 All right, 2017 is the year of Linux on the desktop. Let's give Mr. Levison a big hand. Yeah, anyone want to know why it took so long for them to switch from VGA to HDMI? Now you know the answer. All right, folks, my name is Ladar Levison. For those who don't already know who I am, I'm the owner and operator of LavaBit, an encrypted email service that suspended operations in 2013 after being forced to become complicit in a man in the middle attack. Yeah, I'm that guy. Last couple of years, I've been working on darkmail, but that is a talk for another day. What I'm here to talk about today is really to give you guys a crash course in compelled decryption law. Or in technical terms, just how the Department of Justice is using the courts to force people to decrypt their data at gunpoint. Over the past three years, I've become an expert on compelled decryption law. I had to learn this information the hard way. Hopefully by sharing it with you guys here today, I'll help some of you avoid some of this pain in the future. Now, before I get started, I'd like you to take note that I've compressed this presentation into approximately 3,000 seconds. Huffman encoding rules do apply. This means it may feel like you're drinking from a well-endowed fire hose, which looks something like that. But if you're at this conference and you're attending my talk, or you're taking the time to watch this at home, you're probably smart enough to drink in this information without the help of a sippy cup. The problem is easy to express. The Department of Justice has been pwned by a bunch of perverts. More specifically, what I'm saying is that the DOJ has been taken over by a group of individuals who derive sexual gratification from manipulating the law to achieve a specific end. Whether those ends are a benefit or a detriment to society is in the eye of the beholder. I shall leave that for you to decide. What I'm here to talk about today are the legal doctrines, or shall I say the doctrinal perversions being used to attack encryption technologies. The issue stems from the belief which is slowly proliferating throughout the ranks of government and law enforcement that they are entitled to all of our data. And when I say our data, I don't mean the ciphertext. I mean the plaintext. You should also know the DOJ blames the InfoSec community and our efforts to improve the security and privacy of information as being the problem in and of itself. The bigger the barrier, the greater their demands for assistance. The DOJ believes it can use the courts to compel decryption and or conscript others to assist them in defeating it. If you ascribe to their belief, then the DOJ is entitled to any information which might assist them in their investigation. The DOJ has argued they can use existing statutes to seek assistance, which in cases where Congress has not explicitly prohibited a specific action. They like to view the All Ritz Act and some of the other generic language in the statutes as effectively being a blank check. The only thing standing in their way to date is the court's willingness to exercise its authority. This might be a good opportunity to tell you that about 60% of the sitting judges were former prosecutors. My goal here today is somewhat modest. You should know, going into this, that in order to exercise your rights, you may have to go to jail. My hope is that by sharing some of this information with you here today, I will increase the possibility or the probability that you will be released should you find yourself on the wrong end of a gavel. My second goal is to arm you with enough knowledge to have an intelligent conversation with your lawyer. If they tell you your choices are to comply or go to jail, you should probably look for a different attorney. And that's because knowing is half the battle. Now I'm gonna cover two major areas of law. And I figure it's good to start out by defining the terms, since first party and third party aren't typically terms you hear while standing next to the company water cooler. First party refers to situations where the government seeks to compel decryption from a suspect. In other words, to force them to decrypt their own data. Third party refers to situation where the government seeks to conscript a company like Lava Bit, My Own, or Apple, or any of the other secure communications companies or secure data storage companies out there to assist them in accessing encrypted information without the user's assistance. It's cutting off my notes. What's a presentation without at least a few problems. If you're wondering who the second party is, it's the government. It's worth noting that a common strategy is to convert first parties into third parties by granting them immunity. The key phrase to remember here is derivative use immunity. If you believe the government is honest, then typically derivative use immunity is what you need to protect you. Your lawyer can explain the rest. On the other hand, if you believe law enforcement is dishonest and will use the information they obtain against you regardless of where they got queued on to a particular line of investigation, then no amount of immunity can truly protect you. You may find it surprising to know there is no law on the books that specifically grants law enforcement the right to compel decryption. You might find it equally surprising to know we have no right to privacy here in the United States. What we have is the Fourth Amendment which protects our homes from search and seizure without probable cause. Now the government has been very careful to distinguish that from a right to privacy. I'm only gonna give you half the presentation. There also aren't any Supreme Court cases yet which deal directly with compelled decryption. What we're going to be talking about are the handful of district and circuit court decisions which attempt to draw from older Supreme Court decisions which involve corollaries in the physical world to make extrapolations about how they should handle encryption in the modern day. What's important to understand about the law is that only decisions by the Supreme Court are binding upon the entire country. Decisions by an appellate court in a specific circuit would be binding upon all of the courthouses in that particular circuit. Feel free to pick out your own state and see which circuit you happen to fall in. This isn't to say that decisions in other circuits aren't relevant, quite the contrary. Judges will often consult the opinions from