Alleged fraudster has until next week to decrypt her hard drive for prosecutors

Filed Under: Featured, Law & order, Privacy

Combination lock with padlockProsecutors are keen to discover what is on the encrypted laptop of Ramona Fricosu, a Colorado woman accused of committing financial fraud.

The case has raised interesting questions of whether you can be forced by law to hand over your password, or decrypt your computer.

Fricosu has certainly managed to rally some supporters, including civil rights groups such as the EFF which argued that if she was forced to decrypt her drive or hand over its contents, it would be a violation of Fifth Amendment privileges against self-incrimination.

EFF webpage

Now, according to an Associated Press report, a federal court has denied Fricosu's appeal.

Ramona Fricosu has until Monday to make available an unencrypted version of her hard drive (subtly different from revealing or handing over a password - which could itself be incriminating, or could have been reused in other places).

The Associated Press press describes how the data handover would occur:

In a procedure agreed upon by [Fricosu's attorney] and federal prosecutors, federal agents would meet Fricosu at a designated place with the laptop, which was seized during a search warrant. Then, the government will either look away or go to another room while Fricosu enters a password on her laptop and hands it back to agents so the hard drive can be copied.

What makes the demand for access to Fricosu's PGP Desktop-encrypted laptop particularly troubling is whether prosecutors have provided reasonable suspicion that evidence is hidden in the encrypted content.

If they haven't - then it could begin to sound like evidence-fishing trips are being sanctioned, something which would make those who care about civil liberties very nervous.

It's perhaps not surprising that there have already been suggestions that Fricosu may not have set up the encryption on her laptop herself, or that she might have forgotten the password.

If that's the case, then this fascinating case will surely take another twist..

Combination lock with padlock image courtesy of Shutterstock.

, , , ,

You might like

28 Responses to Alleged fraudster has until next week to decrypt her hard drive for prosecutors

  1. Brad Reason · 889 days ago

    Why can't she just "forget" her password?

    • My immediate first thought as well. If someone wanted access to my personal files, I'd certainly be completely unable to recall my password.

    • Howard · 889 days ago

      Exactly. I am sorry, your Honor, but I dont recall. Hey, it worked for Ollie North.

    • Mike · 888 days ago

      If the judge thinks that she's faking it, he can hold her in contempt of court and the punishment for that is equal or greater than the punishment for the original crime.

  2. CTIBOR · 889 days ago

    honestly, on one hand yes the fifth amendment would be broken if it were allowed to happen, however, the computer is like paperwork, if it were on paper around her house then it would be offered into evidence..... Soooo, 'F' it let her info be acquired, she is withholding information pertinent to the case. If she committed the crime against us then what rights should she have? I am not from the States, and for the life of me don't care to go there, as the laws protect the criminals far better than the victims.

    • Mike · 889 days ago

      I sympathise with your statement 'the laws protect the criminals far better than the victims', however the the question is, and always has been, who is the criminal?

      Until they're tried and convicted, they can't be considered a criminal, therefore they should have all the rights the victim would.

  3. sam · 889 days ago

    In the US the term "reasonable suspicion" is legally meaningless.

    Here, to justify a search the prosecution must convince a magistrate by sworn affidavit or testimony, that a crime has been committed and the defendant has a material relationship to it.

    It appears in this case that the government has met that legal threshold, hence the password issue is merely a diversion.

    Indeed, both defense counsel and the prosecution seem to have recognized that by their agreement that the hard drive be accessed without the defendant having to disclose her password.

  4. abh · 889 days ago

    Clearly a Fifth Amendment issue.
    She is beinf forced to supply information which could be used to incriminate her.
    Best to forget it
    Obviously a system with a "duress" facility is needed
    Any ideas?

  5. WJG · 889 days ago

    I personally believe it's a 5th Amendment issue, but leaving that the question is do the authorities have enough information to prosecute currently? If not then they are on a fishing expedition. The "belief" that there is evidence in her computer is not enough to compel her to give it to them. If they have eyewitness testimony to some of the contents then maybe they would have grounds to compel disclosure. If not what reason do they have to believe her hard drive is concealing information? By what means did they come by her computer? I have a lot of questions not evident in this story.

  6. PXL · 889 days ago

    I'm not a lawyer, but isn't this like having to unlock a door when presented with a search warrent for the entire house?

    • WJG · 889 days ago

      In which case the issue is like I said. They have to have probable cause to get a warrent, and since it's in her computer it becomes even more unlikely they do. It seems like the authorities are so upset at having to deal with the technology issue they aren't thinking about possible etthical or constitutional issues surrounding this.

    • Steve · 889 days ago

      Not exactly, if you refuse to unlock the door they can still break it down by force regardless.

      Encryption on the other hand is not so easily beaten.

    • Ghost · 889 days ago

      let's say this is a home search with a warrant, the police are allow to kick down your door to search the place if you refuse to open the door. I think the same apply to her computer. Instead of wasting taxpayers' money to decrypt the hard drive by Brute Force, or other means, the ask her to decrypt it. I don't think the 5th was broken here.

