Slashdot Mirror
PGP Ruled as Relevant For Criminal Case
waytoomuchcoffee writes "A Minnesota appeals unamimously ruled in a child porn case that "the existence of an encryption program" on the defendants computer could be admitted as evidence of criminal intent. The article doesn't mention if this can be taken into account for sentencing too."
"We find that evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him," Judge R.A. Randall wrote in an opinion dated May 3.
I find this very disturbing based on the attitude people have regarding encryption. It's seen in such a negative way as if everyone who uses encryption as evil. Let me put it this way:
ENCRYPTION != EVIL
I use this for my day to day communications. Either over IM, E-Mail or moving things from server to server (GPG, then sending the file via FTP etc.). How do we help the public to understand that just because someone wants to keep something secret, even under a mass of public scrutiny, it does not constitute someone breaking the law! I have a TON of letters to and from my girlfriend that are encrypted, that she herself does as well!
I'm not saying the guy accused of the crime shouldn't produce keys, he obviously was doing something totally heinous by photographing a 9 year old in sexual position, and then those pictures destroyed. Predators of this nature are f-ing sick creatures that need some bad rehabilitation.
My point is the attitude of the people. Admission of the fact that he had PGP on his computer shouldn't be a condemning factor of his behavior and should be based on his crimes. NOT THE FACILITATOR, MEANS, TOOL (Physical or otherwise) OR SOFTWARE to commit such crimes. He was using perfectly legal encryption utilities and software.
Just because they were for hiding his crimes/pictures should NOT be a factor in his punishment. What kind of precedent would the judge be inadvertently (or purposely??) placing on the use and ownership of encryption and the tools to do such?
~zoloto
And with other evidence, why shouldn't it be? In fact, the presence of it ought to lead prosecutors to tack on the charge of conspiracy.
Just like the presence of a gun during a robbery lifts the crime to armed robbery, the presence of encryption ought to imply not only that the culprit intended to commit the crime but also intended to cover it up as well.
So if someone is intelligent enought to know how to protect him/herself, they're more likely to be a criminal? Where is 'innocent until proven guilty' these days? bo
bad_outlook
--
Is this vague enough for you?
Yes, the crime is reprehensible and unforgivable.
But that doesn't mean the presence of encryption tools meant he was guilty. Encryption tools have many uses, some of which are good - like authentication and assurance of confidentiality. It's great to have encryption tools like PGP when you're sending an email to your broker that you want to issue a stock trade from your investments account. Or to be reasonably assured that discussing a prototype / secret business proposal will not be intercepted.
Encryption is merely a tool, to be used for both good and evil. A mail envelope can contain mail, or it can contain anthrax. An encrypted document could be a plot by terrorists, or it could be just any other email.
Doing the Right Thing should not be preempted by making a buck.
dangerous precedent?
Ari David Levie, who was convicted of photographing a nude 9-year-old girl, argued on appeal that the PGP encryption utility on his computer was irrelevant and should not have been admitted as evidence during his trial.
Why should having encryption be a basis of arguing his sentancing. There are no laws against it, his crimes have already been exposed and been convicted. LEt the punishment fit the CRIME.
Are you serious?
The main issue here is the presense of cryptographic software on the machine. Not a gun with his prints! They have no way of knowing what the software was used for.
It's like saying that they found rope with which he could have used to tie her. Or it could have been used to fix a mechanical problem in his house, or to wrap around bundles of wood, or anything. The presence of cryptographic software should have absolutely nothing to do with the case. Plain and simple.
But how will a judgment about encryption like that work when everyone uses encryption?
Ok, I know that this is a special case where there obviously seems to be other suggestive evidence for criminal activity... but if you were to take the idea that encryption = evil intent, then you open a can of worms.
Also, if the installation of encryption software alerted to possible encryption of files, then all someone has to do to avoid suspicion is to encrypt data over to a remote machine with no encrytion software - except a few "hot spare unformatted hard drives" which are apparently "unused"
READY.
PRINT ""+-0
As a side note, with that earlier /. article about the MS guy saying to write your passwords down, is encrypting my password list an act with criminal intent?
I used Fedora Core 2. Encryption built right in, 256 bit in any of a few flavors. I encrypt my journal, which has nothing illegal in it. But, if I'm unwilling to let someone read my personal files, why not accuse me of any number of terrible things? Terrorist? Necrophile? Hell, rack'em up boys! If he has an encryption program, he's obviously a criminal?
Good citizens have nothing to hide, after all. Why don't we just ban encryption entirely? And we'll install the cameras here and here...
Seriously...
I'm not totally familiar with what this means legally, but I know it's a bad thing. And a reason for every OS to include it by default, PRONTO!
If this stands up, privacy will take a beating.
Since all modern Macs ship with FileVault as an option for securing their home folders and you also can create encrypted disk images with the Disc Utility tool in Mac OS X, this now can be used against Mac users in a court of law. Somehow, I suspect Bill Gates is behind this. No doubt, in a couple days, we will be see Microsoft ads touting that if you use a Mac, you will go to jail.
Strange women lying in ponds distributing swords is no basis for a system of government.
Exactly. Locking my house is not evidence that I'm doing something wrong there! I can think of hundreds of reasons I would encrypt stuff on my computer that is not illegal in nature. If someone steals my computer, I can be thankful that I encrypted my personal information and he will never crack it.
Frylock: "We should have cloned twenties, Jackson wouldn't have given a fuck."
Read the article! Quit posting in a vain attempt to be first.
He already committed the f'ing crime.
Levie's conviction was based on the in-person testimony of the girl who said she was paid to pose nude, coupled with the history of searches for "Lolitas" in Levie's Web browser.
The guy wasn't convicted because of the crypto. It's like finding the dead body... and then finding the shovel, the canvas bag, etc.
The encryption software here is treated in the same manner as an item such as a large bag would be treated in a shoplifting case. That is, if you go into a store, see something you like, grab it, and run, the court would likely view that as something that you did at the spur of the moment, without putting much forethought into it. The crime, while still very much a crime, would likely be treated as a stupid action you took because you didn't stop to think if it was right or wrong, and the sentence would likely be applied with some leniency. In such a case, assuming the item costs less than $400.00, the crime would be treated as a misdemeanor. On the other hand, if you had entered the store with an unnecessarily large bag that is mostly empty, this might, in the eyes of the court, show that you had planned to shoplift from the outset, and you would receive a much stiffer punishment. In this case, the crime would likely be treated as a felony, regardless of the item's value.
In much the same way, the court handling this pornography case is probably trying to determine under which of the statutes the aforementioned materials fall, and the presence of software used with the intent to traffic in such material, regardless of the software's generally accepted purpose, can allow the prosecution to go for a crime with stiffer penalties.
In other words, if you use PGP, don't worry, because it's not going to be outlawed. But if you're the guy in that pornography case, be afraid... be very afraid. Here in Soviet Russia, pornography encrypts YOU!
As an aside, one should not look at pornography, because it can have an adverse effect on future relationships that you might have.
I could be privatly communicating with terrorists on my college's UNIX server. I wouldn't need to be proven guilty. Proving guilt is SO 1900s...
I have freaks! I did something right...
My front door has a lock which can be opened only with my key. Therefore, I am hiding something reprehensible inside my house.
Logic, people, logic!
-- The reason it's called the right wing? Irony.
The article says the conviction was based in part on his searching for child pornography through search engines. However, if he used PGP to encrypt his HD then there is no way that law enforcement could have known this. Does that mean that Google or whichever search engine he was using logged his search history and handed it over to police??
Keys and passwords can be obtained during discovery, and failure to provide them is the same in the eyes of the law as not providing keys to your premises; you can be found in contempt for such.
Why on earth did the court rule that the mere existence on this criminal's systems constituted criminal action?* Why didn't they ask for keys as part of the trial and find out what he had encrypted? All this does is punish us in the tech world by alluding to the use of cryptography as a criminal action.
*And yes, this guy certainly deserves what he had coming, but don't punish me for his actions...
So who is the co-conspiritor?
/. the suprise is the judge was so lenient.
Are you implying the programmers are a party to this crime? If this is the attitude of people who frequent
I don't know how I feel about this, encryption is not a crime, but if there is a warrent for your computer not supplying the keys to examine its contents could be viewed as obsctruction of justice. I understand the desire to have things kept private, but the courts can do that if the evidence is irrelivent. This seems to me like Morgan-Stanley getting slammed for deleting their emails, only this guy is worse, because he can give people access to show his innocence (assuming he is since he wasn't proven guilty).
I think certainly that someoen has a bunch of stuff they refuse to let you see after handing it over it is relevent. It would likewise be relevent if he had an uncrackable safe the propper size to hold a body and was on trial for murder, but neither is a case for conspiracy (unless safe makers are to be co-conspierators too).
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
What about the right to privacy? Regardless of what he was doing, encryption secures privacy, and if part of his sentencing was achieved in part because he was using encryption....what other ways could this ruling effect future court cases? I can easily see this becoming a supreme court issue on how encryption relates to the constitution. What is Martha Stewart used encryption on here computer because of her everyday dealings....and then this whole insider trading thing comes about and her and whoever had been talking via email....does encryption on her system automatically make her a person out to do bad things? (regardless of how you feel about her :P)
Encryption is a tool, nothing more. If he had had a video studio in his house, etc, should THAT be admitted as evidence?
I agree with you. It's bullshit.
Some of us like this little thing called PRIVACY. It's something that you get less and less of these days and it's only going to get worse. RFID national ID cards, bias against encryption, tracking databases, no travel without ID..
The excuse is always "If you're not hiding anything you don't have anything to worry about." I don't know what these people are afraid of. Why can't I go about my life without being tracked? Why is it a bad thing that I want to encrypt my communications?
A 12 year old can figure out that if one wanted to commit a crime, all these things won't help any. So obviously that can't be the reason.
Bah. People suck.
- It's not the Macs I hate. It's Digg users. -
This is one of those cases where use of a legal tool to aid or cover up a crime can absolutely be part of the case, and it is NOT an indictment of the tool.
My sig is blank, I typed this by hand.
In America, no person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law.
Unless they are charged with child molestation. In that case, they are clearly guilty and we may dispense with the technicalities.
It isn't any different than if you have a legal gun and then conceal it when you go out. The gun stopped being legal once you did that. Here, the point is that he knew what was doing wrong and he punctuated it by encrypting it making it, arguably, a de facto admission of guilt.
If the defendant had had other tools he used to create and store the pornography, are THEY relative? video camera? video tapes? etc? If they are admissibile as tools of his actions, why not encryption?
You're spreading the basest of FUD.
Under this logic, the use of envelopes to secure personal mail is clearly a sign of criminal intent. BAN ENVELOPES! MAKE EVERYONE USE POSTCARDS!
I guess SSL could also be used to pay for stolen goods on Ebay...
Oh well, what the hell...
I hope to hell they don't notice that EVERY computer with a modern Internet browser (and those with IE as well) have encryption capabilities. We'll all hang!
Paleotechnologist and connoisseur of pretty shiny things.
What can I add to this that hasn't already been said half a dozen times. I use GPG (Gnu version of PGP) to digitally sign my email messages on my Linux machine. This is because certificates and other authentication methods cost money. GPG allows others to certify that I sent the message that claims to be from me. This is helpful for spam that parades as coming from me as well as other things. Additionally, as my family is starting up a business and we will all be in different states, the safest way for us to exchange information cheaply. Yeah, we have free long-distance on our cell phones, but for that we may as well be yelling out our windows. Email is likewise able to be tapped without some encryption. Thunderbird, enigmail, and GPG allow me to get a decent amount of protection for free. It isn't NSA-grade encryption, but it's good enough to stop most people. So yeah, I'm not a criminal because I use encryption. I just like to have some privacy. Otherwise why not just post my SSN to slashdot?
So who is the co-conspiritor?
I struggled with this question, and in some ways regret specifying Conspiracy. However the answer I came up with was whomever he was sending these encrypted files to.
And obstruction of justice is, as you say, another appropriate charge.
On the other hand, if he never sent the files and kept them for his own private use, then the conspiracy charge doesn't make sense.
You're completely incorrect--I don't think you're thinking about the situation rationally.
Encryption is merely a tool that this man used to commit his crimes. Should video cameras the defendant used not be admitted? Should video TAPES? What about any other equipment he used in the filming process? They clearly (I think you'll agree) should be admissible as evidence. Why not the fact that he went to great lengths to hide his creations? Encryption is JUST a TOOL. It's not magically special just because it's on computers.
That's bullshit!
I guess a 1984-esque government wouldn't want their "law abiding citizens" to be able to use encryption, so it only makes sense...
"A truly wise man realizes he knows nothing."
Note in the article, encrypted files were not EVEN located on the computer used in evidence.