other circuits before making their own decisions. Now, before I jump into the cases involving encryption, I thought it would be worth starting with two older Supreme Court cases which have been heavily cited in all of the modern day cases. The first is Fisher v. United States and it comes from 1976. It gives us the closest thing we have to a Fifth Amendment right against self-incrimination by being forced to decrypt our data. In this particular case, a individual was being forced to surrender documents. And what the court said is that the Fifth Amendment would not be violated by the fact alone that the papers on their face might incriminate someone. For the privilege protects a person only against being incriminated by his own compelled testimonial communications. Because the documents were created voluntarily, the court held they could not be considered compelled testimonial evidence. In other words, all of the information on your hard drive already was created voluntarily. And therefore, as far as the courts are concerned, is subject to subpoena or search. The only thing standing in its way is the ability to access it. Now in Dove v. United States in 1988, we get the origin of the current testimonial doctrine. In this Supreme Court decision, the court held that a statement is testimonial when the government compels the individual to use the contents of his own mind to explicitly or implicitly communicate some statement of fact. Now I don't know about you, but I keep my passwords in my brain. Some people even call that my mind. Other people say it's my girlfriend. She's the one that makes all the decisions. This particular decision is rather important because what it says is it draws a distinction between information that exists only in your head versus information that might be somewhere else in the physical world. Now what we get from a much more modern case that actually derived from the Clinton's Little Whitewater scandal, everybody remember that from the 1990s, is that knowing the location of a particular document is in and of itself testimonial. How this gets applied to encryption is that the information on the drive is not protected. What's protected is whether or not you have access to it. If you can decrypt it, and the government can prove that, then effectively your Fifth Amendment protections begin to fall away. Keep that in mind when you find yourself being questioned by law enforcement. If the government can claim that the production of the information is a foregone conclusion, then it holds no testimonial value, and thus they can force you to decrypt the information. The first case we have to talk about, which directly involves encryption, involve Sebastian Boucher and his father as they attempted to cross the Canadian border into the United States. In this particular instance, one of the officers found a laptop in the back seat and without needing to enter a password, he was able to access approximately 40,000 files on the laptop, some of which appeared to contain pornographic images. An ICE special agent then investigated further, finding thousands of images of pornography, including one labeled in a way to suggest it was child pornography. The laptop was powered down, and when the investigators tried to power it back up, they realized they could no longer access it because it was encrypted. In this particular case, they already knew what was on the drive. The only question for the courts to consider was whether or not Boucher's knowledge of the password was in fact testimonial. In other words, we create this doctrine of reasonable particularity. If the government can prove that you know how to access the information and it knows what information it's seeking ahead of time, then it can force you to decrypt your hard drive. In this particular case, the government's initial request was thrown out. It was later narrowed by the prosecutor such that he only required an unencrypted version of the drive, and he sought approval from the magistrate judge based on the foregone conclusion doctrine we discussed earlier. The district court reversed this decision, saying that you don't need to know the specific contents of the files, you just need to be able to demonstrate that the files exist. In other words, the investigator saw the file names and was able to use that to overcome the particularity and specificity requirements. What that means is that you may wanna start encrypting the names of your files in addition to the files themselves. This particular example was taken from one of my favorite ransomware applications. Nice to see they're doing some good. The next case we have to talk about goes all the way to 2013. In this particular case, agents raided a suspect's home and seized a hard drive containing files which indicated they might contain child pornography. Initially, the demand to decrypt the data was rejected by the court, but upon further review, the judge reversed himself after the prosecutor demonstrated ownership and access to the encrypted data. By showing the drive contained personal financial information belonging to the suspect, he was able to prove ownership. You should keep this in mind and share this with your fellow DEF CON attendees who like decorating their computers with identifying marks. For example, if you're Bob Hoskins and this is your notebook computer, you might have a hard time denying that it's yours. Or Daniel Radcliffe would need some pretty potent magic to deny this was his computer. Jennifer Lawrence, who we know recently learned the value firsthand of encrypting her sexy selfies and her collection of various dick pics might have trouble denying that this was her laptop. In this situation, oh. Moving on to another case which takes us back to a circuit court decision and this is one of the few decisions we have at the circuit level. Remember, which means that it's binding upon the entire 11th circuit. Involved the situation where the government obtained a warrant to search a hotel room for any electronic devices found in possession of John Doe. They suspected Mr. Doe of sharing Kitty Point, porn. Certain portions of the drive couldn't be examined by the FBI because they were encrypted. A grand jury subpoena was issued which required Doe to produce the unencrypted contents of the hard drive. Doe claimed his Fifth Amendment right against self-incrimination. In other words, he tried to exercise the Fifth Amendment in order to protect him from being forced to testify. That testimonial