Alright. 2017 is the year of Linux on the desktop. Um, let's give Mr. Levinson a big hand.
Yeah, anyone want to know why it took so long for them to switch from VGA to HDMI? Now you
don't already know who I am. I'm the owner and operator of Lavabit, an encrypted email
service that suspended operations in 2013 after being forced to become complicit in a man in the
middle attack. Yeah, I'm that guy. Last couple of years I've been working on
dark mail, but that is a talk for another day. What I'm here to talk about
today is really to give you guys a crash course in compelled decryption law. Or in technical
terms, just how the Department of Justice is using the courts to force people to decrypt their
data at gunpoint. Over the past three years I've become an expert on compelled decryption law. I
had to learn this information the hard way. Hopefully by sharing it with you guys here
today, I'll help some of you avoid some of this pain in the future.
Now before I get started, I'd like you to take note that I've compressed this presentation into
approximately 3,000 seconds. Huffman encoding rules do apply. This means it may feel like you're
drinking from a well endowed fire hose, which looks something like that. But if you're at this
conference and you're attending my talk or you're taking the time to watch this at home, you're
probably smart enough to drink in this information without the help of a sippy cup.
The problem is easy to express. The Department of Justice has been pwned by a bunch of perverts.
More specifically, what I'm saying is that the DOJ has been taken over by a group of individuals who
derive sexual gratification from manipulating the law to achieve a specific end.
Whether those ends are a benefit or a detriment to society is in the early stages of the
eye of the beholder. I shall leave that for you to decide. What I'm here to talk about
today are the legal doctrines or shall I say the doctrinal perversions being used to
attack encryption technologies. The issue stems from the belief which is slowly proliferating
throughout the ranks of government and law enforcement that they are entitled to all of our
data. And when I say our data, I don't mean the ciphertext. I mean the plain text. You should
also know the DOJ blames the infosec community and our efforts to improve the security and
privacy of information as being the problem in and of itself. The bigger the barrier, the
greater their demands for assistance. The DOJ believes it can use the courts to compel
decryption and or conscript others to use the courts to compel decryption and or conscript
others to assist them defeating it. If you ascribe to their belief, then the DOJ is entitled to
any information which might assist them in their investigation. The DOJ has argued they can
use existing statutes to seek assistance which are in cases where congress has not explicitly
prohibited a specific action. They like to view the Al tuh Ritz Act and some of the other
generic language in the statutes as legal misrepresentation or offerings by the entire
as effectively being a blank check.
The only thing standing in their way to date
is the court's willingness to exercise its authority.
This might be a good opportunity to tell you
that about 60% of the sitting judges
were former prosecutors.
My goal here today is somewhat modest.
You should know, going into this,
that in order to exercise your rights,
you may have to go to jail.
My hope is that by sharing some of this information
with you here today, I will increase the possibility
or the probability that you will be released
should you find yourself on the wrong end of a gavel.
My second goal is to arm you with enough knowledge
to have an intelligent conversation with your lawyer.
If they tell you your choices are to comply or go to jail,
you should probably look for a different attorney.
And that's because
knowing is half the battle.
Now, I'm gonna cover two major areas of law,
and I figure it's good to start out by defining the terms,
since first party and third party
aren't typically terms you hear
while standing next to the company water cooler.
First party refers to situations
where the government seeks to compel decryption
from a suspect, in other words,
to force them to decrypt their own data.
Third party refers to situations where the government marks
situation where the government seeks to conscript a company like LavaBit, my own, or Apple or
any of the other secure communications companies or secure data storage companies out there to
assist them in accessing encrypted information without the user's assistance. It's cutting off
my notes. What's a presentation without at least a few problems? If you're wondering who the
second party is, it's the government. It's worth noting that a common strategy is to convert
first parties into third parties by granting them immunity. The key phrase to do- to
remember here is derivative use immunity. The key phrase to remember here is derivative use immunity.
If you believe the government is honest, then typically derivative use immunity is what you need
to protect you. Your lawyer can explain the rest. On the other hand, if you believe law
enforcement is dishonest and will use the information they obtain against you regardless of
where they- they got cued on to a particular line of investigation, then no amount of
immunity can truly protect you.