This is tantamount to pointing to a car in which drugs were sniffed (but not found), and telling the jury, it has locks, so they must be trying to hide something. ( and further introducing the car or its locks, and the police testimony thereof as evidence )
Yes, I read that the girl involved testified against him, so forget about whether he's a slimeball or not, he probably is, the jury assumedly believed her story.
Bollocks!
Anyone seen my low uid? last seen 10 years ago while panning the #@$# out of Taco's 'web based discussion system'
First of all, only terrorists use jabber, so you better get rid of that. That e-mail client with encryption? Gone. SSH? SSee you in Jail, perv. Zip it? Better trash it.
On the other hand, he was convicted because a minor said he attempted to solicit her, and he had kiddie searches in his browser history. While the idea that having an encryption program can be seen as supporting evidence, I can understand why it would be relevant in this case. Encryption isn't a smoking gun, but it isn't as ubiquitous as a kitchen knife. I can't really argue with the ruling.
The ______ Agenda
If you built an underground cavern with a hidden door, security cameras, and multiple locks to hide the dead bodies from your killing rampage, the fact you spent all that time doing it should be evidence in the case of your intent.
This person is not being indicted for using crypto, his use of it is simply being used to show intent... why is that so wrong?
If you hide evidence in the course of any crime, the fact that you hid it is a perfectly reasonable thing to be brought up at trial, is this any different?
If someone gets arrested with bolt cutters breaking into a building, it's reasonable to use the presence of the bolt cutters at trial, just as it's reasonable to show any other tools (such as crypto) that were used to commit a crime.
My sig is blank, I typed this by hand.
The unfortunate thing about encryption is that it's not as pervasive as it should be. Virtually everybody has a lock on their house, and only rarely are they trying to conceal a criminal act. Virtually everybody puts mail -- particularly sensitive mail -- in envelopes before sending it, and again this is to retain privacy rather than deter law enforcement. But encrypted files are uncommon and therefore draw attention, right or wrong.
This is another example of where our justice system has gone round the bend when it comes to understanding new (and not even -that- new) technology and its relation to currently accepted practices in other parts of life. Locksmithing tools are specific to that practice, but encryption tools are general purpose and not only legal but encouraged for use by average citizens to retain their privacy.
Horrible precedents are usually set over reprehensible crimes, when said crimes represent only the tinest portion of the larger picture. Hopefully that won't be the case here when everything shakes out, but I have a feeling encryption will be severely curtailed in years to come as average people become more familiar with it and it becomes harder for law enforcement to deal with.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
...after it was discovered that the pen Mr. Levie had been carrying was actually a laser pointer. He was subsequently charged with intending to shine it in the eyes of airline pilots during landing and then sent to Cuba for a speedy but secret trial. His court appointed defense attourney later said, 'I've never met Mr. Levie but he was obviously guilty or he would not have been charged. May he rest in peace.'
Liberals call everyone Nazis yet they are the closest thing to it.
One word--conspiracy.
Why shouldn't the tools he used to commit his crimes be admissible??
Is making sure that we all routinely use PGP/GPG in say home/office computing and email communications. Over time this will drive home the fact that privacy is a right, it is something that the computing public has come to expect. Using crypto should not in itself mean anything with respect to criminal intent. I use crypto to keep my documents and communications private. Whether or not I am doing anything illegal is a separate issue altogether.
That is not the point. It was simply admitted as evidence of possible criminal intent. If you are a suspect in a murder case where a knife was used, a knife could be admitte as evidence. In this case he had the encryption program in order to hide naked pictures of a 9 year old. That is illegal use and is evidence of premeditation and thought and can be used by a court to show that this sick man needs to be locked up because he is a danger to society. The fact that he had the encryption software isn't proof of his crime but it is proof of his ability to commit the crime. If he didn't do it, then the evidence would prove nothing. Sometimes nerds forget to think illogically.
We apologize for the inconvenience.
That's not entirely a problem caused by the captchas, now is it?
This comment does not exist.
These people elected Jesse Ventura as their governor. Arkansas now has a competitor for most back assed state.
You can safely assume that the NSA can break anything. They do not 'play fair' when they try to break things - they 'play dirty' and look for weaknesses in the implementation. They use enormous lookup tables and dictionaries. They use special hardware. If they know something is on a PC, then they could read all data off the hard disk and try every word or phrase ever typed on it as a key. Of course, you need to be pretty friggen important before they will waste their time on you...
Oh well, what the hell...
This appears to be the only discussion of the encryption issue:
The entire case is available at http://www.lawlibrary.state.mn.us/archive/ctappub/ 0505/opa040381-0503.htm
If you don't know where you are going, you will wind up somewhere else.
That begs the question, did he use the video studio for illegal purposes, what about remote illegal purposes?
Then you have to wonder, did he encrypt the video? Because the MPAA owns the patent on encrypting video.
If what you are reading sounds funny, or sarcastic, lame, or stupid
it is because it is supposed to be. just laugh
Apparently all of the other pervs have been pretty dumb until now...dumber than possessing child porn to begin with. to wit: Look at all of the child porn owners who have it on their HDs, plaintext. So now they've finally figured out they can try to protect themselves.
/. story (below a ways) - the Microsoft security suggestion of writing passwords down so more sophisticated passwords would be used, they could claim they wrote it down and lost the paper. I don't think they could be conviced on the basis of lost information.
Now, if they heed the advice of another
On the other hand, the meth lab problem has gotten bad enough here in Central Indiana stores which sell the "right" cough medicines are being instructed to keep them under lock & key, and take the names & addresses of those who buy them. There was a story last week on the news of a guy who bought a dozen boxes and the police were called during his visit. They were waiting for him to come back to his bicycle and was promptly arrested. They then obtained a search warrant and had a lot of fun romping through his living quarters, looking for the remainder of the lab.
"Rather, Levie's conviction was based on the in-person testimony of the girl who said she was paid to pose nude, coupled with the history of searches for "Lolitas" in Levie's Web browser."
Does anybody actually RTFA before commenting, or the little editorial burp is good enough for the majority to form a knee-jerk reaction?
This is what the judge said (from the article):
"We find that evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him," Judge R.A. Randall wrote in an opinion dated May 3.
He did not say the encryption program was evidence of guilt.
To say otherwise is tabloid "journalism."
That's the thing. He didn't use cryptography to take photos of a nakid 9 year old. HE didn't use cryptography to lure them and solicit them. That was HIS own predatory behavior.
:D Have a nice day.
There was no obstruction of justice charge that we know of. And there certianly isn't a law against teh general use of cryptography, no matter the intent. Those are ALREADY COVERED UNDER EXZISTING LAW.
NEXT!
The NSA cannot break PGP. Nobody can, not ever. They can figure out the information you have hidden, though, because there's a very, very high chance that there's a copy of the information floating around unencrypted (RAM, swapped to the HDD, in a temp folder somewhere, etc) or a copy of your password floating around. That's how it would be done.
GPG comes with _every_ LINUX distro I know of.
I guess Balmer et al are right, we're all criminals
George Fritz was arrested today on charges of conspiring to commit crimes.
Police were first alerted to Fritz's activities when he dialed 911 to report a burglary in progress at his home in Elmwood drive.
On arriving at the scene, police observed that the doors to Fritz's house were locked and that the intruder had been forced to break a window to gain entry.
After aprehending and speaking with the intruder, police decided not to arrest him, relying on his promise not to re-offend.
Fritz *was* arrested however, on suspicion of being involved in a crime or crimes unknown. Prosecutors say they have a pretty strong case against him -- after all, if he had nothing to hide, why did he lock his doors and draw his curtains -- thus forcing the would-be burglar to break a window?
Film at eleven.
Here is the man page from my macintosh OSX for open SSL
OPENSSL
NAME openssl - OpenSSL command line tool
DESCRIPTION OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.
The openssl program is a command line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. It can be used for
Creation of RSA, DH and DSA key parameters
Creation of X.509 certificates, CSRs and CRLs
Calculation of Message Digests
--->Encryption and Decryption with Ciphers
SSL/TLS Client and Server Tests
Handling of S/MIME signed or encrypted mail
Lameness filter encountered. Post aborted!
Reason: Please use fewer 'junk' characters.
Some drink at the fountain of knowledge. Others just gargle.
The answer to that is no. It may be used in conjunction with some other evidence to prove authorship of something - non-repudiatable files can be linked to a specific person, for example, or they wouldn't be non-repudiatable!
However, in isolation, it is exactly nothing. It is a transform algorithm, nothing more. Your eyes apply a transform algorithm when converting the electro-chemical impulses generated by photons into an image the brain can use. Virtually everyone in a scientific field has applied some transform algorithm to their data - be it a FFT, a Z transform, or whatever.
If you have digitally signed e-mails, where both the signature and the private key originate from a specific machine, and there is sufficient evidence to show that no other user - in person or electronically - had access to the files necessary to produce that encryption or that signature, then you can associate those e-mails with that person.
Does that mean PGP/GPG was "proof" of something? Well, only in the sense that it was one link in a fairly lengthy chain. An important link, but still only one link. No chain, no "proof", no matter what software was present.
Of course, none of this is relevent if, as I suspect, the person merely encrypted the files with PGP and didn't think of any of the authenticity or security issues involved in encryption, or deliberately side-stepped them.
It is also irrelevent if there is no proof that encrypted files were ever sent. If there is no chain, then the "link" is irrelevent, no matter how solid it is. It is just a link, nothing more.
The trouble with the legal system is that, although it often correctly identifies that something IS relevent in some way, it is often very bad at identifying HOW it is relevent, and what it is actually relevent to. This is because it is impossible to have judges and jurors trained in every possible field well enough to be able to make such an analysis.
"Friends of the Court" and "Expert Witnesses" are often used to bridge that gap - in theory. In practice, I seriously doubt that an adequate understanding can be conveyed in a few hours when it can require even the most adept students years or decades to gain any kind of mastery.
In the end, it is forgivable for a court to get confused as to what is a link and what is a chain, and how you get from one to the other, but forgivable does not mean acceptable. It is not acceptable that courts are depending on faulty or even deliberately skewed information, especially in a case like this where the person is in genuine danger of being killed in prison, will be marked for life - even if they are eventually found innocent, and all over something that is being presented as something it isn't.
If someone is guilty - fine. Find them guilty. But at least do yourself, the person involved, and the justice system at large a favour by finding them guilty for the RIGHT reasons. The appeals court, especially, will love you for it.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Just like the presence of a gun during a robbery lifts the crime to armed robbery, the presence of encryption ought to imply not only that the culprit intended to commit the crime but also intended to cover it up as well.
Well, if I use a gun in a robbery, that makes it armed robbery. But if I own a gun that is not used in the robber (say it's locked in a safe at home) does any robbery I undertake automatically become armed robbery? I mean, don't you think there should be evidence that I actually used the gun in the robbery?
That said, this isn't what the court decision is about. It isn't saying he is guilty because he has encryption software. It's saying the jury can consider that as evidence.
Mathematically, it is true that the significance of a fact depends on context. Thus something which in isolation doesn't mean much can become significant when joined to other facts. However, some things are so commonplace that you can't fit them into anyt kind of logical structure that will help you make a conclusion.
You might as well say that bank robbers wear shoes and the accused owns several pair.
Fortunately with the other evidence against him, I doubt this spurious instruction had any effect.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Well ... he had a computer ... he must be using peer to peer software to transfer stolen
1. Movies
2. Music
3. Software
4. WMD's
5. Other
Linux: For those able to think out side of a window
It could be admitted as evidence that he had the means to commit the crime, but not as evidence of intent, which is the issue at hand. Having a video studio in your house does not show intent to shoot kiddy porn. It shows intent to shoot a movie.
If there is no other use for a tool or it was actually used to cover up a crime, then it shows intent. I own a mop. If I shot an intruder in my home, does that mop show that I intended to murder the victim because I have something to cover it up.
If the police have encrypted files that contain videos, that shows intent, not having encryption software.
You might as well say, "I wish slashdot would stop encouraging amateur computer systems engineering. Computers are vast, complicated machines with many non-obvious functions."
Slashdot readers are hackers. Of course they're going to want to discuss how things work.
My other first post is car post.
So, to take your example, supposing we too Joe Criminal and Joe Average. Both own a blanket. Joe Criminal uses his to cover up his gun when he throws it in the river. Joe Average uses his to cover up the unpatched area of his wall behind his sofa.
Both people are using the same widely distributed tool "a blanket", for the same use, "to cover things up". But Joe Average isn't committing a *crime*.
Owning a blanket or using it for it's purpose isn't criminal. It can be an accessory, but the mere presence of encryption should *not* be indicative of criminal activity. It shouldn't imply anything, other than "Hey, this person had things he didn't want people to see." Those things aren't neccessarily criminal things. Treating them that way is an absolutely false conclusion.
