Slashdot Mirror
PGP Ruled as Relevant For Criminal Case
waytoomuchcoffee writes "A Minnesota appeals unamimously ruled in a child porn case that "the existence of an encryption program" on the defendants computer could be admitted as evidence of criminal intent. The article doesn't mention if this can be taken into account for sentencing too."
"We find that evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him," Judge R.A. Randall wrote in an opinion dated May 3.
I find this very disturbing based on the attitude people have regarding encryption. It's seen in such a negative way as if everyone who uses encryption as evil. Let me put it this way:
ENCRYPTION != EVIL
I use this for my day to day communications. Either over IM, E-Mail or moving things from server to server (GPG, then sending the file via FTP etc.). How do we help the public to understand that just because someone wants to keep something secret, even under a mass of public scrutiny, it does not constitute someone breaking the law! I have a TON of letters to and from my girlfriend that are encrypted, that she herself does as well!
I'm not saying the guy accused of the crime shouldn't produce keys, he obviously was doing something totally heinous by photographing a 9 year old in sexual position, and then those pictures destroyed. Predators of this nature are f-ing sick creatures that need some bad rehabilitation.
My point is the attitude of the people. Admission of the fact that he had PGP on his computer shouldn't be a condemning factor of his behavior and should be based on his crimes. NOT THE FACILITATOR, MEANS, TOOL (Physical or otherwise) OR SOFTWARE to commit such crimes. He was using perfectly legal encryption utilities and software.
Just because they were for hiding his crimes/pictures should NOT be a factor in his punishment. What kind of precedent would the judge be inadvertently (or purposely??) placing on the use and ownership of encryption and the tools to do such?
~zoloto
And with other evidence, why shouldn't it be? In fact, the presence of it ought to lead prosecutors to tack on the charge of conspiracy.
Just like the presence of a gun during a robbery lifts the crime to armed robbery, the presence of encryption ought to imply not only that the culprit intended to commit the crime but also intended to cover it up as well.
So if someone is intelligent enought to know how to protect him/herself, they're more likely to be a criminal? Where is 'innocent until proven guilty' these days? bo
bad_outlook
--
Is this vague enough for you?
Yes, the crime is reprehensible and unforgivable.
But that doesn't mean the presence of encryption tools meant he was guilty. Encryption tools have many uses, some of which are good - like authentication and assurance of confidentiality. It's great to have encryption tools like PGP when you're sending an email to your broker that you want to issue a stock trade from your investments account. Or to be reasonably assured that discussing a prototype / secret business proposal will not be intercepted.
Encryption is merely a tool, to be used for both good and evil. A mail envelope can contain mail, or it can contain anthrax. An encrypted document could be a plot by terrorists, or it could be just any other email.
Doing the Right Thing should not be preempted by making a buck.
dangerous precedent?
As a side note, with that earlier /. article about the MS guy saying to write your passwords down, is encrypting my password list an act with criminal intent?
I used Fedora Core 2. Encryption built right in, 256 bit in any of a few flavors. I encrypt my journal, which has nothing illegal in it. But, if I'm unwilling to let someone read my personal files, why not accuse me of any number of terrible things? Terrorist? Necrophile? Hell, rack'em up boys! If he has an encryption program, he's obviously a criminal?
Good citizens have nothing to hide, after all. Why don't we just ban encryption entirely? And we'll install the cameras here and here...
Seriously...
I'm not totally familiar with what this means legally, but I know it's a bad thing. And a reason for every OS to include it by default, PRONTO!
If this stands up, privacy will take a beating.
Read the article! Quit posting in a vain attempt to be first.
He already committed the f'ing crime.
Levie's conviction was based on the in-person testimony of the girl who said she was paid to pose nude, coupled with the history of searches for "Lolitas" in Levie's Web browser.
The guy wasn't convicted because of the crypto. It's like finding the dead body... and then finding the shovel, the canvas bag, etc.
The encryption software here is treated in the same manner as an item such as a large bag would be treated in a shoplifting case. That is, if you go into a store, see something you like, grab it, and run, the court would likely view that as something that you did at the spur of the moment, without putting much forethought into it. The crime, while still very much a crime, would likely be treated as a stupid action you took because you didn't stop to think if it was right or wrong, and the sentence would likely be applied with some leniency. In such a case, assuming the item costs less than $400.00, the crime would be treated as a misdemeanor. On the other hand, if you had entered the store with an unnecessarily large bag that is mostly empty, this might, in the eyes of the court, show that you had planned to shoplift from the outset, and you would receive a much stiffer punishment. In this case, the crime would likely be treated as a felony, regardless of the item's value.
In much the same way, the court handling this pornography case is probably trying to determine under which of the statutes the aforementioned materials fall, and the presence of software used with the intent to traffic in such material, regardless of the software's generally accepted purpose, can allow the prosecution to go for a crime with stiffer penalties.
