PGP Ruled as Relevant For Criminal Case

waytoomuchcoffee writes "A Minnesota appeals unamimously ruled in a child porn case that "the existence of an encryption program" on the defendants computer could be admitted as evidence of criminal intent. The article doesn't mention if this can be taken into account for sentencing too."

Encryption use != evil

[zoloto]

"We find that evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him," Judge R.A. Randall wrote in an opinion dated May 3.

I find this very disturbing based on the attitude people have regarding encryption. It's seen in such a negative way as if everyone who uses encryption as evil. Let me put it this way:

ENCRYPTION != EVIL

I use this for my day to day communications. Either over IM, E-Mail or moving things from server to server (GPG, then sending the file via FTP etc.). How do we help the public to understand that just because someone wants to keep something secret, even under a mass of public scrutiny, it does not constitute someone breaking the law! I have a TON of letters to and from my girlfriend that are encrypted, that she herself does as well!

I'm not saying the guy accused of the crime shouldn't produce keys, he obviously was doing something totally heinous by photographing a 9 year old in sexual position, and then those pictures destroyed. Predators of this nature are f-ing sick creatures that need some bad rehabilitation.

My point is the attitude of the people. Admission of the fact that he had PGP on his computer shouldn't be a condemning factor of his behavior and should be based on his crimes. NOT THE FACILITATOR, MEANS, TOOL (Physical or otherwise) OR SOFTWARE to commit such crimes. He was using perfectly legal encryption utilities and software.

Just because they were for hiding his crimes/pictures should NOT be a factor in his punishment. What kind of precedent would the judge be inadvertently (or purposely??) placing on the use and ownership of encryption and the tools to do such?

~zoloto

Re:Encryption use != evil

[Beryllium+Sphere(tm)]

>Just because they were for hiding his crimes/pictures should NOT be a factor in his punishment.

We don't even know that much. All that was reported is that he had PGP installed, not that he had any encrypted pictures.

I wonder why the EFF wasn't mentioned.

I use PGP for clients's data myself.

Hey, if posession is a problem, what about all those recent Windows versions with EFS preinstalled?

Re:Encryption use != evil

[MntlChaos]

FBI: You Tried to launder money to the Soviets, didn't you?

Person: No. I didn't.

FBI: Then how do you explain this encryption software on your computer. You obviously have something to hide.

Person: No. And if I did, that would be none of your business

FBI to jury: Yup. He's guilty.

You might as well say that "The fact he knew that what he was doing was wrong was supported by the fact that he didn't tell anyone about it." A right to privacy should be guaranteed. I shouldn't have to defend my use of tools which help ensure my privacy

Re:Encryption use != evil

[fyngyrz]

Ok. Perv has bookshelves. Hides said photos in between the books. The brilliant, insightful courts:

"We find that evidence of appellant's bookshelf use and the existence of books in his house was at least somewhat relevant to the state's case against him"

If there is anything more ridiculous than blaming the weapon for the act of the person, I'm sure I can't think of it offhand.

The perv did the act, and the perv should get the attention. What he or she did it with has absolutely no bearing on the case -- but you can bet dollars to donuts that some moron is going to be all about banning PGP now because it "contributes to the child porn/perv problem."

There. Now I've used my brain.

Happy now?

Re:Encryption use != evil

[philipgar]

This case could be more analagous with the following added components:

FBI: You Tried to launder money to the Soviets, didn't you?

Person: No. I didn't.

FBI: We caught you exchanging money with operatives in soviet russia.

Person: Uh . . .

FBI: We also found this encryption software on your computer. You are likely to have something to hide.

Person: No. And if I did, that would be none of your business

FBI to jury: Yup. He's guilty.

Re:Encryption use != evil

[amliebsch]

We find that evidence of appellant's bookshelf use and the existence of books in his house was at least somewhat relevant to the state's case against him

And so it would be, because it directly corroborates the state's theory of the case! It may not be highly probabative as to guilt - but it is in fact relevant, because it strengthens, however incrementally, the state's interpretation of the facts.