    • veteran4life · 889 days ago

      the 5th.
      The Fifth Amendment protects witnesses from being forced to incriminate themselves. To "plead the Fifth" is to refuse to answer a question because the response could provide self-incriminating evidence of an illegal act punishable by fines, penalties or forfeiture.

      Historically, the legal protection against self-incrimination was directly related to the question of torture for extracting information and confessions.

      Now the historical part is what get's me, the second part is when we hear every politician and money men say " I forget your honor" and you know what they get away with it, why is it wrong when the common folk like you and me do it. -Remember if you got nothing to hide, let me look at it--right mr. government man,,
      gAtOmAlO

  7. Aaron · 889 days ago

    What happens if she does not decrypt or reveal her password?? Is she sent to jail for obstruction of justice? Or something else? How can they verify she is indeed withholding evidence?? Many questions here and no way PROVE anything....Innocent until proven guilty right!!??

  8. No_5th_Here_Folks · 889 days ago

    Ms. Fricosu has already admitted in recorded conversation (prison phone to her ex-husband) that the incriminating evidence was encrypted on her laptop. As such, she is now withholding evidence and can no longer be protected by the 5th Amendment.

    Had she just kept quiet, she would likely be a free woman.

    tl;dr DON'T TALK TO THE POLICE

    • Robert W · 888 days ago

      That conversation is protected by spousal privelege. The government has no
      right or cause of action by law to use any information it acquired by that means
      including 'sufficient evidence' , 'reasonable cause', or any other construction
      to force or compel her to be a witness against herself, by providing any infor-
      mation, whether spoken, in print, or digital form.

  9. David · 889 days ago

    I assume there is no time frame on this and that the justice system over in the US has an IT dept, give it to one of the geeks and say "you have a year, break into it". Just another form of smashing the door down. Would this even be an issue if it was thought that Kiddy porn or something equally despicable was thought to be on the machine?

    My guess, it's cost cheaper to legally force someone to hand a password over than to break it. There again I live in a country that has no Fith amendment.

    • Mike · 889 days ago

      I don't think you quite understand encryption. For example, if she is using an encryption product made in the last decade (I assume Sophos could probably help you with this) and she had a good, random password (eg. rolling a die ~100 times), it would literally (and I do mean literally) take several times longer than the age of the universe to break it, even if all the computers on earth were put to the task. I doubt the statute of limitations, even in such a heinous crime as financial fraud, extends past the first billion years.

      That being said, if she had chosen a weak password like 'password123' then all bets are off. I'd say it's very likely that the government has already tried cracking the password through checking dictionary words, have failed and are not prepared to wait billions of years to see whether she paid the right amount of tax or not.

  10. Stuart · 889 days ago

    that has to be some level of encryption on the drive if the authorities cant open it.....

    makes you wonder, no normal computer user could encrypt an entire hard drive like that, most still use stupid passwords and we cant get them passed that.

    • Mike · 889 days ago

      I wouldn't be surprised if Windows 8 will encrypt hard drives by default. I was shocked that Windows Vista and 7 didn't.

      Ubuntu linux has for a long time made it very easy to encrypt your personal files. You check a well-labelled option in the installer, and from then on, all users on that system have their files automatically encrypted. If the laptop is stolen or lost, the only thing anyone is going to get is just a bare installation of Ubuntu, which is free if they want to download it anyway. Just a matter of time before Microsoft catches up.

    • Phil · 887 days ago

      It's very easy and very available. Google PGP encryption. People use this level of encryption commonly and for things as simple as encrypting the folder/drive your tax returns are on.

      It just math being used as a lock. Nothing to special and it's been around for a while.

  11. Clim · 889 days ago

    >>government will either look away or go to another room while

    >>Fricosu

    burns/chews her laptop

    • Mr Me · 889 days ago

      That would be destruction of evidence, she'd get a completely separate charge/jail time for that. Probably as much as the actual crime they want to get her for. Besides, they have already made a 100% bit for bit copy of the drive anyway. For all they know, she has 2 passwords.. 1 to decrypt the data, another to wipe the drive clean.

  12. P. Almonius · 889 days ago

    How about if she enters an incorrect password and when it doesn't work she says that the government must have broken something while the laptop was in custody?

  13. Shiny317 · 888 days ago

    Maybe its the wrong way to look at it, but in a sense good news for Sophos. People are listening and keeping their system secure, so top marks for her there *thumbs up* :-D

  14. roy jones jr · 882 days ago

    chalk another one up for not updating the amendments to present day issues. Forget the 5th amendment for a moment: Aren't there warrants to check people house's? So why isn't there anything to say "hey you are being officially accused of fraud (this isn't a small time crime people) so we have paperwork here that has guidelines on whether or not you give us the info on your personal computer." I don't know what this lady is attempting to accomplish. Does she think that if she doesn't say anything folks will just "forget about it" and let her go??

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.