[talmand]

I can see the legal issues that would be forthcoming if you refused to share the key to allow for access or agree to type it in yourself. Obstruction and all that.

I'm wondering what the legal ramifications might be if you set a secondary key that would wipe the drive in the most secure method possible and then provide that key. Or even the alternate boot sequence as suggested.

[mc32]

>I'm wondering what the legal ramifications might be if you set a secondary key that would wipe the drive

Destruction of evidence. http://en.wikipedia.org/wiki/Spoliation_of_evidence

[talmand]

Oh, I get that, I'm not saying it's a way to avoid the ramifications, I'm just wondering what they are.

I have to say that I somewhat agree with the ruling because there are similar situations with physical objects, not true one-to-one but they are there. I'm just wondering how the courts would react to the destruction of digital evidence that was not directly initiated by the defendant, but indirectly by preparing for the possibility.

[Simucal]

These "wipe the drive" decoy password scenarios would never work in real life unless their forensics team was really inept.

There would be copies made and the drive that has the encrypted volume would likely be accessed with a "Write Blocker" forensic device, or in a virtual environment, etc.

This technique would only tip your hand that the volume contents changed after entering the password.

[slowpoke]

A technical solution to this might be a form of encryption the requires a writable disk to actually decrypt anything. I don't know if that is possible, but it would effectively prevent these safeguards to work. And remember, you don't need to wipe the entire drive. Changing a few random bits in the decryption key would already forever turn the drive contents into unreadable garbage.

[fmx]

Even then, there would be nothing stopping an adversary from making a bit-for-bit copy of the data and attempting to decrypt the (writable) copy.