Re:Encryption use != evil

[amliebsch]

This is one of those rare cases when the slashdot headling is MORE accurate than the headline of TFA. That's because the court did NOT rule that PGP is evidence of criminal intent. Instead, it ruled that the existence of PGP was relevant to the state's case.

Consider the following analogy: I murder someone on the street and flee in a red car. An eyewitness can't identify me but testifies that they saw a red car speeding away. The state introduces my auto title showing that my car was red.

The fact that I own a red car is admitted into evidence! But not because owning a red car is itself proof of guilt! Rather, it's because it's relevant to the state's case, as evidence of a plan or simply the means of execution.

Thus, Slashdot is right - the court found it "relevant" - and TFA is wrong - encryption is not itself evidence of criminal intent.

Re:Encryption use != evil

But if you selectively encrypt some documents and not others, it implies that you may have a particular reason to hide those documents. That makes it unreasonable to claim that you didn't know it was wrong.

The particular reason for encrypting certain documents may be so that your little sister won't read your diary. You don't care if she reads your term paper, so it isn't encrypted. There is nothing wrong, morally or legally, with the content of the encrypted documents. You simply want them to remain private. It is perfectly okay to keep documents or correspondence you don't want the world to read while at the same time keeping stuff you don't mind others seeing.

TFA doesn't say that the man used encryption to cover up illegal activity, but that the very existence of PGP itself indicated criminal intent, which is ludicrous.

Re:Encryption use != evil

[orangesquid]

Selective? Well, of course. I don't encrypt every single homework assignment or shell script I write!

I do encrypt things like bank records, sensitive databases, private letters, etc.

Of course, it's easier to just encrypt your whole $HOME directory. Put it on an encrypted partition. Then you can say, "I keep all of my data encrypted so my identity can't be stolen, so people can't poke into my private life, etc."

Maybe in fact I *should* encrypt my homework. At the university of delaware, the policy is, if someone cheats off of you, both them and you get in trouble. If I leave my laptop unguarded for a moment someone else in my class scp's the data to his computer, I'll get in trouble for it, when I've really done nothing wrong**. In that case, an encrypted $HOME directory would be useless, since if you're logged in, the whole directory would be unencrypted.

(** = Some may argue I should not leave my laptop unattended. Why? How about this---you leave your car parked unattended in your driveway, so it's okay for me to just walk up and take the engine out? Just because something's unattended doesn't make it OK to tinker with!)

Re:Encryption use != evil

[Elshar]

Right, of course the victim (the 9 year old girl) probably doesn't even own a computer.

How 'bout the other child pornographers that he's likely sharing the pictures with? Oh, yea. Them. They'd probably also be using PGP, as I doubt they'd want their email sniffed/syphoned off and read in an unencrypted fashion.

And the last remark is uncalled for. Those children subjected to the whims of the pedeophiles might have no idea what they're doing, or they might be bullied, forced, coerced into doing so. How do you know? Maybe the pedophile is related to them?

Re:Encryption use != evil

[fyngyrz]

It was not my intent to mis-state how the issue was involved; my lack of familiarity with terminology failed me here. It shouldn't have been even mentioned, is what I'm trying to say.

The only valid issue should be, child porn, or no child porn. Not encryption. Did the defendant have some, or not? Did they produce some, or not? Did they distribute some, or not? If you have to point to the fact that the defendant has a means to hide information in the course of trying to villify them for creating, possession, or distribution of child porn, then you and your case suck, just as bad as the laws that allow you to bring such complete and utter irrelevancy into the courtroom do. Hopefully that was clear enough, precise legal terminology aside.

The reason that smart people are upset about this is that encryption technology stands a risk of being tarred by the same brush that society is using to paint your basic perv, and that brush is already dangerously out of hand.

And they are absolutely right. That could happen.

Re:Encryption use != evil

[Patrick+May]

Anytime you plead the fifth you most likely have something to hide

Not true. If the state is attempting to prosecute me, I have every reason to just keep my mouth shut. There is absolutely nothing I can say to them (as opposed to my own lawyer) that will improve my situation. The default position should be to take the fifth.

