Slashdot Mirror
PGP Ruled as Relevant For Criminal Case
waytoomuchcoffee writes "A Minnesota appeals unamimously ruled in a child porn case that "the existence of an encryption program" on the defendants computer could be admitted as evidence of criminal intent. The article doesn't mention if this can be taken into account for sentencing too."
"We find that evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him," Judge R.A. Randall wrote in an opinion dated May 3.
I find this very disturbing based on the attitude people have regarding encryption. It's seen in such a negative way as if everyone who uses encryption as evil. Let me put it this way:
ENCRYPTION != EVIL
I use this for my day to day communications. Either over IM, E-Mail or moving things from server to server (GPG, then sending the file via FTP etc.). How do we help the public to understand that just because someone wants to keep something secret, even under a mass of public scrutiny, it does not constitute someone breaking the law! I have a TON of letters to and from my girlfriend that are encrypted, that she herself does as well!
I'm not saying the guy accused of the crime shouldn't produce keys, he obviously was doing something totally heinous by photographing a 9 year old in sexual position, and then those pictures destroyed. Predators of this nature are f-ing sick creatures that need some bad rehabilitation.
My point is the attitude of the people. Admission of the fact that he had PGP on his computer shouldn't be a condemning factor of his behavior and should be based on his crimes. NOT THE FACILITATOR, MEANS, TOOL (Physical or otherwise) OR SOFTWARE to commit such crimes. He was using perfectly legal encryption utilities and software.
Just because they were for hiding his crimes/pictures should NOT be a factor in his punishment. What kind of precedent would the judge be inadvertently (or purposely??) placing on the use and ownership of encryption and the tools to do such?
~zoloto
And with other evidence, why shouldn't it be? In fact, the presence of it ought to lead prosecutors to tack on the charge of conspiracy.
Just like the presence of a gun during a robbery lifts the crime to armed robbery, the presence of encryption ought to imply not only that the culprit intended to commit the crime but also intended to cover it up as well.
This is a load of crap. So using a form of encryption automatically means you're doing something illegal? This is purely circumstantial and shouldn't be allowed.
They can't be serious. According to their own logic, whoever has a knife at home has murderer intent. Where's the common sense people?
What a stupid ruling.
"I hate to advocate drugs, alcohol, violence or insanity but they've always worked for me" - HST
So if someone is intelligent enought to know how to protect him/herself, they're more likely to be a criminal? Where is 'innocent until proven guilty' these days? bo
bad_outlook
--
Is this vague enough for you?
Yes, the crime is reprehensible and unforgivable.
But that doesn't mean the presence of encryption tools meant he was guilty. Encryption tools have many uses, some of which are good - like authentication and assurance of confidentiality. It's great to have encryption tools like PGP when you're sending an email to your broker that you want to issue a stock trade from your investments account. Or to be reasonably assured that discussing a prototype / secret business proposal will not be intercepted.
Encryption is merely a tool, to be used for both good and evil. A mail envelope can contain mail, or it can contain anthrax. An encrypted document could be a plot by terrorists, or it could be just any other email.
Doing the Right Thing should not be preempted by making a buck.
This is totally outrageous! I mean, it's like saying that because you own a gun that you will be found guilty for a murder or something. The main reason that the courts can function while saying that the presence of encryption technology is harmful is because of the widespread ignorance.
This is the sort of thing we need to fight. There are more legit. uses of cryptography than anyone can shake a bloody stick at! And if they're going to start ruling in such a manner where this becomes a pattern, it won't stop soon. Just watch, within a few years it may be illegal to use crypto for unknown purposes. And in a decade it will be illegal to possess technology in order to do so. These ideas are not crazy; governments have been doing this will all sorts of weapons for a long time, and we all know that they've also been treating strong crypto as a weapon for just as long.
As I said, this is the sort of thing that needs to be fought. Strongly.
... go to jail
Considering that OS X has shipped with an encrypted file system, that Quicken encrypts its financial data when password protection is turned on, and most browsers, DVD players, and digital cell phones also include encryption features... I can't see anyone buying this as an argument.
dangerous precedent?
So if someone owns a gun should it be revealed for any criminal offense they commit to show that they *could* use it to kill someone? Should we include anyone who owns a knife, owns a car to run people down, owns a hammer to smash someones skull? Come on.
bo
bad_outlook
--
Is this vague enough for you?
Ari David Levie, who was convicted of photographing a nude 9-year-old girl, argued on appeal that the PGP encryption utility on his computer was irrelevant and should not have been admitted as evidence during his trial.
Why should having encryption be a basis of arguing his sentancing. There are no laws against it, his crimes have already been exposed and been convicted. LEt the punishment fit the CRIME.
In Tibet, the presence of encryption on the computer owned by a Tibetan implies only that he is trying to protect himself. If the Chinese discovered that he is e-mailing eyewitness accounts of Chinese brutality against Tibetan children (i.e. raping the children), then the Chinese would likely kill the Tibetan.
Are you serious?
The main issue here is the presense of cryptographic software on the machine. Not a gun with his prints! They have no way of knowing what the software was used for.
It's like saying that they found rope with which he could have used to tie her. Or it could have been used to fix a mechanical problem in his house, or to wrap around bundles of wood, or anything. The presence of cryptographic software should have absolutely nothing to do with the case. Plain and simple.
I guess I should toss my shovel over the bridge along with my gun next time?
But how will a judgment about encryption like that work when everyone uses encryption?
Ok, I know that this is a special case where there obviously seems to be other suggestive evidence for criminal activity... but if you were to take the idea that encryption = evil intent, then you open a can of worms.
Also, if the installation of encryption software alerted to possible encryption of files, then all someone has to do to avoid suspicion is to encrypt data over to a remote machine with no encrytion software - except a few "hot spare unformatted hard drives" which are apparently "unused"
READY.
PRINT ""+-0
As a side note, with that earlier /. article about the MS guy saying to write your passwords down, is encrypting my password list an act with criminal intent?
I didn't RTFA... But if a crime was committed in the dining room of your home, and a (legally owned) gun which was not used in the crime was in your bedroom, should that gun be used as evidence against you?
I used Fedora Core 2. Encryption built right in, 256 bit in any of a few flavors. I encrypt my journal, which has nothing illegal in it. But, if I'm unwilling to let someone read my personal files, why not accuse me of any number of terrible things? Terrorist? Necrophile? Hell, rack'em up boys! If he has an encryption program, he's obviously a criminal?
Good citizens have nothing to hide, after all. Why don't we just ban encryption entirely? And we'll install the cameras here and here...
Seriously...
I'm not totally familiar with what this means legally, but I know it's a bad thing. And a reason for every OS to include it by default, PRONTO!
If this stands up, privacy will take a beating.
Since all modern Macs ship with FileVault as an option for securing their home folders and you also can create encrypted disk images with the Disc Utility tool in Mac OS X, this now can be used against Mac users in a court of law. Somehow, I suspect Bill Gates is behind this. No doubt, in a couple days, we will be see Microsoft ads touting that if you use a Mac, you will go to jail.
Strange women lying in ponds distributing swords is no basis for a system of government.
Read the article! Quit posting in a vain attempt to be first.
He already committed the f'ing crime.
Levie's conviction was based on the in-person testimony of the girl who said she was paid to pose nude, coupled with the history of searches for "Lolitas" in Levie's Web browser.
The guy wasn't convicted because of the crypto. It's like finding the dead body... and then finding the shovel, the canvas bag, etc.
The encryption software here is treated in the same manner as an item such as a large bag would be treated in a shoplifting case. That is, if you go into a store, see something you like, grab it, and run, the court would likely view that as something that you did at the spur of the moment, without putting much forethought into it. The crime, while still very much a crime, would likely be treated as a stupid action you took because you didn't stop to think if it was right or wrong, and the sentence would likely be applied with some leniency. In such a case, assuming the item costs less than $400.00, the crime would be treated as a misdemeanor. On the other hand, if you had entered the store with an unnecessarily large bag that is mostly empty, this might, in the eyes of the court, show that you had planned to shoplift from the outset, and you would receive a much stiffer punishment. In this case, the crime would likely be treated as a felony, regardless of the item's value.
In much the same way, the court handling this pornography case is probably trying to determine under which of the statutes the aforementioned materials fall, and the presence of software used with the intent to traffic in such material, regardless of the software's generally accepted purpose, can allow the prosecution to go for a crime with stiffer penalties.
In other words, if you use PGP, don't worry, because it's not going to be outlawed. But if you're the guy in that pornography case, be afraid... be very afraid. Here in Soviet Russia, pornography encrypts YOU!
As an aside, one should not look at pornography, because it can have an adverse effect on future relationships that you might have.
No, he is not serious. He is however one of the most successfull trolls on slashdot.
I could be privatly communicating with terrorists on my college's UNIX server. I wouldn't need to be proven guilty. Proving guilt is SO 1900s...
I have freaks! I did something right...
An upstanding citizen has come forward with a computer he 'found' on the street and sues the 'previous owner' because the fact that his data was encrypted is obviously evidence of illegal intent.
The previous owner was lynched later in the day and we applaude this model citizen for bringing this travesty to our attention.
Frylock: "We should have cloned twenties, Jackson wouldn't have given a fuck."
My front door has a lock which can be opened only with my key. Therefore, I am hiding something reprehensible inside my house.
Logic, people, logic!
-- The reason it's called the right wing? Irony.
The article says the conviction was based in part on his searching for child pornography through search engines. However, if he used PGP to encrypt his HD then there is no way that law enforcement could have known this. Does that mean that Google or whichever search engine he was using logged his search history and handed it over to police??
Keys and passwords can be obtained during discovery, and failure to provide them is the same in the eyes of the law as not providing keys to your premises; you can be found in contempt for such.
Why on earth did the court rule that the mere existence on this criminal's systems constituted criminal action?* Why didn't they ask for keys as part of the trial and find out what he had encrypted? All this does is punish us in the tech world by alluding to the use of cryptography as a criminal action.
*And yes, this guy certainly deserves what he had coming, but don't punish me for his actions...
So who is the co-conspiritor?
/. the suprise is the judge was so lenient.
Are you implying the programmers are a party to this crime? If this is the attitude of people who frequent
I don't know how I feel about this, encryption is not a crime, but if there is a warrent for your computer not supplying the keys to examine its contents could be viewed as obsctruction of justice. I understand the desire to have things kept private, but the courts can do that if the evidence is irrelivent. This seems to me like Morgan-Stanley getting slammed for deleting their emails, only this guy is worse, because he can give people access to show his innocence (assuming he is since he wasn't proven guilty).
I think certainly that someoen has a bunch of stuff they refuse to let you see after handing it over it is relevent. It would likewise be relevent if he had an uncrackable safe the propper size to hold a body and was on trial for murder, but neither is a case for conspiracy (unless safe makers are to be co-conspierators too).
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
What about the right to privacy? Regardless of what he was doing, encryption secures privacy, and if part of his sentencing was achieved in part because he was using encryption....what other ways could this ruling effect future court cases? I can easily see this becoming a supreme court issue on how encryption relates to the constitution. What is Martha Stewart used encryption on here computer because of her everyday dealings....and then this whole insider trading thing comes about and her and whoever had been talking via email....does encryption on her system automatically make her a person out to do bad things? (regardless of how you feel about her :P)
I agree with you. It's bullshit.
Some of us like this little thing called PRIVACY. It's something that you get less and less of these days and it's only going to get worse. RFID national ID cards, bias against encryption, tracking databases, no travel without ID..
The excuse is always "If you're not hiding anything you don't have anything to worry about." I don't know what these people are afraid of. Why can't I go about my life without being tracked? Why is it a bad thing that I want to encrypt my communications?
A 12 year old can figure out that if one wanted to commit a crime, all these things won't help any. So obviously that can't be the reason.
Bah. People suck.
- It's not the Macs I hate. It's Digg users. -
"Schaub testified that PGP "can basically encrypt any file" and "other than the National Security Agency," nobody could break it."
Anybody cares to expand on NSA's capabilities? Hardware, Software?
In America, no person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law.
Unless they are charged with child molestation. In that case, they are clearly guilty and we may dispense with the technicalities.
It isn't any different than if you have a legal gun and then conceal it when you go out. The gun stopped being legal once you did that. Here, the point is that he knew what was doing wrong and he punctuated it by encrypting it making it, arguably, a de facto admission of guilt.
