[gamblor956]

They don't have to prove that you remember the passphrases. They just have to show that the encrypted devices/partitions/whatever were in your custody at the time of encryption.

Then you have to (a) show why you weren't the one to encrypt the devices or (b) make a 5th Amendment argument about why you don't have to turn over the encryption key during which time you may be incarcerated. "I forgot" is generally not a valid defense.

[TacticalCoder]

> "I forgot" is generally not a valid defense.

Am I the only here who had to re-install Linux after x weeks or months of uptime because the LUKS password was forgotten? It happened to me more than once.

How is it "generally not" (but sometimes yes?) a valid defense when it's a fact that people are losing their passwords?

The internet is full of messages like: "I forgot my LUKS password but remember it had the name of my dog in it" (not advising to do that btw), "Is there a way to crack my own password?"

P.S: I've got backup of all my files and configuration files, so re-installing Linux ain't a problem: theft / flood / fire / full-disk encryption password lost... I wouldn't lose anything.

[jliptzin]

Yea, makes no sense to me. I’ve forgotten many passwords for things I thought I’d never forget, including a bitcoin wallet. I can only imagine how hard it would be not using the password for months or years because law enforcement seized your device, and then having to produce it.

[Forbo]

> "I forgot" is generally not a valid defense.

The number of times that people invoke "I don't recall" while giving testimony under oath says otherwise.

[LanceH]

When they start applying these standards to politicians, then I'll be ok with it trickling down the people.

[incompatible]

It's really a different situation. The ruling party is basically above the law in the US, thanks to presidential pardons and control of the impeachment process.

[LanceH]

Sure. It's a false hypothesis, so it will never happen, and I can consistently say that I'll never be ok with this being applied to the people.

[1000units]

You're halfway to an important insight, but your partisanism is blinding.

[gamblor956]

We're talking about two very different things.

And for the record, a defendant claiming "they forgot" something within their control is valid circumstantial evidence of guilt or responsibility.

When claimed by the police or prosecution witness, it's just as much valid evidence against guilt, and has been used many times to get defendants off.

Basically, it's valid circumstantial evidence against the party/side that makes the claim of forgetfulness.

[solveit]

"I encrypted the device but don't have the key" isn't a defense to being compelled to decrypt the device?

[gamblor956]

No, they can hold you in contempt for up to 18 months in federal court, or indefinitely in many state courts.

OTOH, if you were to argue that it's not your device, or that you weren't the person that encrypted it, that's a very different situation.

[sjy]

This is incorrect. You can’t be held in contempt for failing to comply with an order you can’t comply with, for example due to a loss of memory. In this case the court did not believe that the defendant had forgotten the key.

[gamblor956]

Whether you actually have lost your memory is a factual question to be determined by a trier of fact. Generally, most triers of fact rule against the forgettor if forgetting benefits them.

OTOH, if a witness forgets, they would not be held in court, because there's no benefit to them forgetting, and so their loss of memory is believable.

[throwaway17_17]

Just to clarify, and your comment framed the apparent misunderstanding in the thread perfectly:

This ruling only says that the confinement period for contempt of court, where the court has order an individual to de-encrypt some data, is too long if it is more than 18 continuous months. This does not mean that after serving that sentence and upon subsequent release, that further refusal after another court order and hearing can not result in another sentence for contempt.

[nordsieck]

> "I encrypted the device but don't have the key" isn't a defense to being compelled to decrypt the device?

Try to think about it from the court's point of view. The truth could be:

A. You legitimately forgot.

B. You're lying.

I know which one Occam's Razor favors.

[function_seven]

The whole point of a justice system is that Occam and his Razor are a terrible way of determining guilt.

Yeah, I'd bet that most people claiming to have forgotten a key or password are lying. But so what? How do you differentiate those who're concealing vs. those that legitimately don't know the string of characters? If they float, they're a witch, if they sink, then I guess they're not? (That's what 18 months for contempt is akin to)

[sjy]

You differentiate them using circumstantial evidence. Was the encrypted disk found under a pile of dust in the attic? Then to forget the password is quite believable. Is there independent, convincing evidence that you regularly and recently used the password? Then you’re probably lying. Or maybe you’re just really unlucky. Wrongful convictions do happen.

[bcrosby95]

I don't. I have users that forget their password 5 minutes after they set it.

[Hitton]

Happened to me as well (multiple times). I blame copy pasting instead of repeating the password.

[hnick]

Encrypting a device to securely wipe it is not unheard of. Similar to running dd over it, but more noise to hopefully remove any lingering magnetic patterns. In such a case there's no need to retain the key.

[zzzcpan]

But it could also be that you legitimately accounted for such threat of the government trying to force you to decrypt your disks and made keys volatile and unrecoverable.

[1000units]

A. You're innocent.

B. You're guilty.

Uh, this is the essential question to begin with. The judge doesn't decide this unless you're in clown court.

[throwaway17_17]

Guilt or innocence is a question of fact, in the US court system. It is a determination that is left to the ‘trier of facts’ that can be a judge or a jury depending on defendant choice and statutory law for each particular jurisdiction. There are many defendants who choose to have a ‘trial by judge’ and waive a jury. It happens often and it happens for many reasons, and those facts make your assertion about a ‘clown court’ wrong.

I do understand the meaning and most likely intent of your post, but the language used is less effective than it could be.

[1000units]

I carry an open disdain for lawyers and their equivocal notion of "argument". You understood me; my language and its assertion are sound.

You don't want to go into any of those reasons people waive a jury, right?

[throwaway17_17]

I can say for certain that some people waive a jury when the judge is known to more often than not find defendants not guilty of Distributing Controlled Substances and instead is likely to only convict on simple possession. I can say for certain that some people opt for a trial by judge when they know that said judge often finds prosecutor arguments based on co-conspirator testimony or testimony of snitches are not reliable. Like I said, there are many reasons a defendant may opt away from having a jury trial. Also, I don’t see how your disdain for lawyers is relevant to the concept of a judge vs jury trial.

[harikb]

Hypothetically, he might have remembered his real password but the Government didn’t protect the bit-rot capable hard drive and it is the hard drive that is now bad. May be sector level checksums and probabilities rule them out but it is possible in the grand scheme of things

[rootusrootus]

I wonder how it would work out if you confidently gave the wrong password.

Edit: I guess this case actually answers that, to some extent. Before he said he forgot the password, he tried a couple for them.