Encryption Debate at Mitnick Trial

A number of people have written about the latest twist in the Mitnick case. Kevin wants to get his data back, but the government is refusing to do so until he gives them the key. Apparently, the government is unable to crack the encryption that he's got on it - you'd think after having the data for five years, they'd be able to brute-force the darn thing. It's a NYT article - free login required.

Recipe

[Signal+11]

Yeah, they want the recipe for Kevin's dynamite meatloaf. That's what the encrypted contents contain! Buwhahahaha!

Seriously now, Kevin has the right not to incriminate himself. This includes not turning over a key. This is all 5th Amendment.. the government is just trying to set a precident here so they can steam-roller it. g'luck, I have a small amount of faith that the supreme court will shoot it down.

Re:Recipe

[BlueMonk]

Hey, It looks like were forgetting something here. The fifth amendment seems an odd rule to apply to this to force the government to return his files! The fifth amendment may protect the defendant from having to give up the key, but it doesn't give him the right to his files if they are believed a potential danger to the greater public (does it?). If the issue is whether he has the right to get at his files, the fifth amendment rights don't seem quite applicable.

Good encryption

[roman_mir]

Maybe the entertainment industry should have hired this guy to write the next version of DVD playback protection.

Re:Good encryption

[348]

Next time maybe the feds should outsource the job of decripting evidence files to some Norwegian teenagers.

Never knock on Death's door:

Lawyer: uh, no.

[hawk]

I am a lawyer, but this is not legal advice.If you need legal advice, see an attorney licensed in your area.

You've turned the presumption of innocence sideways. He was convicted; there is no longer a relevant presumption.

He was convicted for stealing electronic information. It takes a stretch of the imagination to think that there is more than a remote chance that the data does not include the fruits of his crime.

The state does *not* have have to prove a connection to each and every apparent proceed of his criminal enterprise--*especially* when there is a simple way to check.

He *has* been convicted, and it defies logic to suggest that that this data isn't part of his crime. *He* now has the burden of proof, not the government.

This is not an erosion; I believe that this is exactly the outcome you would see from a court staffed by the founding fathers. I'm just about all the way out to the extreme on the rights of individuals in the face of the government (just l like the folks who wrote the Constitution and Bill of Rights), but in this case the law is on the government's side.

Re:Data back

[cyberdonny]

> Excuse me, but can't they just copy the freakin' data!?

The data was encrypted, so their was no way to copy it. Or were you asleep when the DVD CCA explained this? ;-)

presumption of innocence, self incrimination

[MattMann]

US Constitution supposedly guarantees the assumption of innocence

This is widely believed but for good or for bad, it is not true. You are entitled to the presumption of innocence in court, i.e. before the judge and jury at your trial. However, the rest of the system is entitled to presume you guilty with reasonable suspicion. That's why the police can get warrants to search, that's why they can arrest you and that's why they can hold you in jail if they think you are harmless but probably will run away.

I think morally and as a courtesy it is nice for the public at large to also give you a presumption of innocence, but it's clear that the only way to run the bureaucracy is pretty much they way that it is run.

I am not familiar with the Mitnick case specifics, but it is quite common for defendants to give up the right not to self incriminate as part of a plea-bargain. If he agreed to cooperate, for example, then I can see both sides of this dispute.

Also, it is interesting: encryption brings up a question that does not exist in meatspace so new law might be required: we don't give burglary tools back to burglars. Encrypted files have this weird property that you can hold them in your hands but not be able to tell what they are. I believe that if the government offers him immunity from any new prosecution, that he may not claim the right not to self incriminate because he would not be. Then it becomes a privacy issue and there really is very little law protecting actual privacy.

Maybe the government CAN decrypt it...

[ronfar]

...but won't because they want to set a precedent.

Paranoid ramblings from a paranoid person... but after all, isn't that what the Mitnick case is all about, setting precedents?

He should have made an off-site backup..

[Dwonis]

...and then he'd have an advantage, as he would no longer care that they could nuke his data.

Or maybe he did.
--------
"I already have all the latest software."

Legal References

[JabberWokky]

.

First off, the standard disclaimer: IANAL. But I can use Google to find and read what Lawyers have already written.

Item 1:

A. Michael Froomkin, Associate Professor, University of Miami School of Law writes in his article "The Metaphor is the Key": Simply putting something into a safe does not, however, ensure that it is beyond the law's reach. It is settled law that a criminal defendant can be forced to surrender the physical key to a physical safe, so long as the act of production is not testimonial.{706} Presumably a similar rule compelling production would apply to a criminal defendant who has written down the combination to a safe on a piece of paper. There appears to be no authority on whether a criminal defendant can be compelled to disclose the combination to a safe that the defendant has prudently refrained from committing to writing, and in Fisher v. United States,{707} the Supreme Court hinted that compelling the disclosure of documents similar to a safe's combination might raise Fifth Amendment problems.{708} Perhaps the combination lock problem does not arise because the police are able to get the information from the manufacturer or are simply able to cut into the safe. These options do not exist when the safe is replaced by the right algorithm. Although brute-force cryptography is a theoretical possibility,{709} neither safe cracking, nor number crunching, nor an appeal to the manufacturer is a practical option when the armor is an advanced cipher. The recently released Federal Guidelines for Searching and Seizing[Page 872]Computers{710} suggest that "[i]n some cases, it might be appropriate to compel a third party who may know the password (or even the suspect) to disclose it by subpoena (with limited immunity, if appropriate)."{711}

(The numbers are footnotes to specific cases)

Item 2:

The Crypto and Self-Incrimination FAQ simply lists (for America... it also covers a few other countries): "The Fifth Amendment of the Bill of Rights reads: "No person (...) shall be compelled in any criminal case to be a witness against himself". The Supreme Court has restricted this to giving evidence "of a testimonial or communicative nature". ". It also lists several cases that apply.

--
Evan --

Why is their stupidity a legal issue?

[john@iastate.edu]

Painter [the government lawyer] replied that because the government could not understand what was in the files, it could not use the files as evidence at trial. He also said that Rule 16 did not apply because the encrypted files in sense were not "really in our possession," because "we don't know what's there."

How is *that* relevant -- suppose they confiscated a physical device from you which they were unable to understand -- would you be forced to explain it before it was returned to you?

For all we know your honor, this mysterious cylindrical object could be a weapon -- it makes an ominous vibrating noise when powered up!