Is British Government Decrypting Data Encrypted with TrueCrypt from Hard Drive David Miranda Was Carrying?

September 7th, 2013

I did a double take while reading this Reuters article about the Snowden material:

Miranda was held and questioned for nine hours before being allowed to resume his trip from Berlin to Rio de Janeiro, where he and Greenwald live. Greenwald has said that Miranda had carried Snowden related material from him in Brazil to Laura Poitras in Berlin, an American film-maker who has also met with Snowden, and that Miranda was carrying Snowden-related materials which Poitras gave to him back to Greenwald.

In her witness statement submitted to the British court on Friday, Detective Superintendent Caroline Goode, who said she was in charge of Scotland Yard’s Snowden-related investigation, said that among materials officials had seized from Miranda while detaining him was an “external hard drive” containing data encrypted by a system called “True Crypt,” which Goode said “renders the material extremely difficult to access.”

Goode said the hard drive contained around 60 gigabytes of data, “of which only 20 have been accessed to date.” She said that she had been advised that the hard drive contains “approximately 58,000 UK documents which are highly classified in nature, to the highest level.”

Goode said the process to decode the material was complex and that “so far only 75 documents have been reconstructed since the property was initially received.”

It would be very nice to know what that part above in bold means.

“Reconstructed”

What does Goode mean when she says, “So far only 75 documents have been reconstructed”? Is the use of the word reconstructed layperson speak for cryptanalyzed?

In other words, are the 75 clear text documents referenced above the product of cryptanalysis or some other computer forensic process?

It would also be very nice to know which TrueCrypt encryption settings (encryption algorithm/s, bit strength/s) were were used on that drive.

The issue is further confused by an Ars Technica piece which indicates, on the one hand, that Miranda was carrying written procedures (and passwords???) for accessing the information, but on the other hand:

“Anyone claiming that David Miranda was carrying a password that allowed access to documents is lying. UK itself says they can’t access them,” Greenwald wrote on Twitter. In another tweet, he wrote, “Good encryption requires multiple passwords, not just one. That pw allows no access to documents, period.”

Questions, questions.

Leave a Reply

You must be logged in to post a comment.