The key here is the term "could be admitted as evidence of criminal intent." It's not being used as evidence that he did anything wrong. His crime is still that he took pictures of children in sexual ways.
What this ruling is saying is that he knew what he was doing was wrong (criminally) because he gathered the means to hiding it. This is just being used to show intent.
Incorrect! He DID use the encryption software as part of his crimes.
Other evidence, their locked front door clearly shows that this criminal must have something to hide. Or, clearly shows they need to hire a real lawyer.
--
make install -not war
I see what you're saying...but there are several flaws in this reasoning, both theoretical and practical.
(And for the record, when it comes to child pornographers, there can be no punishment too severe.)
Um, there was no evidence presented that any files involved in the alleged crime were encrypted.
Only that the person involved had an encryption utility on his computer. You might as well enter into evidence that he had knives in his kitchen, with the obvious intent to kill the victim before she could testify.
There are legitimate uses for encryption, even for criminals. Unless the prosecution could present evidence that the encryption utility was used to conceal a crime, it is entirely irrelevant to the case.
According to this page, the only condition that separates "robbery" from "armed robbery" is Armed robbery means the offender is carrying a real or imitation firearm or explosive or offensive weapon
The law may be different where you live.
Always make your own encryption program. And encrypt it.
If all else fails... RTFM
He was convicted based on: a) the claims of a nine-year-old girl b) browser search history and c) a standard encryption program was found on his computer. Each one of these by itself is tenuous and all together, they are tenuous. Don't we have a standard of justice called "beyond a reasonable doubt"? People lie. Nine-year-old girls lie. Children especially like to please their parents (and adults in general) and if they think that saying a certain thing will please their parents they are likely to do it. Pleasing parents is usually a higher priority for children than telling the truth. I'm not saying this guy didn't do it but from the brief description in the article, their case seems to come up far short of "beyond a reasonable doubt".
I agree in the case of your analogy, it'd be reasonable. But your analogy is flawed in this case. It's a bit more like getting with bolt cutters... and having the fact that the cops found a ski mask (and skis) in your closet be entered as evidence against you.
Okay, granted, that might be a little extreme the other way, since they had browser history available to show the computer was at least somewhat involved in this guy's obsession. But I certainly consider this a dangerous precedent.
Either encryption itself is now a crime, or the assumption of innocence until proven guilty has been reversed.
But if he actively installed crypto software, or software to help in the crypto process, and then used that software to selectively encrypt files related to a crime, that looks an awful lot like he's covering his tracks. And if he's hiding files related to that unspeakable crime, he can't claim ignorance of his crime.
Social scientists are inspired by theories; scientists are humbled by facts.
If PGP can convict you, I sure hope they don't find my hard drive full of blowfish encrypted file systems. I'd be screwed.
Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it
I can't speak to Minnesota law, but most states look more or less like the Federal Rules of Evidence. FRE 401 reads:
Rule 401. Definition of "Relevant Evidence"
"Relevant evidence" means evidence having any tendency to make the existence of any fact that is of consequence to the determination of the action more probable or less probable than it would be without the evidence. (Emphasis added.)
The article suggests that the opinion isn't condemning encryption per se or even unnaturally linking lawful tools with illicit activity, only that "evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him."
"Any" is a pretty low threshold to meet; evidence that the guy had an FTP client could/would (presumably) be relevant to a child pornography distribution charge...
This isn't the end of the world as we know it. It's up to the opposing counsel to explain away the existence of the PGP, and/or to illustrate to the jury how having a tool doesn't mean the tool has been used for evil.
geek. lawyer.
And with other evidence, why shouldn't it be? In fact, the presence of it ought to lead prosecutors to tack on the charge of conspiracy.
Just like the presence of a gun during a robbery lifts the crime to armed robbery, the presence of encryption ought to imply not only that the culprit intended to commit the crime but also intended to cover it up as well.
Problem. With. Your. Analogy. Is. Encryption. Is. NOT. A. Gun.
The presences of encryption implies nothing. You have commmitted a logical fallacy. Windows 2000 and XP have encrypted filesystem support, does that imply that all Windows users are intending to commit a crime and hide it because they bought a computer running Windows? No. You use SSL encryption every time you buy something online. Does that mean you were intending to commit a crime with the intent of hiding it when you installed a web browser that supports secure HTTP? I don't think so.
You were right in your subject line. After that you failed. Encryption is just a tool. It is not a firearm. That is a very flawed analogy. With that kind of analogy we can all become criminals overnight. Yippee.
And indeed that is not what happened in this case. The evidence as to the existence was relevant because it was an instrumentality of the criminal act, not as evidence of intent.
If you don't know where you are going, you will wind up somewhere else.
Somewhere I hear Vadar saying, "I find your lack of faith disturbing..." ;-)
PGP uses a passphrase, right? What are the chances this guy's passphrase--now remember he's not only dumb enough to make and locally store child porn, but he doesn't even clear out his browser history--what are the chances his passphrase contains more than, say, 40 bits of entropy?
You don't have to break RSA or El Gamal or IDEA or Blowfish or whateverTF he was using...just get his keyring and bruteforce the passphrase. Or, if he's just using the symmetric cipher, do the same thing.
4096-bit RSA over Blowfish is pretty damn strong. Too bad the passphrase is so weak! It's like having that huge shield door from NORAD on your house, except with a full-size doggie door built into the front.
The fact that the NSA breaks crypto is widely known. On the other hand, I happen to know that the yes-or-no answer to whether the NSA can break a specific cryptosystem is always classified Top Secret. They do stuff like that all the time. General info is For Official Use Only, operational details are TS and usually compartmentalized. Schaub is guilty of divulging classified information. The info could be correct, or it could be wrong, but in either case, Schaub is in a lot of trouble. And if he backtracks, and claims he doesn't know what he's talking about, he's guilty of perjury. Whoopsie.
Second, I'd like to point out that saying you can't have crypto on your computer is like saying you can't have a lock on your house: stunningly idiotic. With the kind of viruses going around today, you're more likely to have your credit card info stolen from your hard drive rather than off your dresser. But we can't use locks to protect that info? I guess everyone running Windows 2000 is going to jail.
To sum up: the defendant is a fucking pedo, the judges are fucked in the head, and Schaub is just plain fucked.
P.S. In closing, I'd like to say hi to all my friends in the Intelligence Community. You know who you are. I miss you all dearly. Keep up the good work.
If the files are hidden and/or encrypted, how do you know they're related to the crime? By the mere fact that he's installed crypto software, how do you know that he used that software in relation to the crime?
Maybe he installed PGP to hide criminal activity, or maybe he's using it to hide the details of the surprise party he's planning for a loved one. Or maybe he just invented a device to end world hunger, and he's protecting it until he has a chance to apply for a patent. Or heck, maybe he's a foreign spy, and is using encryption to transmit national secrets to his foreign boss. Who knows?
The point is, there's absolutely no way to know why he installed the encryption, even if he commmitted some crime. And because we've (theoretically) got a principle here in the US of "innocent until proven guilty," anything that has even a slight legitimate use can't be used as evidence of guilt.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Yup, and he used his microwave to cook the burrito that provided the engergy he needed to take the child-porn photos.
Clearly, his use of a high-energy radiation device was a part of his crime and he should be convicted as a terrorist.
Internet Explorer and Mozilla/Firefox support HTTPS transactions. Outlook and Thunderbird support POP3S and IMAPS. These are programs you find on anyone's PC and use common protocols over an encrypted layer known as the Secure Sockets Layer (SSL). So, this means anyone with a PC can have "criminal intent'? In fact, my /etc/shadow file contains encrypted hashes, I better start worrying.
Cthulhu Saves.
Neither is encryption a paper shredder or a bonfire, but evidence of destroying evidence and the presence of the means to destroy that evidence can be admitted as evidence.
The guy wasn't under investigation because he was using encryption. I don't know where you came up with the idea that encryption == intent to commit a crime. I didn't say that.
However, evidence that he used encryption to commit a crime does show an attempt to "destroy" evidence and is wholly relevant to the case at hand.
The analogy with the gun is that criminal charges can be augmented by the evidence of certain tools found in the investigation.
What about an installed web server that supports SSL? Would that be enough to demonstrate "criminal intent"?
"You wouldn't use encryption if you didn't have something to hide!!"
"Yeah, it's called my credit card number"
The following sentence is true. The preceding sentence was false.
One more thing: I'll bet you a beer that the strongest encryption PGP offers today will be crackable in under an hour (of real time) within 35 years.
Yeah, it seems like they are assuming that if you have something to hide then your guilty....but there are situations where the presence of an encryption program does imply some guilt. For instance....if the guy installed pgp at a time that corresponds to the time he was involved in the child pornography, and didn't show any previous paranoia(or whatnot) related to any other content on his computer...that says something about his intent to hide his actions. Also, if you find that 1000 images were encrypted and his financial documents were left unencrypted....that says some more. I'm not saying that encryption=guilt, just that there are some situations where is does say something about people in certain situations.
http://www.minnlawyer.com/opinions/050509/a04381.h tm
The PGP issue gets little discussion (probably because it was so obvious, to anyone with legal training, what was the right decision). This is the fullest discussion:
"Finally, Schaub testified that, in a file entitled "research," he found the text of Minn. Stat. 617.246, which included "the definition of minor sexual performance, sexual conduct, things of that nature." He also testified that he found an encryption program, PGP, on appellant's computer; PGP "can basically encrypt any file;" and, "other than the National Security Agency," he was not aware of anyone who could break such an encryption. But Schaub also admitted that the PGP program may be included on every Macintosh computer that comes out today, and appellant may have had the text of Minn. Stat. 617.246 in his computer because of prior allegations against him."
In other words, the jury was told both that he had PGP encryption on his system, but that lots of other people do too. PGP was just a small piece of the mass of evidence against this guy and I see no reason to suppose that the jury (or the judge, if this was a bench trial) was unduly swayed by that fact.
As many others have pointed out, this decision in no way makes possession of pgp software into slam-dunk evidence of criminality. There are lots of legitimate reasons to rent a boat, for instance, but if I rent a boat just before an enemy's body is found at the bottom of a lake, then that otherwise innocent act might be good evidence.
What about an installed web browser that supports SSL? Would that be enough to demonstrate "criminal intent"?
"You wouldn't use encryption if you didn't have something to hide!!"
"Yeah, it's called my credit card number"
The following sentence is true. The preceding sentence was false.
And is it difficult to implement this brute-force key search on the massively parallel architectures surely used by the NSA? Nope.
Think about the average complexity of any password a normal individual would use repeatedly, and you'll see how easy this really is. The NSA laughs their collective asses off at any commentary that begins, "The NSA cannot break [insert cipher name here]. Nobody can, not ever."
We don't even need to talk about differential cryptanalysis and other such exploits that would help to make the NSA's job even easier. Why bother? The weakness of the people who use the passwords is enough to "break" just about anything.
Can one get arrested for speaking in anagrams?
Or perhaps committing puns? (debateable, this one is)
...coupled with the history of searches for "Lolitas" in Levie's Web browser.
Note to self: No pursuing of Nabokov books until *after* my psychotic ex-girlfriend has stopped looking for ways to get me in trouble.
It sounds a little over the top, but she just recently tried to stab me with a screwdriver.
Direct away from face when opening.
Now, said sleazebag is trying to get a new trial because the prosecutor was allowed to bring up his use of PGP. I certainly agree that mere presence of PGP does not prove criminal intent; after all, I have a similar program (GPG) on this machine. But even if that evidence should not have been allowed, it is at most a trivial error that did not appear to affect the case.
Look the judge instructed the jury that mere possession of encryption software could be used ti infer criminal intent on the part of THIS ONE PERSON!
Damn! It's like the RIAA making a patently absurd claim that just because one COULD use an iPod for storing illegally copied MP3s, therefore ALL iPod owners are using them to store illegally downloaded MP3s...
Oh, wait...
Guaranteed! This comment 100% Anthrax free!
Wrong. This is simply adding intent and conspiracy elements to the crime, it would be the same as you killing someone with a knife and then buying five gallons of bleach to clean up the blood splatters on the walls. Buying bleach is of course legal, and no one is questioning that, but adding the fact that you bought/used the bleach for a specific purposes related to the crime absolutely shows that you a) knew what you were doing b) had the presence of mind to clean up after yourself c) intended to conceal the crime.
No, I would say this is more like you killing someone with a knife and simultaneously having a bottle of bleach at home in the laundry room, and they have no evidence of you buying or using it for any other reason than doing the laundry, and yet it is somehow taken as "supporting evidence" that your crime was thought out in advance, with you having the bleach on hand specifically to clean up after the crime. Obviously the bleach could have been used to clean up some blood, so that must have been your intention in owning it.
