Legal compulsion and self-incriminating passphrase

Thu, 09 Jul 1998 05:20:54 -0500

-----BEGIN PGP SIGNED MESSAGE-----

In <000001bdab1c$b3895dc0$dc77e4d4@cpsb>, on 07/09/98 
   at 10:33 AM, "Caspar Bowden" <cb@fipr.org> said:

>> We have nothing to which a fifth amendment could be applied. The
>> statement that your passphrase contained a confession would merely be
>> seen as a source of glee by any passing officer. You have already made
>> the statement when you used it, and if it wasn't true when you made it
>> you woldn't be worried about it. They are not asking you to make a new
>> statement but executing a search on a confession already made

>Not literally true. The key which protects your private keyring is
>generated each time from a hash of the passphrase. The passphrase is not
>saved or stored anywhere permanently. Therefore each time I type in the
>passphrase, I make the confession anew. Therefore if asked to divulge the
>passphrase, I would be compelled to incriminate myself.

>This is all very weird I agree, but it seems arguable. If it is arguable,
>then the question arises whether the intention to circumvent access
>nullifies the defence, and if a judge compelled disclosure in spite of
>the defendants *claim* that the passphrase was incriminating, what would
>happen next.

IMHO the best defence on divulging ones passphrase would to plead
ignorance. "Your Honor I just recently changed my passphrase and through
all the stress of my arrest and prosecution I have forgotten the
passphrase".

Of course the judge may very well lock you up on contempt charges.

A year or two ago I had presented the idea of a crypto dongle. This device
would be used to store one's private keys and would be detached from the
computer when not in use. The key component of this device would be a
panic button that would allow the user to wipe all memory from the device
at a moments notice. The button would need to be designed in such a manor
that accidental triggering would be prevented. A small battery would be
contained in the device to so the clearing of memory is not dependent on
any external sources.

With such a device you would then plead: "You Honor here is the device I
use to store all my private encryption keys."

How you explain the lack of keys on the device is another matter. Be
creative!! Blame it on mishandling by the police, say that you triggered
it when you heard someone breaking in and you were unaware that it was the
police, if nothing else you can just plead ignorance as it is up to the
prosecution to *prove* that you deliberatively destroyed the keys (which
may or may not be considered obstruction).

- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://users.invweb.net/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://users.invweb.net/~whgiii/pgp.html
- ---------------------------------------------------------------

Tag-O-Matic: Double your drive space! Delete Windows!