You may find it surprising to know there is no law on the books that specifically grants law
enforcement the right to compel decryption. You might find it equally surprising to know we have no
right to privacy here in the United States. What we have is the fourth amendment, which par-
tec- protects our homes from search and seizure without probable cause. Now if you believe law
enforcement is dishonest, then you have no right to privacy. Now the government has been very careful to distinguish that from a right to privacy.
I'm only going to give you half the presentation. There also aren't any supreme court cases yet, which deal directly with compelled decryption. What we're going to be talking about are the handful of district and circuit court decisions which attempt to draw from all the cases of the Supreme Court.
older supreme court decisions which involve corollaries in the physical world to make
extrapolations about how they should handle encryption in the modern day. What's
important to understand about the law is that only decisions by the supreme court are
binding upon the entire country. Decisions by an appellate court in a specific circuit
would be binding upon all of the courthouses in that particular circuit. Feel free to pick
out your own state and see which circuit you happen to fall in. This isn't to say that
decisions in other circuits aren't relevant, quite the contrary. Judges will often consult the
opinions from other circuits before making their own decisions.
Now, before I jump into the cases involving encryption, I thought it would be worth starting
with two older supreme court cases which have been heavily cited in all of the modern day
court cases. The first is Fisher v. United States and it comes from 1976. It gives us the
closest thing we have to a fifth amendment right against self-incrimination by being
forced to decrypt our data. In this particular case, a individual was being forced to
surrender documents. And what the court said is that the fifth amendment would not be violated
by the fact alone that the papers on their face might incriminate someone. For the privilege
protects a person only against being incriminated by his own compelled testimony or
testimonial communications. Because the documents were created voluntarily, the court held they
could not be considered compelled testimonial evidence. In other words, all of the information
on your hard drive already was created voluntarily. And therefore, as far as the courts are
concerned, is subject to subpoena or search. The only thing standing in its way is the ability to
access it. Now in Doe v. United States, in 1996, the court ruled that the first to be declared a
1988, we get the origin of the current testimonial doctrine. In this supreme court decision, the
court held that a statement is testimonial when the government compels the individual to use
the contents of his own mind to explicitly or implicitly communicate some statement of
fact. Now I don't know about you, but I keep my passwords in my brain. Some people even call
that my mind. Other people say it's my girlfriend. She's the one that makes all the decisions.
This particular decision is rather important because what it says is it draws a distinction
between information that exists only in your head versus information that might be somewhere
else in the physical world. Now what we get from a much more modern case is that the
information that is being written about is actually based on evidence that can be used to
kinds of evidence that actually derived from the Clinton's little white water scandal.
Everybody remember that from the 1990s. Is that knowing the location of a particular document is
in and of itself testimonial. How this gets applied to encryption is that the information on the
the drive is not protected. What's protected is whether or not you have access to it. If
you can decrypt it, and the government can prove that, then effectively your fifth amendment
protections begin to fall away. Keep that in mind when you find yourself being questioned by
law enforcement. If the government can claim that the production of the information is
a foregone conclusion, then it holds no testimonial value, and thus they can force you to
decrypt the information. The first case we have to talk about, which directly involves
encryption, involved Sebastian Boucher and his father as they attempted to cross the Canadian
border into the United States. In this particular instance, one of the officers found a laptop in
the back seat, and without needing to enter a password, he was able to access approximately
40,000 files on the laptop, some of which appeared to contain pornographic images. An ICE special
agent then investigated further, finding thousands of images of pornography, including one
labeled in a way to suggest it was child pornography. The laptop was powered down, and when
the investigators tried to power it back up, they realized they could do something about the
laptop, and they found the laptop was logged in, but they could no longer access it because it was
encrypted. In this particular case, they already knew what was on the drive. The only question
for the courts to consider was whether or not Boucher's knowledge of the password was in
fact testimonial. In other words, we create this doctrine of reasonable particularity. We
security. If the government can prove that you know how to access the information and it
knows what's, what information it's seeking ahead of time, then it can force you to decrypt
your hard drive. In this particular case the government's initial request was thrown out. It
was later narrowed by the prosecutor such that he only required an unencrypted version of
the drive and he sought approval from the magistrate judge based on the foregone conclusion
doctrine we discussed earlier. The district court reversed this decision saying that you
don't need to know the specific contents of the files, you just need to be able to demonstrate
that the files exist. In other words, the investigator saw the file names and was able to
use that
to make a, to overcome the particularity and specificity requirements. What that means is
that you may want to start encrypting the names of your files in addition to the files
themselves. This particular example was taken from one of my favorite ransomware applications.