In other words, if you use PGP, don't worry, because it's not going to be outlawed. But if you're the guy in that pornography case, be afraid... be very afraid. Here in Soviet Russia, pornography encrypts YOU!
As an aside, one should not look at pornography, because it can have an adverse effect on future relationships that you might have.
My front door has a lock which can be opened only with my key. Therefore, I am hiding something reprehensible inside my house.
Logic, people, logic!
-- The reason it's called the right wing? Irony.
The article says the conviction was based in part on his searching for child pornography through search engines. However, if he used PGP to encrypt his HD then there is no way that law enforcement could have known this. Does that mean that Google or whichever search engine he was using logged his search history and handed it over to police??
Keys and passwords can be obtained during discovery, and failure to provide them is the same in the eyes of the law as not providing keys to your premises; you can be found in contempt for such.
Why on earth did the court rule that the mere existence on this criminal's systems constituted criminal action?* Why didn't they ask for keys as part of the trial and find out what he had encrypted? All this does is punish us in the tech world by alluding to the use of cryptography as a criminal action.
*And yes, this guy certainly deserves what he had coming, but don't punish me for his actions...
The main problem with this statement is that Windows XP includes encryption software as well. So do most modern Microsoft products.
I agree with you. It's bullshit.
Some of us like this little thing called PRIVACY. It's something that you get less and less of these days and it's only going to get worse. RFID national ID cards, bias against encryption, tracking databases, no travel without ID..
The excuse is always "If you're not hiding anything you don't have anything to worry about." I don't know what these people are afraid of. Why can't I go about my life without being tracked? Why is it a bad thing that I want to encrypt my communications?
A 12 year old can figure out that if one wanted to commit a crime, all these things won't help any. So obviously that can't be the reason.
Bah. People suck.
- It's not the Macs I hate. It's Digg users. -
This is one of those cases where use of a legal tool to aid or cover up a crime can absolutely be part of the case, and it is NOT an indictment of the tool.
My sig is blank, I typed this by hand.
What can I add to this that hasn't already been said half a dozen times. I use GPG (Gnu version of PGP) to digitally sign my email messages on my Linux machine. This is because certificates and other authentication methods cost money. GPG allows others to certify that I sent the message that claims to be from me. This is helpful for spam that parades as coming from me as well as other things. Additionally, as my family is starting up a business and we will all be in different states, the safest way for us to exchange information cheaply. Yeah, we have free long-distance on our cell phones, but for that we may as well be yelling out our windows. Email is likewise able to be tapped without some encryption. Thunderbird, enigmail, and GPG allow me to get a decent amount of protection for free. It isn't NSA-grade encryption, but it's good enough to stop most people. So yeah, I'm not a criminal because I use encryption. I just like to have some privacy. Otherwise why not just post my SSN to slashdot?
You're completely incorrect--I don't think you're thinking about the situation rationally.
Encryption is merely a tool that this man used to commit his crimes. Should video cameras the defendant used not be admitted? Should video TAPES? What about any other equipment he used in the filming process? They clearly (I think you'll agree) should be admissible as evidence. Why not the fact that he went to great lengths to hide his creations? Encryption is JUST a TOOL. It's not magically special just because it's on computers.
Note in the article, encrypted files were not EVEN located on the computer used in evidence.
This is tantamount to pointing to a car in which drugs were sniffed (but not found), and telling the jury, it has locks, so they must be trying to hide something. ( and further introducing the car or its locks, and the police testimony thereof as evidence )
Yes, I read that the girl involved testified against him, so forget about whether he's a slimeball or not, he probably is, the jury assumedly believed her story.
Bollocks!
Anyone seen my low uid? last seen 10 years ago while panning the #@$# out of Taco's 'web based discussion system'
First of all, only terrorists use jabber, so you better get rid of that. That e-mail client with encryption? Gone. SSH? SSee you in Jail, perv. Zip it? Better trash it.
On the other hand, he was convicted because a minor said he attempted to solicit her, and he had kiddie searches in his browser history. While the idea that having an encryption program can be seen as supporting evidence, I can understand why it would be relevant in this case. Encryption isn't a smoking gun, but it isn't as ubiquitous as a kitchen knife. I can't really argue with the ruling.
The ______ Agenda
If you built an underground cavern with a hidden door, security cameras, and multiple locks to hide the dead bodies from your killing rampage, the fact you spent all that time doing it should be evidence in the case of your intent.
This person is not being indicted for using crypto, his use of it is simply being used to show intent... why is that so wrong?
If you hide evidence in the course of any crime, the fact that you hid it is a perfectly reasonable thing to be brought up at trial, is this any different?