Your mistake is in comparing this to a non-ordinary amount of bleach and suggesting they had some sort of evidence that you used the bleach to clean the blood off the walls. This encryption software is just an everyday, regular size, common bottle of bleach sitting in the laundry room, just like almost anyone would have in their home if they happen to have a laundry room. It indicates absolutely nothing. Thinking otherwise is an extremely dangerous logical fallacy. And it absolutely IS an indictment of the tool. Encryption software is not the logical equivalent of five gallons of bleach.
This wasn't about admission as evidence. This was about proving criminal intent. His intent was 'proven' with the existence of encryption software -- so GPs analogy was actually quite accurate.
If someone gets arrested with bolt cutters breaking into a building, it's reasonable to use the presence of the bolt cutters at trial, just as it's reasonable to show any other tools (such as crypto) that were used to commit a crime
If the bolt cutters were a tool of legitimate trade, this would be looked on differently.
Equally admitting a kitchen knife as evidence with no specific evidence linking the specific knife would be seen as barely relevant. It's a common thing to use a kitchen knife.
I'd argue that crypto software is a common tool to protect business information. Hell I try not to make any internet transactions for personal use that aren't encrypted.
Another example. How would you like it if someone busted down your door and confiscated your computer whilst charging you with counterfeit because you own a printer?
These posts express my own personal views, not those of my employer
You're completely incorrect--I don't think you're thinking about the situation rationally.
Encryption is merely a tool that this man used to commit his crimes. Should video cameras the defendant used not be admitted? Should video TAPES? What about any other equipment he used in the filming process? They clearly (I think you'll agree) should be admissible as evidence. Why not the fact that he went to great lengths to hide his creations? Encryption is JUST a TOOL. It's not magically special just because it's on computers.
It is you who are completely incorrect. Encryption software is just a tool, with no direct relation to his crime. They have no evidence of encrypted photos. They have no evidence that he has the software for any particular reason. They won't say how it's any different from built-in encryption support like Apple's FileVault or Windows' Encrypted Filesystem support. This is NOT like video tapes or video cameras (was the defendant making his own child porn? If not, WTF would video cameras or tapes have to do with it either?). If this is just some stuff he downloaded to his computer from the Internet, video tapes or cameras would have absolutely nothing to do with the case, and rightfully would either never be mentioned or never taken as supporting evidence of guilt.
You're right, encryption is not magically special because it's on a computer. It is you and they who are treating it as magically special, when it's really just a generic tool. It indicates absolutely nothing with regards to the defendant's crime, unless they can give direct evidence of the software being purchased or used specifically to commit this crime or to help hide this crime. If they can't establish some kind of direct link between the crime and the software, it shouldn't even be part of the case. If there is no link, there is NO reason to consider it as even "supporting" evidence. Period.
However, evidence that he used encryption to commit a crime does show an attempt to "destroy" evidence and is wholly relevant to the case at hand.
Except that according to the article there's absolutely no evidence of any such thing. So why was the fact that he had encryption software on his computer introduced at all? As a biased attempt to sway the jury, of course.
Although I don't see why they even bothered. The guy was fucked from day one due to the other evidence collected against him.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
Except that "The court didn't say that police had unearthed any encrypted files" (from TFA). I have a truck and a case of beer. Should I be convicted of drunk driving if I've never been stopped and breath-tested?? You'd say yes, apparently - possession of a vehicle & alcohol would prove intent to drive while drunk.
This person is not being indicted for using crypto, his use of it is simply being used to show intent... why is that so wrong?
Because you, like most of the slashdotters arguing in favor of this ruling, apparently haven't read the fucking article. There is no evidence whatsoever that the man used encryption for ANYTHING AT ALL, much less hiding child porn. None. Nada. Zip.
It was present on his computer. That's it. It's also present on your computer if you use WinXP, Win2000, or have just about any distro of Linux. And we'll be sure to use it as 'evidence' of your intent to 'hide your crime' should we ever suspect you of doing anything illegal.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
No, you don't get it (and apparently neither do the mods). The things you say are true, hiding evidence is a crime, but they have no bearing on this situation. The point is, they have no evidence of the software being purchased or used for purposes of committing or covering up this crime (or any crime). Your analogy to going through a bunch of specific actions that can be linked directly to the crime is totally fallacious. Everyone who is saying this is a dangerous and stupid ruling is correct. The simple presence of the software is being taken as proof that it was intended for a criminal use. It is not his "use" of it that is being used, it is the "presence" of it on his computer that is being used against him.
And there you go again at the end of your post with another fallacious analogy, comparing encryption software to bolt cutters, as if it is obvious that its presence alone implies criminal intent. That's extremely dangerous reasoning. Just because I want to encrypt something does not mean I am encrypted child porn. Are you buying child porn whenever you enter a secure website that uses SSL? THINK about it. Think real hard. It's a subtle but extremely important distinction.
Same thing with someone above who compared encryption software to having a gun during a robbery. WTF? Guns, five gallons of bleach, bolt cutters, all these things have very limited uses and can be easily related to the crime in the analogy, but it will still require some sort of evidence that the defendant actually intended to use the item to commit a crime. If a guy gets caught breaking into something and happens to own a pair of bolt cutters that are stored in his shed at home, the bolt cutters have absolutely nothing to do with his crime. If a person owns a laundromat that has a clothes washing service, it would not be out of the ordinary for them to have a lot of bleach on hand. The fact that they had a bunch of bleach and used it to clean up some blood after they killed someone with a knife could not be used as supporting evidence that the crime was thought out beforehand. It just happened to be there. The fact that they used it to clean up the blood is the only fact that can be brought in as evidence, and it could only support the accusation that they were conscious afterward of having committed a crime, and trying to cover it up. The simple presences of the bleach could not have any bearing on the case.
Encryption software is a tool with many uses. Without direct evidence of its specific use, it cannot be used as supporting evidence for anything criminal. All the comments I've seen say they do not have any direct evidence of it being used in the crime, or being purchased for use in the crime, therefore it should not be admissable as supporting evidence of criminal intent. Do you get it now? It's like if you had a hammer in your desk drawer and they took it as supporting evidence that you were going to download child porn and hide it. It's totally nonsensical unless a direct link can be provided by the police.
Argh.
Use your brain.
Oh, no! Using a brain is a crime by itself in modern advertisment-based society.
Read Fahrenheit 451 or many other stories by American SF writers. They warn you 50 years ago that this would end with that - having encyption software is a crime, having gun is a crime, thinking independently is a crime too.
This is no different than the fact that a guy charged with burglary had a crowbar on him. When you're suspected of a crime, the presence of the tools to commit that crime or cover it up are relevent (though not dispositive) in a criminal trial. For a guy charged with making child porn, having a digital camera is relevent; doesn't mean that your digital camera alone is going to get you thrown in jail.
This is a hail mary by the defense attorney that does nothing but put software on the same footing as other tools.
Anyone who loves or hates any language, platform, or manufacturer, doesn't know what they're talking about.
How many Linux distros have gpg installed by default? Should we automatically be suspected as criminals?
How many PCs don't some form of encryption? Crypto includes browsers that support SSL... necessary for e-commerce. I'm sure that at least some of the judges have PCs and browsers. Should search warrants be obtained on this basis and their computers be checked for kiddie porn?
With respect to crypto, I personally use it to keep proprietary technology and business discussions private and to digitally sign documents. I also plan to continue to do so even if it makes Minnesota judges think I must be a criminal of some sort.
The court decision is... contemptible, but to be expected, it's from the same kind of ignorant people who voted the DMCA into law.
The most charitable thing I can say is that a great many people's brains shut down immediately if the subject of child pornography comes up, and speculating as to why would. . . be very impolite.
Tech Public Policy stuff
They had more evidence. Namely a witness willing to testify in court. The encryption software was icing on the cake.
T Money
World Domination with a plastic spoon since 1984
The problem is, they don't have that "evidence" in the middle that you refer to. It's just a bonfire, or a paper shredder, or an envelope, or a lighter. But there is no corpse. No destroyed or hidden evidence. They said so. They have no evidence of encrypted images. There is just a common tool, like a paper shredder, which many people now use at home to destroy perfectly legal financial documents for their own safety, so criminals won't pull their financial information out of the trash. Unless there is a link, the tool has nothing to do with the case at hand, and should not be seen as supporting evidence of anything.
Both Mac OS X and Windows 2K/XP support encrypted filesystems these days. Does that mean whenever you catch someone doing something wrong with a computer you can use that built-in support for encryption as "supporting evidence" of criminal intent at their trial? You better sure as hell hope not.
And in a court, you can say something along the lines of:
"We have evidence, A, B, C and D. The reason we believe we don't have E the smoking gun is we believe the defendant destroyed E. We believe this because he owns this device G which can be used to destroy E."
In this case, there doesn't have to be encrypted files, PGP can do secure wipes.
T Money
World Domination with a plastic spoon since 1984
In other news, it was later ruled that "possession of envelopes" could be admitted as evidence of criminal intent to conceal communications.
Believing something doesn't make it true. Not believing something doesn't make it false.
Sigh. If you would RTFA, you would note that the police did have more than he had encryption software. They had a witness willing to testify in court.
T Money
World Domination with a plastic spoon since 1984
Isn't this the same kind of reasoning that has led to things like witch hunts and the spanish inquisition? This is a dangerous way of thinking that criminalizes anyone with a desire to preserve their privacy... something our current government would love to turn into law at the drop of a hat.
8==8 Bones 8==8
Therefore, in a rape case, this can be construed as criminal intent.
This is good news for all Slashdot users; now you are gong to have sex at least in the eyes of the law...
Furthermore, I normally keep my penis hidden in my pants, which obviously means I know that's wrong and am trying to hide it.
As a consequence, criminal intent could not be established for flashing pervs; they do not seem to be hiding anything, at least... so that's OK.
And to think I actually complain about Croatian judicial system, which is merely inefficient...
*This is not a latest discovery, nor bragging; I really do need that** to prove my point.
** Please stop that.
Ignore this signature. By order.
Whether or not the defendant was guilty or was convicted is not the point. This discussion is about the fact that the mere presence of some common encryption software without the presence of any encrypted files was used as "supporting evidence" of some sort of criminal intent. Which is really, really bad. It doesn't even really matter what the case was about. What they did by admitting the presence of PGP software as supporting evidence of intent is tantamount to criminalizing encryption software itself.
...that the police officer has no clue about what the NSA can or can not do. They are not about to announce their capabilities, particularly if there's something they can't do. For this topic, you may also safely assume that NSA has dedicated crypto cracking chips, orders of magnitude better than general purpose supercomputers. You can also safely assume noone from the NSA will post real information about themselves on slashdot.
That being said, current strong encryption algorithms are many orders of magnitude stronger than that again. Many of those have been developed outside the US, and so the NSA has had no possibility to leave a "known flaw" they could use to their advantage.
Breaking 256bit+ encryption by conventional deterministic means through trial and error (read: chips or CPUs as we know them) simply can't be done because the laws of physics don't allow it. Earth doesn't have enough atoms to store 2^256 keys, and the Sun wouldn't have the energy, that kind of limitations.
That leaves roughly two possibilities:
1. The NSA has discoved some math which allows them to decrypt material in less than brute-force time. While it can not be dismissed for any one algorithm, there are many strong algorithms available based on different mathematical problems and it is not credible to believe they are all broken. Which (if any) are broken is why they don't tell.
2. The NSA has working quantum computers which briefly said, can test all quantum states at once. Simulations have shown that such a computer would effectively break some asymmetric cryptography (public/private key pairs), but not all. And it would do little to improve decryption of symmetric encrypted material (passwords).
And in either case, it is highly unlikely that they would reveal information that would essentially prove their capabilities in order to provide evidence. They would be guarded as high-level military secrets, used implicitly to "magically" plot out terror networks and such, gathering the explicit evidence through more conventional means...
Kjella
Live today, because you never know what tomorrow brings
Should have RTFA; didn't realise the decision was specifically for that very case.
Here's about as full text as it gets:
h tm
http://www.minnlawyer.com/opinions/050509/a04381.
been saying this over and over and over
mail clients need to have encryption built in
mail servers should have spam filtering built in
the way it is now, encryption stands alone, and filtering is done at the client level. each one should be pushed up a level.
This clearly could only happen because everybody said: I have nothing to hide, so why use encryption?
Every time I hear that argument I almost explode in a rage and claim that at times the usage of encryption alone will be held evidence that you're a criminal.
These times start NOW.
And by the way, this is YOUR fault you lazy bum.
-jsl
Dyslectics of the world, untie!
