Slashdot Mirror
PGP Ruled as Relevant For Criminal Case
waytoomuchcoffee writes "A Minnesota appeals unamimously ruled in a child porn case that "the existence of an encryption program" on the defendants computer could be admitted as evidence of criminal intent. The article doesn't mention if this can be taken into account for sentencing too."
Read the article! Quit posting in a vain attempt to be first.
He already committed the f'ing crime.
Levie's conviction was based on the in-person testimony of the girl who said she was paid to pose nude, coupled with the history of searches for "Lolitas" in Levie's Web browser.
The guy wasn't convicted because of the crypto. It's like finding the dead body... and then finding the shovel, the canvas bag, etc.
The main problem with this statement is that Windows XP includes encryption software as well. So do most modern Microsoft products.
As usual, the FA is not as bad as the slashdot headline.
Sigh. My headline as entered was PGP ruled as "evidence of criminal intent"
This appears to be the only discussion of the encryption issue:
The entire case is available at http://www.lawlibrary.state.mn.us/archive/ctappub/ 0505/opa040381-0503.htm
If you don't know where you are going, you will wind up somewhere else.
Let me preface this by saying I know nothing of MN law or the facts of this case beyond the short article. However, I am a lawyer and I can guess at why the prosecution would want to get this evidence in the record and why it would be admitted.
The Prosecutor would likely argue that the existence of the encryption software demonstrates that the defendant knew that what he was doing was wrong and that he was trying to hide damning evidence. Hiding evidence against you is frowned on. If you know evidence could be used against you and then go about destroying it, in certain situations the court is entitled to instruct the jury to presume that the destroyed evidence would be harmful to your case.
Now, encrypted evidence may not be literally destroyed, but it is as good as destroyed as long as it remains encrypted. It's kind of like a shredded document -- although it is conceivable that it could be reassembled, if it is mixed with enough random material, reassembly is all but impossible.
Anyway, I don't see this as a suggestion that encryption is bad per se. I see it as an extension of basic evidence rules -- if there is other evidence suggesting you have bad files and you have intentionally made those file unreadable, the tools you used to do that are possibly relevant. Kind of like pointing out the defendant owned a shredder, there was huge pile of shredded paper by it, and the "smoking gun" documents are no where to be found.
Last, it doesn't exactly sound like PGP was a "factor in his punishment". Rather, it sounds like it was a factor in his conviction. If the court had ruled that the evidence was inadmissible, then a new trial might have been ordered. This would require a finding that the irrelevant evidence was prejudicial enough that it could have formed a basis for the conviction. If the error was not considered substantial, then no new trial would have been ordered. Obviously, one never reaches the punishment phase without conviction, but I didn't read anything that suggested the punishment was more severe by virtue of the PGP software (kind of like a firearm enhancement).
What changed under Obama? Nothing Good
Windows has encryption built in too.
A right to privacy should be guaranteed.
Should be, but it's not. Read the bill of rights. "Right to privacy" is not one of them. Privacy is a privilage.
That said, it is pretty silly that having encrytpion applications constitutes criminal intent. Encryption is built into OSX, and hell, I even use it for my home directory. Does that mean I have criminal intent? No! I simply don't want whoever steals my laptop to be able to access my stored passwords and such.
Call me wacky, but:
:-) And for good reason, as evidenced by the groupings and subjects of amendments 1 - 10.
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated... (and so on...)
Has a privacy ring to it.... It's a right. If you want to keep something to yourself... this particular amendment provides a mechanism for which you are able to do that. Granted, it is not specifically stated "privacy", but applying the reasonable man test, you can see where privacy is upheld over public scrutiny. When privacy needs to be violated, it requires more work than just "LET ME SEE YOUR STUFF."
Which, if our courts weren't so broken, judicial review would toss out the "sneak and peek" provisions of the Patriot Act faster than you can say "Amendment IV".
It's the Stay-Puft Marshmallow Man.
My laptop got stolen from my own house last year; in hibernate state.
Revoking SSH keys took as much time as killing card info, There is so many places sensititive data could end up (like your bank login/card info), such as
-hibernate file
-pagefile
-browser password store
-browser page cache
-directory where I save PDF shopping receipts
-mailbox
Now I lock a lot of the system down. Not just my home dir
-temp
-browser cache
-various program directories.
This is win32, where the EFS stuff doesnt encrypt filenames, just the contents. Its known that EFS is breakable (just reset the login password or something), but to make it harder
1. laptop needs a bios password.
2. that password is also used to enable the HDD
3. My winnt EFS private key is stored in the laptop TPM module.
#3 is interesting. I know TPM is associated with 'evil-DRM-Trusted-computing-stuff', but I use it as an unbreakable store of my sensitive keys. If what the inventors say is true (I work with some of them), you'd have to be a stronly motivate government to stand a chance of getting stuff off the TPM, so implicitly, off this hard disk.