If someone gets arrested with bolt cutters breaking into a building, it's reasonable to use the presence of the bolt cutters at trial, just as it's reasonable to show any other tools (such as crypto) that were used to commit a crime.
My sig is blank, I typed this by hand.
The unfortunate thing about encryption is that it's not as pervasive as it should be. Virtually everybody has a lock on their house, and only rarely are they trying to conceal a criminal act. Virtually everybody puts mail -- particularly sensitive mail -- in envelopes before sending it, and again this is to retain privacy rather than deter law enforcement. But encrypted files are uncommon and therefore draw attention, right or wrong.
This is another example of where our justice system has gone round the bend when it comes to understanding new (and not even -that- new) technology and its relation to currently accepted practices in other parts of life. Locksmithing tools are specific to that practice, but encryption tools are general purpose and not only legal but encouraged for use by average citizens to retain their privacy.
Horrible precedents are usually set over reprehensible crimes, when said crimes represent only the tinest portion of the larger picture. Hopefully that won't be the case here when everything shakes out, but I have a feeling encryption will be severely curtailed in years to come as average people become more familiar with it and it becomes harder for law enforcement to deal with.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
...after it was discovered that the pen Mr. Levie had been carrying was actually a laser pointer. He was subsequently charged with intending to shine it in the eyes of airline pilots during landing and then sent to Cuba for a speedy but secret trial. His court appointed defense attourney later said, 'I've never met Mr. Levie but he was obviously guilty or he would not have been charged. May he rest in peace.'
Liberals call everyone Nazis yet they are the closest thing to it.
That's not entirely a problem caused by the captchas, now is it?
This comment does not exist.
You can safely assume that the NSA can break anything. They do not 'play fair' when they try to break things - they 'play dirty' and look for weaknesses in the implementation. They use enormous lookup tables and dictionaries. They use special hardware. If they know something is on a PC, then they could read all data off the hard disk and try every word or phrase ever typed on it as a key. Of course, you need to be pretty friggen important before they will waste their time on you...
Oh well, what the hell...
This appears to be the only discussion of the encryption issue:
The entire case is available at http://www.lawlibrary.state.mn.us/archive/ctappub/ 0505/opa040381-0503.htm
If you don't know where you are going, you will wind up somewhere else.
This is what the judge said (from the article):
"We find that evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him," Judge R.A. Randall wrote in an opinion dated May 3.
He did not say the encryption program was evidence of guilt.
To say otherwise is tabloid "journalism."
George Fritz was arrested today on charges of conspiring to commit crimes.
Police were first alerted to Fritz's activities when he dialed 911 to report a burglary in progress at his home in Elmwood drive.
On arriving at the scene, police observed that the doors to Fritz's house were locked and that the intruder had been forced to break a window to gain entry.
After aprehending and speaking with the intruder, police decided not to arrest him, relying on his promise not to re-offend.
Fritz *was* arrested however, on suspicion of being involved in a crime or crimes unknown. Prosecutors say they have a pretty strong case against him -- after all, if he had nothing to hide, why did he lock his doors and draw his curtains -- thus forcing the would-be burglar to break a window?
Film at eleven.
Just like the presence of a gun during a robbery lifts the crime to armed robbery, the presence of encryption ought to imply not only that the culprit intended to commit the crime but also intended to cover it up as well.
Well, if I use a gun in a robbery, that makes it armed robbery. But if I own a gun that is not used in the robber (say it's locked in a safe at home) does any robbery I undertake automatically become armed robbery? I mean, don't you think there should be evidence that I actually used the gun in the robbery?
That said, this isn't what the court decision is about. It isn't saying he is guilty because he has encryption software. It's saying the jury can consider that as evidence.
Mathematically, it is true that the significance of a fact depends on context. Thus something which in isolation doesn't mean much can become significant when joined to other facts. However, some things are so commonplace that you can't fit them into anyt kind of logical structure that will help you make a conclusion.
You might as well say that bank robbers wear shoes and the accused owns several pair.
Fortunately with the other evidence against him, I doubt this spurious instruction had any effect.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Other evidence, their locked front door clearly shows that this criminal must have something to hide. Or, clearly shows they need to hire a real lawyer.
--
make install -not war
I see what you're saying...but there are several flaws in this reasoning, both theoretical and practical.
(And for the record, when it comes to child pornographers, there can be no punishment too severe.)
Windows has encryption built in too.
Somewhere I hear Vadar saying, "I find your lack of faith disturbing..." ;-)
PGP uses a passphrase, right? What are the chances this guy's passphrase--now remember he's not only dumb enough to make and locally store child porn, but he doesn't even clear out his browser history--what are the chances his passphrase contains more than, say, 40 bits of entropy?
You don't have to break RSA or El Gamal or IDEA or Blowfish or whateverTF he was using...just get his keyring and bruteforce the passphrase. Or, if he's just using the symmetric cipher, do the same thing.