The great thing about computers is that they make finding and manipulating digital data a snap. The bad thing about computers is that they make find and manipulating digital data a snap. It's a double edged sword that is, at least partially, dulled by encryption and other security measures.
You use a computer to generate sensitive data because its easier and more powerful than traditional methods, but that doesn't mean that you automatically want to forego the security that is implicit in a paper and pen solution.
Does this mean that keeping your photo album in a 'locked' house is evidence of criminal intent?
Scared of flying, pointy things snce 1979!
- we found you password-protected your bios and your boot is password protected, you obivously have something to hide
... I got tired ...
- we found your leeloo, oh, sorry lilo is password protected too, so you obviously have something to hide
- we found your OS keeps asking for a password, you obviously have something to hide
- we found your e-mail program asks for a password to access your account passwords, your have something to hide, on the double
- we found you digitally sign and gpg-encrypt your e-mails, you obviously have something to hide
- we found you use several archiver applications which have the option to password-protect your archives, you obviously have something to hide
- we found your IM accounts all need passwords, you obviously have something to hide
- we found your home, car, safe all have locks and we don't have the keys, what are you hiding ?
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
There was no obstruction of justice charge that we know of.
There was also no indication that anybody had committed the crime of obstructing justice. What are you saying?
Education is a better safeguard of liberty than a standing army.
Edward Everett (1794 - 1865)
The whole "if you have nothing hide, you shouldn't have PGP" idea is simply stupid.
It's like saying that if you don't have anything to hide, you shouldn't have a lock on your door or curtains at your windows. Hey, you could have hidden some corpses behind that door and those curtains. Yep, it shows you had criminal intent.
The whole post-9/11 idiocy that privacy==criminal intent (or even makes you an active terrorist) is getting on my nerves already.
Everyone needs _some_ privacy. Noone is a 100% exhibitionist, who'd eat, sleep, shit and surf for porn at a street corner with everyone watching. Even the most affectionate cat, if you have one, needs some time alone now and then.
Everyone has _some_ stuff they'd rather not have posted publically on a billboard in front of their house. E.g., their credit card number and SSN. E.g., the emails to their girlfriend. E.g., the pseudonym under which they posted that their boss is a retard. E.g., their medical record. E.g., their banking data. E.g., their names and passwords for sites they use. E.g., their diary.
Those are all very valid things to have encrypted. They're perfectly common everyday stuff, but nevertheless stuff which someone would have a damn good reason to encrypt. In fact, which they'd do damn well to encrypt. (Heck, I'd rate anyone 10 IQ points higher if they had their usernames and passwords in a strongly encrypted file, instead of on yellow post-it notes stuck to the monitor.)
It doesn't have to be something as criminal as hiding bodies in an underground cavern. And extrapolating that everyone who doesn't leave their front door open 24 hours a day, and doesn't post every single detail of their life (SSN, credit card number, emails, usernames and passwords included) in front of their house, is automatically a criminal... is bloody stupid. It's outright idiotic.
A polar bear is a cartesian bear after a coordinate transform.
Though this may be somewhat O/T, I believe this needs to be addressed. I believe criminal justice attitudes such as these to be one of the main causes for the dysfunction of our society. Don't get me wrong, child pornography is sick and should be strongly deterred. But we need to ask ourselves what role should our CJ system play.
I think too many people are too vengeful (in general, not necessarily not you personally). I could think up a punishment for child pornography that is too severe (for example, dismembering the criminal, his parents, and his children while still alive). Seriously though, we need to figure out if our CJ system should exist to deter and correct criminal behavior or if it should exist to fulfil humanity's lust to inflict suffering upon others.
but the signs were there for a long time.
:(
I mean, I remember, when selecting packages for a Debian installation, the very interesting non-US category
The axiom that someone is innocent until proven guilty has been reversed for some years now. At first, it was only the media that did that to some poor fellow that was pronounced guilty on TV at arrest time. But gradually this has become true in more formal forms (read Guantanamo)
And the EU is steady following
www.lemonodor.com A mostly Lisp weblog
Surprise! Your analogy is flawed. In your case a red car was involved in commiting a crime. Fact. In TFA there is no mention of anyone using PGP to encrypt pitures of the 9yo girl.
Not it comes with every computer and is turned on by default for email etc. Eventually encryption will be like that and you won't be able to suspect someone purely on the grounds that their data is unreadable.
This comment does not represent the views or opinions of the user.
...And most other unices ?
Every distro I've used in the last few years comes with a kernel and associated modules for creating an encrypted filesystem, encrypting (securely) individual files or directory trees.
This is part of the stock install, so am I showing criminal intent by running Linux at home ??
No one has said having PGP installed on his computer was a crime. It was merely ruled that it was relevent evidence in the case of the crime he was accused of commiting (child pornography).
This is not like saying "Your door has locks, so you must be a criminal." This is more like saying "You have been accused of murder, and a gun was found in your house." Having a gun in your house is not a crime - nor is having PGP installed on a computer a crime. But the court decided that having PGP installed on his computer was relevent evidence, just like finding a gun in a suspected murderers house would be evidence.
Join moola.com, play games to earn money.
My laptop got stolen from my own house last year; in hibernate state.
Revoking SSH keys took as much time as killing card info, There is so many places sensititive data could end up (like your bank login/card info), such as
-hibernate file
-pagefile
-browser password store
-browser page cache
-directory where I save PDF shopping receipts
-mailbox
Now I lock a lot of the system down. Not just my home dir
-temp
-browser cache
-various program directories.
This is win32, where the EFS stuff doesnt encrypt filenames, just the contents. Its known that EFS is breakable (just reset the login password or something), but to make it harder
1. laptop needs a bios password.
2. that password is also used to enable the HDD
3. My winnt EFS private key is stored in the laptop TPM module.
#3 is interesting. I know TPM is associated with 'evil-DRM-Trusted-computing-stuff', but I use it as an unbreakable store of my sensitive keys. If what the inventors say is true (I work with some of them), you'd have to be a stronly motivate government to stand a chance of getting stuff off the TPM, so implicitly, off this hard disk.
Does this make me a criminal? I dont think so. The police told me off for not bios-locking my last box. Their view is the less usable stolen laptops are, the less valuable they are, so theft reduces all round. It is every laptop owner's duty to lock down their boxes so nobody can get at them!
The accusers found ROT13 on one of michael jacksons computer, so this will now be used as evidence against him.
a tool that this man used to commit his crimes.
the fact that he went to great lengths to hide his creations?
You must have read a different story than I did. Neither of those 'facts' existed in the story that *I* read.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
What if he was using a Windows-encrypted disk volume to store data?
"Lawyers are for sucks."
- Doug McKenzie
See, I've got this program that came with windows, and every time I log onto my banking site, or gmail, it encrypts my communications, so its presence on my machine must maean I have something to hide.
Damn internet explorer.
Don't read my journal. I don't post there, honest guv.
There are lots of things that aren't really pervasive, but that doesn't necessarily make them criminal.
E.g., my parents have rented a box at a bank to keep their documents there. Their reasoning being that in case of a fire or burglary, might as well not lose those.
It's not a pervasive thing, and it _could_ theoretically be used to hide something illegal, but that's not what they use it for. And a prosecution line of reasoning along the lines of "if it's not pervasive, it shows criminal intent" would make them both criminals. (Mind you, I'm not always on good terms with them, but "criminals" is a bit too harsh a word to call them;)
E.g., high-end sports cars are not that pervasive, and _could_ be used to try to outrun the police cars. But I sure hope it doesn't make everyone who bought a sports car automatically guilty of criminal intent and planning to flee the police to the border in that car.
E.g., I know at least two people who regularly purge their browser's history and cache. One is just clinically paranoid, (Yes, literally, believes in a world-wide conspiracy, that is secretly responsible for everything from wars to Jar Jar in Episode 1. No, literally.) The other just doesn't want his wife to find out about his porn surfing habits.
It's not that pervasive a thing to do, and it _could_ be used to hide surfing for something illegal, but none of them actually surf for anything illegal. (The paranoid one is just too paranoid, for example. He _knows_ that the conspiracy is watching him.)
So to cut to the end of a long rant, an idea like "if it's different from the norm, it can get you (extra) time in jail" seems like a very very dangerous precedent to me. Pressure to be 100% conformist and obedient can be bad enough as it is. Attaching an extra potential jail sentence to anything if it's unusual, seems to me like a very bad idea.
A polar bear is a cartesian bear after a coordinate transform.
My schools ITS department went after me for using blowfish encryption, and W.A.S.T.E on the network...
was fun using the glass house analogy with the schools administration.. fortunetly nothing ever became of it, hmmm now that i remember it, it was my posting on slashdot also that they tried using as "evidence" against me... sigh.... i hope this post dosn't end up getting printed out and stuck in a file of mine somewhere
come comment on the madness at http://slashdot.org/~phreak03/journal/
OK, so what's next?
A %22drew%20Roberts%22
Am I in some sort of conspiracy with all the people on my block becasue we all have locks on our doors and windows. (Actually, I think the conspiracy goes a bit further than just my block, but I am not going into full details here on slashdot.)
So, the existance of encryption software is evidence of criminal intent? Do we finally have a big weapon to use against the MPAA and their ilk? I mean, if they did not have criminl intent, (if they have nothing to hide) then why would they need encryption?
Hmmmm.
OK, so no more ssh, ssl, pgp, gpg, rot13, oh well, back to telnet. No WEP or their ilk allowed either... back to all open access points.
Interesting times...
all the best,
drew
--
http://www.archive.org/search.php?query=creator%3
FreeMusicPush If you want to see more Free Music made, listen to Free
Every time I hear that argument I almost explode in a rage and claim that at times the usage of encryption alone will be held evidence that you're a criminal.
Exploding in a rage doesn't actually accomplish anything, and that's probably a good thing given the things some people explode into a rage about.
The real problem is that you're never going to get a significant number of people to agree to use encryption on those grounds. The only way you're going to do that is to make it easy.
PGP and GPG are both insanely difficult to set up, even for geeks, and I can't see any reason why. They don't actually do anything very complex, outside of the encryption code itself. Comparing them with other encryption software doesn't make them look any better. Even traditional SSH is better, and things like the Apple keychain or browser SSL support are pretty much automatic.
Nobody would say that using an encrypted HTTP connection or a VPN was evidence of a crime, but that's not because people are somehow more dedicated to encryption being available, it's because it's as easy to use encryption as not to use it.
You want more people to use encrypted mail? Make it easy to do. Fix the mess that's "pgp -injoke", where the only concession to user friendliness is making the needlessly compex options spell something. You don't want to? Then this is YOUR fault, you lazy bum.
I use GPG for one reason: to encrypt my password file, history file, cookies, auto-fill files and any email communications containing that password as a last measure of defense against would-be crackers and identity theives.
This is the only truly effective defense a consumer has against these types of criminals, and as such a consumer should not be regarded suspect for merely taking common-sense measures to protect himself. However, should a court require that I turn over keys to these files, I'd consult my attorney. If my attorney felt the information would not be abused (e.g., a cookie from an accidental click on a dodgy website being admitted by the prosecution team as evidence), I'd have no problem there.
Lookup keys and a salt. The salt would make a significant difference.
E.g., I do carry a bag or two with me almost at all times, because I sometimes just want to drop by at the grocery store and buy stuff on the way home from work. And I see no point in buying a new plastic bag each time.
So basically if someone decided to accuse me of shoplifting, that bag -- even if not used at the time -- would suddenly be criminal intent. Seems bloody stupid to me.
E.g., back in college I did have half of my hard drive encrypted -- and that was before the OS itself came with encryption -- just because I didn't want the rest of my family reading my private stuff. Among other things, for a month or so at the time I tried to write a diary, and I didn't want it to be the whole family's business. ("Nosy" is too mild a word to describe my parents.)
What if at the same time, and totally unrelated, I had followed a link to some illegal site? God knows some sites had tons of redirects and links to warez sites, porn sites, etc.
Would suddenly that encryption software count as criminal intent to encrypt and traffic that illegal stuff? Even though it was never actually used to encrypt any of that?
Seems to me that linking everyday items to somehow imply premeditation and guilt, is severely flawed. Unless it is proved that the bag, or the encryption software, or whatever, was actually _used_ in committing the crime, it seems to me that mere possession doesn't really mean anything.
A polar bear is a cartesian bear after a coordinate transform.
In this case, there doesn't have to be encrypted files, PGP can do secure wipes.
And your still wrong.
Not only was there no indication that he encrypted porn, but there was no indication that he wiped anything either.
Had a wipe been done it would have been forensically OBVIOUS. The normal contents of 'empty' areas of a harddrive are miscelaneous file fragments, not systematically scrubbed sectors. Now assuming the police are not incompetent and they actually analyzed the harddrive, this means that the harddrive itself is actual evidence that no wipe was done.
