Rubber-Hose Cryptanalysis is Effective

I’m a big privacy advocate, which means I urge people to encrypt their hard drives (amongst many other things). This protects your data from a thief who has stolen your device, snoopy significant others, and law enforcement agents trying to dig up a reason to throw you in a cage for the remainder of your life. But encryption isn’t perfect. Rubber-hose cryptanalysis is effect. What that means is that officers, thanks to their magical liability shields, can bypass your encryption by threatening or actually using violence against your person:

After a few hours of this, which involved an attempt to lure one of Cascioli’s suppliers to his building, the officers focused on Cascioli’s Palm Pilot, which they (correctly) believed contained the information they wanted. But Cascioli wouldn’t provide the password. He claims that police then tried to extract the password through intimidation.

Cascioli says [Officer Thomas] Liciardello asked him a question: “Have you ever seen Training Day?”

When Cascioli said yes, Cascioli says Liciardello looked him in the eyes and said: “This is Training Day for f—ing real,” and then instructed officers Norman and Jeffrey Walker to take him to the balcony.

According to Cascioli and the indictment, Liciardello told them to “do whatever they had to do to get the password.”

Out on the balcony, Cascioli says officers Norman and Walker lifted him up by each arm and leaned him over the balcony railing.

In his testimony at trial this month, Cascioli provided more details, under oath, about what happened that night. The Palm Pilot, he said, contained records on his $400,000 stash, which he had split for safekeeping between the home of his brother and the home of a friend. When the cops allegedly took him out to the balcony, Cascioli said he truly feared for his life.

“They started to lift me a little,” he said. “My feet were off the ground.”

He said he was afraid. “I thought they were going to drop me” over the railing. Cascioli said he then gave up his password.

As a side note it’s worth bringing up that no Palm Pilot ever supported storage encryption so the most Cascioli’s device could have had was a password that could be easily bypassed by plugging the device into a computer and syncing all of the data (which copies the data from the Palm Pilot to the computer). But that really has nothing to do with the case at hand.

What is important here is threat modeling. Police rarely suffer consequences for using excessive force or even committing murder. That makes them more likely to use rubber-hose cryptanalysis. Fortunately encrypted drives are usually easy to erase because only the decryption keys need to be wiped out. If you really want to keep your information secret it would be wise to begin formatting your computer and mobile device upon confirming police are trying to gain entry into your dwelling. Otherwise you’re at the mercy of the court, which will tend to side with the police, to throw out any condemning evidence (and there will always be condemning evidence since everything is illegal these days).