Litigation Support Tip of the Night

February 24, 2018

wigle.net, the Wireless Geographic Logging Engine, collects data on wifi networks around the world.  One of the most interesting resources on this site, is a chart tracking the use of encryption for wifi networks.  The chart tracks different types of wifi encryption.   The red line on the chart tracks unencrypted wifi networks; the yellow networks for which the encryption status is unknown, and the green for which there is some kind of encryption.    As we can see from the chart it was only around November 2006 that the number of encrypted networks exceeded the number of encrypted networks.    The WEP, Wired Equivalent Privacy, protocol continued to be more widely used than the WPA protocol until July 2012 despite the fact that the Institute of Electrical and Electronics Engineers (IEEE) stated in 2004 that this protocol no longer met its security goals.   The WPA2 continues to be the most widely used encryption protocol. 

November 30, 2017

Today, the Pennsylvania Superior Court, the  intermediate appellate court in the Keystone State, issued a decision affirming a lower court's approval of a motion to compel a defendant in a criminal case to provide the password for a TrueCrypt encrypted computer.    Commonwealth v. Davis, 2017 Pa. Super. LEXIS 968. 

A special agent of the attorney general's office received a file from a particular IP address through a peer to peer connection on a file sharing network.  The file was found to contain child pornography.    The IP address was registered to Comcast, which responded to a court order and identified the subscriber information for the address.   The government obtained a search warrant and seized a computer in the defendant's home which was encrypted with TrueCrypt 7.1 aBootloader.   The computer won't boot up the OS unless the password is entered.     The question presented to the appellate court was whether or not providing the password would violate the appellant's rights under the Fifth Amendment and Article 1, Section 9 of the Pennsylvania constitution.   (The Pennsylvania Supreme Court has ruled that Article 1, Section 9 does not provide any greater protections against self-incrimination than the Fifth Amendment to the United States Constitution).     

There is an exception to the Fifth Amendment, allowing for productions to not be regarded as testimonial communications when the facts are already known to the government, and . . .

1. the existence of the evidence demanded has been proven;

2. the defendant is in possession of the evidence; and

3. the authenticity of the evidence has been established.   

In this case, the appellant's answer to a request by the arresting agents for the password, ("Why would I give that to you?' We both know what's on there. It's only going to hurt me.") was important.    Judge Seletyn's opinion states that, "the record reflects that appellant's act of disclosing the password at issue would not communicate facts of a testimonial nature to the Commonwealth beyond that which he has already acknowledged to investigating agents."  (Id. at *16).   The opinion notes that, "knowledge of the encrypted documents or evidence that it seeks to compel need not be exact. "  The court found that the TrueCrypt password would be self-authenticating.   

Under the facts in this case, providing a password was not  found to be testimony protected by the Fifth Amendment. 

April 6, 2017

You can use the freeware Multiobfuscator to encrypt text messages.  It can be downloaded here: http://embeddedsw.net/MultiObfuscator_Cryptography_Home.html

The tool can require three passwords to decrypt the message you want to send.  

You enter the message in a blue notepad in the program:

Clicking Lock! will generate a long encrypted text code. 

You can then send this code in a message to someone else who will be able to decode it with Multi-Obfuscator, who has separately received the passwords. 

May 12, 2016

If you go to official site for the widely used encryption software, TrueCrypt, you'll see a warning stating that, "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues".   However the reason for this posting simply seems to be that the anonymous developer decided to no longer support the product.  An independent audit concluded that the software does have any critical design flaws.    See the 2015 report available here.   Later in 2015, a Google expert in finding flaws in popular programs determined that there was a flaw in the driver that TrueCrypt installs in Window, that could allow for the system to be compromised.   See this article.

Please reload

Please reload

Sean O'Shea has more than 15 years of experience in the litigation support field with major law firms in New York and San Francisco.   He is an ACEDS Certified eDiscovery Specialist and a Relativity Certified Administrator.

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer.

 

All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.

 

This policy is subject to change at any time.