You want to 'get the bad guy' and you are allowing it to bias the evidence in the case. You are imagining things he may have done that there is absolutely no indcation that he actually did, and you are allowing your imagination to be used as evidence.
The actual evidence is that nothing was encrypted. The actual evidence is that nothing was wiped.
This is exactly why certain things are supposed to be excluded from evidence. The prosecution cannot toss in irrelevant and prejudical items to get the jury to think X when the actual evidence is that X never happened.
God forbid someone actually does have an encrypted file on their computer - a very personal diary - and gets accused of some crime and gets you on the jury. You are going to jump to the FALSE conclusion that the encrypted file is evidence of guilt, even when there is absolutely no actual indication of any connection between the file and the alleged crime.
2 plus an imaginary 2 does not equal 4. If 2 is enough to convict then fine, convict based on the 2. If 2 is not enough to convict then you should not be throwing in an imaginary 2 to change a not guilty into a guilty and to convict a likely innocent person.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
There are a lot of people bemoaning the court's decision, saying that it's criminalizing encryption, etc.. More over, the OP makes reference to sentencing hearings. Fortunately (except for the egos of the uninformed people posting here), legal relevance has little, if anything, to do with criminalization of a given act.
Relevance can be defined as the quality of a piece of evidence (including testimony) that makes a contested issue in the case either more or less likely to have occurred (is it "probative" of a contested issue?). In other words, to be relevant, evidence need only pass a very minimal standard: does it make any element of the plaintiff's / prosecution's care more or less likely to be fulfilled.
The most common incorrect assumption about relevance is that for a piece of evidence to be relevant, it must make an element more likely to be true than false. That is where, I think, the OP got it all wrong. It only has to make an element more or less likely than it would be without the offered evidence.
My evidence teacher put it in terms of the betting-man test: If you were about to wager on whether something had already happened, but you had no idea and were going to flip a coin to decide, then a fact would be relevant if it would sway you, no matter how little, such that you, as a true statistical-believer of a gambling man, would rather wager based on that fact and not by means of flipping a coin.
Now, there are statutory and evolved exceptions to this; there's a lot of relevant evidence out there that's been, either by legislation or by tradition, called irrelevant, e.g. evidence that's relevant but not rationally so (it plays pretty much only to emotions), evidence of prior convictions, or character evidence to prove conduct.
So that's why the court got it right. The fact that this guy had PGP on his computer and that there were certain directories of encrypted files makes it more likely, in connection with other relevant facts already in evidence, that he was dealing with child pornography (note, once again, that this is not saying that the fact of PGP makes it more likely that he committed the crime, only that the fact makes you lean more towards "guilty" than you would lean without the fact).
Although the presence of PGP, in the absence of other evidence of crime, would not be relevant evidence of crime (at least to me as a juror), once there's something about a crime, I'd be willing to say that encryption makes it more likely (perhaps not by much), that the crime has been committed.
he's not only dumb enough to make and locally store child porn
Huh? From what I read there was no child porn on his computer and no encrypted files.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
The trial judge did not accept it as evidence of guilt. In the American system of jurisprudence, judges never make any determination as to whether evidence is implicating or exonerating. They only decide whether evidence is relevant. All other decisions--like how much credibility to put in the evidence, whether the evidence implicates or exonerates, all other decisions--lie in the hands of the jury. The framers of the Constitution didn't trust the government to judge evidence; all fact-finding was delegated to the jury.
In this case, the judge decided the presence of PGP may have had evidentiary value and thus it deserved being presented to a jury. Twelve people from the community then looked over the entirety of evidence, of which the presence of PGP was a really minor part, and decided that the balance of the evidence indicated his guilt beyond a reasonable doubt. And an appellate court has said that the trial judge wasn't unreasonable in finding that the question of PGP was best left to the jury.
Wow. Amazing. How dare courts do that in America? It's positively unamerican.
As much as I like the place, it can swing toward political correctness as a philosophical evil. Minnesota pioneered the idea of keeping sex offenders in custody indefinitely as criminally insane sociopaths AFTER they fulfilled their sentence. A teeny tad problematic constitutionally. After a couple decades of this, just this month they finally passed a law calling for life without parole for some sex offenses -- which at least addresses the legal issue.
Minnesota has also toyed with all the pornography definitions from "know it when I see it" to "anything whatsoever that incites the perverse". So the encryption issue is obviously just another Minnesota sex thing where encryption had the misfortune of being present at the scene of the crime.
On the other hand, a judge tossed out a case last year explaining to all involved that it wasn't the defendent's responsibility to prove that the girls in the photos were over 18. It was the prosecution's responsibility to prove that they _weren't_.
.
Not only is this horrifying to think about what this means for everyone else, but I can easily see the next ruling.
"Locked Doors can be construed as criminal intent."
What are you trying to hide from the police? What do you not want any police officer that comes walking past to see? DOORS = EVIL!!!
Outlook Express comes with XP Home... and supports S/MIME encryption. In other words, it supports a type of encryption which is used for EXACTLY the same purpose as PGP. Therefore, every XP owner is a criminal. Hooray for logic!
Karma: It's all a bunch of tree-huggin' hippy crap!
You can't legislate FOR child porn in this society.
:)
We have too many secrets, too many thing hidden away, too many things that shouldn't ever see the light of day, too many parts of our psyche that tries to scurry away like a cockroach from the light of exposure.
I'm glad that this ruling came out because it makes this kind of barricading as suspect as it should be. The tools themselves are as suspect as they should be.
Encryption technique is not at issue here (its essential for secure transmission of data,) but the need for openess of the source IS!
Think about it!
Open Source becomes essential to insuring that your system is not a porn repository. How could Microsoft be against that? Do they have something to hide?
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
I'm sorry but anything you say can already be ignored because of your admitted use of encryption software. Thanks to the usually liberal Minnesota court we now know that by definition you Pervs use encryption software for your evil Perv uses. This guilt by association with a known evil product that is used by known evil people is a useful time saver in determining the guilt and innocence of all people such as yourself. Suuuure you have a reasonable expectation of privacy but then if you weren't a Perv why would you encrypt anything? This in conjunction with the use of extensive background investigation to find anything you might have done as a child twenty or thirty years ago or any mistakes,errors, and or laspes in judgment over the years leads us to be able to efficiently discredit and disregard anything you might have to say. Thank goodness for Judges in the Peoples Republic of Minnesota who are working diligently to protect us from you guys. (please note the heavy sarcasm in case anyone from Rio Linda is reading this)
Enjoy your Karma, after all you earned it. Feel your Karma Joe, feel it burn.
On more than one level.
You see? There is a silver lining.
Ignore this signature. By order.
Now, it has exposed a broad flank to be shot down in flames in the inevitable appeal that will ensue.
After-all, despite all the new "patriot" acts, the basic doctrine that they have to prove you're guilty and not you that you're innocent stills stands...
-pagefile
FreeBSD 5.x has an option that can be set that, on boot, sets up the swap partition with a random encryption key that is kept only in memory and discarded on powerdown.
It's great for laptops since swap is the primary place on disk where passwords in memory can get accidentally written to. The only downside is that leaving it suspended is a security risk so it's best to power it down when it will be unattended.
Be very careful with EFS if those are files that you care about. If the machine isn't on a domain, there are several events that can cause you to lose your key permanently. One of them is having the user account password reset from the admin account. Changes to the user profile can do it too. Make sure to have backups and be very careful around your registry hive.
On a domain on the other hand, a domain admin can set up key escrow, so EFS doesn't really provide any security there unless you are the only domain admin or you trust everyone who is with all the data you encrypt.
only outlaws will use encryption.
Signature.
The police told me off for not bios-locking my last box.
Interesting... a couple of things come to mind:
1. I've never met a police officer with such a technical mind. I know they exist, but I expect that reporting a crime like a stolen laptop would get me a "so what do you want us to do about it?" and "give us the serial # and we'll keep and eye out for it."
2. I thought BIOS-locking referred to OS-BIOS connections... BIOS Locking: More Intrusive Than WPA. Perhaps you/they meant "BIOS password?"
3. BIOS passwords can be broken, bypassed, or removed quite easily. This is what makes me think that's not what they meant.
Anyways, just some things that went through my head.
I'm sorry I left out the sarcasm tags (I thought it would have been a little too obvious...).
What fresh hell is this that I wake up and learn that because I have an encryption program on my computer, I'm instantly qualified for 10-20 years (in the pokey)? I find it ironic that Windows NT, with its encrypting file system, hasn't landed my ass in jail yet. I thought it was legal to own it, afterall, I had to buy it.
BTW, I own a gun, knives, wood chipper, and a shovel.
-- Game Developers: Stop porting badly-textured games from crappy console systems!
The GP wasn't saying that child pornographers and other reprobates should be able to get away scott free by encrypting the evidence. The point appears to have been that moves such as this are serving to errode the protections set forth in the Forth and Fifth Amendments.
Stating that encryption is relevant to the state's case is analogous to the state saying that the defendant's refusal to admit that they're guilty is relevant to their case. There are all sorts of legal uses for encryption, most of them perfectly understandable for the accused (and he still is only accused, not convicted, and should therefore be presumed innocent!) If this weren't so, then you might as well accuse the thousands of people in my company who have PGP on their desktops of being child pornographers and/or terrorists.
Yes, child pornography is bad, but that doesn't mean that the moment someone is accused of the crime we should throw out the constitutional protections guaranteed ALL citizens. Given the current political climate, people who use reasoning such as the parent turn my stomach more so than CONVICTED child pornographers. Bah!
Remove or drain the cmos battery and the bios password is reset. An NVRAM clear will often do it as well.
Draining the cmos battery will take about two weeks though.
Just a Tuna in the Sea of Life
ENCRYPTION != EVIL
OK, agreed.
But I wouldn't necessary put it that way if I needed to make a point. Even if you get somebody to agree with you, it doesn't necessarily help them draw more accurate inferences. Indeed their inferences might still differe hardly from if they thought it was evil. The point here is that they were instructed to consider encryption as evidence. Well, OK, but how to they weight that evidence? Bayes therem says: P(A|B) = P(B|A)*P(A)/P(B).
People have a kind of rough intuitive understanding of this. Suppose "A" is "Is a Terrorist" and "B" is "Uses Encryption". Let's say 1 % of the population is terrorist and 1% uses encryption, because I'm lazy and like my factors to cancel. But since we're talking rough intuition, it's not much of a stretch: what I'm saying is that both terrorism and encryuption use both perceived to be unusual, even if we can't assign precise numbers to them. So, in this case, we get P(A|B) = P(B|A). Let's say that only 10% of terrorist are stupid enough not to use encryption. If we find out somebody is using encryption, if these assumptions are roughly correct, we can be 90% certain that they're terrorists.
On the other hand, suppose everybody uses encryption. Skipping the boring algebra, this works out mean P(A|B) = P(A). This means that some person who happens to use encryption software is exactly as likely to be a bad guy as any person picked at random walking down the street. It'a one in a hundred chance, not quite enough to send anybody to the gallows, I'd say.
Which is a big mathematical "duh". People understand intuitively that unusual facts tell you more about somebody than commonplace ones. The fact that somebody staggers around making loud and rude comment and acting unruly is more helpful if you're trying to decide whether he's drunk than the fact he has ten fingers and toes, as it turns out most drunks do.
The heart of the problem then is that encryption is perceived as exotic. Dynamite, we can all agree, is not evil. But people don't keep it around unless they are using it on their job. If it is found in the urban apartment of a postal worker, it tells you something significant about that person.
This highly misleading message is reinforced by testimony like the police expert. Oh, I would love to have been the one to cross examine this guy. He pointed out that they only people who might be able to break this code are the National Security Agency. The logically inclined among us will naturally find this to be stunningly irrelevant. I might keep my valuables in a safe deposit box that could only be breached by a small nuclear device, it doesn't mean that I'm keeping stolen nuclear plans there. A marketing expert would of course understand exactly what the expert was telling the jury: "This is not something you'd ever use -- it's exotic, cloak and dagger stuff for nefarious purposes."
The better counter message is this:
"Encryption is commonplace stuff. You encrypt data probably every day without even being aware of it, because it's so natural and automatic you never stop to think about it. You encrypt data when you order a book online, or check your bank balances. If you don't encrypt your credit card or bank data, then chances are it's being done for you by the person who is serving you. While your personal information might not be safe when it gets to the bank, it is extremely safe en route. So far as we know, nobody can steam open the envelope and look inside, not even the US Government's top secret spy agencies. They have to wait for the bank to open the envelope first.