The next case we have to talk about goes all the way to 2013. In this particular case agents
raided a suspect's home and seized a hard drive containing files which indicated they might
contain child pornography. Initially the demand to decrypt the data was rejected by the court, but
upon further review the judge reversed himself after the prosecutor demonstrated ownership and
access to the encrypted data. By showing the drive contained personal financial information
belonging to the suspect, he was able to prove ownership. You should keep this in mind and share
this with your fellow DEF CON attendees who like decorating their computers with identifying
marks. For example,
If you're Bob Hoskins and this is your notebook computer, you might have a hard time denying that
it's yours. Or Daniel Radcliffe would have a pretty, would need some pretty potent magic to deny
this was his computer. Jennifer Lawrence, who we know recently learned the value first hand of
encrypting her sexy selfies and her collection of various dick pics, might have trouble denying
that this was her laptop.
In this situation, oh. Moving on. To another case which takes us back to a
circuit court decision. And this is one of the few decisions we have at the circuit level.
Remember, which means that it's binding upon the entire 11th circuit. Involved a situation where
the government obtained a warrant to search a hotel room for any electronic devices found in possession
of John Doe.
They suspected Mr. Doe of sharing kitty point, porn. Certain portions of the drive
couldn't be examined by the FBI because they were encrypted. A grand jury subpoena was
issued which required Doe to produce the unencrypted contents of the hard drive. Doe
claimed fifth amendment, his fifth amendment right against self incrimination. In other
words, he tried to exercise the fifth amendment in order to protect him from being forced to
testify. That testimonial exception that we talked about earlier. The government unilaterally
gave him active production immunity to circumvent the claim and thus forced him to decrypt
the information. Later on, the appellate court went back to the court and said that the
government had not reached the standard of reasonable particularity that is required. In
other words, it must prove it knows the existence and location of encrypted files and offer
reasonable evidence to suggest the encrypted files will contain the incriminating evidence.
Unfortunately, part of the appellate court's decision was not to allow the appellate court to
PDC the 50 percent of the data. Let me tell you why. Windows. I like to blame Microsoft for
everything. Precisely what qualifies as reasonable particularity remains an open question. For
example, if the government knew a spreadsheet found in a file called corporate financials.
Would that qualify as reasonably particular in a tax evasion case? We have the basic
have one of our best tests of this particular doctrine of law currently taking place in
Philadelphia. In this particular case, this suspect, a Philadelphia police sergeant who
we shall call Galileo, was relieved of his duties and has refused to unlock two hard drives
that were seized from his home more than seven months ago. He has since been found
in contempt of court for refusing to decrypt the drives and currently sits in jail awaiting a
decision by the appellate court. In this particular case, the evidence against him consists
of a sister who claims that she saw images and videos on the drive that were of underage
individuals posing in a pornographic nature. A subsequent forensic exam of his Mac,
found a single image of a young approximately 12 year old boy in a bathing suit. Now what's
interesting about this particular case is that they managed to decrypt the Mac by accessing his
iPhone 5S, whoops, which he gave them the pin code to voluntarily. After which the suspect,
who is an unidentified person, was able to use his phone to search, and this is the
case where investigators searched the phone and found an app on there, what they call it,
secret apps, that was supposed to have protected his information. In other words, don't believe
everything you hear about the protection of your information. They managed to circumvent the security of this particular app and they found a screenshot of the recovery key, Forrest's Mac Pro. They were able to use that to access the Mac. To
Like I said earlier, the only incriminating evidence they found on the MAC was that
singular image that may or may not have been of an underage boy who was not naked but close to
it. They also found evidence in log files that he had visited various groups called Toddler
CP, Lolicam, Hussey, Child Models, and a few others that I can't even pronounce.