"Since Windows XP has a built in encryption feature (EFS) wouldn't it follow by this logic that use of Windows XP qualifies as criminal intent?"
Not exactly, more like criminal stupidity.
Under this logic, the use of envelopes to secure personal mail is clearly a sign of criminal intent. BAN ENVELOPES! MAKE EVERYONE USE POSTCARDS!
Why wouldn't they be able to tell what the software was used for? Couldn't they decrypt content with his PK?
Overall, I agree with your statements... as long as the guy didn't use the encryption software to achieve illegal means. But, for instance, once he encrypts and distributes the content then the encryption software becomes part of the case.
I guess SSL could also be used to pay for stolen goods on Ebay...
Oh well, what the hell...
I hope to hell they don't notice that EVERY computer with a modern Internet browser (and those with IE as well) have encryption capabilities. We'll all hang!
Paleotechnologist and connoisseur of pretty shiny things.
What can I add to this that hasn't already been said half a dozen times. I use GPG (Gnu version of PGP) to digitally sign my email messages on my Linux machine. This is because certificates and other authentication methods cost money. GPG allows others to certify that I sent the message that claims to be from me. This is helpful for spam that parades as coming from me as well as other things. Additionally, as my family is starting up a business and we will all be in different states, the safest way for us to exchange information cheaply. Yeah, we have free long-distance on our cell phones, but for that we may as well be yelling out our windows. Email is likewise able to be tapped without some encryption. Thunderbird, enigmail, and GPG allow me to get a decent amount of protection for free. It isn't NSA-grade encryption, but it's good enough to stop most people. So yeah, I'm not a criminal because I use encryption. I just like to have some privacy. Otherwise why not just post my SSN to slashdot?
So who is the co-conspiritor?
I struggled with this question, and in some ways regret specifying Conspiracy. However the answer I came up with was whomever he was sending these encrypted files to.
And obstruction of justice is, as you say, another appropriate charge.
On the other hand, if he never sent the files and kept them for his own private use, then the conspiracy charge doesn't make sense.
Yes, if you don't use it STRICTLY FOR EVALUATION PURPOSES, the BSA will be after you!
Boomhauer: "Yeah man, I'll tell ya that dang old internet, man you just be on there point, click,click,click, it's real easy man"
Replace 'internet' with 'encryption program'
That's bullshit!
I guess a 1984-esque government wouldn't want their "law abiding citizens" to be able to use encryption, so it only makes sense...
"A truly wise man realizes he knows nothing."
Note in the article, encrypted files were not EVEN located on the computer used in evidence.
This is tantamount to pointing to a car in which drugs were sniffed (but not found), and telling the jury, it has locks, so they must be trying to hide something. ( and further introducing the car or its locks, and the police testimony thereof as evidence )
Yes, I read that the girl involved testified against him, so forget about whether he's a slimeball or not, he probably is, the jury assumedly believed her story.
Bollocks!
Anyone seen my low uid? last seen 10 years ago while panning the #@$# out of Taco's 'web based discussion system'
First of all, only terrorists use jabber, so you better get rid of that. That e-mail client with encryption? Gone. SSH? SSee you in Jail, perv. Zip it? Better trash it.
On the other hand, he was convicted because a minor said he attempted to solicit her, and he had kiddie searches in his browser history. While the idea that having an encryption program can be seen as supporting evidence, I can understand why it would be relevant in this case. Encryption isn't a smoking gun, but it isn't as ubiquitous as a kitchen knife. I can't really argue with the ruling.
The ______ Agenda
...after it was discovered that the pen Mr. Levie had been carrying was actually a laser pointer. He was subsequently charged with intending to shine it in the eyes of airline pilots during landing and then sent to Cuba for a speedy but secret trial. His court appointed defense attourney later said, 'I've never met Mr. Levie but he was obviously guilty or he would not have been charged. May he rest in peace.'
Liberals call everyone Nazis yet they are the closest thing to it.
One word--conspiracy.
Why shouldn't the tools he used to commit his crimes be admissible??
Is making sure that we all routinely use PGP/GPG in say home/office computing and email communications. Over time this will drive home the fact that privacy is a right, it is something that the computing public has come to expect. Using crypto should not in itself mean anything with respect to criminal intent. I use crypto to keep my documents and communications private. Whether or not I am doing anything illegal is a separate issue altogether.
That's not entirely a problem caused by the captchas, now is it?
This comment does not exist.
These people elected Jesse Ventura as their governor. Arkansas now has a competitor for most back assed state.
Winsows XP is a crime
This appears to be the only discussion of the encryption issue:
The entire case is available at http://www.lawlibrary.state.mn.us/archive/ctappub/ 0505/opa040381-0503.htm
If you don't know where you are going, you will wind up somewhere else.
Apparently all of the other pervs have been pretty dumb until now...dumber than possessing child porn to begin with. to wit: Look at all of the child porn owners who have it on their HDs, plaintext. So now they've finally figured out they can try to protect themselves.
/. story (below a ways) - the Microsoft security suggestion of writing passwords down so more sophisticated passwords would be used, they could claim they wrote it down and lost the paper. I don't think they could be conviced on the basis of lost information.
Now, if they heed the advice of another
On the other hand, the meth lab problem has gotten bad enough here in Central Indiana stores which sell the "right" cough medicines are being instructed to keep them under lock & key, and take the names & addresses of those who buy them. There was a story last week on the news of a guy who bought a dozen boxes and the police were called during his visit. They were waiting for him to come back to his bicycle and was promptly arrested. They then obtained a search warrant and had a lot of fun romping through his living quarters, looking for the remainder of the lab.
"Rather, Levie's conviction was based on the in-person testimony of the girl who said she was paid to pose nude, coupled with the history of searches for "Lolitas" in Levie's Web browser."
Does anybody actually RTFA before commenting, or the little editorial burp is good enough for the majority to form a knee-jerk reaction?
This is what the judge said (from the article):
"We find that evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him," Judge R.A. Randall wrote in an opinion dated May 3.
He did not say the encryption program was evidence of guilt.
To say otherwise is tabloid "journalism."
That's the thing. He didn't use cryptography to take photos of a nakid 9 year old. HE didn't use cryptography to lure them and solicit them. That was HIS own predatory behavior.
:D Have a nice day.
There was no obstruction of justice charge that we know of. And there certianly isn't a law against teh general use of cryptography, no matter the intent. Those are ALREADY COVERED UNDER EXZISTING LAW.
NEXT!
GPG comes with _every_ LINUX distro I know of.
I guess Balmer et al are right, we're all criminals
George Fritz was arrested today on charges of conspiring to commit crimes.
Police were first alerted to Fritz's activities when he dialed 911 to report a burglary in progress at his home in Elmwood drive.
On arriving at the scene, police observed that the doors to Fritz's house were locked and that the intruder had been forced to break a window to gain entry.
After aprehending and speaking with the intruder, police decided not to arrest him, relying on his promise not to re-offend.
Fritz *was* arrested however, on suspicion of being involved in a crime or crimes unknown. Prosecutors say they have a pretty strong case against him -- after all, if he had nothing to hide, why did he lock his doors and draw his curtains -- thus forcing the would-be burglar to break a window?
Film at eleven.
fair/dirty does not apply to an open encryption algorithm. Trying "every word or phrase ever typed" is brute force which takes a hell lot of huge computational power.
If he had a gun on him, but in no part of the robbery was this gun produced, or used during the robbery, why would it be considered armed robbery?
Similarly, just because I HAVE the encryption tool does not mean I'm using it to hide Child Porn
Here is the man page from my macintosh OSX for open SSL
OPENSSL
NAME openssl - OpenSSL command line tool
DESCRIPTION OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.
The openssl program is a command line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. It can be used for
Creation of RSA, DH and DSA key parameters
Creation of X.509 certificates, CSRs and CRLs
Calculation of Message Digests
--->Encryption and Decryption with Ciphers
SSL/TLS Client and Server Tests
Handling of S/MIME signed or encrypted mail
Lameness filter encountered. Post aborted!
Reason: Please use fewer 'junk' characters.
Some drink at the fountain of knowledge. Others just gargle.
The answer to that is no. It may be used in conjunction with some other evidence to prove authorship of something - non-repudiatable files can be linked to a specific person, for example, or they wouldn't be non-repudiatable!
However, in isolation, it is exactly nothing. It is a transform algorithm, nothing more. Your eyes apply a transform algorithm when converting the electro-chemical impulses generated by photons into an image the brain can use. Virtually everyone in a scientific field has applied some transform algorithm to their data - be it a FFT, a Z transform, or whatever.
If you have digitally signed e-mails, where both the signature and the private key originate from a specific machine, and there is sufficient evidence to show that no other user - in person or electronically - had access to the files necessary to produce that encryption or that signature, then you can associate those e-mails with that person.
Does that mean PGP/GPG was "proof" of something? Well, only in the sense that it was one link in a fairly lengthy chain. An important link, but still only one link. No chain, no "proof", no matter what software was present.
Of course, none of this is relevent if, as I suspect, the person merely encrypted the files with PGP and didn't think of any of the authenticity or security issues involved in encryption, or deliberately side-stepped them.
It is also irrelevent if there is no proof that encrypted files were ever sent. If there is no chain, then the "link" is irrelevent, no matter how solid it is. It is just a link, nothing more.
The trouble with the legal system is that, although it often correctly identifies that something IS relevent in some way, it is often very bad at identifying HOW it is relevent, and what it is actually relevent to. This is because it is impossible to have judges and jurors trained in every possible field well enough to be able to make such an analysis.
"Friends of the Court" and "Expert Witnesses" are often used to bridge that gap - in theory. In practice, I seriously doubt that an adequate understanding can be conveyed in a few hours when it can require even the most adept students years or decades to gain any kind of mastery.
In the end, it is forgivable for a court to get confused as to what is a link and what is a chain, and how you get from one to the other, but forgivable does not mean acceptable. It is not acceptable that courts are depending on faulty or even deliberately skewed information, especially in a case like this where the person is in genuine danger of being killed in prison, will be marked for life - even if they are eventually found innocent, and all over something that is being presented as something it isn't.
If someone is guilty - fine. Find them guilty. But at least do yourself, the person involved, and the justice system at large a favour by finding them guilty for the RIGHT reasons. The appeals court, especially, will love you for it.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
The parent posting was made less than 5 minutes after the story was posted and repeated nothing. How is that "Redundant"? Hopefully the metamod crew will mark the redundant as unfair.
Just like the presence of a gun during a robbery lifts the crime to armed robbery, the presence of encryption ought to imply not only that the culprit intended to commit the crime but also intended to cover it up as well.
Well, if I use a gun in a robbery, that makes it armed robbery. But if I own a gun that is not used in the robber (say it's locked in a safe at home) does any robbery I undertake automatically become armed robbery? I mean, don't you think there should be evidence that I actually used the gun in the robbery?
That said, this isn't what the court decision is about. It isn't saying he is guilty because he has encryption software. It's saying the jury can consider that as evidence.
Mathematically, it is true that the significance of a fact depends on context. Thus something which in isolation doesn't mean much can become significant when joined to other facts. However, some things are so commonplace that you can't fit them into anyt kind of logical structure that will help you make a conclusion.
You might as well say that bank robbers wear shoes and the accused owns several pair.
Fortunately with the other evidence against him, I doubt this spurious instruction had any effect.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Need some help in another thread.
If a robbery occurs and the robber is carrying a gun but at no time reveals that he has it, is it armed robbery or plain old robbery?
I'm thinking about sending the judge and jury an encrypted message. Maybe for bran muffins, to help relieve all the shit that those idiots are releasing.
Am I open minded towards open source, or closed minded towards closed source?
Well ... he had a computer ... he must be using peer to peer software to transfer stolen
1. Movies
2. Music
3. Software
4. WMD's
5. Other
Linux: For those able to think out side of a window
Interesting to see how the goderators moderate a complaint about the idiotic captchas.
All I know is this hatred of the disabled needs to end. I just wish I was around more often around people that could see so I could post more to Slashdot. It's bad enough being blind and using the web without having yet another site push their hatred of the disabled agenda.
You might as well say, "I wish slashdot would stop encouraging amateur computer systems engineering. Computers are vast, complicated machines with many non-obvious functions."
Slashdot readers are hackers. Of course they're going to want to discuss how things work.
My other first post is car post.
So, to take your example, supposing we too Joe Criminal and Joe Average. Both own a blanket. Joe Criminal uses his to cover up his gun when he throws it in the river. Joe Average uses his to cover up the unpatched area of his wall behind his sofa.