The world would be a very different place without encryption. Would you like it if you had to get your bank statements and paid your bills on post cards? Especially if anybody could use your credit card just by claiming to be you? Fortunately, every well designed system for storing and transmitting your data electronically has provisions for protect
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I am not as shocked by them now saying that a program that encrypts files, are related to child porn. Hell, they told a grand jury (an Alabama grand jury. that means mostly farmers that have no evil computers) that "He has his hard-drive partitioned into 4 logical drives. This is common practice amung child porn people."
When it comes to child porn, they are really cracking down. And that's not a bad thing. It just seems like an invasion of privacy. I mean, what if you are into drafting, like me. If you have an encryption program on your computer, it could be used for anything.
It's the same with "safe-delete" programs. Will they go as far to say that "If you have a safe-delete program on your machine, you get arrested for possession of illegal things"? I guess this is the price we pay to have freedom as Americans.
See, this is what Bill Gates has been trying to tell us for years: A secure computer is a criminal offense.
I did RTFA now, and it says they didn't find any encrypted files on his computer. So they are in fact holding the existence of PGP on his computer against him. That's like saying "You have a safe, but we opened it and found nothing inside. But it suggests that you have something to hide."
You can find lists of manufacturer BIOS passwords that will bypass the user-specified password, too.
:)
Working as a help desk tech during college, I discovered a lot of tricks for things you weren't supposed to do. Like resetting an NT administrator password (Tech: "You have to format, sorry." Me: "Boot to this and follow the prompts.")
With the proliferation of bootable specialty Linux distro CDs, there are so many tools to help a Windows person get out of a jam.
Akarsz Magyar Gentoo fórumot? Akkor
You're almost right, but you're not. There is no indication the encrtyption software was used, or intended for use, in conjunction with the criminal act, which is not the case where a perpetrator has a gun with him during the commission of a robbery.
A better analogy would be that a man *owns* a gun, not that he had one on him during his crime. Since he owns a gun, therefore perhaps he might be willing to shoot someone. This happens often in our criminal trials, and it is weak evidence, just like this encrpytion software is weak evidence. But it is, nevertheless, evidence.
I am old school: relevancy, if there is any question, should be a question for the jury. Let the defense attorney show that encryption software is often used for good, and in itself is not indication of wrongdoing, and let the jury take that into consideration.
[n/t]
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
But if a crime was committed in the dining room of your home, and a (legally owned) gun which was not used in the crime was in your bedroom, should that gun be used as evidence against you?
If there is some reason to suspect that the gun might have been used in the commission of the crime, and that you were the only one (or most likely one) with access to it, then yes.
Each of us shoud create a file with 10,000 lines of "I told you this was an inocent file" and encrypt it an just keep it laying around our hard disk.
No, it's more like this.
You murder someone on the street with a knife. The state has proof you had the knife. The state has witnesses you ran home with the knife. Your defense rests on the fact that they couldn't find the knife in your home.
The state looks in your basement and discovers you have a perfectly legal iron smelting furnace (work with me here). The state is justified in bringing into evidence the possibility that the reason they couldn't find the knife is because you had the capability of undetectably destroying it.
Now flip furnace with PGP, and finding the knife with email records. Not having read the transcript of the case, it's possible some of his defense rested on "well you didn't see me transmit the images anywhere". If that's the case, the state is well and justified in pointing out there's a reason they wouldn't be able to find it.
Reading the article, it's not clear.
Never confuse volume with power.
Yes, but from my understanding of the article the encryption wasn't used in conjunction with the alleged crime. If I'm charged with murder and I happen to have bought a bag of lime or something that can be used to dissolve a body or hide evidence... then a body is found but without any traces of lime... how is the lime in any way connected to the so-called crime?
You can't deal in possiblities. Certainly if the dude had encrypted kiddy stuff on his machine they could use that against him... but he didn't, just encryption software which could very well have been from a completely unrelated issue.
I can't seem to figure out where I stand on issues, which I guess makes me a moderate. My first impression was that this was a really unfortunate anti-encryption story and that we, as a community really need to work on public perception of encryption. Because encryption is just a tool and just because somebody has duct tape doesn't mean they used it to bind a victim and that was where I came around to a different perspective...
Oh yeah, we do consider tools as evidence, even if those tools can be used for other-than-criminal activies. Duct tape, rope, a shovel, a knife, a gun (which is also a legal tool), a cell phone, a pair of binoculars -- heck, anything relevant can be used as evidence.
Now, had they said that encryption software was grounds for conviction in lieu of any actual evidence, using the theory that the reason you can't find any evidence is because the defendant encrypted it all -- THAT would be a tragedy for encryption. But as it stands, it sounds reasonable to me
RP
#3 is interesting. I know TPM is associated with 'evil-DRM-Trusted-computing-stuff', but I use it as an unbreakable store of my sensitive keys. If what the inventors say is true (I work with some of them), you'd have to be a stronly motivate government to stand a chance of getting stuff off the TPM, so implicitly, off this hard disk.
If your work with the inventors, you should know one thing. It is not trusted computing that is seen as inherently unsafe or "bad". That is the (IMHO VERY harmful) anti-tcpa propaganda which dumbs things down too much - which leads to people like you asking "so what?"
Yes, I would be very happy to own a trusted computing device, if and only if I have access to ALL keys and there is nothing hidden to me as the user (of course, with authorization by a passwort/master-key).
But that's the point and the danger. Trusted computing with "not-your-own-keys", areas on your computer controlled by someone else, makes the most evil forms of DRM, goverment control etc. possible!
Ooops, you're right. I retract that statement. I had assumed since he was accused of taking the pix they must have been found on the computer. Damn, what an ugly case.
I don't suppose you'd want to tell us what that option is? :)
hawk
This is freaky... I actually know one of the judges...
/ 0505/opa040381-0503.htm
The full opinion is available online at http://www.lawlibrary.state.mn.us/archive/ctappub
The judges wrote: Appellant argues that his "internet use had nothing to do with the issues in this case;" "there was no evidence that there was anything encrypted on the computer;" and that he "was prejudiced because the court specifically used this evidence in its findings of fact and in reaching its verdict." We are not persuaded by appellant's arguments. The record shows that appellant took a large number of pictures of S.M. with a digital camera, and that he would upload those pictures onto his computer soon after taking them. We find that evidence of appellant's internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him. See Minn. R. Evid. 401.
It appears the presence of crypto was not viewed as evidence for malfeasance, but instead used to describe a part of the procedure in which the appellant loaded pictures of the victim onto his computer.
(Disclaimer: I'm a programmer at Guidance Software, and work on EnCase.)
The fact that the presence of PGP on the suspect's computer was determined to be "somewhat relevant" by a Minnesota appeals court in this particular case is hardly the death knell for the 4th amendment.
Evidence from computer media is largely treated as circumstantial in the courtroom. As such, the tact in CP trials like this is to present lots of independent facts to the court with the hope that the aggregate weight of these facts is enough to remove reasonable doubt.
I have and use PGP and have no fear that it'll ever be used as evidence against me. Unless, of course, child pornography is recovered from the unallocated clusters on my disk, internet history show I was surfing CP sites through Google searches, link files pointing to, for an example I had from an investigator this very morning, "Gruppe 3 M:adchen Sperma.jpg", etc., etc.
Another subtlety to understand is typically only a small amount of the technical evidence from a case is presented to the court. Why? Because you don't want to spend hours and hours confusing the judge and jury about the meaning of MFT records and the like. I'd be sure in this case that there's a fair amount of evidence against the suspect (there usually is in CP cases, or they don't prosecute...) and the prosecution cherry-picked what to present in court based on how easy it would be to explain.
Jon
But the fake child porn option produces plenty of reasons to encrypt his porn. Um, duh. And it's completely legal.
Of course, he apparently failed to do so. Or maybe he couldn't find any. Because nothing was encrypted.
If corporations are people, aren't stockholders guilty of slavery?
I don't know how relevant this thought is, but I wanted to put it out there just the same:
Unless an actual child is being affected in some way, I really think child porn is at most levels harmless to the public. I'll qualify that in many ways if need be though I will grant that the initial act (if indeed it was an actual child depicted) is in fact harmful for the natural and healthy development of a child, the interest in child porn is, in my view, an exaggerated "thought crime" (provided that is the whole extent of the attrocity) and should be left alone by law enforcement... it is by itself a victimless crime in my opinion.
(I like porn... maybe not children, but when you start drawing lines, at some point I might find myself in jail because the objects of my own fantasy aren't wearing burkas right?)
My opinion can't be popular, but I think it's most compatible with those who care about general freedom that does not harm anyone else. I feel bad for anyone who is damaged enough to find children sexy, but if they do manage not to 'infect' anyone else with their condition, they should be allowed to live in peace and let the public relax from its with hunt.
(I'll qualify myself furhter by adding that I'm actually kinda drunk right now so if I don't make great amounts of sense, that might be part of it as well... but I generally stand behind my moral convictions [ironic word isn't it?] which support the right to be left alone if you're not harming anyone else in any way.)
Basically, to tie this in with the original topic: a person should have the right to protect his privacy from the public and YES from law enforcement. While I personally believe that "victimless crimes" should not be criminal, I recognize and in fact respect the fact that they are criminal at present. I should be allowed to encrypt anything I want and that encryption alone should not be confused with criminal intent any more than wearing clothes and a pocket knife in my pocket should be confused with having "a concealed weapon" on my person or a lock on my front door be confused with having controlled substances within.
These people are so short-sighted... more concerned with "getting the bad people" than protecting themselves... have they no idea what damage they are causing?
This is OT and IANAL, but...
informing the court that you "take the fifth" is unadvisable for any case involving alcohol.
This is not my sig.
Say it was commonplace for everyone to use encryption. I'm talking your mom encrypts her emails to aunt celly.
How would this 'evidence' be treated then?
One time a few years back I was given a ticket for speeding in California. I live in Arizona, and was returning from visiting a relative when I got the ticket. I was plainly in the wrong (I was speeding on the highway - however, it was one of those long lonely stretches in the desert between Yuma, AZ and BFE, California, with no other cars in sight - well, at least until I hit the speed trap under the overpass, of course) - but during the course of paying my fine (and doing an "online" drivers training course to keep the points off my record), I decided to look into the law I had violated...
To my disgust, as I was looking into the law - I found what "laws and statutes" really are:
SPAGHETTI CODE
There I was, looking at what appeared to be a set of functional code - but there was tons of "if-then"'s, the equivalents of "goto"'s, etc - if viewed as a piece of code, law would be the absolute worse piece of crufty legacy code there is! Couple this with the knowledge that there are tons of laws still on the book in all jurisdictions that have absolutely no bearing on current happennings (which could be analogous to old procedures in old code libraries/includes which are called only occasionally or never, in real code) - the fact that laymen can't understand it shouldn't be surprising.
What is surprising is a few things: that laymen can't use "ignorance" as a defense (though if as a layman you look at the law, it seems nearly impossible to make heads or tails out of it, even if you study it quite a bit, and of course case law -might- trump what you are reading, unless you know how to look that up, on and on and on...) - but further, that lawyers, judges, etc - ie, those who are charged with executing the law - actually make pretense at truely understanding it.
I submit that this is a lie, that these executors of the law are foisting upon us, the citizenry, a lie of monumental proportions - they act as arbitrators and interpretors of the laws, but I would be willing to bet that they are just or nearly as lost as we, the laymen, are.
Think about it: it is very nearly analogous to a large corporation with a a very old and crufty legacy COBOL-based computer software system, coupled with a 10Base2 twisted-pair network on an old IBM 360 mainframe running who-knows-what old incarnation of an OS - with a team of programmers, some old, most new - but even the old programmers were "newbies" when some of the last COBOL hacks were added, and the newer programmers are writing Java code to integrate with the legacy source - oh, and this system just happens to run a multi-national spread over 25 countries across the world.
Not one of those programmers could truthfully say they fully understand the system, and what effects adding a new piece of code or hack in will cause to the system as a whole. Not a single one of them could do it, and they couldn't even ask the original system developers, because most of them would be dead or senile, or otherwise unreachable (if anyone even knew who they were!).
The really sad part is that law, unlike code - can rarely be removed or otherwise refactored easily to see what that kind of a change would make. Most of the time, to fix a law, you have to cruft on more law, and hope that the "fix" doesn't break something else. Come to think of it - this is almost exactly like legacy code...
The only true way to fix it is to rip it all out and start over again with a fresh system - hopefully building on and learning from past mistakes and past poor procedures, so you don't repeat the problems. Unfortunately, what that means in law is revolution, typically armed, messy, and in more cases than not, the new system is a bigger broken mess than the old - rarely is it ever better.
Fittingly - just like replacing a legacy code system...