Re:Encryption use != evil

[calambrac]

Here's the analogy: it's legal to go to a salvage yard. It's illegal to steal someone else's car. A way to profit from stealing a vehicle is to salvage the vehicle. If the only information you have is that a person visited a salvage yard, there is no way you can prove that the person stole a particular vehicle. However, if you have other evidence that a person stole a particular vehicle, the information that the person also recently visited a salvage yard becomes relevant, in that it provides a legitimate explanation of why the car cannot be found.

Applying it back to the case at hand: it's legal to use encryption software. It's illegal to possess child pornography. A way to hide child pornography is to encrypt the child pornography. If the only information you have is that a person uses encryption software, there is no way you can prove that the person possesses child pornography. However, if you have other evidence that a person possesses child pornography, the information that the person uses encryption software becomes relevant, in that it provides a legitimate explanation of why the offending material cannot be found.

IANAL, so I don't know if this line of reasoning is a valid legal argument, but this was how I understood the comparison the GP post was trying to make. I'm not awake enough to decide if I personally think this should be valid or not...

Re:Encryption use != evil

So here it is my gentle little nerd friends... the root of the issue is above.

If perv had bookshelf, and had hid the pictures of a 9yo girl/boy with legs akimbo in said bookshelf it would be a damn sight more relevant than the fact that he had PGP installed on his PC. There is no suggestion that encrypted files were found so this is not the damning piece of evidence you paranoid little sunlight dodgers think it is.

Basically this sicko pervert kiddie fiddler was caught with a whole load of evidence proving quite conclusively that he had done some horrific things to the next generation and as a sideline there was a small amount of evidence that he may have had intent to try to cover his tracks.

This is like walking into a tobacco company office and finding a memo dated in the 50's from the CEO saying 'yeah we know smokes are REALLY bad for people but fuckit, why don't we keep selling them' RIGHT NEXT TO THE SHREDDER. It is the document that is the damning evidence however the shredder may be considered relevant in some small way as a means of covering up this evidence.

HOWEVER NO F**KER IS EVER GOING TO TRY TO BAN SHREDDERS!

And that means that in this case:
NO F**KER IS EVER GOING TO TRY TO BAN PGP BECAUSE OF THIS CASE!

In case any of you long haired bandwidth monkeys did not read that correctly I shall repeat.

NO F**KER IS EVER GOING TO TRY TO BAN PGP BECAUSE OF THIS CASE!

PGP is a small factor in this case, hell it is not really a factor at all. The guy was not convicted for having PGP he was convicted for TAKING OBSCENE PHOTOS OF CHILDREN

Now as for the 'how will this affect those who have EFS on their Windows box or encryption on their Mac or the triggers to the worlds nuclear arsenals on their Linux boxes'

IT WON'T

Say there is a hit and run...

You have a driving licence.

Not particularly relevant.

Say there is a hit and run...

You do not know how to drive.

REALLY RELEVANT
Because if you can't drive, odds on you were not out driving around at the time the hit and run happened.

Say there is an armed robbery...

You own a gun which has recently been used

Maybe slightly relevant.

Say there is an armed robbery...

Everyone in your street/block/state/country owns a gun which has recently been used

NOT AT ALL RELEVANT

So if you have not figured it out by now...

If everyone has encryption software then it ceases to be relevant in cases like this. It is only now because PGP and the like is the preserve of the penguin hugging elitist coffee slurpers that it can be considered relevant.

So, the moral of the story is stop whining about how the government is clearly trying to prevent you from hiding the fact that you could be jerking off to pictures of little girls and concentrate on explaining to people out there that PGP is little more than an envelope for your email, a safe for your documents and a lock for your front door.

Re:Encryption use != evil

[ninewands]

RTFA. It said no encrypted files were found on the computer. He was convicted on the testimony of a 9 year old "model" he had photograpehed and a repeated history of web searches for "Lolitas."