4096-bit RSA over Blowfish is pretty damn strong. Too bad the passphrase is so weak! It's like having that huge shield door from NORAD on your house, except with a full-size doggie door built into the front.
And is it difficult to implement this brute-force key search on the massively parallel architectures surely used by the NSA? Nope.
Think about the average complexity of any password a normal individual would use repeatedly, and you'll see how easy this really is. The NSA laughs their collective asses off at any commentary that begins, "The NSA cannot break [insert cipher name here]. Nobody can, not ever."
We don't even need to talk about differential cryptanalysis and other such exploits that would help to make the NSA's job even easier. Why bother? The weakness of the people who use the passwords is enough to "break" just about anything.
Now, said sleazebag is trying to get a new trial because the prosecutor was allowed to bring up his use of PGP. I certainly agree that mere presence of PGP does not prove criminal intent; after all, I have a similar program (GPG) on this machine. But even if that evidence should not have been allowed, it is at most a trivial error that did not appear to affect the case.
Look the judge instructed the jury that mere possession of encryption software could be used ti infer criminal intent on the part of THIS ONE PERSON!
Damn! It's like the RIAA making a patently absurd claim that just because one COULD use an iPod for storing illegally copied MP3s, therefore ALL iPod owners are using them to store illegally downloaded MP3s...
Oh, wait...
Guaranteed! This comment 100% Anthrax free!
Wrong. This is simply adding intent and conspiracy elements to the crime, it would be the same as you killing someone with a knife and then buying five gallons of bleach to clean up the blood splatters on the walls. Buying bleach is of course legal, and no one is questioning that, but adding the fact that you bought/used the bleach for a specific purposes related to the crime absolutely shows that you a) knew what you were doing b) had the presence of mind to clean up after yourself c) intended to conceal the crime.
No, I would say this is more like you killing someone with a knife and simultaneously having a bottle of bleach at home in the laundry room, and they have no evidence of you buying or using it for any other reason than doing the laundry, and yet it is somehow taken as "supporting evidence" that your crime was thought out in advance, with you having the bleach on hand specifically to clean up after the crime. Obviously the bleach could have been used to clean up some blood, so that must have been your intention in owning it.
Your mistake is in comparing this to a non-ordinary amount of bleach and suggesting they had some sort of evidence that you used the bleach to clean the blood off the walls. This encryption software is just an everyday, regular size, common bottle of bleach sitting in the laundry room, just like almost anyone would have in their home if they happen to have a laundry room. It indicates absolutely nothing. Thinking otherwise is an extremely dangerous logical fallacy. And it absolutely IS an indictment of the tool. Encryption software is not the logical equivalent of five gallons of bleach.
This wasn't about admission as evidence. This was about proving criminal intent. His intent was 'proven' with the existence of encryption software -- so GPs analogy was actually quite accurate.
This person is not being indicted for using crypto, his use of it is simply being used to show intent... why is that so wrong?
Because you, like most of the slashdotters arguing in favor of this ruling, apparently haven't read the fucking article. There is no evidence whatsoever that the man used encryption for ANYTHING AT ALL, much less hiding child porn. None. Nada. Zip.
It was present on his computer. That's it. It's also present on your computer if you use WinXP, Win2000, or have just about any distro of Linux. And we'll be sure to use it as 'evidence' of your intent to 'hide your crime' should we ever suspect you of doing anything illegal.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
No, you don't get it (and apparently neither do the mods). The things you say are true, hiding evidence is a crime, but they have no bearing on this situation. The point is, they have no evidence of the software being purchased or used for purposes of committing or covering up this crime (or any crime). Your analogy to going through a bunch of specific actions that can be linked directly to the crime is totally fallacious. Everyone who is saying this is a dangerous and stupid ruling is correct. The simple presence of the software is being taken as proof that it was intended for a criminal use. It is not his "use" of it that is being used, it is the "presence" of it on his computer that is being used against him.
And there you go again at the end of your post with another fallacious analogy, comparing encryption software to bolt cutters, as if it is obvious that its presence alone implies criminal intent. That's extremely dangerous reasoning. Just because I want to encrypt something does not mean I am encrypted child porn. Are you buying child porn whenever you enter a secure website that uses SSL? THINK about it. Think real hard. It's a subtle but extremely important distinction.
Same thing with someone above who compared encryption software to having a gun during a robbery. WTF? Guns, five gallons of bleach, bolt cutters, all these things have very limited uses and can be easily related to the crime in the analogy, but it will still require some sort of evidence that the defendant actually intended to use the item to commit a crime. If a guy gets caught breaking into something and happens to own a pair of bolt cutters that are stored in his shed at home, the bolt cutters have absolutely nothing to do with his crime. If a person owns a laundromat that has a clothes washing service, it would not be out of the ordinary for them to have a lot of bleach on hand. The fact that they had a bunch of bleach and used it to clean up some blood after they killed someone with a knife could not be used as supporting evidence that the crime was thought out beforehand. It just happened to be there. The fact that they used it to clean up the blood is the only fact that can be brought in as evidence, and it could only support the accusation that they were conscious afterward of having committed a crime, and trying to cover it up. The simple presences of the bleach could not have any bearing on the case.