Does this make me a criminal? I dont think so. The police told me off for not bios-locking my last box. Their view is the less usable stolen laptops are, the less valuable they are, so theft reduces all round. It is every laptop owner's duty to lock down their boxes so nobody can get at them!
he's not only dumb enough to make and locally store child porn
Huh? From what I read there was no child porn on his computer and no encrypted files.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
I and many others in .dk regularly take large bags into shops. Simply because new bags cost significant money, we reuse old ones. So there are other reasons for entering shops with large bags.
That aside, I still think it sets a dangerous precedent. Having a gun in your house surely does not mean you premeditated that murder in self-defense when you got burgled?
-Lars
This ruling would have been unlikely for any case except child pornography. Child pornography is so inflamatory that bad case law seems to be the rule rather than the exception.
I have worked for both the prosecution and the criminal defense sides of child pornography cases. I have watched the jury members when they are forced to view the vile images of babies being raped. They want someone to go to jail for making them view the pitures. Judges are frequently not that much different than jury member and they are also repulsed by the images. The impartial stand on rulings must be very difficult when they too are repulsed by the photos.
In addition to this case I know of a court case that essentially ruled, If you receive an illegal file and delete the file, you had control of the file because you deleted it, therefore you possessed the file.
Have you ever had your browser hijacked?
Did you delete the files your received while hijacked?
Turn yourself in.
With child pornography and computers there must be a friend of the court to give a professional unbiased opinion about computer evidence. In our adversarial system frequently the side with the best lawyer wins. I have found this to be very true with electronic evidence because technology changes so fast the courts can't keep up. If a win at all costs lawyer finds a qualified expert the case law will continue to be bad and restrict the honest citizen.
Sure they can. They can disbelieve, declare you in comtempt of court, and throw you in jail indefinitely.
One time a few years back I was given a ticket for speeding in California. I live in Arizona, and was returning from visiting a relative when I got the ticket. I was plainly in the wrong (I was speeding on the highway - however, it was one of those long lonely stretches in the desert between Yuma, AZ and BFE, California, with no other cars in sight - well, at least until I hit the speed trap under the overpass, of course) - but during the course of paying my fine (and doing an "online" drivers training course to keep the points off my record), I decided to look into the law I had violated...
To my disgust, as I was looking into the law - I found what "laws and statutes" really are:
SPAGHETTI CODE
There I was, looking at what appeared to be a set of functional code - but there was tons of "if-then"'s, the equivalents of "goto"'s, etc - if viewed as a piece of code, law would be the absolute worse piece of crufty legacy code there is! Couple this with the knowledge that there are tons of laws still on the book in all jurisdictions that have absolutely no bearing on current happennings (which could be analogous to old procedures in old code libraries/includes which are called only occasionally or never, in real code) - the fact that laymen can't understand it shouldn't be surprising.
What is surprising is a few things: that laymen can't use "ignorance" as a defense (though if as a layman you look at the law, it seems nearly impossible to make heads or tails out of it, even if you study it quite a bit, and of course case law -might- trump what you are reading, unless you know how to look that up, on and on and on...) - but further, that lawyers, judges, etc - ie, those who are charged with executing the law - actually make pretense at truely understanding it.
I submit that this is a lie, that these executors of the law are foisting upon us, the citizenry, a lie of monumental proportions - they act as arbitrators and interpretors of the laws, but I would be willing to bet that they are just or nearly as lost as we, the laymen, are.
Think about it: it is very nearly analogous to a large corporation with a a very old and crufty legacy COBOL-based computer software system, coupled with a 10Base2 twisted-pair network on an old IBM 360 mainframe running who-knows-what old incarnation of an OS - with a team of programmers, some old, most new - but even the old programmers were "newbies" when some of the last COBOL hacks were added, and the newer programmers are writing Java code to integrate with the legacy source - oh, and this system just happens to run a multi-national spread over 25 countries across the world.
Not one of those programmers could truthfully say they fully understand the system, and what effects adding a new piece of code or hack in will cause to the system as a whole. Not a single one of them could do it, and they couldn't even ask the original system developers, because most of them would be dead or senile, or otherwise unreachable (if anyone even knew who they were!).
The really sad part is that law, unlike code - can rarely be removed or otherwise refactored easily to see what that kind of a change would make. Most of the time, to fix a law, you have to cruft on more law, and hope that the "fix" doesn't break something else. Come to think of it - this is almost exactly like legacy code...
The only true way to fix it is to rip it all out and start over again with a fresh system - hopefully building on and learning from past mistakes and past poor procedures, so you don't repeat the problems. Unfortunately, what that means in law is revolution, typically armed, messy, and in more cases than not, the new system is a bigger broken mess than the old - rarely is it ever better.
Fittingly - just like replacing a legacy code system...
Reason is the Path to God - Anon
Sure, just put
gbde_swap_enable="YES"
into your /etc/rc.conf. Then in your /etc/fstab, stick a .bde at the end of the swap devices you want to encrypt. For example, if you have
/dev/ad0s1b none swap sw 0 0
change it to
/dev/ad0s1b.bde none swap sw 0 0