This ruling is really really evil. It could be extended to "Having nmap and ethereal installed on your computer is evidence of criminal intent of to crack systems."

Re:Encryption use != evil

[Ithika]

You're assuming he *did* save and encrypt the alleged files. They're not mentioned anywhere in the articles I've read; merely that he had software installed. Considering most Linux distros come with GPG, Mac OSX comes with FileVault and Windows comes with EFS this proves nothing.

If he *had* encrypted files, then they'd have evidence to show for it - a virtual "locked safe", which at the very least arouses suspicion. Just having a safe with nothing in it implies nothing.

I think, apart from ignorance of the prevalence of encryption technologies in computers, the judge is conflating cryptology with steganography. Encrypting the files would make them more obvious, and couldn't account for the fact that they are not to be found.

It's my opinion that the prosecution are encouraging this confusion in an attempt to vilify the defendant, to gloss over that fact that their only other evidence is the word of a nine-year-old girl. If there is more to the case I'd be interested to find out what, but the articles I have read do not reveal much:

http://www.corante.com/importance/archives/2005/05 /24/mere_presence_of_encryption_on_pc_relevant_to_ criminal_acts.php
http://techdirt.com/articles/20050524/1639237_F.sh tml

Good. Encryption is a tool too

[Dancin_Santa]

And with other evidence, why shouldn't it be? In fact, the presence of it ought to lead prosecutors to tack on the charge of conspiracy.

Just like the presence of a gun during a robbery lifts the crime to armed robbery, the presence of encryption ought to imply not only that the culprit intended to commit the crime but also intended to cover it up as well.

Not a good result, even if it was child porn

[lavalyn]

Yes, the crime is reprehensible and unforgivable.

But that doesn't mean the presence of encryption tools meant he was guilty. Encryption tools have many uses, some of which are good - like authentication and assurance of confidentiality. It's great to have encryption tools like PGP when you're sending an email to your broker that you want to issue a stock trade from your investments account. Or to be reasonably assured that discussing a prototype / secret business proposal will not be intercepted.

Encryption is merely a tool, to be used for both good and evil. A mail envelope can contain mail, or it can contain anthrax. An encrypted document could be a plot by terrorists, or it could be just any other email.

Awesome.

[cfalcon]

I used Fedora Core 2. Encryption built right in, 256 bit in any of a few flavors. I encrypt my journal, which has nothing illegal in it. But, if I'm unwilling to let someone read my personal files, why not accuse me of any number of terrible things? Terrorist? Necrophile? Hell, rack'em up boys! If he has an encryption program, he's obviously a criminal?

Good citizens have nothing to hide, after all. Why don't we just ban encryption entirely? And we'll install the cameras here and here...

Seriously...

I'm not totally familiar with what this means legally, but I know it's a bad thing. And a reason for every OS to include it by default, PRONTO!

If this stands up, privacy will take a beating.

Porn bad. PGP good.

[rice_burners_suck]

I would not view this decision as a threat against PGP in particular or encryption software and/or algorithms in general. The court is merely trying to determine the intent of the defendant.

The encryption software here is treated in the same manner as an item such as a large bag would be treated in a shoplifting case. That is, if you go into a store, see something you like, grab it, and run, the court would likely view that as something that you did at the spur of the moment, without putting much forethought into it. The crime, while still very much a crime, would likely be treated as a stupid action you took because you didn't stop to think if it was right or wrong, and the sentence would likely be applied with some leniency. In such a case, assuming the item costs less than $400.00, the crime would be treated as a misdemeanor. On the other hand, if you had entered the store with an unnecessarily large bag that is mostly empty, this might, in the eyes of the court, show that you had planned to shoplift from the outset, and you would receive a much stiffer punishment. In this case, the crime would likely be treated as a felony, regardless of the item's value.

In much the same way, the court handling this pornography case is probably trying to determine under which of the statutes the aforementioned materials fall, and the presence of software used with the intent to traffic in such material, regardless of the software's generally accepted purpose, can allow the prosecution to go for a crime with stiffer penalties.