Reason is the Path to God - Anon
Where I work, we are required to encrypt customer information, and financial data, to keep it from prying eyes. Does this make Sarbanes and Oxley co-conspirators in the child porn case? Just a thought...
Without having the orginal case and just the scurrent decision at hand, there does appear to be evidence that he used the encryption program:
/ 0505/opa040381-0503.htm
the "evidence tends to show that an encrypting capability was employed by the Defendant;" and there are "occasions that indicate that there was advance notice of that so called surprising and thorough search warrant" executed at appellant's home.
furthermore:
We are not persuaded by appellant's arguments. The record shows that appellant took a large number of pictures of S.M. with a digital camera, and that he would upload those pictures onto his computer soon after taking them.
yet the files a nowhere to be found, hence the first statement and the second make the existance of PGP RELLEVANT to the state's case.
You can read the whole decision here:
http://www.lawlibrary.state.mn.us/archive/ctappub
and note that nothing about PGP is being used to imply his guilt in anything directly. Merely that the existance of PGP and his computer usage patters are relevant to the state's case.
T Money
World Domination with a plastic spoon since 1984
Having a hunting rifle is evidence of criminal intent in a poaching case.
Or
Merely posessing a lawfully owned firearm is criminal intent in a murder case.
However, this only says that the prosecution can use this as evidence. I would hope that the defense was able to show to the jury why this was so silly.
However, in a case where this is appealed after the conviction, and where it is a comparitively minor piece of evidence, the court may have a vested interest in not allowing the defense to nitpick after the fact. I.e. that there is a much higher standard for challenging evidence after the verdict than before. This might be different if it was a central aspect of the case, I might think, but IANAL. I have not read the actual ruling, only the news.com summary. Given how often news magazines miss the point of the ruling, I am not taking this at face value.
LedgerSMB: Open source Accounting/ERP
Probably the same way that everyone with a gun is treated when there is a gun crime. The MN court said that encryption could be used as evidence, not that all encryption is 'evil.' I'd say you were overreacting, but that would be the understatement of the year.
You're absolutely right, of course. I just think that currently punishments are not on par with the damage done to the victim.
But yes, you caught me speaking a little over-the-top when I said that. :-)
Techies have had many, many opportunities to make encryption support easy to use and transparent in products, and it hasn't happened. If they had, lots of people would use encryption; because they haven't encryption can be used as a discriminating factor between the ordinary and the dubious.
Any program relying on (nontrivial) preemptive multithreading will be buggy.
You miss my point, I don't think I'm overreacting. What I'm trying to say is if the courts pointed out that ahh look he has encryption, I'm saying in my situation it would be 'so what, doesn't everyone?'
Basically I think the courts made mention of encryption because in todays society it is something of note. I'm saying imagine everyone and I mean everyone used encryption. Then it would be like pointing out he has a telephone because it could be used to contact other pedophilers.
Do you see what I'm getting at now? I wouldn't think it would hold as much weight (or be something of note) if every person had encrypted file on every electronic device they had.
Because basically, right now they are inferring he has 'something to hide' by simply having encrypted files. That inference would be much more difficult if encryption was as commonplace as a telephone.
directory where I save PDF shopping receipts
Directory where you... Save... PDF receipts?
Brilliant!
I would like to thank you. It never occurred to me to print my order confirmation pages to PDF. What a truly wonderful idea!
Well, it doesn't so much matter for myself, but if I can convince my SO to do that, I'll save a ream of paper per month. DAMN that girl can shop...
FTA: "The court didn't say that police had unearthed any encrypted files or how it would view the use of standard software like OS X's FileVault. Rather, Levie's conviction was based on the in-person testimony of the girl who said she was paid to pose nude, coupled with the history of searches for "Lolitas" in Levie's Web browser.
Judge Thomas Bibus had convicted Levie of two counts of attempted use of a minor in a sexual performance and two counts of solicitation of a child to engage in sexual conduct. The appeals court reversed the two convictions for attempted use of a minor, upheld the two solicitation convictions, and sent the case back to Bibus for a new sentence."
So the only evidence against this man (that we know) is one exercpt from his browser history, and the uncredible testimony of a 9 year old. Remember the peoples lives damaged by satanic ritual abuse, when in fact "There is ample evidence that therapists and law enforcement personnel encourage and reward children for accepting the suggestions of bizarre abusive behavior". So unless there's some photos, anyone who wants this guy put away is an overemotional idiot that needs to learn the meaning of justice.
The road to hell is paved with good intentions.
Or look at locks. Would a judge also say that someone who locked their door has "criminal intent"?
Someone please mod this up. This is the best explanation I've seen here yet.
The reality is that he is convicted, and apparently based solely on the word of one 9 year old, and search history on his browser for a uncommon name. Given the current political climate, if a underage person says your guilty of being a pedophile, unless you have the resources of Jacko, you might as well just kiss your ass goodbye,
no physical evidence required,
no resonably consistant story from the victim,
no corroborative testimony,
just a possible life imprisonment, and if you do manage to get released, your name on the sex-offenders list forever.
At least Cotton Mather isn't burn them at the stake anymore.
Apocalypse Cancelled, Sorry, No Ticket Refunds
That's like telling me that when I commit a gun crime, and the prosecutor wants to put the gun with my fingerprints and gunpowder on it into evidence, I should object with the argument that "everyone" has a gun.
The courts aren't stupid. If the gun or encryption was used in the process of a crime, then it is going to be evidence. Regardless of how many other people might have a gun or encryption.
Now, if the court would say that since he had encryption on the computer, that is enough for a conviction, I would be concerned. But, if you read the article, you'll find that encryption was not the basis of the conviction.
Because basically, right now they are inferring he has 'something to hide' by simply having encrypted files. That inference would be much more difficult if encryption was as commonplace as a telephone.No, they are infering that he has something to hide because he paid a girl to pose nude. And had a history searches for "Lolitas." And that has squat to do with how many people use encryption.
Doesn't this make anyone running linux, OS X, or OS 9 (Finder-level 128-bit encryption) potential criminals? :P
On older Sony notebooks the bios password reset was a Public/Private key with the notebooks's serial number as the public key.
I helped a friend with his old vaio that had been sitting idle for a while and he forgot the password. it was a pita to fax in a receipt then he had to pay $25 for some dude in India to transfer him to some guy in Florida to take his serial number and tell him a 7 digit code.
Just a Tuna in the Sea of Life
Couldn't having a lock on your door be admitted as evidence of wrong doing by logical extension?
Ah, the jerking knees....
Sure, just put
gbde_swap_enable="YES"
into your /etc/rc.conf. Then in your /etc/fstab, stick a .bde at the end of the swap devices you want to encrypt. For example, if you have
/dev/ad0s1b none swap sw 0 0
change it to
/dev/ad0s1b.bde none swap sw 0 0
Having a flashligh, crowbar and gloves in a car was enough to get a friend of mine taken to jail on some charge like felony posssion of buglary tools 10 years ago. Doesn't matter there was a toolbox full of other crap. The combination of the three was enough trigger some stupid law. He got out of it but thats not the point...
ahh. Thanks.
hawk
Wrong. It is true that you can't safely assume that the NSA can't break PGP, but this is only possible if the algorithms happen to have some bug and NSA knows it. But this is a very very very unlikely situation*.
If the algorithms used by PGP have no bug known by NSA, no amount of 'playing dirty' will help them. No amount of special hardware will help breaking it**, but gathering the password from social engenireeing will work if you don't know how to use it properly. Also, keeping a non-encripted copy will obviusly help them.
* There is the 'feeling' that RSA will be broken soon, but using it is probably still safer than anything else.
** Unless you can power it with something other than the Sun or use some weard technology, like quantum computing or time travelling.
Rethinking email
Owning a crowbar is not illegal.
Having a crowbar in your posession isn't illegal.
Having a crowbar in your posession half a block from a house that was just broken into with a crowbar becomes relevant to the states case, and is no longer simple coincidence.
It can't be supressed as evidence. That is all, nothing to see here.
What they will try to do is, not villify him for having the software, but show that he encrypted pictures with it because he KNEW they were illegal. It shows his INTENT. If he has nudies that aren't illegal and unencrypted, and nudies that are illegal, and are encrypted, then he can't say that he didn't realize they were illegal, his actions show he had at least a suspision.
Anyone that has a webbrowser has encryption software if it supports SSL or TLS. He is not being punished for having PGP. His use of PGP indicates he new something was wrong. It isn't a single piece of evidence to hang him with, but piece of a puzzle.
These alternatives have been proven to be secure, likely just as secure as the 'big boys' like PGP and GPG.
Enjoy!
Tiny Encryption Algorithm
Pure Crypto Project
CipherSaber (CAUTION: uses RSA's 'cracked' RC4 algorithm)
I dont work with them; I work in the same corporate R&D lab. big difference. I dont believe in TCB, I dont believe in DRM. I dont think anyone here believes that real DRM is workable.
But you are right, TCB could be used for ubiquitous DRM, and that would be wrong. I guess now I am lucky in that the OS (winXP) doesnt know about the TCB; its some helper device driver that just stores my keys. Longhorn would be a different matter.
they meant bios passwords. Implict was the idea that people stealing the laptops are drug addicts wanting to get enough for the nights fix. Anything that reduces the value of the laptop helps.
The laptop integrates with secured HDD drives; these need a supplied password to start working properly; you set it up so the BIOS password powers both. If the password is stored on the disk, it should be pretty persistent, leaving only brute force attacks.
. . .
I have and use PGP and have no fear that it'll ever be used as evidence against me.
Yep, I imagine you don't :).
Of course, the prosecution would just argue that you used your expertise and inside knowledge of forensic software to hide your child porn so well that none could be found on your drive. However, the logs that might be used to frame you could be pretty damning . . .
"He was using encryption, so he must have something to hide" as an argument for the prosecution is another nail in the (admittedly already pretty much shut) Fourth Amendment's coffin.
I too have felt the cold finger of injustice.
(copied from my post to a list)c ourt=mn&vol=apppub/0505/opa040381-0503&invol=1
/MN resident
//knows what the hell he's talking about
First, read the opinion before the paranoia/speculation:
http://caselaw.lp.findlaw.com/scripts/getcase.pl?
The news.com article takes it out of context - the finding is that the
existence of an encryption program is relevant. Not damning, not
exonerating, just relevant - and personally I'm of the belief that encryption
software is a relevant issue when digital kiddie porn is the subject. This
does nothing to tie encryption with conviction - as shown by the opinion that
encryption was not very substantive to the case against him.
This is not a precedent, for many, many reasons.
The problem with this line of arguement is that this is not the only use for such tools. I have the GPG version of PGP on my home and work systems. At home, I use it for encrypting backup copies of my financial records, tax forms, old love letters (yes, the girls were of legal age, they're just embarrasing), and various files associated with my participation in local politics. At work, since I know there is at least some legally protected data on the machine, I have departmental computers backup local desktops to internal hard drives, and then encrypt the backup files whem putting them on the server.
Kind of like pointing out the defendant owned a shredder, there was huge pile of shredded paper by it, and the "smoking gun" documents are no where to be found.
Agreed... but it does not appear that the "huge pile of shredded paper" is present. Normal use of GPG or PGP to erase files leaves portions of the drive with data sectors showing either VERY high entropy, OR purely "zeroed". No mention of such evidence is in the news reports or ruling.
Last, it doesn't exactly sound like PGP was a "factor in his punishment". Rather, it sounds like it was a factor in his conviction. If the court had ruled that the evidence was inadmissible, then a new trial might have been ordered. This would require a finding that the irrelevant evidence was prejudicial enough that it could have formed a basis for the conviction. If the error was not considered substantial, then no new trial would have been ordered.
However, if the error was not considered substantial, the appeals court ruling would have said so; and if they had so ruled, or had ruled for it being inadmissable, there would be much less to this story. Instead, the ruling states "the presence of an encryption program on his computer was relevant to the state's case".
It's bothersome that the idiot testifying didn't know diddly about computers. Macs do NOT come with PGP or GPG installed by default. The FileVault system on OS X.3+ is based on AES-128, an algorithm whose main (sole?) similarity is that it cannot be decrypted by anyone short of the NSA. For that matter, Windows 2K and XP with EFS, based DESX... which probably can't be broken by anyone not willing to buy over ten megabucks of hardware for such jobs.
I also find it worrisome that it was admitted to evidence that he looked up on the web the definition of the crime he was accused of, as that would seem to weaken the right to counsel. Fortunately, that was not part of the basis of his appeal.
//Information does not want to be free; it wants to breed.
Read the actual opinion here - where does it says that the existance of PGP on his computer constituted criminal intent? It doesn't. It says that the existance of PGP "was at least somewhat relevant" but that the other evidence , PGP aside, was enough to convict.
.. but only if you forget your password
// Just my few cents