PGP Ruled as Relevant For Criminal Case

waytoomuchcoffee writes "A Minnesota appeals unamimously ruled in a child porn case that "the existence of an encryption program" on the defendants computer could be admitted as evidence of criminal intent. The article doesn't mention if this can be taken into account for sentencing too."

Encryption use != evil

[zoloto]

"We find that evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him," Judge R.A. Randall wrote in an opinion dated May 3.

I find this very disturbing based on the attitude people have regarding encryption. It's seen in such a negative way as if everyone who uses encryption as evil. Let me put it this way:

ENCRYPTION != EVIL

I use this for my day to day communications. Either over IM, E-Mail or moving things from server to server (GPG, then sending the file via FTP etc.). How do we help the public to understand that just because someone wants to keep something secret, even under a mass of public scrutiny, it does not constitute someone breaking the law! I have a TON of letters to and from my girlfriend that are encrypted, that she herself does as well!

I'm not saying the guy accused of the crime shouldn't produce keys, he obviously was doing something totally heinous by photographing a 9 year old in sexual position, and then those pictures destroyed. Predators of this nature are f-ing sick creatures that need some bad rehabilitation.

My point is the attitude of the people. Admission of the fact that he had PGP on his computer shouldn't be a condemning factor of his behavior and should be based on his crimes. NOT THE FACILITATOR, MEANS, TOOL (Physical or otherwise) OR SOFTWARE to commit such crimes. He was using perfectly legal encryption utilities and software.

Just because they were for hiding his crimes/pictures should NOT be a factor in his punishment. What kind of precedent would the judge be inadvertently (or purposely??) placing on the use and ownership of encryption and the tools to do such?

~zoloto

Re:Encryption use != evil

[Beryllium+Sphere(tm)]

>Just because they were for hiding his crimes/pictures should NOT be a factor in his punishment.

We don't even know that much. All that was reported is that he had PGP installed, not that he had any encrypted pictures.

I wonder why the EFF wasn't mentioned.

I use PGP for clients's data myself.

Hey, if posession is a problem, what about all those recent Windows versions with EFS preinstalled?

Re:Encryption use != evil

[pHatidic]

I'm not saying the guy accused of the crime shouldn't produce keys

It also depends on whether he was using PGP to encrypt just his email or his HD, since newer vesions can do either. Personally I don't think he should have to produce the keys either way, but there is a difference. If he was just using PGP for email then it should be entirely irrelevant, since obviously no nine year old girl is going to have PGP on her email (or at least any 9yo girl who does should be smart enough not to hang around pedophiles).

Re:Encryption use != evil

[srw]

If you had carefully RTFA, you would notice that nobody is suggesting that encryption software is illegal. They included it as a component of their case to establish _criminal intent_. In other words, if he's hiding something, he knows he has something to hide, therefore he knows he's doing something wrong... not just really, really stupid. Again, they're not suggesting everybody that has encryption software knows they're doing something wrong... in this case, the fact that he was doing something wrong was established with other evidence. The fact that he knew that what he was doing was wrong was supported by the fact that he tried to hide it. The same argument would probably be made if he had locked the pictures in an industrial-strength safe. As usual, the FA is not as bad as the slashdot headline.

Re:Encryption use != evil

[MntlChaos]

FBI: You Tried to launder money to the Soviets, didn't you?

Person: No. I didn't.

FBI: Then how do you explain this encryption software on your computer. You obviously have something to hide.

Person: No. And if I did, that would be none of your business

FBI to jury: Yup. He's guilty.

You might as well say that "The fact he knew that what he was doing was wrong was supported by the fact that he didn't tell anyone about it." A right to privacy should be guaranteed. I shouldn't have to defend my use of tools which help ensure my privacy

Re:Encryption use != evil

[fyngyrz]

Ok. Perv has bookshelves. Hides said photos in between the books. The brilliant, insightful courts:

"We find that evidence of appellant's bookshelf use and the existence of books in his house was at least somewhat relevant to the state's case against him"

If there is anything more ridiculous than blaming the weapon for the act of the person, I'm sure I can't think of it offhand.

The perv did the act, and the perv should get the attention. What he or she did it with has absolutely no bearing on the case -- but you can bet dollars to donuts that some moron is going to be all about banning PGP now because it "contributes to the child porn/perv problem."

There. Now I've used my brain.

Happy now?

Re:Encryption use != evil

[philipgar]

This case could be more analagous with the following added components:

FBI: You Tried to launder money to the Soviets, didn't you?

Person: No. I didn't.

FBI: We caught you exchanging money with operatives in soviet russia.

Person: Uh . . .

FBI: We also found this encryption software on your computer. You are likely to have something to hide.

Person: No. And if I did, that would be none of your business

FBI to jury: Yup. He's guilty.

