LITIGATION SUPPORT TIP OF THE NIGHT

wigle.net, the Wireless Geographic Logging Engine, collects data on wifi networks around the world. One of the most interesting resources on this site, is a chart tracking the use of encryption for wifi networks. The chart tracks different types of wifi encryption. The red line on the chart tracks unencrypted wifi networks; the yellow networks for which the encryption status is unknown, and the green for which there is some kind of encryption. As we can see from the chart it was only around November 2006 that the number of encrypted networks exceeded the number of encrypted networks. The WEP, Wired Equivalent Privacy, protocol continued to be more widely used than the WPA protocol until July 2012 despite the fact that the Institute of Electrical and Electronics Engineers (IEEE) stated in 2004 that this protocol no longer met its security goals. The WPA2 continues to be the most widely used encryption protocol.

Today, the Pennsylvania Superior Court, the intermediate appellate court in the Keystone State, issued a decision affirming a lower court's approval of a motion to compel a defendant in a criminal case to provide the password for a TrueCrypt encrypted computer. Commonwealth v. Davis, 2017 Pa. Super. LEXIS 968.

A special agent of the attorney general's office received a file from a particular IP address through a peer to peer connection on a file sharing network. The file was found to contain child pornography. The IP address was registered to Comcast, which responded to a court order and identified the subscriber information for the address. The government obtained a search warrant and seized a computer in the defendant's home which was encrypted with TrueCrypt 7.1 aBootloader. The computer won't boot up the OS unless the password is entered. The question presented to the appellate court was whether or not providing the password would violate the appellant's rights under the Fifth Amendment and Article 1, Section 9 of the Pennsylvania constitution. (The Pennsylvania Supreme Court has ruled that Article 1, Section 9 does not provide any greater protections against self-incrimination than the Fifth Amendment to the United States Constitution).

There is an exception to the Fifth Amendment, allowing for productions to not be regarded as testimonial communications when the facts are already known to the government, and . . .

1. the existence of the evidence demanded has been proven;

2. the defendant is in possession of the evidence; and

3. the authenticity of the evidence has been established.

In this case, the appellant's answer to a request by the arresting agents for the password, ("Why would I give that to you?' We both know what's on there. It's only going to hurt me.") was important. Judge Seletyn's opinion states that, "the record reflects that appellant's act of disclosing the password at issue would not communicate facts of a testimonial nature to the Commonwealth beyond that which he has already acknowledged to investigating agents." (Id. at *16). The opinion notes that, "knowledge of the encrypted documents or evidence that it seeks to compel need not be exact. " The court found that the TrueCrypt password would be self-authenticating.

Under the facts in this case, providing a password was not found to be testimony protected by the Fifth Amendment.

You can use the freeware Multiobfuscator to encrypt text messages. It can be downloaded here: http://embeddedsw.net/MultiObfuscator_Cryptography_Home.html

The tool can require three passwords to decrypt the message you want to send.

You enter the message in a blue notepad in the program:

Clicking Lock! will generate a long encrypted text code.

You can then send this code in a message to someone else who will be able to decode it with Multi-Obfuscator, who has separately received the passwords.