in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Sextortion Case Treads A Well-Worn Path: Are Passwords Protected Under the Fifth?

A case of "sextortion" – blackmailing someone over naked footage (digital footage, more specifically, to reflect the times we live in) – between Instagram celebs has again dredged up the decidedly non-superfluous legal quagmire that's been repeatedly visited since at least 2009: Is forcing a defendant to spit out his or her password a violation of the Fifth Amendment?
In the latest case, the answer appears to be "no"…for now. As is usually the case, the decision is going to be appealed.  

Providing Passwords is Self-Incrimination, No?

According to cnn.com, one Instagram celebrity tried to extort $18,000 from another Instagram celebrity. Long story short, the extorter and her boyfriend were arrested. The authorities have the incriminating text messages but apparently want to "search for more evidence" and asked a court to compel the two defendants to produce their smartphones' passwords. (It wasn't specified what that extra evidence is).
The judge in charge OK'ed the request:
The ruling was based on a recent decision in the Florida Court of Appeals that ordered a man suspected of taking illicit photos up women's skirts to give up his four-digit passcode to authorities.
The odd thing, though, is that decisions to the contrary, as described in this Washington Post opinion piece, can be found as well. The link's content, it should be pointed out, argue why that particular decision was incorrect. However, the author also reverses himself the next day.
Needles to say, the situation surrounding the production of passwords is fraught with problems, constitutional and otherwise.
Like the many cases before the sextortion one, it's obvious that the details of this case need to be weighed carefully (it goes without saying that, ideally, that should always be the case). What's important is not that the Florida Court of Appeals ordered a man to reveal his passcode; rather, the focus should be on why the appellate court came to that decision. For example, in past cases involving the forced revelation of passwords or encrypted data, a significant factor was whether the "foregone conclusion" principle applied. For an excellent layman's distillation of this principle, read the Washington Post piece mentioned above.
In this extortion case, it seems that the government has a winning hand: not only do they know that the encrypted phones belong to the defendants, I imagine that they know what they're looking for. Namely, the naughty pics and videos that were used in the extortion. So, it's not a fishing expedition; the foregone conclusion applies, and as long as the warrant is written out correctly, there shouldn't be any problems. Of course, that last part is the crux of the matter, isn't it?
 

Related Articles and Sites:

http://edition.cnn.com/2017/05/03/us/miami-sextortion-phone-security-trnd/index.html

 
<Previous Next>

HIPAA/HITECH Doesn't Require You To Be Perfect, But It Does Expect You To Follow The Rules

Global Malware Emergency Shows Why Backdoors Are Dangerous

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.