Slashdot Mirror
PGP Ruled as Relevant For Criminal Case
waytoomuchcoffee writes "A Minnesota appeals unamimously ruled in a child porn case that "the existence of an encryption program" on the defendants computer could be admitted as evidence of criminal intent. The article doesn't mention if this can be taken into account for sentencing too."
dangerous precedent?
It also depends on whether he was using PGP to encrypt just his email or his HD, since newer vesions can do either. Personally I don't think he should have to produce the keys either way, but there is a difference. If he was just using PGP for email then it should be entirely irrelevant, since obviously no nine year old girl is going to have PGP on her email (or at least any 9yo girl who does should be smart enough not to hang around pedophiles).
If you had carefully RTFA, you would notice that nobody is suggesting that encryption software is illegal. They included it as a component of their case to establish _criminal intent_. In other words, if he's hiding something, he knows he has something to hide, therefore he knows he's doing something wrong... not just really, really stupid. Again, they're not suggesting everybody that has encryption software knows they're doing something wrong... in this case, the fact that he was doing something wrong was established with other evidence. The fact that he knew that what he was doing was wrong was supported by the fact that he tried to hide it. The same argument would probably be made if he had locked the pictures in an industrial-strength safe. As usual, the FA is not as bad as the slashdot headline.
As a side note, with that earlier /. article about the MS guy saying to write your passwords down, is encrypting my password list an act with criminal intent?
My front door has a lock which can be opened only with my key. Therefore, I am hiding something reprehensible inside my house.
Logic, people, logic!
-- The reason it's called the right wing? Irony.
The article says the conviction was based in part on his searching for child pornography through search engines. However, if he used PGP to encrypt his HD then there is no way that law enforcement could have known this. Does that mean that Google or whichever search engine he was using logged his search history and handed it over to police??
Keys and passwords can be obtained during discovery, and failure to provide them is the same in the eyes of the law as not providing keys to your premises; you can be found in contempt for such.
Why on earth did the court rule that the mere existence on this criminal's systems constituted criminal action?* Why didn't they ask for keys as part of the trial and find out what he had encrypted? All this does is punish us in the tech world by alluding to the use of cryptography as a criminal action.
*And yes, this guy certainly deserves what he had coming, but don't punish me for his actions...
What can I add to this that hasn't already been said half a dozen times. I use GPG (Gnu version of PGP) to digitally sign my email messages on my Linux machine. This is because certificates and other authentication methods cost money. GPG allows others to certify that I sent the message that claims to be from me. This is helpful for spam that parades as coming from me as well as other things. Additionally, as my family is starting up a business and we will all be in different states, the safest way for us to exchange information cheaply. Yeah, we have free long-distance on our cell phones, but for that we may as well be yelling out our windows. Email is likewise able to be tapped without some encryption. Thunderbird, enigmail, and GPG allow me to get a decent amount of protection for free. It isn't NSA-grade encryption, but it's good enough to stop most people. So yeah, I'm not a criminal because I use encryption. I just like to have some privacy. Otherwise why not just post my SSN to slashdot?
Yes, but by this logic, if someone "takes the fifth", it could be used to incriminate them, which kind of destroys the purpose of the right.
Why is this relevant? Well, if he is using encryption, and they ask him for his key to decrypt the files, I'd say that would be him testifying against himself. Along those same lines, if he refuses to give the key (because he has the right NOT to incriminate himself), they are basically saying "Hey, we don't need the key, because he wouldn't be hiding anything if he had nothing to hide, so he must be guilty!"
This really represents a failure on the part of the judge. The only thing encryption represents is an unknown: not intent, not a particular set of data. You might as well hand they police a blank drive and infer from that "He must have erased it, and he wouldn't have done that unless he was guilty!"
Just like the presence of a gun during a robbery lifts the crime to armed robbery, the presence of encryption ought to imply not only that the culprit intended to commit the crime but also intended to cover it up as well.
Well, if I use a gun in a robbery, that makes it armed robbery. But if I own a gun that is not used in the robber (say it's locked in a safe at home) does any robbery I undertake automatically become armed robbery? I mean, don't you think there should be evidence that I actually used the gun in the robbery?
That said, this isn't what the court decision is about. It isn't saying he is guilty because he has encryption software. It's saying the jury can consider that as evidence.
Mathematically, it is true that the significance of a fact depends on context. Thus something which in isolation doesn't mean much can become significant when joined to other facts. However, some things are so commonplace that you can't fit them into anyt kind of logical structure that will help you make a conclusion.
You might as well say that bank robbers wear shoes and the accused owns several pair.
Fortunately with the other evidence against him, I doubt this spurious instruction had any effect.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
The fact that he knew that what he was doing was wrong was supported by the fact that he tried to hide it.
And if you had read the article carefully, you would have noticed that there's no evidence he tried to hide the files. From the article:
Using your analogy it's more like they found an empty bargain-bin safe at the house, and used that as evidence against him. "The man had a SAFE! Only criminals have safes!". As far as comparing PGP to a "industrial strength safe", well that might be a good comparison.. if all safes were industrial strength and given away very cheap or free.
AccountKiller
This case could be more analagous with the following added components:
FBI: You Tried to launder money to the Soviets, didn't you?
Person: No. I didn't.
FBI: We caught you exchanging money with operatives in soviet russia.
Person: When?
FBI: You know when.
Person: I do?
FBI: Just answer the question.
Person: What question?
FBI: Uh. Encryption! You have encryption software on your computer, don't you?
Person: Yep.
FBI: So, you have something to hide.
Person: Sure, my credit card numbers that I use on line, personal data that could be used for identity theft, business correspondence I don't want my competitors to read, accounting data, that kind of stuff.
FBI: So, you could use this program for illicit purposes.
Person: What's 'illicit?'
FBI: You also have steganographic programs on your system.
Person: Stegano- what?
[Jury member takes note: "Linux newby. Doesn't know just what the vast majority of the software that came with his distro is or does, yet."]
------ The only greater hazard to your liberty than n politicians is n+1 politicians.
This is no different than the fact that a guy charged with burglary had a crowbar on him. When you're suspected of a crime, the presence of the tools to commit that crime or cover it up are relevent (though not dispositive) in a criminal trial. For a guy charged with making child porn, having a digital camera is relevent; doesn't mean that your digital camera alone is going to get you thrown in jail.
This is a hail mary by the defense attorney that does nothing but put software on the same footing as other tools.
Anyone who loves or hates any language, platform, or manufacturer, doesn't know what they're talking about.
The trial judge allowed the jury to hear about the installation of PGP. The trial judge was accepting it as evidence of guilt.
The appeals judges let this stand, saying in effect that a trial judge has to screw up bigtime before they'll undo that judge's decision, and that in their opinion the trial judge did have a leg to stand on.