In other words, if you use PGP, don't worry, because it's not going to be outlawed. But if you're the guy in that pornography case, be afraid... be very afraid. Here in Soviet Russia, pornography encrypts YOU!

As an aside, one should not look at pornography, because it can have an adverse effect on future relationships that you might have.

Re:Porn bad. PGP good.

[RedBear]

You, like many others today, miss the important distinction, and the mods didn't catch it. What possible purpose could you have for carrying a large empty bag into a store, other than shoplifting? Its presence is a strong indicator that you were planning on shoplifting something. The mere presence of encryption software has no relation. It is not a strong indicator of anything, unless they can establish as fact that you purchased or used the software specifically for committing a crime. It is merely a general tool, like the computer itself, or the envelopes you use to mail letters. The fact that he uses envelopes to mail letters, or the fact that he owns a computer in the first place, was not used as supporting evidence of criminal intent.

There are so many other legal uses of encryption software that a ruling like this should always be considered very dangerous. It is not his use of the software to encrypt photos that is being used, because they have no evidence of that. It is the mere presence of the software, implying that its only possible use on his computer would be for criminal intent. That is the bad part.

Re:Oh come on

[wankledot]

Wrong. This is simply adding intent and conspiracy elements to the crime, it would be the same as you killing someone with a knife and then buying five gallons of bleach to clean up the blood splatters on the walls. Buying bleach is of course legal, and no one is questioning that, but adding the fact that you bought/used the bleach for a specific purposes related to the crime absolutely shows that you a) knew what you were doing b) had the presence of mind to clean up after yourself c) intended to conceal the crime.

This is one of those cases where use of a legal tool to aid or cover up a crime can absolutely be part of the case, and it is NOT an indictment of the tool.

Re:absolutely ridiculus

[wankledot]

You don't get it. This case is not claiming his use of encryption is/was illegal, it's not even adding the use of it to the charges, it's simply showing *criminal intent*

If you built an underground cavern with a hidden door, security cameras, and multiple locks to hide the dead bodies from your killing rampage, the fact you spent all that time doing it should be evidence in the case of your intent.

This person is not being indicted for using crypto, his use of it is simply being used to show intent... why is that so wrong?

If you hide evidence in the course of any crime, the fact that you hid it is a perfectly reasonable thing to be brought up at trial, is this any different?

If someone gets arrested with bolt cutters breaking into a building, it's reasonable to use the presence of the bolt cutters at trial, just as it's reasonable to show any other tools (such as crypto) that were used to commit a crime.

Re:Any relationship to gun ownership?

[Sheetrock]

I think the relationship they're trying to draw is similar to finding locksmithing tools in the jacket of a suspected burglar.

The unfortunate thing about encryption is that it's not as pervasive as it should be. Virtually everybody has a lock on their house, and only rarely are they trying to conceal a criminal act. Virtually everybody puts mail -- particularly sensitive mail -- in envelopes before sending it, and again this is to retain privacy rather than deter law enforcement. But encrypted files are uncommon and therefore draw attention, right or wrong.

This is another example of where our justice system has gone round the bend when it comes to understanding new (and not even -that- new) technology and its relation to currently accepted practices in other parts of life. Locksmithing tools are specific to that practice, but encryption tools are general purpose and not only legal but encouraged for use by average citizens to retain their privacy.

Horrible precedents are usually set over reprehensible crimes, when said crimes represent only the tinest portion of the larger picture. Hopefully that won't be the case here when everything shakes out, but I have a feeling encryption will be severely curtailed in years to come as average people become more familiar with it and it becomes harder for law enforcement to deal with.

BS on CNET

[statemachine]

This is what the judge said (from the article):
"We find that evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him," Judge R.A. Randall wrote in an opinion dated May 3.

He did not say the encryption program was evidence of guilt.

To say otherwise is tabloid "journalism."