exception that we talked about earlier. The government unilaterally gave him active production immunity to circumvent the claim and thus forced him to decrypt the information. Later on, the appellate court went back and reversed the decision, saying that the government had not reached the standard of reasonable particularity that is required. In other words, it must prove it knows the existence and location of encrypted files and offer reasonable evidence to suggest the encrypted files will contain the incriminating evidence. Unfortunately, part of the slide is cut off. Windows. I like to blame Microsoft for everything. Precisely what qualifies as reasonable particularity remains an open question. For example, if the government knew a spreadsheet found in a file called Corporate Financials, would that qualify as reasonably particular in a tax evasion case? We have one of our best tests of this particular doctrine of law currently taking place in Philadelphia. In this particular case, this suspect, a Philadelphia police sergeant who we shall call Galileo, was relieved of his duties and has refused to unlock two hard drives that were seized from his home more than seven months ago. He has since been found in contempt of court for refusing to decrypt the drives and currently sits in jail awaiting a decision by the appellate court. In this particular case, the evidence against him consists of a sister who claims that she saw images and videos on the drive that were of underage individuals posing in a pornographic nature. A subsequent forensic exam of his Mac found a single image of a young approximately 12-year-old boy in a bathing suit. Now, what's interesting about this particular case is that they managed to decrypt the Mac by accessing his iPhone 5S, whoops, which he gave them the pin code to voluntarily after which investigators searched the phone and found an app on there, what they call it, secret apps that was supposed to have protected his information. In other words, don't believe everything you hear about the protection of your information. They managed to circumvent the security of this particular app and they found a screenshot of the recovery key for his Mac Pro. They were able to use that to access the Mac. Like I said earlier, the only incriminating evidence they found on the Mac was that singular image that may or may not have been of an underage boy who was not naked but close to it. They also found evidence in log files that he had visited various groups called toddler CP, lollycam, hussy, child models, and a few others that I can't even pronounce. Collectively, they used that as the evidence against him to compel decryption of the two external drives. As I said, the case is currently pending. What this particular case introduces is something that I wanna make you guys aware of here today. When you print out or save off a recovery key, it is subject to subpoena and or search by the government if they can prove its existence and know its approximate location. Now for those who don't know, a recovery key, and in this case, I'm using BitLocker from Microsoft, is basically an alternative to your password. In the case of BitLocker, it's a 48-digit number, which by my math is approximately a 160-bit key. Now, what's important to know is that initially, when BitLocker first came out, the FBI was quite concerned about it. But when they realized that every user who was going to use it was going to be creating a paper copy that would circumvent it, and the FBI could thus search a person's home and find the recovery key, it became far less of a concern. As we move into this next area of law, it's important to understand that the Supreme Court has held that certain physical acts involving the surrender of a physical object is not considered testimonial, and thus not subject to protection by the Fifth Amendment. Giving a blood sample or providing a voice sample have not been considered testimonial as they do not require the suspect to disclose any knowledge he might have about his or her guilt. What this means is that anybody who likes the iPhone Touch ID isn't very safe, which is probably about two-thirds of you. What you need to do is combine it with a piece of information that is locked away inside your gray matter, something like a pin code. But unfortunately, what we're learning is that even a pin code isn't necessarily safe because the vendor can be compelled to modify the product and make it susceptible to a brute force attack. We'll talk about that more in a little minute, in a couple of minutes. What this all means is that what you really need to do is pair your biometric token with a strong password, at which point you should probably start to ask, what's the point of using the fingerprint in the first place? I'll just briefly say that if an external person or organization can access the information necessary to decrypt your information, in all likelihood they will be forced to surrender it. Turning over user data or data created as a derivative of user actions is what I call ordinary assistance and has been common for quite some time. Some of the most simple language that describes this is Kalea, which we don't have time to cover. Instead, what we're gonna talk about is Smith v. Maryland very briefly. It's a case from the 1970s which involved a pen register order that was placed on a suspect's device without first receiving a warrant. And the Supreme Court later came back and said that it was legal because A, the information being collected was normally collected by the phone company and B, there was thus no expectation of privacy. That expectation of privacy phrase is key. As a result of that particular ruling, Congress decided to pass the pen register trap and trace statutes. Now, it's important to understand that these particular statutes were passed when this is what a pen register device looked like. There is no way they could have conceived of encryption at that time, let alone that the language they had written which required providers to provide assistance with the installation of this device as including the necessary and requisite authority to demand an encryption key, unless you're in the Department of Justice. Now, that expectation of privacy is a key phrase because it's the phrase that the government has been using to steadily and slowly chip away at all of our collective rights. This particular court opinion ruled that email communications work private because somebody assumes the risk that they