Re:Encryption use != evil

[rpdillon]

Yes, but by this logic, if someone "takes the fifth", it could be used to incriminate them, which kind of destroys the purpose of the right.

Why is this relevant? Well, if he is using encryption, and they ask him for his key to decrypt the files, I'd say that would be him testifying against himself. Along those same lines, if he refuses to give the key (because he has the right NOT to incriminate himself), they are basically saying "Hey, we don't need the key, because he wouldn't be hiding anything if he had nothing to hide, so he must be guilty!"

This really represents a failure on the part of the judge. The only thing encryption represents is an unknown: not intent, not a particular set of data. You might as well hand they police a blank drive and infer from that "He must have erased it, and he wouldn't have done that unless he was guilty!"

Re:Encryption use != evil

[anagama]

Let me preface this by saying I know nothing of MN law or the facts of this case beyond the short article. However, I am a lawyer and I can guess at why the prosecution would want to get this evidence in the record and why it would be admitted.

The Prosecutor would likely argue that the existence of the encryption software demonstrates that the defendant knew that what he was doing was wrong and that he was trying to hide damning evidence. Hiding evidence against you is frowned on. If you know evidence could be used against you and then go about destroying it, in certain situations the court is entitled to instruct the jury to presume that the destroyed evidence would be harmful to your case.

Now, encrypted evidence may not be literally destroyed, but it is as good as destroyed as long as it remains encrypted. It's kind of like a shredded document -- although it is conceivable that it could be reassembled, if it is mixed with enough random material, reassembly is all but impossible.

Anyway, I don't see this as a suggestion that encryption is bad per se. I see it as an extension of basic evidence rules -- if there is other evidence suggesting you have bad files and you have intentionally made those file unreadable, the tools you used to do that are possibly relevant. Kind of like pointing out the defendant owned a shredder, there was huge pile of shredded paper by it, and the "smoking gun" documents are no where to be found.

Last, it doesn't exactly sound like PGP was a "factor in his punishment". Rather, it sounds like it was a factor in his conviction. If the court had ruled that the evidence was inadmissible, then a new trial might have been ordered. This would require a finding that the irrelevant evidence was prejudicial enough that it could have formed a basis for the conviction. If the error was not considered substantial, then no new trial would have been ordered. Obviously, one never reaches the punishment phase without conviction, but I didn't read anything that suggested the punishment was more severe by virtue of the PGP software (kind of like a firearm enhancement).

Re:Encryption use != evil

[amliebsch]

We find that evidence of appellant's bookshelf use and the existence of books in his house was at least somewhat relevant to the state's case against him

And so it would be, because it directly corroborates the state's theory of the case! It may not be highly probabative as to guilt - but it is in fact relevant, because it strengthens, however incrementally, the state's interpretation of the facts.

Re:Encryption use != evil

[Vellmont]

Have you ever used an envelope to conceal your communications, or do you let just everyone see what you're writing? Have you ever used https in a transaction? If so I guess you have something to hide as well.

The fact that he knew that what he was doing was wrong was supported by the fact that he tried to hide it.

And if you had read the article carefully, you would have noticed that there's no evidence he tried to hide the files. From the article:

The court didn't say that police had unearthed any encrypted files or how it would view the use of standard software like OS X's FileVault.

Using your analogy it's more like they found an empty bargain-bin safe at the house, and used that as evidence against him. "The man had a SAFE! Only criminals have safes!". As far as comparing PGP to a "industrial strength safe", well that might be a good comparison.. if all safes were industrial strength and given away very cheap or free.

Re:Encryption use != evil

[j_w_d]

This case could be more analagous with the following added components:

FBI: You Tried to launder money to the Soviets, didn't you?

Person: No. I didn't.

FBI: We caught you exchanging money with operatives in soviet russia.

Person: When?

FBI: You know when.

Person: I do?

FBI: Just answer the question.

Person: What question?

FBI: Uh. Encryption! You have encryption software on your computer, don't you?

Person: Yep.

FBI: So, you have something to hide.

Person: Sure, my credit card numbers that I use on line, personal data that could be used for identity theft, business correspondence I don't want my competitors to read, accounting data, that kind of stuff.

FBI: So, you could use this program for illicit purposes.

Person: What's 'illicit?'

FBI: You also have steganographic programs on your system.

Person: Stegano- what?

[Jury member takes note: "Linux newby. Doesn't know just what the vast majority of the software that came with his distro is or does, yet."]

Re:Encryption use != evil

[amliebsch]

This is one of those rare cases when the slashdot headling is MORE accurate than the headline of TFA. That's because the court did NOT rule that PGP is evidence of criminal intent. Instead, it ruled that the existence of PGP was relevant to the state's case.

Consider the following analogy: I murder someone on the street and flee in a red car. An eyewitness can't identify me but testifies that they saw a red car speeding away. The state introduces my auto title showing that my car was red.

