[fab13n]

To counter this, you need an encryption method with these properties:

- you can be banned or self-banned, irrevocably, from accessing your data;

- you can prove to the judge that you can't access your data;

- even with full forensic copies of your disk, you can't be un-banned.

You can do that by having part(s) of the key on server(s) online. Give yourself, a couple of trusted friends and optionally a script, the ability to wipe those keys: it will irrevocably seal your disk's content. Obviously, pick servers under foreign jurisdictions which dislike to collaborate.

Even better, there's no proof that you're the one who destroyed the keys: you can't be charged with evidence tempering.

[gte910h]

>Even better, there's no proof that you're the one who destroyed the keys: you can't be charged with evidence tempering.

The court doesn't really work this way. Just because you cross your fingers when you do something doesn't mean you aren't going to be charged with destruction of evidence.

[roc]

If an office had a policy of shredding old financial paperwork and that policy was faithfully followed on the day after, say, the COO was whisked away for embezzlement, would it count as evidence tampering?

Or to the point: if you use a remotely-stored encrypted volume with a dead man's switch as a day-to-day security policy, would it still be trivial to charge someone for evidence tampering?

[rosser]

AIUI (IANAL, mind), no — or at least it's less likely. It's when you go out of you way to destroy the evidence (and can be demonstrated to have done so) that you're almost certainly facing obstruction charges. If you're just doing the same thing you do every day, it's much harder to establish the intent to destroy inculpatory evidence, which is what would trigger the obstruction charge in the first place.

Second opinion?

[WettowelReactor]

Technically true with one caveat. If you have a reasonable expectation of litigation you are required to put all data destruction on hold. Reasonable can be up to the court to decide and the burden of proving that you did put a litigation hold into place is yours to prove.

[nknight]

In civil cases, once you know or have reasonable cause to suspect a court case is imminent, you're technically supposed to act to preserve evidence, and not doing so can lead to sanctions, even if the evidence was destroyed as part of routine policy.

I'm less clear on how evidence tampering is dealt with in criminal law.

[dkokelley]

In a criminal case (and likely in the worst of criminal cases), the suspect has no idea when the FBI will come bursting through the door to arrest him/her and seize hard drives. A dead-man's switch would be impossible to prevent in this scenario (aside from never using one in the first place).

[rayiner]

> If an office had a policy of shredding old financial paperwork and that policy was faithfully followed on the day after, say, the COO was whisked away for embezzlement, would it count as evidence tampering?

If it could be reasonably expected that the financial paperwork would be relevant to the ongoing litigation, yes, you're in trouble for destroying it. When companies are on notice of pending litigation, from that point forward they are required to take affirmative steps to preserve potentially relevant evidence. Failure to do so was one of the things that got the Enron folks in trouble.

[showerst]

The first case is why we have data retention laws.

On the second, I _think_ that in most jursidictions in the US the moment you're arrested you have an impetus not to destroy evidence that probably extends to not allowing evidence to be destroyed by a system that you could trivially prevent.

Putting a system in place where you have to take action to prevent an event is legally similar to a system where you take action to cause an event; in either case you've purposely taken an action that leads to the destruction of evidence.

We'd need a real lawyer to comment, but otherwise I think we'd have already seen things like this for years (even pre-computer)

[pyre]

If it's a dead man's switch and you're not a career criminal, I'm sure you could convince a judge that it slipped your mind because of the distress caused by being whisked off to jail. Probably not a guarantee that a judge won't say 'too bad' though.

[WettowelReactor]

Then it depends on what you destroyed. If the data is provenly destroyed there are limits to what you can be charged with. If what your hiding is worse this still maybe a viable option. If however the data is still recoverable with your cooperation I believe you could be jailed in contempt indefinitely (until you cooperate).

[nknight]

The longest contempt detention I'm aware of was a very bizarre case involving a guy named Richard Fine who was jailed for something less than 18 months. It was a civil case, and as far as I know he never argued that the information he was being ordered to produce would incriminate him in a criminal matter. His attempts to secure his release involved some conspiracy-theory-level ranting that probably contributed greatly to higher courts ignoring him.

A local judge ultimately decided Fine was irrational and keeping him in jail didn't accomplish anything but taking up of jail space and resources.

In a criminal matter involving even a hint of self-incrimination, I'm disinclined to think a contempt sentence would be allowed to continue indefinitely by US courts absent an immunity deal.

[fab13n]

The way courts generally work, they need a proof you've done something wrong to condemn you. If there are a dozen friends who had the wiping rights to your keys, and they knew you'd been arrested, any of them could have decided to wipe the key, just in case.

Unless the judge can prove who did it, he can't condemn the 13 (12+you) of you because one of you did something wrong. Besides, the 12 innocents don't know who did it either, so they can't snitch.

It requires the wiping procedure to be impractically hard to trace back, but that can be done.

[anateus]

Unfortunately, setting up such a scheme is clearly intended specifically to create reasonable doubt, which can get you charged with obstruction and contempt.

[eru]

You can also require at least 2 or 3 (or so) of your friends to all press the key to wipe your data. That way you don't have to trust everybody completely.

[SamReidHughes]

> Even better, there's no proof that you're the one who destroyed the keys: you can't be charged with evidence tempering.

How much do you want to bet?

[koenigdavidmj]

Maybe add a dead man switch? If you don't log on every week, then destroy the server side of the key.

[fab13n]

That's a possibility, but the risk of having your data inadvertently destroyed is much higher. Moreover, you must trust your ability to stall inquiries for up to a week.

It really depends on the relative cost of having your data destroyed vs. having your data published, but I'm sure there are cases with a dead man switch is a good compromise.

[oconnore]

http://clemens.endorphin.org/TKS1-draft.pdf

You can also use a scheme like this to improve your chances of making your expired key data unrecoverable to forensic techniques.

[mahyarm]

Can someone else be charged with it? Will you have to go through a long court case with it?