Both people are using the same widely distributed tool "a blanket", for the same use, "to cover things up". But Joe Average isn't committing a *crime*.
Owning a blanket or using it for it's purpose isn't criminal. It can be an accessory, but the mere presence of encryption should *not* be indicative of criminal activity. It shouldn't imply anything, other than "Hey, this person had things he didn't want people to see." Those things aren't neccessarily criminal things. Treating them that way is an absolutely false conclusion.
The key here is the term "could be admitted as evidence of criminal intent." It's not being used as evidence that he did anything wrong. His crime is still that he took pictures of children in sexual ways.
What this ruling is saying is that he knew what he was doing was wrong (criminally) because he gathered the means to hiding it. This is just being used to show intent.
Incorrect! He DID use the encryption software as part of his crimes.
Most of the comments here seem to be tilting at windmills, as nobody is saying that the very existence of PGP software led to his conviction; the girl testified! Yes, there would be great cause for concern if somebody was convicted for having encryption software on their computer. Thankfully, that is not the case.
It's my impression that the PGP software was there to establish some level of awareness of what he was doing. Perhaps the best comparison would be if the pedophile had a collection of thick envelopes that couldn't be seen through; on its own, it means nothing, and could not be brought as a primary piece of evidence. With additional relevant information, though, it becomes more significant. The same is true here.
Other evidence, their locked front door clearly shows that this criminal must have something to hide. Or, clearly shows they need to hire a real lawyer.
--
make install -not war
I see what you're saying...but there are several flaws in this reasoning, both theoretical and practical.
(And for the record, when it comes to child pornographers, there can be no punishment too severe.)
According to this page, the only condition that separates "robbery" from "armed robbery" is Armed robbery means the offender is carrying a real or imitation firearm or explosive or offensive weapon
The law may be different where you live.
Always make your own encryption program. And encrypt it.
If all else fails... RTFM
He was convicted based on: a) the claims of a nine-year-old girl b) browser search history and c) a standard encryption program was found on his computer. Each one of these by itself is tenuous and all together, they are tenuous. Don't we have a standard of justice called "beyond a reasonable doubt"? People lie. Nine-year-old girls lie. Children especially like to please their parents (and adults in general) and if they think that saying a certain thing will please their parents they are likely to do it. Pleasing parents is usually a higher priority for children than telling the truth. I'm not saying this guy didn't do it but from the brief description in the article, their case seems to come up far short of "beyond a reasonable doubt".
At least from a mathematical perspective.
Either encryption itself is now a crime, or the assumption of innocence until proven guilty has been reversed.
But if he actively installed crypto software, or software to help in the crypto process, and then used that software to selectively encrypt files related to a crime, that looks an awful lot like he's covering his tracks. And if he's hiding files related to that unspeakable crime, he can't claim ignorance of his crime.
Social scientists are inspired by theories; scientists are humbled by facts.
If PGP can convict you, I sure hope they don't find my hard drive full of blowfish encrypted file systems. I'd be screwed.
Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it
I can't speak to Minnesota law, but most states look more or less like the Federal Rules of Evidence. FRE 401 reads:
Rule 401. Definition of "Relevant Evidence"
"Relevant evidence" means evidence having any tendency to make the existence of any fact that is of consequence to the determination of the action more probable or less probable than it would be without the evidence. (Emphasis added.)
The article suggests that the opinion isn't condemning encryption per se or even unnaturally linking lawful tools with illicit activity, only that "evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him."
"Any" is a pretty low threshold to meet; evidence that the guy had an FTP client could/would (presumably) be relevant to a child pornography distribution charge...
This isn't the end of the world as we know it. It's up to the opposing counsel to explain away the existence of the PGP, and/or to illustrate to the jury how having a tool doesn't mean the tool has been used for evil.
geek. lawyer.
And with other evidence, why shouldn't it be? In fact, the presence of it ought to lead prosecutors to tack on the charge of conspiracy.
Just like the presence of a gun during a robbery lifts the crime to armed robbery, the presence of encryption ought to imply not only that the culprit intended to commit the crime but also intended to cover it up as well.
Problem. With. Your. Analogy. Is. Encryption. Is. NOT. A. Gun.
The presences of encryption implies nothing. You have commmitted a logical fallacy. Windows 2000 and XP have encrypted filesystem support, does that imply that all Windows users are intending to commit a crime and hide it because they bought a computer running Windows? No. You use SSL encryption every time you buy something online. Does that mean you were intending to commit a crime with the intent of hiding it when you installed a web browser that supports secure HTTP? I don't think so.
You were right in your subject line. After that you failed. Encryption is just a tool. It is not a firearm. That is a very flawed analogy. With that kind of analogy we can all become criminals overnight. Yippee.
The fact that the NSA breaks crypto is widely known. On the other hand, I happen to know that the yes-or-no answer to whether the NSA can break a specific cryptosystem is always classified Top Secret. They do stuff like that all the time. General info is For Official Use Only, operational details are TS and usually compartmentalized. Schaub is guilty of divulging classified information. The info could be correct, or it could be wrong, but in either case, Schaub is in a lot of trouble. And if he backtracks, and claims he doesn't know what he's talking about, he's guilty of perjury. Whoopsie.
Second, I'd like to point out that saying you can't have crypto on your computer is like saying you can't have a lock on your house: stunningly idiotic. With the kind of viruses going around today, you're more likely to have your credit card info stolen from your hard drive rather than off your dresser. But we can't use locks to protect that info? I guess everyone running Windows 2000 is going to jail.
To sum up: the defendant is a fucking pedo, the judges are fucked in the head, and Schaub is just plain fucked.
P.S. In closing, I'd like to say hi to all my friends in the Intelligence Community. You know who you are. I miss you all dearly. Keep up the good work.
If the files are hidden and/or encrypted, how do you know they're related to the crime? By the mere fact that he's installed crypto software, how do you know that he used that software in relation to the crime?
Maybe he installed PGP to hide criminal activity, or maybe he's using it to hide the details of the surprise party he's planning for a loved one. Or maybe he just invented a device to end world hunger, and he's protecting it until he has a chance to apply for a patent. Or heck, maybe he's a foreign spy, and is using encryption to transmit national secrets to his foreign boss. Who knows?
The point is, there's absolutely no way to know why he installed the encryption, even if he commmitted some crime. And because we've (theoretically) got a principle here in the US of "innocent until proven guilty," anything that has even a slight legitimate use can't be used as evidence of guilt.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Yup, and he used his microwave to cook the burrito that provided the engergy he needed to take the child-porn photos.
Clearly, his use of a high-energy radiation device was a part of his crime and he should be convicted as a terrorist.
Internet Explorer and Mozilla/Firefox support HTTPS transactions. Outlook and Thunderbird support POP3S and IMAPS. These are programs you find on anyone's PC and use common protocols over an encrypted layer known as the Secure Sockets Layer (SSL). So, this means anyone with a PC can have "criminal intent'? In fact, my /etc/shadow file contains encrypted hashes, I better start worrying.
Cthulhu Saves.
Neither is encryption a paper shredder or a bonfire, but evidence of destroying evidence and the presence of the means to destroy that evidence can be admitted as evidence.
The guy wasn't under investigation because he was using encryption. I don't know where you came up with the idea that encryption == intent to commit a crime. I didn't say that.
However, evidence that he used encryption to commit a crime does show an attempt to "destroy" evidence and is wholly relevant to the case at hand.
The analogy with the gun is that criminal charges can be augmented by the evidence of certain tools found in the investigation.
What about an installed web server that supports SSL? Would that be enough to demonstrate "criminal intent"?
"You wouldn't use encryption if you didn't have something to hide!!"
"Yeah, it's called my credit card number"
The following sentence is true. The preceding sentence was false.
Yeah, it seems like they are assuming that if you have something to hide then your guilty....but there are situations where the presence of an encryption program does imply some guilt. For instance....if the guy installed pgp at a time that corresponds to the time he was involved in the child pornography, and didn't show any previous paranoia(or whatnot) related to any other content on his computer...that says something about his intent to hide his actions. Also, if you find that 1000 images were encrypted and his financial documents were left unencrypted....that says some more. I'm not saying that encryption=guilt, just that there are some situations where is does say something about people in certain situations.
http://www.minnlawyer.com/opinions/050509/a04381.h tm
The PGP issue gets little discussion (probably because it was so obvious, to anyone with legal training, what was the right decision). This is the fullest discussion:
"Finally, Schaub testified that, in a file entitled "research," he found the text of Minn. Stat. 617.246, which included "the definition of minor sexual performance, sexual conduct, things of that nature." He also testified that he found an encryption program, PGP, on appellant's computer; PGP "can basically encrypt any file;" and, "other than the National Security Agency," he was not aware of anyone who could break such an encryption. But Schaub also admitted that the PGP program may be included on every Macintosh computer that comes out today, and appellant may have had the text of Minn. Stat. 617.246 in his computer because of prior allegations against him."
In other words, the jury was told both that he had PGP encryption on his system, but that lots of other people do too. PGP was just a small piece of the mass of evidence against this guy and I see no reason to suppose that the jury (or the judge, if this was a bench trial) was unduly swayed by that fact.
As many others have pointed out, this decision in no way makes possession of pgp software into slam-dunk evidence of criminality. There are lots of legitimate reasons to rent a boat, for instance, but if I rent a boat just before an enemy's body is found at the bottom of a lake, then that otherwise innocent act might be good evidence.
What about an installed web browser that supports SSL? Would that be enough to demonstrate "criminal intent"?
"You wouldn't use encryption if you didn't have something to hide!!"
"Yeah, it's called my credit card number"
The following sentence is true. The preceding sentence was false.
Are YOU serious?
While correlation is not causality, encryption is used for, amongst other things, hiding illicit activities.
Other things bother me about this case. It seems based entirely on the testimony of a minor who claims she was PAID to pose nude. And as anyone who has children knows, children are entirely capable of lying their asses off under appropriate circumstances.
However, add together: a search history for similar material, plus the necessary tools to make it happen. Method + motive + opportunity.
In this case, this is a legitimate piece of evidence. PIECE mind you, but legitimate.
Can one get arrested for speaking in anagrams?
Or perhaps committing puns? (debateable, this one is)
...coupled with the history of searches for "Lolitas" in Levie's Web browser.
Note to self: No pursuing of Nabokov books until *after* my psychotic ex-girlfriend has stopped looking for ways to get me in trouble.
It sounds a little over the top, but she just recently tried to stab me with a screwdriver.
Direct away from face when opening.
My father-in-law thinks encryption is evil. But, then again, he probably thinks your statement above is improperly punctuated nonsense.
Now, said sleazebag is trying to get a new trial because the prosecutor was allowed to bring up his use of PGP. I certainly agree that mere presence of PGP does not prove criminal intent; after all, I have a similar program (GPG) on this machine. But even if that evidence should not have been allowed, it is at most a trivial error that did not appear to affect the case.
Look the judge instructed the jury that mere possession of encryption software could be used ti infer criminal intent on the part of THIS ONE PERSON!
Damn! It's like the RIAA making a patently absurd claim that just because one COULD use an iPod for storing illegally copied MP3s, therefore ALL iPod owners are using them to store illegally downloaded MP3s...
Oh, wait...
Guaranteed! This comment 100% Anthrax free!
However, evidence that he used encryption to commit a crime does show an attempt to "destroy" evidence and is wholly relevant to the case at hand.
Except that according to the article there's absolutely no evidence of any such thing. So why was the fact that he had encryption software on his computer introduced at all? As a biased attempt to sway the jury, of course.
Although I don't see why they even bothered. The guy was fucked from day one due to the other evidence collected against him.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
As an open source developer, I have no criminal intent. However, I do have encryption on my computer. In particular, I have PGP (OK, GPG) on my computer to cryptographically sign my releases to protect them from people who break in to servers and replace programs with trojans.
I also use algoritms based on strong cryptographic protocols in order to generate secure random numbers. I need these numbers to be unguessable to prevent spoofing attacks. I have gone to great pains to minimize the chance of this looking like I'm using crypto software by replacing the AES code with an AES variant for which running the cipher in the "decrypt" direction is not readily available. That said, there are a number of modes (CTR, OFB, or a combination thereof) where this variant can be used for file security purposes. If my program is going to have strong psudo-random numbers, I need military strength crypto (indeed, AES has been approved to protect Top Secret information) to make those numbers.