Collectively, they used that as the evidence against him to compel the decryption of the two
external drives. As I said, the case is currently pending. What this particular case introduces
is something that I want to make you guys aware of here today. When you print out or save
all of the files that you have found on the MAC, you will be able to get a copy of the
document. Each document contains a kit of files in the case and can be found in your
library. The more specialized and available a case, the more likely that you'll be able to
find it. It's not only for the
seront the key. The key is basically an alternative to your password. In the case of BitLocker,
it's a 48 digit number, which by my math is approximately a 160 bit key. Now, if you read the
Now what's important to know is that initially when BitLocker first came out the FBI was
quite concerned about it. But when they realized that every user who was going to use it was
going to be creating a paper copy that would circumvent it and the FBI could thus search a
person's home and find the recovery key it became far less of a concern. As we move into this
next area of law it's important to understand that the Supreme Court has held that certain
physical acts involving the surrender of a physical object is not considered testimonial and
thus not subject to protection by the 5th amendment. Giving a blood sample or providing a
voice sample have not been considered testimonial as they do not require the suspect to disclose
any knowledge he might have about his or her guilt. What this means is that any person who
likes the iPhone touch ID isn't very safe. Which is probably about two thirds of you. What
you need to do is compa ah combine it with a piece of information that is locked away inside
your grey matter. Something like a pin code. But unfortunately what we're learning is that
even a pin code isn't necessarily safe because the vendor can be compelled to modify the
product and make it susceptible to a brute force attack. We'll talk about that more in a
little minute in a in a couple of minutes. What this all means is that what you really need to do
is pair your biometric token with a strong password. At which point you should probably start
to ask what's the point of using the fingerprint in the first place. I'll just briefly say that
if an external person or organization can access the information necessary to decrypt your
information in all likelihood they will be forced to surrender it. Turning over user data or data
created as a derivative of user action actions is what I call ordinary assistance and has
been common for quite some time. Some of the most simple language that describes this is
Kalea. Which we don't have time to cover. Instead what we're going to talk about is Smith v.
be Maryland very briefly. It's a case from the 1970's which involved a pen register order
that was placed on a suspect's device without first receiving a warrant. And the Supreme
Court later came back and said that it was legal because A the information being
collected was normally collected by the phone company and B there was thus no
expectation of privacy. That expectation of privacy phrase is key. As a result of that
particular ruling, Congress decided to pass the pen register trap and trace statutes. Now it's
important to understand that these particular statutes were passed when this is what a pen
register device looked like. There is no way they could have conceived that a pen register device
looked like a pen register device, unless you're in the Department of Justice. Now, that
expectation of privacy is a key phrase because it's the phrase that the government
has been using to steadily and slowly chip away at all of our collective rights. This
particular court opinion ruled that email communications weren't private because somebody
assumes the risk that they will leak once they share them. Now I don't know about you but I
consider my email pretty private. The fact that it isn't is probably something that should be
shared starting with Hillary Clinton.
Now, before I show this next
slide I would like to do a little poll. Can everyone please raise their hand that thinks the
information on their personal computer is private. Go ahead, raise it. Keep your hands up, keep your
hands up. Now for all those folks with their hands up how many of you also connect your computer to
the internet?
looks pretty unanimous to me. Well, according to this particular judge in the eastern
district of Virginia, the fact that you connect your personal computer to the internet
means you have no expectation of privacy. I'm wondering if you can quote him when you get
brought up on charges for breaking into his computer and sharing all his information.
It's kind of how we work in this world. Interestingly enough, my own case happened to
occur in the eastern district of Virginia, so I'm sure my attorney who's sitting out there
amongst you will be happy to explain this to this judge when he gets back home. Now I'd
like to briefly talk about my own case. I don't have enough time to go through all of it,
but back in 2013, the FBI sought to access encrypted emails that were stored on the
Lavavit servers, but which were encrypted using a scheme that made them impossible to
access without knowing a user's password. Because the messages were encrypted with the
user's private key and the private key was secured with the user's password, the FBI sought to
intercept that password by compelling the disclosure of my TLS key and then conducting a man
in the middle attack. Once they had the password, they could, in combination with the
encrypted user data and the source code, reverse the encryption process.