Encryption software is a tool with many uses. Without direct evidence of its specific use, it cannot be used as supporting evidence for anything criminal. All the comments I've seen say they do not have any direct evidence of it being used in the crime, or being purchased for use in the crime, therefore it should not be admissable as supporting evidence of criminal intent. Do you get it now? It's like if you had a hammer in your desk drawer and they took it as supporting evidence that you were going to download child porn and hide it. It's totally nonsensical unless a direct link can be provided by the police.
Argh.
Use your brain.
Oh, no! Using a brain is a crime by itself in modern advertisment-based society.
Read Fahrenheit 451 or many other stories by American SF writers. They warn you 50 years ago that this would end with that - having encyption software is a crime, having gun is a crime, thinking independently is a crime too.
This is no different than the fact that a guy charged with burglary had a crowbar on him. When you're suspected of a crime, the presence of the tools to commit that crime or cover it up are relevent (though not dispositive) in a criminal trial. For a guy charged with making child porn, having a digital camera is relevent; doesn't mean that your digital camera alone is going to get you thrown in jail.
This is a hail mary by the defense attorney that does nothing but put software on the same footing as other tools.
Anyone who loves or hates any language, platform, or manufacturer, doesn't know what they're talking about.
How many Linux distros have gpg installed by default? Should we automatically be suspected as criminals?
How many PCs don't some form of encryption? Crypto includes browsers that support SSL... necessary for e-commerce. I'm sure that at least some of the judges have PCs and browsers. Should search warrants be obtained on this basis and their computers be checked for kiddie porn?
With respect to crypto, I personally use it to keep proprietary technology and business discussions private and to digitally sign documents. I also plan to continue to do so even if it makes Minnesota judges think I must be a criminal of some sort.
The court decision is... contemptible, but to be expected, it's from the same kind of ignorant people who voted the DMCA into law.
The most charitable thing I can say is that a great many people's brains shut down immediately if the subject of child pornography comes up, and speculating as to why would. . . be very impolite.
Tech Public Policy stuff
In other news, it was later ruled that "possession of envelopes" could be admitted as evidence of criminal intent to conceal communications.
Believing something doesn't make it true. Not believing something doesn't make it false.
Isn't this the same kind of reasoning that has led to things like witch hunts and the spanish inquisition? This is a dangerous way of thinking that criminalizes anyone with a desire to preserve their privacy... something our current government would love to turn into law at the drop of a hat.
8==8 Bones 8==8
Therefore, in a rape case, this can be construed as criminal intent.
This is good news for all Slashdot users; now you are gong to have sex at least in the eyes of the law...
Furthermore, I normally keep my penis hidden in my pants, which obviously means I know that's wrong and am trying to hide it.
As a consequence, criminal intent could not be established for flashing pervs; they do not seem to be hiding anything, at least... so that's OK.
And to think I actually complain about Croatian judicial system, which is merely inefficient...
*This is not a latest discovery, nor bragging; I really do need that** to prove my point.
** Please stop that.
Ignore this signature. By order.
This clearly could only happen because everybody said: I have nothing to hide, so why use encryption?
Every time I hear that argument I almost explode in a rage and claim that at times the usage of encryption alone will be held evidence that you're a criminal.
These times start NOW.
And by the way, this is YOUR fault you lazy bum.
-jsl
Dyslectics of the world, untie!
He didn't say NSA could break it, he claimed that no one "other than the NSA" could break it. Whether the NSA could break it or not was left unspecified. If I say that NSA can break DES, how am I guilty of divulging classified information? I deduce the information on the basis that NSA isn't incompetent and that DES has been broken by others for quite some time now.
The great thing about computers is that they make finding and manipulating digital data a snap. The bad thing about computers is that they make find and manipulating digital data a snap. It's a double edged sword that is, at least partially, dulled by encryption and other security measures.
You use a computer to generate sensitive data because its easier and more powerful than traditional methods, but that doesn't mean that you automatically want to forego the security that is implicit in a paper and pen solution.
Does this mean that keeping your photo album in a 'locked' house is evidence of criminal intent?
Scared of flying, pointy things snce 1979!
but the signs were there for a long time.