I also have the OpenSSL libraries on my computer, and the OpenSSH suite, both of which have strong crypto. I use OpenSSL mainly to cryptographically hash my program with various hashes (with MD5 semi-broken and SHA-1 almost semi-broken, I hash my program with various exotic hashes like Tiger and Whirlpool); I use OpenSSH to log in to machines without having to worry about packet sniffers.
There is also the fact the any decent cryptographic portocol also makes a good source of random number gererators for things like random map generators; using a block cipher instead of a conventional RNG allows one to minimize butterfly effects when randomly making maps, for example.
I have Firefox on my hard disk. Heck, I also have MSIE on my pirated Windows partition for cross-browser testing of my web site. Both of these programs have SSL libraries featuring strong cryptographic functions, so that my credit card number can not be seen by eavesdroppers.
The point is: There is a lot of uses for Crypto besides hiding information from Big Brother.
Does the presence of any of these programs on my hard disk make me a criminal? I don't think so. In fact, not a single file on my hard disk is encrypted. Now, it is one issue if I have an encrypted file and refuse to decrypt the file after being given a court subphoena. It is another issue altogether to have a program utilizing cryptographic primitives.
Use your brain.
Oh, no! Using a brain is a crime by itself in modern advertisment-based society.
Read Fahrenheit 451 or many other stories by American SF writers. They warn you 50 years ago that this would end with that - having encyption software is a crime, having gun is a crime, thinking independently is a crime too.
This is no different than the fact that a guy charged with burglary had a crowbar on him. When you're suspected of a crime, the presence of the tools to commit that crime or cover it up are relevent (though not dispositive) in a criminal trial. For a guy charged with making child porn, having a digital camera is relevent; doesn't mean that your digital camera alone is going to get you thrown in jail.
This is a hail mary by the defense attorney that does nothing but put software on the same footing as other tools.
Anyone who loves or hates any language, platform, or manufacturer, doesn't know what they're talking about.
How many Linux distros have gpg installed by default? Should we automatically be suspected as criminals?
How many PCs don't some form of encryption? Crypto includes browsers that support SSL... necessary for e-commerce. I'm sure that at least some of the judges have PCs and browsers. Should search warrants be obtained on this basis and their computers be checked for kiddie porn?
With respect to crypto, I personally use it to keep proprietary technology and business discussions private and to digitally sign documents. I also plan to continue to do so even if it makes Minnesota judges think I must be a criminal of some sort.
The court decision is... contemptible, but to be expected, it's from the same kind of ignorant people who voted the DMCA into law.
The most charitable thing I can say is that a great many people's brains shut down immediately if the subject of child pornography comes up, and speculating as to why would. . . be very impolite.
Tech Public Policy stuff
The problem is, they don't have that "evidence" in the middle that you refer to. It's just a bonfire, or a paper shredder, or an envelope, or a lighter. But there is no corpse. No destroyed or hidden evidence. They said so. They have no evidence of encrypted images. There is just a common tool, like a paper shredder, which many people now use at home to destroy perfectly legal financial documents for their own safety, so criminals won't pull their financial information out of the trash. Unless there is a link, the tool has nothing to do with the case at hand, and should not be seen as supporting evidence of anything.
Both Mac OS X and Windows 2K/XP support encrypted filesystems these days. Does that mean whenever you catch someone doing something wrong with a computer you can use that built-in support for encryption as "supporting evidence" of criminal intent at their trial? You better sure as hell hope not.
In other news, it was later ruled that "possession of envelopes" could be admitted as evidence of criminal intent to conceal communications.
Believing something doesn't make it true. Not believing something doesn't make it false.
The case was also bolstered by a box of envelopes, found on the premisis, which are used to conceil information and leave evidence in case of interception.
Isn't this the same kind of reasoning that has led to things like witch hunts and the spanish inquisition? This is a dangerous way of thinking that criminalizes anyone with a desire to preserve their privacy... something our current government would love to turn into law at the drop of a hat.
8==8 Bones 8==8
Therefore, in a rape case, this can be construed as criminal intent.
This is good news for all Slashdot users; now you are gong to have sex at least in the eyes of the law...
Furthermore, I normally keep my penis hidden in my pants, which obviously means I know that's wrong and am trying to hide it.
As a consequence, criminal intent could not be established for flashing pervs; they do not seem to be hiding anything, at least... so that's OK.
And to think I actually complain about Croatian judicial system, which is merely inefficient...
*This is not a latest discovery, nor bragging; I really do need that** to prove my point.
** Please stop that.
Ignore this signature. By order.
Whether or not the defendant was guilty or was convicted is not the point. This discussion is about the fact that the mere presence of some common encryption software without the presence of any encrypted files was used as "supporting evidence" of some sort of criminal intent. Which is really, really bad. It doesn't even really matter what the case was about. What they did by admitting the presence of PGP software as supporting evidence of intent is tantamount to criminalizing encryption software itself.
...that the police officer has no clue about what the NSA can or can not do. They are not about to announce their capabilities, particularly if there's something they can't do. For this topic, you may also safely assume that NSA has dedicated crypto cracking chips, orders of magnitude better than general purpose supercomputers. You can also safely assume noone from the NSA will post real information about themselves on slashdot.
That being said, current strong encryption algorithms are many orders of magnitude stronger than that again. Many of those have been developed outside the US, and so the NSA has had no possibility to leave a "known flaw" they could use to their advantage.
Breaking 256bit+ encryption by conventional deterministic means through trial and error (read: chips or CPUs as we know them) simply can't be done because the laws of physics don't allow it. Earth doesn't have enough atoms to store 2^256 keys, and the Sun wouldn't have the energy, that kind of limitations.
That leaves roughly two possibilities:
1. The NSA has discoved some math which allows them to decrypt material in less than brute-force time. While it can not be dismissed for any one algorithm, there are many strong algorithms available based on different mathematical problems and it is not credible to believe they are all broken. Which (if any) are broken is why they don't tell.
2. The NSA has working quantum computers which briefly said, can test all quantum states at once. Simulations have shown that such a computer would effectively break some asymmetric cryptography (public/private key pairs), but not all. And it would do little to improve decryption of symmetric encrypted material (passwords).
And in either case, it is highly unlikely that they would reveal information that would essentially prove their capabilities in order to provide evidence. They would be guarded as high-level military secrets, used implicitly to "magically" plot out terror networks and such, gathering the explicit evidence through more conventional means...
Kjella
Live today, because you never know what tomorrow brings
Here's about as full text as it gets:
h tm
http://www.minnlawyer.com/opinions/050509/a04381.
been saying this over and over and over
mail clients need to have encryption built in
mail servers should have spam filtering built in
the way it is now, encryption stands alone, and filtering is done at the client level. each one should be pushed up a level.
This clearly could only happen because everybody said: I have nothing to hide, so why use encryption?
Every time I hear that argument I almost explode in a rage and claim that at times the usage of encryption alone will be held evidence that you're a criminal.
These times start NOW.
And by the way, this is YOUR fault you lazy bum.
-jsl
Dyslectics of the world, untie!
The great thing about computers is that they make finding and manipulating digital data a snap. The bad thing about computers is that they make find and manipulating digital data a snap. It's a double edged sword that is, at least partially, dulled by encryption and other security measures.
You use a computer to generate sensitive data because its easier and more powerful than traditional methods, but that doesn't mean that you automatically want to forego the security that is implicit in a paper and pen solution.
Does this mean that keeping your photo album in a 'locked' house is evidence of criminal intent?
Scared of flying, pointy things snce 1979!
- we found you password-protected your bios and your boot is password protected, you obivously have something to hide
... I got tired ...
- we found your leeloo, oh, sorry lilo is password protected too, so you obviously have something to hide
- we found your OS keeps asking for a password, you obviously have something to hide
- we found your e-mail program asks for a password to access your account passwords, your have something to hide, on the double
- we found you digitally sign and gpg-encrypt your e-mails, you obviously have something to hide
- we found you use several archiver applications which have the option to password-protect your archives, you obviously have something to hide
- we found your IM accounts all need passwords, you obviously have something to hide
- we found your home, car, safe all have locks and we don't have the keys, what are you hiding ?
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
There was no obstruction of justice charge that we know of.
There was also no indication that anybody had committed the crime of obstructing justice. What are you saying?
Education is a better safeguard of liberty than a standing army.
Edward Everett (1794 - 1865)
The whole "if you have nothing hide, you shouldn't have PGP" idea is simply stupid.
It's like saying that if you don't have anything to hide, you shouldn't have a lock on your door or curtains at your windows. Hey, you could have hidden some corpses behind that door and those curtains. Yep, it shows you had criminal intent.
The whole post-9/11 idiocy that privacy==criminal intent (or even makes you an active terrorist) is getting on my nerves already.
Everyone needs _some_ privacy. Noone is a 100% exhibitionist, who'd eat, sleep, shit and surf for porn at a street corner with everyone watching. Even the most affectionate cat, if you have one, needs some time alone now and then.
Everyone has _some_ stuff they'd rather not have posted publically on a billboard in front of their house. E.g., their credit card number and SSN. E.g., the emails to their girlfriend. E.g., the pseudonym under which they posted that their boss is a retard. E.g., their medical record. E.g., their banking data. E.g., their names and passwords for sites they use. E.g., their diary.
Those are all very valid things to have encrypted. They're perfectly common everyday stuff, but nevertheless stuff which someone would have a damn good reason to encrypt. In fact, which they'd do damn well to encrypt. (Heck, I'd rate anyone 10 IQ points higher if they had their usernames and passwords in a strongly encrypted file, instead of on yellow post-it notes stuck to the monitor.)
It doesn't have to be something as criminal as hiding bodies in an underground cavern. And extrapolating that everyone who doesn't leave their front door open 24 hours a day, and doesn't post every single detail of their life (SSN, credit card number, emails, usernames and passwords included) in front of their house, is automatically a criminal... is bloody stupid. It's outright idiotic.
A polar bear is a cartesian bear after a coordinate transform.
Though this may be somewhat O/T, I believe this needs to be addressed. I believe criminal justice attitudes such as these to be one of the main causes for the dysfunction of our society. Don't get me wrong, child pornography is sick and should be strongly deterred. But we need to ask ourselves what role should our CJ system play.
I think too many people are too vengeful (in general, not necessarily not you personally). I could think up a punishment for child pornography that is too severe (for example, dismembering the criminal, his parents, and his children while still alive). Seriously though, we need to figure out if our CJ system should exist to deter and correct criminal behavior or if it should exist to fulfil humanity's lust to inflict suffering upon others.
but the signs were there for a long time.
:(
I mean, I remember, when selecting packages for a Debian installation, the very interesting non-US category
The axiom that someone is innocent until proven guilty has been reversed for some years now. At first, it was only the media that did that to some poor fellow that was pronounced guilty on TV at arrest time. But gradually this has become true in more formal forms (read Guantanamo)
And the EU is steady following
www.lemonodor.com A mostly Lisp weblog
Surprise! Your analogy is flawed. In your case a red car was involved in commiting a crime. Fact. In TFA there is no mention of anyone using PGP to encrypt pitures of the 9yo girl.
Not it comes with every computer and is turned on by default for email etc. Eventually encryption will be like that and you won't be able to suspect someone purely on the grounds that their data is unreadable.
This comment does not represent the views or opinions of the user.
...And most other unices ?
Every distro I've used in the last few years comes with a kernel and associated modules for creating an encrypted filesystem, encrypting (securely) individual files or directory trees.
This is part of the stock install, so am I showing criminal intent by running Linux at home ??
No one has said having PGP installed on his computer was a crime. It was merely ruled that it was relevent evidence in the case of the crime he was accused of commiting (child pornography).
This is not like saying "Your door has locks, so you must be a criminal." This is more like saying "You have been accused of murder, and a gun was found in your house." Having a gun in your house is not a crime - nor is having PGP installed on a computer a crime. But the court decided that having PGP installed on his computer was relevent evidence, just like finding a gun in a suspected murderers house would be evidence.
Join moola.com, play games to earn money.
There is no other reasonable interpretation in the context of this case.
That is totally nuts. Are they admitting his CDMA or PCS OR GSM mobile phone? WEP on his router? Watch a DVD. The list could go on forever... that must be one ignorant judge. Feel free to list all the stuff i was too lazy to type.
http://www.DaveNet.biz/
My laptop got stolen from my own house last year; in hibernate state.