I think that's my lawyer calling me, telling me to shut up.
To justify this action, the FBI relied on three different authorities. The power to subpoena,
which they later withdrew, the technical assistance of the pen, register, trap and trace
statutes, mind you that particular language was written when the device I showed previously was
state of the art, and by relying on the stored communications act, by claiming that it was a
the encryption key belonging to the business was somehow associated with the particular user.
And that I couldn't be the one to collect the metadata because not only did they not trust me
but that I couldn't provide it to them in real time. Instead they thought, sought to access
the information themselves. Now it doesn't take a rocket scientist to realize that they
probably wanted to do more than they were actually authorized to do. Because as Mr. Hayden
points out, once you have access to a network, you implicitly have the ability to modify the
information that goes across it. We have a second case to discuss which made a number of
headlines earlier this year and it involved the mobile phone. While an initial reading of the
headlines may have made the case seem innocuous, a careful reading of the headlines may have
shown the true colors of the litigation. Specifically that the FBI was relying on a law from
1789 to claim that they had the authority to compel Apple to modify their products so that their
security could be bypassed. Now while I can't prove it, it certainly wouldn't surprise me to
learn that the DOJ attorneys who devised this particular strategy were assisted by a powerful
hallucigenic.
After all, any attorney can make a good argument. Only an honest one will tell you what the odds
are of you actually winning that argument. With the DOJ, they have an approximate annual budget of
around 27 billion dollars and over 110,000 people on the payroll. They can afford to take some, uh,
leaps of faith. The rest of us on the other hand, have to pay for our indulgences. We're going to
make a lot of money off of this. Like the Lavabit case, the DOJ sought to use Apple's source code and
encryption keys to circumvent encryption. And then blamed the resulting litigation on Apple, making
their products more secure. Now, I originally entitled this la- this particular section, how far
will they go? But in June, the target of my particular case was unsealed. So I decided to change it to how far did Apple's
source code go? How far did they go in their pursuit of Mr. Snowden, in my particular case? Now, Snowden
has stated on several occasions that he would be willing to return to the United States and face a jury of his
peers and receive punishment for his crimes, but he doesn't believe he would receive a fair trial. I can
attest to that fact, because I appeared before the very same judge and across from the very same
prosecutor that he would face.
Now, I'd like to start my exhibits by showing you this particular order to show cause for failing to allow the
installation of the pen registered device. But as this email shows here, and this one, and this one, I was
willing to let them install the device, I just was not willing to let them have my encryption key. After
all, that is the whole point of encryption, is to protect against eavesdropping. Now, when I indicated that I was
unable to talk about the bootlegs of my computer and object to them in court, what did the department of
justice do? Well, first of all, they claimed that they weren't able to speak to me even though I have that
email record proving that I was in constant contact with them on an average of about every other day.
Then, they went to another judge in the same district and sought an order to install the tap
upstream with my service provider before I showed up in court. I had to sue an
order to get this particular document. And as these particular records show, installed it
two days later, well before I even flew to Washington D.C. Yet when I arrived, they did not
inform the court or myself that they had already installed the particular device. They
continued with the proceeding and insisted that I was not in compliance. Now I have more
evidence here, but unfortunately I have run out of time to go over it. So I shall have to
skip over all of these slides and go to this one. I shall endeavor to close with a bit of prose.
Perhaps more blokes would still be with their folks if history was considered dope. Live,
love, learn what floats your boat so long as you remember to vote. Questions,
those with power. Ah. I can't read. I hate. Okay. There. Um, because we the geeks all know
the speech, with great size comes great pleasure. Now help me teach the freaks that bigger keys
will deliver cryptid bits, which is sure to give Snoopy the fits. It's a promissory note for
feeling more pleasing than a motorboat. Now go forth and feel free to quote.
That is all.