:(
I mean, I remember, when selecting packages for a Debian installation, the very interesting non-US category
The axiom that someone is innocent until proven guilty has been reversed for some years now. At first, it was only the media that did that to some poor fellow that was pronounced guilty on TV at arrest time. But gradually this has become true in more formal forms (read Guantanamo)
And the EU is steady following
www.lemonodor.com A mostly Lisp weblog
My laptop got stolen from my own house last year; in hibernate state.
Revoking SSH keys took as much time as killing card info, There is so many places sensititive data could end up (like your bank login/card info), such as
-hibernate file
-pagefile
-browser password store
-browser page cache
-directory where I save PDF shopping receipts
-mailbox
Now I lock a lot of the system down. Not just my home dir
-temp
-browser cache
-various program directories.
This is win32, where the EFS stuff doesnt encrypt filenames, just the contents. Its known that EFS is breakable (just reset the login password or something), but to make it harder
1. laptop needs a bios password.
2. that password is also used to enable the HDD
3. My winnt EFS private key is stored in the laptop TPM module.
#3 is interesting. I know TPM is associated with 'evil-DRM-Trusted-computing-stuff', but I use it as an unbreakable store of my sensitive keys. If what the inventors say is true (I work with some of them), you'd have to be a stronly motivate government to stand a chance of getting stuff off the TPM, so implicitly, off this hard disk.
Does this make me a criminal? I dont think so. The police told me off for not bios-locking my last box. Their view is the less usable stolen laptops are, the less valuable they are, so theft reduces all round. It is every laptop owner's duty to lock down their boxes so nobody can get at them!
There are lots of things that aren't really pervasive, but that doesn't necessarily make them criminal.
E.g., my parents have rented a box at a bank to keep their documents there. Their reasoning being that in case of a fire or burglary, might as well not lose those.
It's not a pervasive thing, and it _could_ theoretically be used to hide something illegal, but that's not what they use it for. And a prosecution line of reasoning along the lines of "if it's not pervasive, it shows criminal intent" would make them both criminals. (Mind you, I'm not always on good terms with them, but "criminals" is a bit too harsh a word to call them;)
E.g., high-end sports cars are not that pervasive, and _could_ be used to try to outrun the police cars. But I sure hope it doesn't make everyone who bought a sports car automatically guilty of criminal intent and planning to flee the police to the border in that car.
E.g., I know at least two people who regularly purge their browser's history and cache. One is just clinically paranoid, (Yes, literally, believes in a world-wide conspiracy, that is secretly responsible for everything from wars to Jar Jar in Episode 1. No, literally.) The other just doesn't want his wife to find out about his porn surfing habits.
It's not that pervasive a thing to do, and it _could_ be used to hide surfing for something illegal, but none of them actually surf for anything illegal. (The paranoid one is just too paranoid, for example. He _knows_ that the conspiracy is watching him.)
So to cut to the end of a long rant, an idea like "if it's different from the norm, it can get you (extra) time in jail" seems like a very very dangerous precedent to me. Pressure to be 100% conformist and obedient can be bad enough as it is. Attaching an extra potential jail sentence to anything if it's unusual, seems to me like a very bad idea.
A polar bear is a cartesian bear after a coordinate transform.
E.g., I do carry a bag or two with me almost at all times, because I sometimes just want to drop by at the grocery store and buy stuff on the way home from work. And I see no point in buying a new plastic bag each time.
So basically if someone decided to accuse me of shoplifting, that bag -- even if not used at the time -- would suddenly be criminal intent. Seems bloody stupid to me.
E.g., back in college I did have half of my hard drive encrypted -- and that was before the OS itself came with encryption -- just because I didn't want the rest of my family reading my private stuff. Among other things, for a month or so at the time I tried to write a diary, and I didn't want it to be the whole family's business. ("Nosy" is too mild a word to describe my parents.)
What if at the same time, and totally unrelated, I had followed a link to some illegal site? God knows some sites had tons of redirects and links to warez sites, porn sites, etc.
Would suddenly that encryption software count as criminal intent to encrypt and traffic that illegal stuff? Even though it was never actually used to encrypt any of that?
Seems to me that linking everyday items to somehow imply premeditation and guilt, is severely flawed. Unless it is proved that the bag, or the encryption software, or whatever, was actually _used_ in committing the crime, it seems to me that mere possession doesn't really mean anything.
A polar bear is a cartesian bear after a coordinate transform.
In this case, there doesn't have to be encrypted files, PGP can do secure wipes.
And your still wrong.
Not only was there no indication that he encrypted porn, but there was no indication that he wiped anything either.
Had a wipe been done it would have been forensically OBVIOUS. The normal contents of 'empty' areas of a harddrive are miscelaneous file fragments, not systematically scrubbed sectors. Now assuming the police are not incompetent and they actually analyzed the harddrive, this means that the harddrive itself is actual evidence that no wipe was done.
You want to 'get the bad guy' and you are allowing it to bias the evidence in the case. You are imagining things he may have done that there is absolutely no indcation that he actually did, and you are allowing your imagination to be used as evidence.