Revoking SSH keys took as much time as killing card info, There is so many places sensititive data could end up (like your bank login/card info), such as
-hibernate file
-pagefile
-browser password store
-browser page cache
-directory where I save PDF shopping receipts
-mailbox
Now I lock a lot of the system down. Not just my home dir
-temp
-browser cache
-various program directories.
This is win32, where the EFS stuff doesnt encrypt filenames, just the contents. Its known that EFS is breakable (just reset the login password or something), but to make it harder
1. laptop needs a bios password.
2. that password is also used to enable the HDD
3. My winnt EFS private key is stored in the laptop TPM module.
#3 is interesting. I know TPM is associated with 'evil-DRM-Trusted-computing-stuff', but I use it as an unbreakable store of my sensitive keys. If what the inventors say is true (I work with some of them), you'd have to be a stronly motivate government to stand a chance of getting stuff off the TPM, so implicitly, off this hard disk.
Does this make me a criminal? I dont think so. The police told me off for not bios-locking my last box. Their view is the less usable stolen laptops are, the less valuable they are, so theft reduces all round. It is every laptop owner's duty to lock down their boxes so nobody can get at them!
can we sue the DoD, CIA, etc.?
The accusers found ROT13 on one of michael jacksons computer, so this will now be used as evidence against him.
Social perversions and thought crime.
I have photos of naked children. Myself and siblings from 50 years ago. These days, if I 'got caught' sending copies to my siblings over the internet, who do you think would be on the spot to prove he's not engaged in a criminal activity?
What if I had PGP on my computer? I do.
What if I had a copy of a film titled, 'Lolita'? I do. Go ahead and look. It's a film from 1962 by Vladimir Nabokov. They have it at the local video store and Amazon sells it. I got my copy at Best Buy for $2.99.
What if I was looking for some information on Vladimir Nabokov and reviews of the film? Why damn, I have a record of 'lolita; in my google search.
Back in the 60's this would pose no problems. Today, people are so quick to assume what I might be THINKING along the lines of their narrow little prurient minds, and you can bet that most jurors don't have much common sense, that a clever prosecutor could put the burden all on me. This is NOT constitutional law. The prosecutor has to prove I'm guilty of a crime, not of possessing all the components which might make me guilty of a crime.
What sort of crime is pornography anyway? IMO it's NOT a crime. If there is any criminal activity, in the referenced case, it's that the guy solicited a minor for activity, as far as we know, without the permission of her guardians. Shops put candy within easy reach of children all the time. Children have money. No one prosecutes the shop owner for soliciting a sale without the parents permission. In the present USA climate one wonders if the parents, giving permission for photos, might not be on their way to jail too.
Who the hell is in charge of ones kids anyway?
As for photographs. If taken in public there should be no problems. If distributed without permission, there are laws covering this, whether photos are 'prurient' or not. As for a minor being involved, without her guardians permission, that's a problem. With their permission should be fine. What the heck are guardians anyway.
It's only pornography in the mind of the viewer.
Attributing the same thoughts to someone else and charging them with a crime is in FACT charging them with a thought crime. This opens the door for other crimes which someone else may think you think...
hate CRIME
racist CRIME
theft CRIME
murder CRIME
What if he was using a Windows-encrypted disk volume to store data?
"Lawyers are for sucks."
- Doug McKenzie
See, I've got this program that came with windows, and every time I log onto my banking site, or gmail, it encrypts my communications, so its presence on my machine must maean I have something to hide.
Damn internet explorer.
Don't read my journal. I don't post there, honest guv.
There are lots of things that aren't really pervasive, but that doesn't necessarily make them criminal.
E.g., my parents have rented a box at a bank to keep their documents there. Their reasoning being that in case of a fire or burglary, might as well not lose those.
It's not a pervasive thing, and it _could_ theoretically be used to hide something illegal, but that's not what they use it for. And a prosecution line of reasoning along the lines of "if it's not pervasive, it shows criminal intent" would make them both criminals. (Mind you, I'm not always on good terms with them, but "criminals" is a bit too harsh a word to call them;)
E.g., high-end sports cars are not that pervasive, and _could_ be used to try to outrun the police cars. But I sure hope it doesn't make everyone who bought a sports car automatically guilty of criminal intent and planning to flee the police to the border in that car.
E.g., I know at least two people who regularly purge their browser's history and cache. One is just clinically paranoid, (Yes, literally, believes in a world-wide conspiracy, that is secretly responsible for everything from wars to Jar Jar in Episode 1. No, literally.) The other just doesn't want his wife to find out about his porn surfing habits.
It's not that pervasive a thing to do, and it _could_ be used to hide surfing for something illegal, but none of them actually surf for anything illegal. (The paranoid one is just too paranoid, for example. He _knows_ that the conspiracy is watching him.)
So to cut to the end of a long rant, an idea like "if it's different from the norm, it can get you (extra) time in jail" seems like a very very dangerous precedent to me. Pressure to be 100% conformist and obedient can be bad enough as it is. Attaching an extra potential jail sentence to anything if it's unusual, seems to me like a very bad idea.
A polar bear is a cartesian bear after a coordinate transform.
My schools ITS department went after me for using blowfish encryption, and W.A.S.T.E on the network...
was fun using the glass house analogy with the schools administration.. fortunetly nothing ever became of it, hmmm now that i remember it, it was my posting on slashdot also that they tried using as "evidence" against me... sigh.... i hope this post dosn't end up getting printed out and stuck in a file of mine somewhere
come comment on the madness at http://slashdot.org/~phreak03/journal/
OK, so what's next?
A %22drew%20Roberts%22
Am I in some sort of conspiracy with all the people on my block becasue we all have locks on our doors and windows. (Actually, I think the conspiracy goes a bit further than just my block, but I am not going into full details here on slashdot.)
So, the existance of encryption software is evidence of criminal intent? Do we finally have a big weapon to use against the MPAA and their ilk? I mean, if they did not have criminl intent, (if they have nothing to hide) then why would they need encryption?
Hmmmm.
OK, so no more ssh, ssl, pgp, gpg, rot13, oh well, back to telnet. No WEP or their ilk allowed either... back to all open access points.
Interesting times...
all the best,
drew
--
http://www.archive.org/search.php?query=creator%3
FreeMusicPush If you want to see more Free Music made, listen to Free
Every time I hear that argument I almost explode in a rage and claim that at times the usage of encryption alone will be held evidence that you're a criminal.
Exploding in a rage doesn't actually accomplish anything, and that's probably a good thing given the things some people explode into a rage about.
The real problem is that you're never going to get a significant number of people to agree to use encryption on those grounds. The only way you're going to do that is to make it easy.
PGP and GPG are both insanely difficult to set up, even for geeks, and I can't see any reason why. They don't actually do anything very complex, outside of the encryption code itself. Comparing them with other encryption software doesn't make them look any better. Even traditional SSH is better, and things like the Apple keychain or browser SSL support are pretty much automatic.
Nobody would say that using an encrypted HTTP connection or a VPN was evidence of a crime, but that's not because people are somehow more dedicated to encryption being available, it's because it's as easy to use encryption as not to use it.
You want more people to use encrypted mail? Make it easy to do. Fix the mess that's "pgp -injoke", where the only concession to user friendliness is making the needlessly compex options spell something. You don't want to? Then this is YOUR fault, you lazy bum.
...a man was arrested for buying a belt. Police specialists say it was possible he could have strangled a theoretic 3rd party. if this guy's being tried for having kiddie porn then they must have something better than "he had a encryption program" to prove it? if they don't, then American justice scares me (more)
I use GPG for one reason: to encrypt my password file, history file, cookies, auto-fill files and any email communications containing that password as a last measure of defense against would-be crackers and identity theives.
This is the only truly effective defense a consumer has against these types of criminals, and as such a consumer should not be regarded suspect for merely taking common-sense measures to protect himself. However, should a court require that I turn over keys to these files, I'd consult my attorney. If my attorney felt the information would not be abused (e.g., a cookie from an accidental click on a dodgy website being admitted by the prosecution team as evidence), I'd have no problem there.
E.g., I do carry a bag or two with me almost at all times, because I sometimes just want to drop by at the grocery store and buy stuff on the way home from work. And I see no point in buying a new plastic bag each time.
So basically if someone decided to accuse me of shoplifting, that bag -- even if not used at the time -- would suddenly be criminal intent. Seems bloody stupid to me.
E.g., back in college I did have half of my hard drive encrypted -- and that was before the OS itself came with encryption -- just because I didn't want the rest of my family reading my private stuff. Among other things, for a month or so at the time I tried to write a diary, and I didn't want it to be the whole family's business. ("Nosy" is too mild a word to describe my parents.)
What if at the same time, and totally unrelated, I had followed a link to some illegal site? God knows some sites had tons of redirects and links to warez sites, porn sites, etc.
Would suddenly that encryption software count as criminal intent to encrypt and traffic that illegal stuff? Even though it was never actually used to encrypt any of that?
Seems to me that linking everyday items to somehow imply premeditation and guilt, is severely flawed. Unless it is proved that the bag, or the encryption software, or whatever, was actually _used_ in committing the crime, it seems to me that mere possession doesn't really mean anything.
A polar bear is a cartesian bear after a coordinate transform.
There are a lot of people bemoaning the court's decision, saying that it's criminalizing encryption, etc.. More over, the OP makes reference to sentencing hearings. Fortunately (except for the egos of the uninformed people posting here), legal relevance has little, if anything, to do with criminalization of a given act.
Relevance can be defined as the quality of a piece of evidence (including testimony) that makes a contested issue in the case either more or less likely to have occurred (is it "probative" of a contested issue?). In other words, to be relevant, evidence need only pass a very minimal standard: does it make any element of the plaintiff's / prosecution's care more or less likely to be fulfilled.
The most common incorrect assumption about relevance is that for a piece of evidence to be relevant, it must make an element more likely to be true than false. That is where, I think, the OP got it all wrong. It only has to make an element more or less likely than it would be without the offered evidence.
My evidence teacher put it in terms of the betting-man test: If you were about to wager on whether something had already happened, but you had no idea and were going to flip a coin to decide, then a fact would be relevant if it would sway you, no matter how little, such that you, as a true statistical-believer of a gambling man, would rather wager based on that fact and not by means of flipping a coin.
Now, there are statutory and evolved exceptions to this; there's a lot of relevant evidence out there that's been, either by legislation or by tradition, called irrelevant, e.g. evidence that's relevant but not rationally so (it plays pretty much only to emotions), evidence of prior convictions, or character evidence to prove conduct.
So that's why the court got it right. The fact that this guy had PGP on his computer and that there were certain directories of encrypted files makes it more likely, in connection with other relevant facts already in evidence, that he was dealing with child pornography (note, once again, that this is not saying that the fact of PGP makes it more likely that he committed the crime, only that the fact makes you lean more towards "guilty" than you would lean without the fact).
Although the presence of PGP, in the absence of other evidence of crime, would not be relevant evidence of crime (at least to me as a juror), once there's something about a crime, I'd be willing to say that encryption makes it more likely (perhaps not by much), that the crime has been committed.
The trial judge did not accept it as evidence of guilt. In the American system of jurisprudence, judges never make any determination as to whether evidence is implicating or exonerating. They only decide whether evidence is relevant. All other decisions--like how much credibility to put in the evidence, whether the evidence implicates or exonerates, all other decisions--lie in the hands of the jury. The framers of the Constitution didn't trust the government to judge evidence; all fact-finding was delegated to the jury.
In this case, the judge decided the presence of PGP may have had evidentiary value and thus it deserved being presented to a jury. Twelve people from the community then looked over the entirety of evidence, of which the presence of PGP was a really minor part, and decided that the balance of the evidence indicated his guilt beyond a reasonable doubt. And an appellate court has said that the trial judge wasn't unreasonable in finding that the question of PGP was best left to the jury.
Wow. Amazing. How dare courts do that in America? It's positively unamerican.
As much as I like the place, it can swing toward political correctness as a philosophical evil. Minnesota pioneered the idea of keeping sex offenders in custody indefinitely as criminally insane sociopaths AFTER they fulfilled their sentence. A teeny tad problematic constitutionally. After a couple decades of this, just this month they finally passed a law calling for life without parole for some sex offenses -- which at least addresses the legal issue.
Minnesota has also toyed with all the pornography definitions from "know it when I see it" to "anything whatsoever that incites the perverse". So the encryption issue is obviously just another Minnesota sex thing where encryption had the misfortune of being present at the scene of the crime.
