Barely Legally

Confessions of a Moot Court Bailiff

Crypto's Weakest Link

The altogether fantastic Sarah Jeong, who is one half of the Five Interesting Articles team, has apparently been moonlighting. By day, she writes a niche IP comedy newsletter, but by night, she’s a regular contributor to Forbes about technology and the law. The sound of an awkward pause goes here.

Today, she writes about the trial of Ross Ulbricht, who has been indicted for a goodly number of federal crimes: conspiracy to traffic in narcotics, engaging in a continuing criminal enterprise, conspiracy to access a computer without authorization (i.e. hacking), and conspiracy to launder monetary instruments (money, guys. Just say money). If convicted of all of these, he could serve the rest of his life in prison, and then another life sentence, and then a twenty-five year sentence.

As Sarah writes, Ulbricht has been accused of being the founder and administrator of the Silk Road, a web site where people bought and sold drugs on the internet until it was shut down by the federal government because duh. Her article starts with the capture of Ulbricht’s laptop, which turns out to be the center of the government’s case against him:

[The FBI’s] orders were to seize the laptop in an open and unencrypted state. The arrest team suspected that the hard drive would become encrypted with a touch of a key or at the moment he shut the laptop. They were right—Ross Ulbricht’s Samsung 700z was secured with TrueCrypt. And by sheer luck, the inter-agency arrest team was able to seize it in its most vulnerable state.

The laptop was a goldmine. It wasn’t just a smoking gun; it was a smoking gun that came wrapped up in a box with fingerprints and photo ID. The computer contained accounting spreadsheets, PGP private keys, the .php files that made up Silk Road, chat logs, and—worst of all, for the defense—a journal.

Sidebar: When was the last time someone used the phrase “PGP private keys” in a puff piece about a trial? This is lovely. No more ‘the cloud is like a hat for your email, which is also like a boat with your passwords’ nonsense. Please please let Sarah Jeong write all the tech stories from now on.

Anyway, Ulbricht’s defense is apparently that, while he technically founded of Silk Road, he retired almost immediately. The real adminstrator, Dread Pirate Roberts, is someone else.

Before we found out that the FBI had a copy of his diary, which contains entries ruminating on the day to day running of Silk Road, that might have been more believable. He also apparently had chat logs for… everything. And scanned copies of his co-conspirators’ drivers licenses. (Yes, really.)

This information was all encrypted, but cryptography is like a fairy tale. The weakest link of Ulbricht’s security protocols were inside him all along.