Slashdot Mirror
PGP Ruled as Relevant For Criminal Case
waytoomuchcoffee writes "A Minnesota appeals unamimously ruled in a child porn case that "the existence of an encryption program" on the defendants computer could be admitted as evidence of criminal intent. The article doesn't mention if this can be taken into account for sentencing too."
Read the article! Quit posting in a vain attempt to be first.
He already committed the f'ing crime.
Levie's conviction was based on the in-person testimony of the girl who said she was paid to pose nude, coupled with the history of searches for "Lolitas" in Levie's Web browser.
The guy wasn't convicted because of the crypto. It's like finding the dead body... and then finding the shovel, the canvas bag, etc.
The main problem with this statement is that Windows XP includes encryption software as well. So do most modern Microsoft products.
In America, no person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law.
Unless they are charged with child molestation. In that case, they are clearly guilty and we may dispense with the technicalities.
As usual, the FA is not as bad as the slashdot headline.
Sigh. My headline as entered was PGP ruled as "evidence of criminal intent"
This appears to be the only discussion of the encryption issue:
The entire case is available at http://www.lawlibrary.state.mn.us/archive/ctappub/ 0505/opa040381-0503.htm
If you don't know where you are going, you will wind up somewhere else.
"Rather, Levie's conviction was based on the in-person testimony of the girl who said she was paid to pose nude, coupled with the history of searches for "Lolitas" in Levie's Web browser."
Does anybody actually RTFA before commenting, or the little editorial burp is good enough for the majority to form a knee-jerk reaction?
The way I read the article, the guy appeared to be appealing (saying that the conviction should be overturned) because inadmissible/irrelevant evidence (He'd installled PGP!) was used to convict him.
The Appeals court upheld the conviction since PGP wasn't central to the conviction, but the testimony of the victim, evidence in his browser cache, was the primary point of conviction. While not central to the case, PGP was "somewhat relevant", i.e. was not irrelevent enough to overturn the case.
Let me preface this by saying I know nothing of MN law or the facts of this case beyond the short article. However, I am a lawyer and I can guess at why the prosecution would want to get this evidence in the record and why it would be admitted.
The Prosecutor would likely argue that the existence of the encryption software demonstrates that the defendant knew that what he was doing was wrong and that he was trying to hide damning evidence. Hiding evidence against you is frowned on. If you know evidence could be used against you and then go about destroying it, in certain situations the court is entitled to instruct the jury to presume that the destroyed evidence would be harmful to your case.
Now, encrypted evidence may not be literally destroyed, but it is as good as destroyed as long as it remains encrypted. It's kind of like a shredded document -- although it is conceivable that it could be reassembled, if it is mixed with enough random material, reassembly is all but impossible.
Anyway, I don't see this as a suggestion that encryption is bad per se. I see it as an extension of basic evidence rules -- if there is other evidence suggesting you have bad files and you have intentionally made those file unreadable, the tools you used to do that are possibly relevant. Kind of like pointing out the defendant owned a shredder, there was huge pile of shredded paper by it, and the "smoking gun" documents are no where to be found.
Last, it doesn't exactly sound like PGP was a "factor in his punishment". Rather, it sounds like it was a factor in his conviction. If the court had ruled that the evidence was inadmissible, then a new trial might have been ordered. This would require a finding that the irrelevant evidence was prejudicial enough that it could have formed a basis for the conviction. If the error was not considered substantial, then no new trial would have been ordered. Obviously, one never reaches the punishment phase without conviction, but I didn't read anything that suggested the punishment was more severe by virtue of the PGP software (kind of like a firearm enhancement).
What changed under Obama? Nothing Good
He was convicted based on: a) the claims of a nine-year-old girl b) browser search history and c) a standard encryption program was found on his computer. Each one of these by itself is tenuous and all together, they are tenuous. Don't we have a standard of justice called "beyond a reasonable doubt"? People lie. Nine-year-old girls lie. Children especially like to please their parents (and adults in general) and if they think that saying a certain thing will please their parents they are likely to do it. Pleasing parents is usually a higher priority for children than telling the truth. I'm not saying this guy didn't do it but from the brief description in the article, their case seems to come up far short of "beyond a reasonable doubt".
Windows has encryption built in too.