On the other hand, a judge tossed out a case last year explaining to all involved that it wasn't the defendent's responsibility to prove that the girls in the photos were over 18. It was the prosecution's responsibility to prove that they _weren't_.
.
Not only is this horrifying to think about what this means for everyone else, but I can easily see the next ruling.
"Locked Doors can be construed as criminal intent."
What are you trying to hide from the police? What do you not want any police officer that comes walking past to see? DOORS = EVIL!!!
Next stop: everyone using encryption is considered a terrorist and sent to prison or concentration camps e.g. Guantanamo Bay. Where are our civil rights and our freedom in the "land of the free"?
Outlook Express comes with XP Home... and supports S/MIME encryption. In other words, it supports a type of encryption which is used for EXACTLY the same purpose as PGP. Therefore, every XP owner is a criminal. Hooray for logic!
Karma: It's all a bunch of tree-huggin' hippy crap!
You can't legislate FOR child porn in this society.
:)
We have too many secrets, too many thing hidden away, too many things that shouldn't ever see the light of day, too many parts of our psyche that tries to scurry away like a cockroach from the light of exposure.
I'm glad that this ruling came out because it makes this kind of barricading as suspect as it should be. The tools themselves are as suspect as they should be.
Encryption technique is not at issue here (its essential for secure transmission of data,) but the need for openess of the source IS!
Think about it!
Open Source becomes essential to insuring that your system is not a porn repository. How could Microsoft be against that? Do they have something to hide?
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Get with it man! Child porn is the new hysteria hot-topic! There is no punishment too severe. They are worse than serial-murderers, totalitarian dictators, and baby-killers. And they're everywhere, just watch the news. Don't let your kid go outside, there's likely a child pornographer/child-molester hiding behind every tree. We need more punishment! Dismemberment is a good idea, but perhaps they could be whipped and given a bath in acid before they are dismembered.
What if the perp/perv had a thousands of encrypted emails from known kiddie porn sites? Where each and every email was 50 megabytes or bigger?
In that case, where a kiddie porn site is sending someone literally gigabytes of encrypted data, wouldn't having PGP be relevant? How about if PGP were installed the day before the multi-megabyte encrypted emails from the kiddie porn site started coming?
Without knowing the full details of the case, it's impossible to comment on whether or not the existence of PGP was important or not.
And although IANAL, it's just a fact that PGP was on the perv's computer. And it's up to the jury to weight the significance of that fact in the context of all the facts of the case.
I'm sorry but anything you say can already be ignored because of your admitted use of encryption software. Thanks to the usually liberal Minnesota court we now know that by definition you Pervs use encryption software for your evil Perv uses. This guilt by association with a known evil product that is used by known evil people is a useful time saver in determining the guilt and innocence of all people such as yourself. Suuuure you have a reasonable expectation of privacy but then if you weren't a Perv why would you encrypt anything? This in conjunction with the use of extensive background investigation to find anything you might have done as a child twenty or thirty years ago or any mistakes,errors, and or laspes in judgment over the years leads us to be able to efficiently discredit and disregard anything you might have to say. Thank goodness for Judges in the Peoples Republic of Minnesota who are working diligently to protect us from you guys. (please note the heavy sarcasm in case anyone from Rio Linda is reading this)
Enjoy your Karma, after all you earned it. Feel your Karma Joe, feel it burn.
On more than one level.
You see? There is a silver lining.
Ignore this signature. By order.
Now, it has exposed a broad flank to be shot down in flames in the inevitable appeal that will ensue.
After-all, despite all the new "patriot" acts, the basic doctrine that they have to prove you're guilty and not you that you're innocent stills stands...
-pagefile
FreeBSD 5.x has an option that can be set that, on boot, sets up the swap partition with a random encryption key that is kept only in memory and discarded on powerdown.
It's great for laptops since swap is the primary place on disk where passwords in memory can get accidentally written to. The only downside is that leaving it suspended is a security risk so it's best to power it down when it will be unattended.
Be very careful with EFS if those are files that you care about. If the machine isn't on a domain, there are several events that can cause you to lose your key permanently. One of them is having the user account password reset from the admin account. Changes to the user profile can do it too. Make sure to have backups and be very careful around your registry hive.
On a domain on the other hand, a domain admin can set up key escrow, so EFS doesn't really provide any security there unless you are the only domain admin or you trust everyone who is with all the data you encrypt.
only outlaws will use encryption.
Signature.
The police told me off for not bios-locking my last box.
Interesting... a couple of things come to mind:
1. I've never met a police officer with such a technical mind. I know they exist, but I expect that reporting a crime like a stolen laptop would get me a "so what do you want us to do about it?" and "give us the serial # and we'll keep and eye out for it."
2. I thought BIOS-locking referred to OS-BIOS connections... BIOS Locking: More Intrusive Than WPA. Perhaps you/they meant "BIOS password?"
3. BIOS passwords can be broken, bypassed, or removed quite easily. This is what makes me think that's not what they meant.
Anyways, just some things that went through my head.
Have you checked out the sex offender database for your zip code? Pretty scary how many people in the database live not so far away.
What fresh hell is this that I wake up and learn that because I have an encryption program on my computer, I'm instantly qualified for 10-20 years (in the pokey)? I find it ironic that Windows NT, with its encrypting file system, hasn't landed my ass in jail yet. I thought it was legal to own it, afterall, I had to buy it.
BTW, I own a gun, knives, wood chipper, and a shovel.
-- Game Developers: Stop porting badly-textured games from crappy console systems!
If I am not mistaken the US passed a law about three years ago that could add 5 years to your prison term if you commited a crime and used encyption as part of the crime!!!
The GP wasn't saying that child pornographers and other reprobates should be able to get away scott free by encrypting the evidence. The point appears to have been that moves such as this are serving to errode the protections set forth in the Forth and Fifth Amendments.
Stating that encryption is relevant to the state's case is analogous to the state saying that the defendant's refusal to admit that they're guilty is relevant to their case. There are all sorts of legal uses for encryption, most of them perfectly understandable for the accused (and he still is only accused, not convicted, and should therefore be presumed innocent!) If this weren't so, then you might as well accuse the thousands of people in my company who have PGP on their desktops of being child pornographers and/or terrorists.
Yes, child pornography is bad, but that doesn't mean that the moment someone is accused of the crime we should throw out the constitutional protections guaranteed ALL citizens. Given the current political climate, people who use reasoning such as the parent turn my stomach more so than CONVICTED child pornographers. Bah!
Remove or drain the cmos battery and the bios password is reset. An NVRAM clear will often do it as well.
Draining the cmos battery will take about two weeks though.
Just a Tuna in the Sea of Life
ENCRYPTION != EVIL
OK, agreed.
But I wouldn't necessary put it that way if I needed to make a point. Even if you get somebody to agree with you, it doesn't necessarily help them draw more accurate inferences. Indeed their inferences might still differe hardly from if they thought it was evil. The point here is that they were instructed to consider encryption as evidence. Well, OK, but how to they weight that evidence? Bayes therem says: P(A|B) = P(B|A)*P(A)/P(B).
People have a kind of rough intuitive understanding of this. Suppose "A" is "Is a Terrorist" and "B" is "Uses Encryption". Let's say 1 % of the population is terrorist and 1% uses encryption, because I'm lazy and like my factors to cancel. But since we're talking rough intuition, it's not much of a stretch: what I'm saying is that both terrorism and encryuption use both perceived to be unusual, even if we can't assign precise numbers to them. So, in this case, we get P(A|B) = P(B|A). Let's say that only 10% of terrorist are stupid enough not to use encryption. If we find out somebody is using encryption, if these assumptions are roughly correct, we can be 90% certain that they're terrorists.
On the other hand, suppose everybody uses encryption. Skipping the boring algebra, this works out mean P(A|B) = P(A). This means that some person who happens to use encryption software is exactly as likely to be a bad guy as any person picked at random walking down the street. It'a one in a hundred chance, not quite enough to send anybody to the gallows, I'd say.
Which is a big mathematical "duh". People understand intuitively that unusual facts tell you more about somebody than commonplace ones. The fact that somebody staggers around making loud and rude comment and acting unruly is more helpful if you're trying to decide whether he's drunk than the fact he has ten fingers and toes, as it turns out most drunks do.
The heart of the problem then is that encryption is perceived as exotic. Dynamite, we can all agree, is not evil. But people don't keep it around unless they are using it on their job. If it is found in the urban apartment of a postal worker, it tells you something significant about that person.
This highly misleading message is reinforced by testimony like the police expert. Oh, I would love to have been the one to cross examine this guy. He pointed out that they only people who might be able to break this code are the National Security Agency. The logically inclined among us will naturally find this to be stunningly irrelevant. I might keep my valuables in a safe deposit box that could only be breached by a small nuclear device, it doesn't mean that I'm keeping stolen nuclear plans there. A marketing expert would of course understand exactly what the expert was telling the jury: "This is not something you'd ever use -- it's exotic, cloak and dagger stuff for nefarious purposes."
The better counter message is this:
"Encryption is commonplace stuff. You encrypt data probably every day without even being aware of it, because it's so natural and automatic you never stop to think about it. You encrypt data when you order a book online, or check your bank balances. If you don't encrypt your credit card or bank data, then chances are it's being done for you by the person who is serving you. While your personal information might not be safe when it gets to the bank, it is extremely safe en route. So far as we know, nobody can steam open the envelope and look inside, not even the US Government's top secret spy agencies. They have to wait for the bank to open the envelope first.
The world would be a very different place without encryption. Would you like it if you had to get your bank statements and paid your bills on post cards? Especially if anybody could use your credit card just by claiming to be you? Fortunately, every well designed system for storing and transmitting your data electronically has provisions for protect
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I am not as shocked by them now saying that a program that encrypts files, are related to child porn. Hell, they told a grand jury (an Alabama grand jury. that means mostly farmers that have no evil computers) that "He has his hard-drive partitioned into 4 logical drives. This is common practice amung child porn people."
When it comes to child porn, they are really cracking down. And that's not a bad thing. It just seems like an invasion of privacy. I mean, what if you are into drafting, like me. If you have an encryption program on your computer, it could be used for anything.
It's the same with "safe-delete" programs. Will they go as far to say that "If you have a safe-delete program on your machine, you get arrested for possession of illegal things"? I guess this is the price we pay to have freedom as Americans.
See, this is what Bill Gates has been trying to tell us for years: A secure computer is a criminal offense.
I did RTFA now, and it says they didn't find any encrypted files on his computer. So they are in fact holding the existence of PGP on his computer against him. That's like saying "You have a safe, but we opened it and found nothing inside. But it suggests that you have something to hide."
You can find lists of manufacturer BIOS passwords that will bypass the user-specified password, too.
:)
Working as a help desk tech during college, I discovered a lot of tricks for things you weren't supposed to do. Like resetting an NT administrator password (Tech: "You have to format, sorry." Me: "Boot to this and follow the prompts.")
With the proliferation of bootable specialty Linux distro CDs, there are so many tools to help a Windows person get out of a jam.
Akarsz Magyar Gentoo fórumot? Akkor
Sooo in my understanding PGP is compliant with the OpenPGP spec which means that many crypto programs (including GPG) can (de)crypt data. Every linux distro I have installed in at least the last 5-7 years has had the option of installing the GNU Privacy Guard.
Does this mean that the hundreds of installs I have participated in could now be used by a court in conjunction with any offense I am accused of to prove criminal intent and insure a conviction?
You're almost right, but you're not. There is no indication the encrtyption software was used, or intended for use, in conjunction with the criminal act, which is not the case where a perpetrator has a gun with him during the commission of a robbery.
A better analogy would be that a man *owns* a gun, not that he had one on him during his crime. Since he owns a gun, therefore perhaps he might be willing to shoot someone. This happens often in our criminal trials, and it is weak evidence, just like this encrpytion software is weak evidence. But it is, nevertheless, evidence.
I am old school: relevancy, if there is any question, should be a question for the jury. Let the defense attorney show that encryption software is often used for good, and in itself is not indication of wrongdoing, and let the jury take that into consideration.
[n/t]
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
But if a crime was committed in the dining room of your home, and a (legally owned) gun which was not used in the crime was in your bedroom, should that gun be used as evidence against you?
If there is some reason to suspect that the gun might have been used in the commission of the crime, and that you were the only one (or most likely one) with access to it, then yes.
