Secure IDEots

Add Your Comments

The promo for the Abit IC7-MAX 3 has this rather interesting claim:

For MAX3, the ABIT Engineers listened to users who were asking for information security. SecureIDE connects to your IDE hard disk and has a special decoder; without a special key, your hard disk cannot be opened by anyone. Thus hackers and would be information thieves cannot access your hard disk, even if they remove it from your PC. Protect your privacy and keep anyone from snooping into your information. Lock down your hard disk, not with a password, but with encryption. A password can be cracked by software in a few hours. ABIT’s SecureIDE will keep government supercomputers busy for weeks and will keep the RIAA away from your Kazaa files.

I’m afraid this is another leaky condom, and here’s why:

1) Locks don’t work when you leave the front door open. This device will encrypt your hard drive. Fine. All that means is that your computer (whether through a dedicated chip or a CPU) is going to be doing a whole lot of decrypting to do anything, including communications with the outside world. If you use a P2P network, share a drive and your system is set up to decrypt the information, this does absolutely nothing to stop an RIAA and Company scan.

You don’t let the RIAA in by having unencrypted data, you let them in by allowing sharing of your hard drive. If you don’t want RIAA looking at you, don’t share your hard drive.

I suppose it may be possible one way or the other to toss up encrypted files, but then what good does the results do any other P2Per? How the hell are they going to know what that file is?

Use public key/private key encryption? Just how are you going to distribute a private key over a P2P network? How could you know one or more of the recipients isn’t a member of RIAA and Company?

Sure, it’s possible to have a network of close-knit people who know and can vouch for each other, and that could well be quite secure. Until the first spy shows up. Then you’re all dead.

I’m not going to say that a tightly-knit small group wouldn’t be very likely to escape notice.

I will say that you couldn’t possibly keep spies out for any length of time in a mainstream public network where you’d have to distribute private keys like confetti.

The following is a discussion of the legal ramifications of encrypting under U.S. law, and should not be taken as a guide for anything but U.S. law. However, for those who live outside the U.S., this ought to give you some
clues on how to research what the law would be where you live.

Just to answer a question often asked, if you live outside the United States, as a general rule, you will be subject to applicable national and/or (in the case of the European Union) EU law on this subject. Generally, RIAA is U.S. only, but there are equivalent organizations in most countries (up to now, they haven’t taken the steps RIAA and Company have taken in the U.S.). An American company can ask the local authorities to take action against you, but there’s no indication yet that’s been done, and if this occurred, the laws where you live would apply.)

2) This is locking the barn door after the horse ran out There’s a false assumption lying behind this claim. The assumption is that RIAA and Company needs your hard drive to win in court. This is untrue for two reasons.

The RIAA lawsuits aren’t based on you possessing a file. They are based on you making it available to others. All they have to do is identify the file and download it, and they have enough evidence.

Of course they can download it from you legally. Who has the rights to the song? Do you think RIAA is going to sue themselves for copyright infringement?

No, you don’t have any privacy rights when you share your hard drive with the public. It’s the difference between doing it in the bedroom and doing it on the front lawn.

But let’s assume the attorneys for the Evil Empire are in a particularly sadistic mood. They’ll ask for an unencrypted copy of your files. And guess what? If you refuse, the Fifth Amendment isn’t going to save you.

Did you think refusing to decrypt on the basis of the Fifth Amendment would save your butt? Ha, ha, ha. You’re in for a rude awakening.

Here’s what the Fifth Amendment of the U.S. Constitution actually says:

“No person . . . shall be compelled in any criminal case to be a witness against himself . . . .”

These RIAA lawsuits are not criminal cases. They are civil procedings. Many protections that are available under criminal law aren’t available under civil law.

You can find a rather good, short, simple discussion of the differences between criminal and civil law here. To quote in part:

“In a criminal case, the suspect or defendant has the right to remain silent during questioning by police and prosecuting attorneys. In a criminal case, the defendant may choose to refuse to be a witness, and the jury may infer nothing from the defendant’s choice not to testify.

“However, in a civil case, the defendant must be available and cooperative for depositions and testimony as a witness in the trial. In fact, the defendant in a civil case in Federal court must voluntarily provide his/her opponent with a copy of documents “in the possession, custody, or control of the party that are relevant to disputed facts alleged with particularity in the pleadings” [Federal Rule of Civil Procedure 26(a)(1)(B)] . . . .

In other words, the defendant in a civil case must help his/her opponent collect evidence that will defeat the defendant. And, at trial, if a party invokes their fifth amendment privilege against self-incrimination, then the judge will instruct the jury that they may make an adverse inference against the party who refused to testify.”

In short, if you get asked for unencrypted records, and you refuse, at the very least, the judge will tell the jury to hold that against you (or do so him- or herself). If you’re not so lucky, you’ll be faced with a contempt of court charge, which would get you some jail time.

So RIAA and Company on the whole would probably like you to encrypt your files and think you’re safe. It actually sets you up to at least make you look bad in court, and maybe get you some jail time.

Conclusion

Encryption may be of some help in criminal trials. But RIAA and Company aren’t pursuing criminal cases. They’re pursuing civil cases, and the rules are quite different there. You don’t have the protections you likely think you have.

Leave a Reply

Your email address will not be published. Required fields are marked *