will leak once they share them. Now, I don't know about you, but I consider my email pretty private. The fact that it isn't is probably something that should be shared starting with Hillary Clinton. Now, before I show this next slide, I'd like to do a little poll. Can everyone please raise their hand that thinks the information on their personal computer is private? Go ahead, raise it. Keep your hands up, keep your hands up. Now, for all those folks with their hands up, how many of you also connect your computer to the internet? Looks pretty unanimous to me. Well, according to this particular judge in the Eastern District of Virginia, the fact that you connect your personal computer to the internet means you have no expectation of privacy. I'm wondering if you can quote him when you get brought up on charges for breaking into his computer and sharing all his information. It's kind of how we work in this world. Interestingly enough, my own case happened to occur in the Eastern District of Virginia, so I'm sure my attorney who's sitting out there amongst you will be happy to explain this to this judge when he gets back home. Now, I'd like to briefly talk about my own case. I don't have enough time to go through all of it, but back in 2013, the FBI sought to access encrypted emails that were stored on the LavaBit servers but which were encrypted using a scheme that made them impossible to access without knowing a user's password. Because the messages were encrypted with the user's private key and the private key was secured with the user's password, the FBI sought to intercept that password by compelling the disclosure of my TLS key and then conducting a man in the middle attack. Once they had the password, they could, in combination with the encrypted user data and the source code, reverse the encryption process. I think that's my lawyer calling me, telling me to shut up. To justify this action, the FBI relied on three different authorities, the power to subpoena, which they later withdrew, the technical assistance of the Penn Register, Trap and Trace statutes. Mind you, that particular language was written when the device I showed previously was state-of-the-art and by relying on the Stored Communications Act by claiming that the encryption key belonging to the business was somehow associated with the particular user and that I couldn't be the one to collect the metadata because not only did they not trust me but that I couldn't provide it to them in real time. Instead, they sought to access the information themselves. Now it doesn't take a rocket scientist to realize that they probably wanted to do more than they were actually authorized to do because as Mr. Hayden points out, once you have access to a network, you implicitly have the ability to modify the information that goes across it. We have a second case to discuss which made a number of headlines earlier this year and it involved the mobile phone. While an initial reading of the headlines may have made the case seem innocuous, a careful reading showed the true colors of the litigation. Specifically, that the FBI was relying on a law from 1789 to claim that they had the authority to compel Apple to modify their products so that their security could be bypassed. Now while I can't prove it, it certainly wouldn't surprise me to learn that the DOJ attorneys who devised this particular strategy were assisted by a powerful hallucinogenic. After all, any attorney can make a good argument. Only an honest one will tell you what the odds are of you actually winning that argument. With the DOJ, they have an approximate annual budget of around $27 billion and over 110,000 people on the payroll. They can afford to take some leaps of faith. The rest of us, on the other hand, have to pay for our indulgences. Like the LavaBit case, the DOJ sought to use Apple's source code and encryption keys to circumvent encryption and then blamed the resulting litigation on Apple making their products more secure. Now, I originally entitled this particular section how far will they go? But in June, the target of my particular case was unsealed so I decided to change it to how far did they go in the pursuit of Mr. Snowden in my particular case. Now Snowden has stated on several occasions that he would be willing to return to the United States and face a jury of his peers and receive punishment for his crimes but he doesn't believe he would receive a fair trial. I can attest to that fact because I appeared before the very same judge and I crossed from the very same prosecutor that he would face. Now, I'd like to start my exhibit by showing you this particular order to show cause for failing to allow the installation of the pen register device but as this email shows here and this one and this one I was willing to let them install the device I just was not willing to let them have my encryption key. After all, that is the whole point of encryption is to protect against eavesdropping. Now, when I indicated that I was going to retain a lawyer and object to it in court, what did the Department of Justice do? Well, first of all, they claimed that they weren't able to speak to me even though I have that email record proving that I was in constant contact with them on an average of about every other day. Then, they went to another judge in the same district and sought an order to install the tap upstream with my service provider before I showed up in court. I had to sue in order to get this particular document. And as these particular records show, installed it two days later, well before I even flew to Washington DC. Yet, when I arrived, they did not inform the court or myself that they had already installed the particular device. They continued with the proceeding and insisted that I was not in compliance. Now, I have more evidence here, but unfortunately, I have run out of time to go over it. So, I shall have to skip over all of these slides and go to this one. I shall endeavor to close with a bit of prose. Perhaps more blokes would still be with their folks if history was considered dope. Live, love, learn what floats your boat so long as you remember to vote. Question those with power. I can't read. Because we the geeks all know the speech with great size comes great pleasure. Now, help me teach the freaks that bigger keys will deliver cryptid bits, which is sure to give Snoopy the fits. It's a promissory note for feeling more pleasing than a motorboat. Now, go forth and feel free to quote. That is all.