Each of us shoud create a file with 10,000 lines of "I told you this was an inocent file" and encrypt it an just keep it laying around our hard disk.
No, it's more like this.
You murder someone on the street with a knife. The state has proof you had the knife. The state has witnesses you ran home with the knife. Your defense rests on the fact that they couldn't find the knife in your home.
The state looks in your basement and discovers you have a perfectly legal iron smelting furnace (work with me here). The state is justified in bringing into evidence the possibility that the reason they couldn't find the knife is because you had the capability of undetectably destroying it.
Now flip furnace with PGP, and finding the knife with email records. Not having read the transcript of the case, it's possible some of his defense rested on "well you didn't see me transmit the images anywhere". If that's the case, the state is well and justified in pointing out there's a reason they wouldn't be able to find it.
Reading the article, it's not clear.
Never confuse volume with power.
Yes, but from my understanding of the article the encryption wasn't used in conjunction with the alleged crime. If I'm charged with murder and I happen to have bought a bag of lime or something that can be used to dissolve a body or hide evidence... then a body is found but without any traces of lime... how is the lime in any way connected to the so-called crime?
You can't deal in possiblities. Certainly if the dude had encrypted kiddy stuff on his machine they could use that against him... but he didn't, just encryption software which could very well have been from a completely unrelated issue.
I can't seem to figure out where I stand on issues, which I guess makes me a moderate. My first impression was that this was a really unfortunate anti-encryption story and that we, as a community really need to work on public perception of encryption. Because encryption is just a tool and just because somebody has duct tape doesn't mean they used it to bind a victim and that was where I came around to a different perspective...
Oh yeah, we do consider tools as evidence, even if those tools can be used for other-than-criminal activies. Duct tape, rope, a shovel, a knife, a gun (which is also a legal tool), a cell phone, a pair of binoculars -- heck, anything relevant can be used as evidence.
Now, had they said that encryption software was grounds for conviction in lieu of any actual evidence, using the theory that the reason you can't find any evidence is because the defendant encrypted it all -- THAT would be a tragedy for encryption. But as it stands, it sounds reasonable to me
RP
AC, and too late for anyone to see this, but don't maybe the CIA or FBI or NSA use encryption for anything? Couldn't this ruling mean that they have criminal leanings or tendencies? I did RTFA, and that wasn't the only thing that convicted him, but couldn't someone start launching investigations against any government entity or organization that used encryption? And, as mentioned, what about those web sites like amazon.com that no doubt are helping the terrorists by using encryption?
The whole thing seems a bit hypocritical.
#3 is interesting. I know TPM is associated with 'evil-DRM-Trusted-computing-stuff', but I use it as an unbreakable store of my sensitive keys. If what the inventors say is true (I work with some of them), you'd have to be a stronly motivate government to stand a chance of getting stuff off the TPM, so implicitly, off this hard disk.
If your work with the inventors, you should know one thing. It is not trusted computing that is seen as inherently unsafe or "bad". That is the (IMHO VERY harmful) anti-tcpa propaganda which dumbs things down too much - which leads to people like you asking "so what?"
Yes, I would be very happy to own a trusted computing device, if and only if I have access to ALL keys and there is nothing hidden to me as the user (of course, with authorization by a passwort/master-key).
But that's the point and the danger. Trusted computing with "not-your-own-keys", areas on your computer controlled by someone else, makes the most evil forms of DRM, goverment control etc. possible!
I don't suppose you'd want to tell us what that option is? :)
hawk
This is freaky... I actually know one of the judges...
/ 0505/opa040381-0503.htm
The full opinion is available online at http://www.lawlibrary.state.mn.us/archive/ctappub
The judges wrote: Appellant argues that his "internet use had nothing to do with the issues in this case;" "there was no evidence that there was anything encrypted on the computer;" and that he "was prejudiced because the court specifically used this evidence in its findings of fact and in reaching its verdict." We are not persuaded by appellant's arguments. The record shows that appellant took a large number of pictures of S.M. with a digital camera, and that he would upload those pictures onto his computer soon after taking them. We find that evidence of appellant's internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him. See Minn. R. Evid. 401.
It appears the presence of crypto was not viewed as evidence for malfeasance, but instead used to describe a part of the procedure in which the appellant loaded pictures of the victim onto his computer.
(Disclaimer: I'm a programmer at Guidance Software, and work on EnCase.)
The fact that the presence of PGP on the suspect's computer was determined to be "somewhat relevant" by a Minnesota appeals court in this particular case is hardly the death knell for the 4th amendment.
Evidence from computer media is largely treated as circumstantial in the courtroom. As such, the tact in CP trials like this is to present lots of independent facts to the court with the hope that the aggregate weight of these facts is enough to remove reasonable doubt.
I have and use PGP and have no fear that it'll ever be used as evidence against me. Unless, of course, child pornography is recovered from the unallocated clusters on my disk, internet history show I was surfing CP sites through Google searches, link files pointing to, for an example I had from an investigator this very morning, "Gruppe 3 M:adchen Sperma.jpg", etc., etc.
Another subtlety to understand is typically only a small amount of the technical evidence from a case is presented to the court. Why? Because you don't want to spend hours and hours confusing the judge and jury about the meaning of MFT records and the like. I'd be sure in this case that there's a fair amount of evidence against the suspect (there usually is in CP cases, or they don't prosecute...) and the prosecution cherry-picked what to present in court based on how easy it would be to explain.
Jon
But the fake child porn option produces plenty of reasons to encrypt his porn. Um, duh. And it's completely legal.
Of course, he apparently failed to do so. Or maybe he couldn't find any. Because nothing was encrypted.
If corporations are people, aren't stockholders guilty of slavery?
I don't know how relevant this thought is, but I wanted to put it out there just the same:
Unless an actual child is being affected in some way, I really think child porn is at most levels harmless to the public. I'll qualify that in many ways if need be though I will grant that the initial act (if indeed it was an actual child depicted) is in fact harmful for the natural and healthy development of a child, the interest in child porn is, in my view, an exaggerated "thought crime" (provided that is the whole extent of the attrocity) and should be left alone by law enforcement... it is by itself a victimless crime in my opinion.
(I like porn... maybe not children, but when you start drawing lines, at some point I might find myself in jail because the objects of my own fantasy aren't wearing burkas right?)
My opinion can't be popular, but I think it's most compatible with those who care about general freedom that does not harm anyone else. I feel bad for anyone who is damaged enough to find children sexy, but if they do manage not to 'infect' anyone else with their condition, they should be allowed to live in peace and let the public relax from its with hunt.
(I'll qualify myself furhter by adding that I'm actually kinda drunk right now so if I don't make great amounts of sense, that might be part of it as well... but I generally stand behind my moral convictions [ironic word isn't it?] which support the right to be left alone if you're not harming anyone else in any way.)
Basically, to tie this in with the original topic: a person should have the right to protect his privacy from the public and YES from law enforcement. While I personally believe that "victimless crimes" should not be criminal, I recognize and in fact respect the fact that they are criminal at present. I should be allowed to encrypt anything I want and that encryption alone should not be confused with criminal intent any more than wearing clothes and a pocket knife in my pocket should be confused with having "a concealed weapon" on my person or a lock on my front door be confused with having controlled substances within.
These people are so short-sighted... more concerned with "getting the bad people" than protecting themselves... have they no idea what damage they are causing?
So... SSL can lead to the SSLammer ???
This is OT and IANAL, but...
informing the court that you "take the fifth" is unadvisable for any case involving alcohol.
This is not my sig.
Say it was commonplace for everyone to use encryption. I'm talking your mom encrypts her emails to aunt celly.
How would this 'evidence' be treated then?
One time a few years back I was given a ticket for speeding in California. I live in Arizona, and was returning from visiting a relative when I got the ticket. I was plainly in the wrong (I was speeding on the highway - however, it was one of those long lonely stretches in the desert between Yuma, AZ and BFE, California, with no other cars in sight - well, at least until I hit the speed trap under the overpass, of course) - but during the course of paying my fine (and doing an "online" drivers training course to keep the points off my record), I decided to look into the law I had violated...
To my disgust, as I was looking into the law - I found what "laws and statutes" really are:
SPAGHETTI CODE
There I was, looking at what appeared to be a set of functional code - but there was tons of "if-then"'s, the equivalents of "goto"'s, etc - if viewed as a piece of code, law would be the absolute worse piece of crufty legacy code there is! Couple this with the knowledge that there are tons of laws still on the book in all jurisdictions that have absolutely no bearing on current happennings (which could be analogous to old procedures in old code libraries/includes which are called only occasionally or never, in real code) - the fact that laymen can't understand it shouldn't be surprising.
What is surprising is a few things: that laymen can't use "ignorance" as a defense (though if as a layman you look at the law, it seems nearly impossible to make heads or tails out of it, even if you study it quite a bit, and of course case law -might- trump what you are reading, unless you know how to look that up, on and on and on...) - but further, that lawyers, judges, etc - ie, those who are charged with executing the law - actually make pretense at truely understanding it.
I submit that this is a lie, that these executors of the law are foisting upon us, the citizenry, a lie of monumental proportions - they act as arbitrators and interpretors of the laws, but I would be willing to bet that they are just or nearly as lost as we, the laymen, are.
Think about it: it is very nearly analogous to a large corporation with a a very old and crufty legacy COBOL-based computer software system, coupled with a 10Base2 twisted-pair network on an old IBM 360 mainframe running who-knows-what old incarnation of an OS - with a team of programmers, some old, most new - but even the old programmers were "newbies" when some of the last COBOL hacks were added, and the newer programmers are writing Java code to integrate with the legacy source - oh, and this system just happens to run a multi-national spread over 25 countries across the world.
Not one of those programmers could truthfully say they fully understand the system, and what effects adding a new piece of code or hack in will cause to the system as a whole. Not a single one of them could do it, and they couldn't even ask the original system developers, because most of them would be dead or senile, or otherwise unreachable (if anyone even knew who they were!).
The really sad part is that law, unlike code - can rarely be removed or otherwise refactored easily to see what that kind of a change would make. Most of the time, to fix a law, you have to cruft on more law, and hope that the "fix" doesn't break something else. Come to think of it - this is almost exactly like legacy code...
The only true way to fix it is to rip it all out and start over again with a fresh system - hopefully building on and learning from past mistakes and past poor procedures, so you don't repeat the problems. Unfortunately, what that means in law is revolution, typically armed, messy, and in more cases than not, the new system is a bigger broken mess than the old - rarely is it ever better.
Fittingly - just like replacing a legacy code system...
Reason is the Path to God - Anon
Where I work, we are required to encrypt customer information, and financial data, to keep it from prying eyes. Does this make Sarbanes and Oxley co-conspirators in the child porn case? Just a thought...
U.S. Laws are too black & white IMO.
Having an encryption program on your computer is NOT illegal.
Utilizing that encryption program to encrypt 'illegal' data, or to use encrypted data for illegal purposes, IS illegal.
Unfortunatly, we leave our fate up to our peers (jurors), most of which would not understand the difference in this case, and would easily surcome to the evil intentions of the prosecution. =(
the only permanence in existence, is the impermanence of existence.
Having a hunting rifle is evidence of criminal intent in a poaching case.
Or
Merely posessing a lawfully owned firearm is criminal intent in a murder case.
However, this only says that the prosecution can use this as evidence. I would hope that the defense was able to show to the jury why this was so silly.
However, in a case where this is appealed after the conviction, and where it is a comparitively minor piece of evidence, the court may have a vested interest in not allowing the defense to nitpick after the fact. I.e. that there is a much higher standard for challenging evidence after the verdict than before. This might be different if it was a central aspect of the case, I might think, but IANAL. I have not read the actual ruling, only the news.com summary. Given how often news magazines miss the point of the ruling, I am not taking this at face value.
LedgerSMB: Open source Accounting/ERP
Probably the same way that everyone with a gun is treated when there is a gun crime. The MN court said that encryption could be used as evidence, not that all encryption is 'evil.' I'd say you were overreacting, but that would be the understatement of the year.
You're absolutely right, of course. I just think that currently punishments are not on par with the damage done to the victim.
But yes, you caught me speaking a little over-the-top when I said that. :-)
Perhaps those clamoring to educate the ignorant masses on encryption should take a couple seconds and just apply a little logic, which is supposed to be the strong suit of the visitors here, as well as the foundation for our legal system.
If I am busted for drugs and they happen to find a weapon in my home, this will most likely be ruled a mitigating factor somehow along the line. Particularly if we are talking about a distribution/trafficing offense.