The fact that the NSA breaks crypto is widely known. On the other hand, I happen to know that the yes-or-no answer to whether the NSA can break a specific cryptosystem is always classified Top Secret. They do stuff like that all the time. General info is For Official Use Only, operational details are TS and usually compartmentalized. Schaub is guilty of divulging classified information. The info could be correct, or it could be wrong, but in either case, Schaub is in a lot of trouble. And if he backtracks, and claims he doesn't know what he's talking about, he's guilty of perjury. Whoopsie.
Second, I'd like to point out that saying you can't have crypto on your computer is like saying you can't have a lock on your house: stunningly idiotic. With the kind of viruses going around today, you're more likely to have your credit card info stolen from your hard drive rather than off your dresser. But we can't use locks to protect that info? I guess everyone running Windows 2000 is going to jail.
To sum up: the defendant is a fucking pedo, the judges are fucked in the head, and Schaub is just plain fucked.
P.S. In closing, I'd like to say hi to all my friends in the Intelligence Community. You know who you are. I miss you all dearly. Keep up the good work.
A right to privacy should be guaranteed.
Should be, but it's not. Read the bill of rights. "Right to privacy" is not one of them. Privacy is a privilage.
That said, it is pretty silly that having encrytpion applications constitutes criminal intent. Encryption is built into OSX, and hell, I even use it for my home directory. Does that mean I have criminal intent? No! I simply don't want whoever steals my laptop to be able to access my stored passwords and such.
Call me wacky, but:
:-) And for good reason, as evidenced by the groupings and subjects of amendments 1 - 10.
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated... (and so on...)
Has a privacy ring to it.... It's a right. If you want to keep something to yourself... this particular amendment provides a mechanism for which you are able to do that. Granted, it is not specifically stated "privacy", but applying the reasonable man test, you can see where privacy is upheld over public scrutiny. When privacy needs to be violated, it requires more work than just "LET ME SEE YOUR STUFF."
Which, if our courts weren't so broken, judicial review would toss out the "sneak and peek" provisions of the Patriot Act faster than you can say "Amendment IV".
It's the Stay-Puft Marshmallow Man.
My laptop got stolen from my own house last year; in hibernate state.
Revoking SSH keys took as much time as killing card info, There is so many places sensititive data could end up (like your bank login/card info), such as
-hibernate file
-pagefile
-browser password store
-browser page cache
-directory where I save PDF shopping receipts
-mailbox
Now I lock a lot of the system down. Not just my home dir
-temp
-browser cache
-various program directories.
This is win32, where the EFS stuff doesnt encrypt filenames, just the contents. Its known that EFS is breakable (just reset the login password or something), but to make it harder
1. laptop needs a bios password.
2. that password is also used to enable the HDD
3. My winnt EFS private key is stored in the laptop TPM module.
#3 is interesting. I know TPM is associated with 'evil-DRM-Trusted-computing-stuff', but I use it as an unbreakable store of my sensitive keys. If what the inventors say is true (I work with some of them), you'd have to be a stronly motivate government to stand a chance of getting stuff off the TPM, so implicitly, off this hard disk.
Does this make me a criminal? I dont think so. The police told me off for not bios-locking my last box. Their view is the less usable stolen laptops are, the less valuable they are, so theft reduces all round. It is every laptop owner's duty to lock down their boxes so nobody can get at them!
if used with an account password it does.. unless you're logged in on the account that encrypted the files, you wont be able to read them
he's not only dumb enough to make and locally store child porn
Huh? From what I read there was no child porn on his computer and no encrypted files.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
I and many others in .dk regularly take large bags into shops. Simply because new bags cost significant money, we reuse old ones. So there are other reasons for entering shops with large bags.
That aside, I still think it sets a dangerous precedent. Having a gun in your house surely does not mean you premeditated that murder in self-defense when you got burgled?
-Lars
If you are worried about such a situation, you might want to take a look at the TrueCrypt project at http://www.truecrypt.org/. Check the documentation about plausible deniability. Basically, according to the docs, an encrypted volume contains no signature, and no way to prove it is anything besides random data. You can also create hidden volumes inside encrypted volumes. So, if you are forced to decrypt the volume, you can have a few files in there that look like something you might want to protect, but the real info is still hidden.
I may not be explaining this perfectly, as I don't use this feature. Might be worth checking out though. Also, I think this product is only for Windows, but similar options are probably available for other systems.
Right to protection against unreasonable search and seizure has been held by the court to be in effect a right to privacy. If you've ever bought a condom in your life, you've probably exercised the rights granted under that court case (a court case in Connecticut overturning a law against birth control as an unconstitutional infringement to the right to privacy).