Re:Good. Encryption is a tool too

[beej]

Just like the presence of a gun during a robbery lifts the crime to armed robbery, the presence of encryption ought to imply not only that the culprit intended to commit the crime but also intended to cover it up as well.

I see what you're saying...but there are several flaws in this reasoning, both theoretical and practical.

1. There was no evidence PGP was being used to encrypt anything, or that he was even planning to do that.

2. The inclusion of PGP in the evidence is intended purely to sway the judge and jurors and presents no real information about the case. This is Cheating. It's like when a newspaper needs a story to be more sensationalistic, they say things like, "Aside from two pounds of marijuana, two guns were recovered from the residence." And then they don't tell you it was just a 22 rifle and a pellet gun.

3. Everyone has strong crypto on their machine. So by your reasoning, every time a crime involves a computer (which is going to be practically every planned crime these days), it should automatically carry some sort of conspiracy charge. This is pointless, just like saying the presense of envelopes in one's house obviously shows that the owner planned to hide his actions when mailing his co-conspirators.

4. Telling people that crypto is bad is also Extremely Bad, as attested to by so many other posts today. Crypto is good. Just like we allow a child pornographer to mail his wares undetected in an envelope, we allow him to email them encrypted. The alternative is simply worse, and we choose the lesser of the two evils. Smart people know this; jurors are more easily swayed, as I mentioned in point #2.

(And for the record, when it comes to child pornographers, there can be no punishment too severe.)

Re:Oh come on

[RedBear]

Wrong. This is simply adding intent and conspiracy elements to the crime, it would be the same as you killing someone with a knife and then buying five gallons of bleach to clean up the blood splatters on the walls. Buying bleach is of course legal, and no one is questioning that, but adding the fact that you bought/used the bleach for a specific purposes related to the crime absolutely shows that you a) knew what you were doing b) had the presence of mind to clean up after yourself c) intended to conceal the crime.

No, I would say this is more like you killing someone with a knife and simultaneously having a bottle of bleach at home in the laundry room, and they have no evidence of you buying or using it for any other reason than doing the laundry, and yet it is somehow taken as "supporting evidence" that your crime was thought out in advance, with you having the bleach on hand specifically to clean up after the crime. Obviously the bleach could have been used to clean up some blood, so that must have been your intention in owning it.

Your mistake is in comparing this to a non-ordinary amount of bleach and suggesting they had some sort of evidence that you used the bleach to clean the blood off the walls. This encryption software is just an everyday, regular size, common bottle of bleach sitting in the laundry room, just like almost anyone would have in their home if they happen to have a laundry room. It indicates absolutely nothing. Thinking otherwise is an extremely dangerous logical fallacy. And it absolutely IS an indictment of the tool. Encryption software is not the logical equivalent of five gallons of bleach.

Re:absolutely ridiculus

[maxpublic]

This person is not being indicted for using crypto, his use of it is simply being used to show intent... why is that so wrong?

Because you, like most of the slashdotters arguing in favor of this ruling, apparently haven't read the fucking article. There is no evidence whatsoever that the man used encryption for ANYTHING AT ALL, much less hiding child porn. None. Nada. Zip.

It was present on his computer. That's it. It's also present on your computer if you use WinXP, Win2000, or have just about any distro of Linux. And we'll be sure to use it as 'evidence' of your intent to 'hide your crime' should we ever suspect you of doing anything illegal.

Max

Brain use == evil

[Vitus+Wagner]

Use your brain.

Oh, no! Using a brain is a crime by itself in modern advertisment-based society.

Read Fahrenheit 451 or many other stories by American SF writers. They warn you 50 years ago that this would end with that - having encyption software is a crime, having gun is a crime, thinking independently is a crime too.

Everybody said: I have nothing to hide

[silence535]

This clearly could only happen because everybody said: I have nothing to hide, so why use encryption?

Every time I hear that argument I almost explode in a rage and claim that at times the usage of encryption alone will be held evidence that you're a criminal.

These times start NOW.

And by the way, this is YOUR fault you lazy bum.

-jsl