. If not, i.e. it is like a fingerprint or blood sample, you have no right not to provide it. Personally, I think it is the former but I assume most AUSAs would argue the latter.Unknownhttps://www.blogger.com/profile/12413110237756238338noreply@blogger.comtag:blogger.com,1999:blog-21633793.post-19735102358889984932010-05-14T12:54:51.000-04:002010-05-14T12:54:51.000-04:00I'm at a loss to find a definitive ruling. Ha...I'm at a loss to find a definitive ruling. Has their been a clear, recent decision whether or not a person can legally be compelled to reveal their password to encrypted e-mail?<br /><br />I've read the October 12, 2007 post re Envelopes and encryption "Americans have a reasonable expectation of privacy in the contents of emails they have stored on an ISP’s servers." <br /><br />My need for certainty arises in that I've developed an alternative to e-mail that never resides on an ISP's servers and I want to be able to speak with confidence that it is even more sacrosanct.<br /><br />Any insight is truly appreciated as I sincerely believe the vast majority of Internet users have no awareness of how vulnerable their unencrypted e-mail actually is - however, if the courts can rule that a citizen must reveal their password on demand, then there is no point in encrypting e-mail.Unknownhttps://www.blogger.com/profile/05575283711106005997noreply@blogger.comtag:blogger.com,1999:blog-21633793.post-49650384541930489142010-05-11T11:45:52.541-04:002010-05-11T11:45:52.541-04:00The opinion seems to miss that it was the password...The opinion seems to miss that it was the password not the emails that the complainant had a reasonable expectation of privacy in. The fact that Klapper had to install a keystroke tracking program seems more than sufficient evidence that he knew he did not have authorization to access the email account to deny the motion to dismiss. All the discussion about email as post card seems like the worst kind of dicta - totally not relevant to the actual issue of knowledge of authorization.Unknownhttps://www.blogger.com/profile/12413110237756238338noreply@blogger.com