You guys are WAY over-geeking it and not looking at it for what it is. If I am hired by, say an organization, to investigate someone who may or may not have illegal content on their HD and I boot 'er up and see an encryption app...
Slow down and take off the geek hat for a minute. Stop injecting your personal views and think with a little logic. The ruling is pretty obvious if we weren't talking about tech. So, why should it be different with tech?
Techies have had many, many opportunities to make encryption support easy to use and transparent in products, and it hasn't happened. If they had, lots of people would use encryption; because they haven't encryption can be used as a discriminating factor between the ordinary and the dubious.
Any program relying on (nontrivial) preemptive multithreading will be buggy.
You miss my point, I don't think I'm overreacting. What I'm trying to say is if the courts pointed out that ahh look he has encryption, I'm saying in my situation it would be 'so what, doesn't everyone?'
Basically I think the courts made mention of encryption because in todays society it is something of note. I'm saying imagine everyone and I mean everyone used encryption. Then it would be like pointing out he has a telephone because it could be used to contact other pedophilers.
Do you see what I'm getting at now? I wouldn't think it would hold as much weight (or be something of note) if every person had encrypted file on every electronic device they had.
Because basically, right now they are inferring he has 'something to hide' by simply having encrypted files. That inference would be much more difficult if encryption was as commonplace as a telephone.
directory where I save PDF shopping receipts
Directory where you... Save... PDF receipts?
Brilliant!
I would like to thank you. It never occurred to me to print my order confirmation pages to PDF. What a truly wonderful idea!
Well, it doesn't so much matter for myself, but if I can convince my SO to do that, I'll save a ream of paper per month. DAMN that girl can shop...
FTA: "The court didn't say that police had unearthed any encrypted files or how it would view the use of standard software like OS X's FileVault. Rather, Levie's conviction was based on the in-person testimony of the girl who said she was paid to pose nude, coupled with the history of searches for "Lolitas" in Levie's Web browser.
Judge Thomas Bibus had convicted Levie of two counts of attempted use of a minor in a sexual performance and two counts of solicitation of a child to engage in sexual conduct. The appeals court reversed the two convictions for attempted use of a minor, upheld the two solicitation convictions, and sent the case back to Bibus for a new sentence."
So the only evidence against this man (that we know) is one exercpt from his browser history, and the uncredible testimony of a 9 year old. Remember the peoples lives damaged by satanic ritual abuse, when in fact "There is ample evidence that therapists and law enforcement personnel encourage and reward children for accepting the suggestions of bizarre abusive behavior". So unless there's some photos, anyone who wants this guy put away is an overemotional idiot that needs to learn the meaning of justice.
The road to hell is paved with good intentions.
Or look at locks. Would a judge also say that someone who locked their door has "criminal intent"?
Someone please mod this up. This is the best explanation I've seen here yet.
The reality is that he is convicted, and apparently based solely on the word of one 9 year old, and search history on his browser for a uncommon name. Given the current political climate, if a underage person says your guilty of being a pedophile, unless you have the resources of Jacko, you might as well just kiss your ass goodbye,
no physical evidence required,
no resonably consistant story from the victim,
no corroborative testimony,
just a possible life imprisonment, and if you do manage to get released, your name on the sex-offenders list forever.
At least Cotton Mather isn't burn them at the stake anymore.
Apocalypse Cancelled, Sorry, No Ticket Refunds
That's like telling me that when I commit a gun crime, and the prosecutor wants to put the gun with my fingerprints and gunpowder on it into evidence, I should object with the argument that "everyone" has a gun.
The courts aren't stupid. If the gun or encryption was used in the process of a crime, then it is going to be evidence. Regardless of how many other people might have a gun or encryption.
Now, if the court would say that since he had encryption on the computer, that is enough for a conviction, I would be concerned. But, if you read the article, you'll find that encryption was not the basis of the conviction.
Because basically, right now they are inferring he has 'something to hide' by simply having encrypted files. That inference would be much more difficult if encryption was as commonplace as a telephone.No, they are infering that he has something to hide because he paid a girl to pose nude. And had a history searches for "Lolitas." And that has squat to do with how many people use encryption.
Now your chief weapon is only fear... fear andruthless efficiency... ruthless efficiency and fear.... Our two weapons are fear and ruthless efficiency... and an almost fanatical devotion to the Pope.... Our three... no... Amongst our weapons... Amongst our weaponry... are such elements as fear, surprise... I'll come in again.
The road to hell is paved with good intentions.
Doesn't this make anyone running linux, OS X, or OS 9 (Finder-level 128-bit encryption) potential criminals? :P
On older Sony notebooks the bios password reset was a Public/Private key with the notebooks's serial number as the public key.
I helped a friend with his old vaio that had been sitting idle for a while and he forgot the password. it was a pita to fax in a receipt then he had to pay $25 for some dude in India to transfer him to some guy in Florida to take his serial number and tell him a 7 digit code.
Just a Tuna in the Sea of Life
Couldn't having a lock on your door be admitted as evidence of wrong doing by logical extension?
Ah, the jerking knees....
Sure, just put
gbde_swap_enable="YES"
into your /etc/rc.conf. Then in your /etc/fstab, stick a .bde at the end of the swap devices you want to encrypt. For example, if you have
/dev/ad0s1b none swap sw 0 0
change it to
/dev/ad0s1b.bde none swap sw 0 0
Having a flashligh, crowbar and gloves in a car was enough to get a friend of mine taken to jail on some charge like felony posssion of buglary tools 10 years ago. Doesn't matter there was a toolbox full of other crap. The combination of the three was enough trigger some stupid law. He got out of it but thats not the point...
ahh. Thanks.
hawk
Owning a crowbar is not illegal.
Having a crowbar in your posession isn't illegal.
Having a crowbar in your posession half a block from a house that was just broken into with a crowbar becomes relevant to the states case, and is no longer simple coincidence.
It can't be supressed as evidence. That is all, nothing to see here.
What they will try to do is, not villify him for having the software, but show that he encrypted pictures with it because he KNEW they were illegal. It shows his INTENT. If he has nudies that aren't illegal and unencrypted, and nudies that are illegal, and are encrypted, then he can't say that he didn't realize they were illegal, his actions show he had at least a suspision.
Anyone that has a webbrowser has encryption software if it supports SSL or TLS. He is not being punished for having PGP. His use of PGP indicates he new something was wrong. It isn't a single piece of evidence to hang him with, but piece of a puzzle.
These alternatives have been proven to be secure, likely just as secure as the 'big boys' like PGP and GPG.
Enjoy!
Tiny Encryption Algorithm
Pure Crypto Project
CipherSaber (CAUTION: uses RSA's 'cracked' RC4 algorithm)
Cartman: [nervously] Heheh.
Weird Man: Do you see??
Cartman: Yes yes, I see! [another Mount Rushmore picture is shown, with the man looking at the camera this time]
Weird Man: Here I am at the Alamo in San Antonio. [this time he looks psychotic, with his hands ready to grab something] This was just outside of the gift shop. Do you see??
Cartman: AAAAAAAH!
I dont work with them; I work in the same corporate R&D lab. big difference. I dont believe in TCB, I dont believe in DRM. I dont think anyone here believes that real DRM is workable.
But you are right, TCB could be used for ubiquitous DRM, and that would be wrong. I guess now I am lucky in that the OS (winXP) doesnt know about the TCB; its some helper device driver that just stores my keys. Longhorn would be a different matter.
they meant bios passwords. Implict was the idea that people stealing the laptops are drug addicts wanting to get enough for the nights fix. Anything that reduces the value of the laptop helps.
The laptop integrates with secured HDD drives; these need a supplied password to start working properly; you set it up so the BIOS password powers both. If the password is stored on the disk, it should be pretty persistent, leaving only brute force attacks.
just anger a psychologist one day, and you may find yourself locked up for the rest of your natural life, "for your own good"...
It's so bad that criminals would rather go to jail than plead insanity; they can get out of jail...
--
AC
. . .
I have and use PGP and have no fear that it'll ever be used as evidence against me.
Yep, I imagine you don't :).
Of course, the prosecution would just argue that you used your expertise and inside knowledge of forensic software to hide your child porn so well that none could be found on your drive. However, the logs that might be used to frame you could be pretty damning . . .
"He was using encryption, so he must have something to hide" as an argument for the prosecution is another nail in the (admittedly already pretty much shut) Fourth Amendment's coffin.
I too have felt the cold finger of injustice.
(copied from my post to a list)c ourt=mn&vol=apppub/0505/opa040381-0503&invol=1
/MN resident
//knows what the hell he's talking about
First, read the opinion before the paranoia/speculation:
http://caselaw.lp.findlaw.com/scripts/getcase.pl?
The news.com article takes it out of context - the finding is that the
existence of an encryption program is relevant. Not damning, not
exonerating, just relevant - and personally I'm of the belief that encryption
software is a relevant issue when digital kiddie porn is the subject. This
does nothing to tie encryption with conviction - as shown by the opinion that
encryption was not very substantive to the case against him.
This is not a precedent, for many, many reasons.
so let me get this straight...i have nmap, snort, ethereal, and several, several others...plus encrypt software, keyloggers, and all sorts of others....am i guilty of hacking, or just a comp science major?
Many people have made good points on both sides, and are right I believe to a certain extent. Here is my take.
Had the prosecution shown that encryption was selectively (this word is important!) used to encrypt the pornography, this would have shown intent to hide a criminal act. However, since no evidence was found that showed the encryption being used even at all apparently, the connection no longer becomes valid. To further extend, had encryption been in use on his computer, but used for everything, this also shouldn't be allowed. This would be similar to a bank robber hiding stolen money under a mattress. If the rest of his money was never stored under a mattress, you could show that hiding the stolen money under the mattress was an obvious attempt to hide the money. However, if he always kept his money under the mattress, stolen or not, then the presence of stolen money under a mattress would present no further evidence for use against the robber.
So, the presence alone means nothing. The presence, combined with specific use of the software in such a way that reveals a certain intent, can mean something. All about intent. Was the software just coincidentally there, or was the software used as a means to conceal illegal activities? In this case, it appears to have only been a coincidence.
The problem with this line of arguement is that this is not the only use for such tools. I have the GPG version of PGP on my home and work systems. At home, I use it for encrypting backup copies of my financial records, tax forms, old love letters (yes, the girls were of legal age, they're just embarrasing), and various files associated with my participation in local politics. At work, since I know there is at least some legally protected data on the machine, I have departmental computers backup local desktops to internal hard drives, and then encrypt the backup files whem putting them on the server.
Kind of like pointing out the defendant owned a shredder, there was huge pile of shredded paper by it, and the "smoking gun" documents are no where to be found.
Agreed... but it does not appear that the "huge pile of shredded paper" is present. Normal use of GPG or PGP to erase files leaves portions of the drive with data sectors showing either VERY high entropy, OR purely "zeroed". No mention of such evidence is in the news reports or ruling.
Last, it doesn't exactly sound like PGP was a "factor in his punishment". Rather, it sounds like it was a factor in his conviction. If the court had ruled that the evidence was inadmissible, then a new trial might have been ordered. This would require a finding that the irrelevant evidence was prejudicial enough that it could have formed a basis for the conviction. If the error was not considered substantial, then no new trial would have been ordered.
However, if the error was not considered substantial, the appeals court ruling would have said so; and if they had so ruled, or had ruled for it being inadmissable, there would be much less to this story. Instead, the ruling states "the presence of an encryption program on his computer was relevant to the state's case".
It's bothersome that the idiot testifying didn't know diddly about computers. Macs do NOT come with PGP or GPG installed by default. The FileVault system on OS X.3+ is based on AES-128, an algorithm whose main (sole?) similarity is that it cannot be decrypted by anyone short of the NSA. For that matter, Windows 2K and XP with EFS, based DESX... which probably can't be broken by anyone not willing to buy over ten megabucks of hardware for such jobs.
I also find it worrisome that it was admitted to evidence that he looked up on the web the definition of the crime he was accused of, as that would seem to weaken the right to counsel. Fortunately, that was not part of the basis of his appeal.
//Information does not want to be free; it wants to breed.
Read the actual opinion here - where does it says that the existance of PGP on his computer constituted criminal intent? It doesn't. It says that the existance of PGP "was at least somewhat relevant" but that the other evidence , PGP aside, was enough to convict.
.. but only if you forget your password
// Just my few cents