The actual evidence is that nothing was encrypted. The actual evidence is that nothing was wiped.
This is exactly why certain things are supposed to be excluded from evidence. The prosecution cannot toss in irrelevant and prejudical items to get the jury to think X when the actual evidence is that X never happened.
God forbid someone actually does have an encrypted file on their computer - a very personal diary - and gets accused of some crime and gets you on the jury. You are going to jump to the FALSE conclusion that the encrypted file is evidence of guilt, even when there is absolutely no actual indication of any connection between the file and the alleged crime.
2 plus an imaginary 2 does not equal 4. If 2 is enough to convict then fine, convict based on the 2. If 2 is not enough to convict then you should not be throwing in an imaginary 2 to change a not guilty into a guilty and to convict a likely innocent person.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
he's not only dumb enough to make and locally store child porn
Huh? From what I read there was no child porn on his computer and no encrypted files.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
The trial judge did not accept it as evidence of guilt. In the American system of jurisprudence, judges never make any determination as to whether evidence is implicating or exonerating. They only decide whether evidence is relevant. All other decisions--like how much credibility to put in the evidence, whether the evidence implicates or exonerates, all other decisions--lie in the hands of the jury. The framers of the Constitution didn't trust the government to judge evidence; all fact-finding was delegated to the jury.
In this case, the judge decided the presence of PGP may have had evidentiary value and thus it deserved being presented to a jury. Twelve people from the community then looked over the entirety of evidence, of which the presence of PGP was a really minor part, and decided that the balance of the evidence indicated his guilt beyond a reasonable doubt. And an appellate court has said that the trial judge wasn't unreasonable in finding that the question of PGP was best left to the jury.
Wow. Amazing. How dare courts do that in America? It's positively unamerican.
What if he was using a Windows-encrypted disk volume to store data?
They would have tacked on a negligence charge.
ENCRYPTION != EVIL
OK, agreed.
But I wouldn't necessary put it that way if I needed to make a point. Even if you get somebody to agree with you, it doesn't necessarily help them draw more accurate inferences. Indeed their inferences might still differe hardly from if they thought it was evil. The point here is that they were instructed to consider encryption as evidence. Well, OK, but how to they weight that evidence? Bayes therem says: P(A|B) = P(B|A)*P(A)/P(B).
People have a kind of rough intuitive understanding of this. Suppose "A" is "Is a Terrorist" and "B" is "Uses Encryption". Let's say 1 % of the population is terrorist and 1% uses encryption, because I'm lazy and like my factors to cancel. But since we're talking rough intuition, it's not much of a stretch: what I'm saying is that both terrorism and encryuption use both perceived to be unusual, even if we can't assign precise numbers to them. So, in this case, we get P(A|B) = P(B|A). Let's say that only 10% of terrorist are stupid enough not to use encryption. If we find out somebody is using encryption, if these assumptions are roughly correct, we can be 90% certain that they're terrorists.
On the other hand, suppose everybody uses encryption. Skipping the boring algebra, this works out mean P(A|B) = P(A). This means that some person who happens to use encryption software is exactly as likely to be a bad guy as any person picked at random walking down the street. It'a one in a hundred chance, not quite enough to send anybody to the gallows, I'd say.
Which is a big mathematical "duh". People understand intuitively that unusual facts tell you more about somebody than commonplace ones. The fact that somebody staggers around making loud and rude comment and acting unruly is more helpful if you're trying to decide whether he's drunk than the fact he has ten fingers and toes, as it turns out most drunks do.
The heart of the problem then is that encryption is perceived as exotic. Dynamite, we can all agree, is not evil. But people don't keep it around unless they are using it on their job. If it is found in the urban apartment of a postal worker, it tells you something significant about that person.
This highly misleading message is reinforced by testimony like the police expert. Oh, I would love to have been the one to cross examine this guy. He pointed out that they only people who might be able to break this code are the National Security Agency. The logically inclined among us will naturally find this to be stunningly irrelevant. I might keep my valuables in a safe deposit box that could only be breached by a small nuclear device, it doesn't mean that I'm keeping stolen nuclear plans there. A marketing expert would of course understand exactly what the expert was telling the jury: "This is not something you'd ever use -- it's exotic, cloak and dagger stuff for nefarious purposes."
The better counter message is this:
"Encryption is commonplace stuff. You encrypt data probably every day without even being aware of it, because it's so natural and automatic you never stop to think about it. You encrypt data when you order a book online, or check your bank balances. If you don't encrypt your credit card or bank data, then chances are it's being done for you by the person who is serving you. While your personal information might not be safe when it gets to the bank, it is extremely safe en route. So far as we know, nobody can steam open the envelope and look inside, not even the US Government's top secret spy agencies. They have to wait for the bank to open the envelope first.
