I’ve been waiting to see a US precedent concerning forcing a suspect to divulge encryption passwords. The UK passed the Regulation of Investigatory Powers Act (RIPA) in October of 2007 which provides for a two year imprisonment for failure to produce an encryption key regardless of any other charges. The RIPA has been used once against an animal rights activist. Now, a Vermont judge has ruled that, under the Fifth Amendment, a suspect cannot be required to produce evidence including an encryption key. Here is some interesting blog commentary by an attorney.

This is a particularly interesting case in a couple of ways. First, officials opened his laptop and started poking around as he was being processed at a Canada-United States border crossing. Second, it brings up some interesting questions concerning rights of accused. The particular crime he is accused of, possessing “animation depicting adult and child pornography”, is one that inspires extreme emotional reactions, it seems. People then tend to forget why the Fourth and Fifth Amendments were included in the Bill of Rights, namely that American citizens weren’t protected by the Magna Carta and searches and seizures illegal in England were commonplace in the colonies.

Of course, if Bruce Schneier is right, the government may be trying to place a backdoor in new encryption standards to avoid this sort of mess. It wouldn’t be the first time, though. See the clipper chip, or mandatory key escrow. I’m sure this isn’t over, but it’s a nice turn of events.

I’ve gotten around to migrating my backup partition to a Truecrypt encrypted partition. This partition, /dev/sda2, was an ext3 partition I’ve been using for backups. I have an external backup drive (also encrypted) that I keep off-site and so didn’t worry about destroying the backup data on the partition.

Knowing a little something about computer forensics, I wanted to ensure that data I had written prior to encrypting the partition would be unrecoverable. If I had wanted to erase the entire drive I would have used Darik’s Boot and Nuke or some other linux-based drive eraser conforming at least to the DoD specification for file wiping. It’s important to remember, though, that wiping only files likely leaves data remnants in the empty drive space, file slack space, and sectors marked as bad. So, clearly it’s important to erase the entire partition or drive, not only files.

I wanted to only erase a partition so I used a more configurable utility to overwrite the space within the partition. First I rm -rf’d the files and directories on the partition. Then I overwrote the available space in the partition with random data using dd and /dev/urandom. sudo dd if=/dev/urandom of=/mnt/back/bigfile I probably should have just overwritten the partition at the device level, but I didn’t think of it until later. Next I used wipe to remove the bigfile. Only then did it occur to me that I could call wipe against the block device itself. sudo wipe -Q 1 -R /dev/urandom /dev/sda2

Hoping that the drive was sufficiently overwritten with random data I created a Truecrypt container on the partition. I chose to use the ext3 file system so chose the ‘no filesystem’ option in Truecrypt. After creating the container, I mounted the container. sudo truecrypt /dev/sda2 Then, I created the filesystem. sudo mkfs.ext3 -cjv /dev/mapper/truecrypt0

Now I have an encrypted backup partition on a separate internal hard drive completely independent of the LVM/dm-crypt encrypted system. I have a script that calls rsync against my /home, /etc, and /usr/local directories, which is everything I need to rebuild a system.

To those who would suggest that only people with something to hide should be concerned with privacy, I urge you to read ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy.

I installed the beta release of Ubuntu Gutsy Gibbon to test application compatibility with 64 bit Linux. Specifically, I wanted to verify that the Oracle Calendar desktop client, Crossover Office, Internet Explorer 6, and Microsoft Office 2003 work without errors. I haven’t ever opted for the 64 bit version before and was worried about not being able to run applications that I commonly use at work. I feared for nothing! Everything went very smoothly.

In fact, installation and configuration was a breeze. Nvidia driver and proprietary codec installation was incredibly easy even though I decided to use a 32 bit browser so that I can easily use plugins such as Sun Java, Adobe Acrobat, Real Player, and Flash. In a former job I installed hundreds of systems with Windows version ranging from 95 to XP. Installing and configuring Linux AND all the software I use is orders of magnitude faster and easier. I hadn’t ever just copied over configuration directories before, but by copying the directories for Thunderbird, Firefox, ssh, gnupg, and Pidgin, I probably saved myself at least an hour. I had a nearly exact replica of my old system in about 2 hours. In fact, for applications like Oracle Calendar, I didn’t even install them in the new 64 bit system. I just copied the entire directory from the old system to the new and it ran.

I can’t say that I notice any speed improvement from migrating to the 64 bit environment, but I probably wouldn’t notice. I mean, fast is fast enough. I was able to play Call of Duty and Battlefield 2 under Cedega so I can’t complain. Ubuntu 7.10 Gutsy Gibbon will be officially released October 18th.

is 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Well, at least it seems to be the favorite number of the Motion Picture Association of America. They’re issuing DMCA Takedown Notices to people who post this number, I’ve read. I’ve always wanted one of my own! For those readers not ‘in the know’, this number is the decryption key for HD-DVD Processing. DVD encryption is meant to prevent DVD copying, but also makes it a criminal act to watch DVD’s in Linux, among other things. When I pay for a DVD I want to be able to watch it. That’s it. Also, copyright law clearly grants the right to make ‘archival backups’. See Spread this number for more information.