This ruling would have been unlikely for any case except child pornography. Child pornography is so inflamatory that bad case law seems to be the rule rather than the exception.
I have worked for both the prosecution and the criminal defense sides of child pornography cases. I have watched the jury members when they are forced to view the vile images of babies being raped. They want someone to go to jail for making them view the pitures. Judges are frequently not that much different than jury member and they are also repulsed by the images. The impartial stand on rulings must be very difficult when they too are repulsed by the photos.
In addition to this case I know of a court case that essentially ruled, If you receive an illegal file and delete the file, you had control of the file because you deleted it, therefore you possessed the file.
Have you ever had your browser hijacked?
Did you delete the files your received while hijacked?
Turn yourself in.
With child pornography and computers there must be a friend of the court to give a professional unbiased opinion about computer evidence. In our adversarial system frequently the side with the best lawyer wins. I have found this to be very true with electronic evidence because technology changes so fast the courts can't keep up. If a win at all costs lawyer finds a qualified expert the case law will continue to be bad and restrict the honest citizen.
Sure they can. They can disbelieve, declare you in comtempt of court, and throw you in jail indefinitely.
One time a few years back I was given a ticket for speeding in California. I live in Arizona, and was returning from visiting a relative when I got the ticket. I was plainly in the wrong (I was speeding on the highway - however, it was one of those long lonely stretches in the desert between Yuma, AZ and BFE, California, with no other cars in sight - well, at least until I hit the speed trap under the overpass, of course) - but during the course of paying my fine (and doing an "online" drivers training course to keep the points off my record), I decided to look into the law I had violated...
To my disgust, as I was looking into the law - I found what "laws and statutes" really are:
SPAGHETTI CODE
There I was, looking at what appeared to be a set of functional code - but there was tons of "if-then"'s, the equivalents of "goto"'s, etc - if viewed as a piece of code, law would be the absolute worse piece of crufty legacy code there is! Couple this with the knowledge that there are tons of laws still on the book in all jurisdictions that have absolutely no bearing on current happennings (which could be analogous to old procedures in old code libraries/includes which are called only occasionally or never, in real code) - the fact that laymen can't understand it shouldn't be surprising.
What is surprising is a few things: that laymen can't use "ignorance" as a defense (though if as a layman you look at the law, it seems nearly impossible to make heads or tails out of it, even if you study it quite a bit, and of course case law -might- trump what you are reading, unless you know how to look that up, on and on and on...) - but further, that lawyers, judges, etc - ie, those who are charged with executing the law - actually make pretense at truely understanding it.
I submit that this is a lie, that these executors of the law are foisting upon us, the citizenry, a lie of monumental proportions - they act as arbitrators and interpretors of the laws, but I would be willing to bet that they are just or nearly as lost as we, the laymen, are.
Think about it: it is very nearly analogous to a large corporation with a a very old and crufty legacy COBOL-based computer software system, coupled with a 10Base2 twisted-pair network on an old IBM 360 mainframe running who-knows-what old incarnation of an OS - with a team of programmers, some old, most new - but even the old programmers were "newbies" when some of the last COBOL hacks were added, and the newer programmers are writing Java code to integrate with the legacy source - oh, and this system just happens to run a multi-national spread over 25 countries across the world.
Not one of those programmers could truthfully say they fully understand the system, and what effects adding a new piece of code or hack in will cause to the system as a whole. Not a single one of them could do it, and they couldn't even ask the original system developers, because most of them would be dead or senile, or otherwise unreachable (if anyone even knew who they were!).
The really sad part is that law, unlike code - can rarely be removed or otherwise refactored easily to see what that kind of a change would make. Most of the time, to fix a law, you have to cruft on more law, and hope that the "fix" doesn't break something else. Come to think of it - this is almost exactly like legacy code...
The only true way to fix it is to rip it all out and start over again with a fresh system - hopefully building on and learning from past mistakes and past poor procedures, so you don't repeat the problems. Unfortunately, what that means in law is revolution, typically armed, messy, and in more cases than not, the new system is a bigger broken mess than the old - rarely is it ever better.
Fittingly - just like replacing a legacy code system...
Reason is the Path to God - Anon
Sure, just put
gbde_swap_enable="YES"
into your /etc/rc.conf. Then in your /etc/fstab, stick a .bde at the end of the swap devices you want to encrypt. For example, if you have
/dev/ad0s1b none swap sw 0 0
change it to
/dev/ad0s1b.bde none swap sw 0 0