The world would be a very different place without encryption. Would you like it if you had to get your bank statements and paid your bills on post cards? Especially if anybody could use your credit card just by claiming to be you? Fortunately, every well designed system for storing and transmitting your data electronically has provisions for protect
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I understand your point of view, but I believe that is more like: "You have been accused of murder. Your door has locks, so you have something to hide."
There is nothing wrong about having a door with locks on it. Neither to have PGP installed.
Is very different if behind the door you can find a lot of child porn pics... The problem is not related to the PGP, but with the content that is encrypted.
#3 is interesting. I know TPM is associated with 'evil-DRM-Trusted-computing-stuff', but I use it as an unbreakable store of my sensitive keys. If what the inventors say is true (I work with some of them), you'd have to be a stronly motivate government to stand a chance of getting stuff off the TPM, so implicitly, off this hard disk.
If your work with the inventors, you should know one thing. It is not trusted computing that is seen as inherently unsafe or "bad". That is the (IMHO VERY harmful) anti-tcpa propaganda which dumbs things down too much - which leads to people like you asking "so what?"
Yes, I would be very happy to own a trusted computing device, if and only if I have access to ALL keys and there is nothing hidden to me as the user (of course, with authorization by a passwort/master-key).
But that's the point and the danger. Trusted computing with "not-your-own-keys", areas on your computer controlled by someone else, makes the most evil forms of DRM, goverment control etc. possible!
One time a few years back I was given a ticket for speeding in California. I live in Arizona, and was returning from visiting a relative when I got the ticket. I was plainly in the wrong (I was speeding on the highway - however, it was one of those long lonely stretches in the desert between Yuma, AZ and BFE, California, with no other cars in sight - well, at least until I hit the speed trap under the overpass, of course) - but during the course of paying my fine (and doing an "online" drivers training course to keep the points off my record), I decided to look into the law I had violated...
To my disgust, as I was looking into the law - I found what "laws and statutes" really are:
SPAGHETTI CODE
There I was, looking at what appeared to be a set of functional code - but there was tons of "if-then"'s, the equivalents of "goto"'s, etc - if viewed as a piece of code, law would be the absolute worse piece of crufty legacy code there is! Couple this with the knowledge that there are tons of laws still on the book in all jurisdictions that have absolutely no bearing on current happennings (which could be analogous to old procedures in old code libraries/includes which are called only occasionally or never, in real code) - the fact that laymen can't understand it shouldn't be surprising.
What is surprising is a few things: that laymen can't use "ignorance" as a defense (though if as a layman you look at the law, it seems nearly impossible to make heads or tails out of it, even if you study it quite a bit, and of course case law -might- trump what you are reading, unless you know how to look that up, on and on and on...) - but further, that lawyers, judges, etc - ie, those who are charged with executing the law - actually make pretense at truely understanding it.
I submit that this is a lie, that these executors of the law are foisting upon us, the citizenry, a lie of monumental proportions - they act as arbitrators and interpretors of the laws, but I would be willing to bet that they are just or nearly as lost as we, the laymen, are.
Think about it: it is very nearly analogous to a large corporation with a a very old and crufty legacy COBOL-based computer software system, coupled with a 10Base2 twisted-pair network on an old IBM 360 mainframe running who-knows-what old incarnation of an OS - with a team of programmers, some old, most new - but even the old programmers were "newbies" when some of the last COBOL hacks were added, and the newer programmers are writing Java code to integrate with the legacy source - oh, and this system just happens to run a multi-national spread over 25 countries across the world.
Not one of those programmers could truthfully say they fully understand the system, and what effects adding a new piece of code or hack in will cause to the system as a whole. Not a single one of them could do it, and they couldn't even ask the original system developers, because most of them would be dead or senile, or otherwise unreachable (if anyone even knew who they were!).
The really sad part is that law, unlike code - can rarely be removed or otherwise refactored easily to see what that kind of a change would make. Most of the time, to fix a law, you have to cruft on more law, and hope that the "fix" doesn't break something else. Come to think of it - this is almost exactly like legacy code...
The only true way to fix it is to rip it all out and start over again with a fresh system - hopefully building on and learning from past mistakes and past poor procedures, so you don't repeat the problems. Unfortunately, what that means in law is revolution, typically armed, messy, and in more cases than not, the new system is a bigger broken mess than the old - rarely is it ever better.
Fittingly - just like replacing a legacy code system...
Reason is the Path to God - Anon
Sure, just put
gbde_swap_enable="YES"
into your /etc/rc.conf. Then in your /etc/fstab, stick a .bde at the end of the swap devices you want to encrypt. For example, if you have
/dev/ad0s1b none swap sw 0 0
change it to
/dev/ad0s1b.bde none swap sw 0 0