The fact that I own a red car is admitted into evidence! But not because owning a red car is itself proof of guilt! Rather, it's because it's relevant to the state's case, as evidence of a plan or simply the means of execution.

Thus, Slashdot is right - the court found it "relevant" - and TFA is wrong - encryption is not itself evidence of criminal intent.

Re:Encryption use != evil

But if you selectively encrypt some documents and not others, it implies that you may have a particular reason to hide those documents. That makes it unreasonable to claim that you didn't know it was wrong.

The particular reason for encrypting certain documents may be so that your little sister won't read your diary. You don't care if she reads your term paper, so it isn't encrypted. There is nothing wrong, morally or legally, with the content of the encrypted documents. You simply want them to remain private. It is perfectly okay to keep documents or correspondence you don't want the world to read while at the same time keeping stuff you don't mind others seeing.

TFA doesn't say that the man used encryption to cover up illegal activity, but that the very existence of PGP itself indicated criminal intent, which is ludicrous.

Re:Encryption use != evil

[orangesquid]

Selective? Well, of course. I don't encrypt every single homework assignment or shell script I write!

I do encrypt things like bank records, sensitive databases, private letters, etc.

Of course, it's easier to just encrypt your whole $HOME directory. Put it on an encrypted partition. Then you can say, "I keep all of my data encrypted so my identity can't be stolen, so people can't poke into my private life, etc."

Maybe in fact I *should* encrypt my homework. At the university of delaware, the policy is, if someone cheats off of you, both them and you get in trouble. If I leave my laptop unguarded for a moment someone else in my class scp's the data to his computer, I'll get in trouble for it, when I've really done nothing wrong**. In that case, an encrypted $HOME directory would be useless, since if you're logged in, the whole directory would be unencrypted.

(** = Some may argue I should not leave my laptop unattended. Why? How about this---you leave your car parked unattended in your driveway, so it's okay for me to just walk up and take the engine out? Just because something's unattended doesn't make it OK to tinker with!)

Re:Encryption use != evil

[Elshar]

Right, of course the victim (the 9 year old girl) probably doesn't even own a computer.

How 'bout the other child pornographers that he's likely sharing the pictures with? Oh, yea. Them. They'd probably also be using PGP, as I doubt they'd want their email sniffed/syphoned off and read in an unencrypted fashion.

And the last remark is uncalled for. Those children subjected to the whims of the pedeophiles might have no idea what they're doing, or they might be bullied, forced, coerced into doing so. How do you know? Maybe the pedophile is related to them?

Re:Encryption use != evil

[Doctor_Jest]

Call me wacky, but:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated... (and so on...)

Has a privacy ring to it.... It's a right. If you want to keep something to yourself... this particular amendment provides a mechanism for which you are able to do that. Granted, it is not specifically stated "privacy", but applying the reasonable man test, you can see where privacy is upheld over public scrutiny. When privacy needs to be violated, it requires more work than just "LET ME SEE YOUR STUFF." :-) And for good reason, as evidenced by the groupings and subjects of amendments 1 - 10.

Which, if our courts weren't so broken, judicial review would toss out the "sneak and peek" provisions of the Patriot Act faster than you can say "Amendment IV".

Re:Encryption use != evil

[fyngyrz]

It was not my intent to mis-state how the issue was involved; my lack of familiarity with terminology failed me here. It shouldn't have been even mentioned, is what I'm trying to say.

The only valid issue should be, child porn, or no child porn. Not encryption. Did the defendant have some, or not? Did they produce some, or not? Did they distribute some, or not? If you have to point to the fact that the defendant has a means to hide information in the course of trying to villify them for creating, possession, or distribution of child porn, then you and your case suck, just as bad as the laws that allow you to bring such complete and utter irrelevancy into the courtroom do. Hopefully that was clear enough, precise legal terminology aside.

The reason that smart people are upset about this is that encryption technology stands a risk of being tarred by the same brush that society is using to paint your basic perv, and that brush is already dangerously out of hand.

And they are absolutely right. That could happen.

Re:Encryption use != evil

[Patrick+May]

Anytime you plead the fifth you most likely have something to hide

Not true. If the state is attempting to prosecute me, I have every reason to just keep my mouth shut. There is absolutely nothing I can say to them (as opposed to my own lawyer) that will improve my situation. The default position should be to take the fifth.

Re:Encryption use != evil

[calambrac]

Here's the analogy: it's legal to go to a salvage yard. It's illegal to steal someone else's car. A way to profit from stealing a vehicle is to salvage the vehicle. If the only information you have is that a person visited a salvage yard, there is no way you can prove that the person stole a particular vehicle. However, if you have other evidence that a person stole a particular vehicle, the information that the person also recently visited a salvage yard becomes relevant, in that it provides a legitimate explanation of why the car cannot be found.

Applying it back to the case at hand: it's legal to use encryption software. It's illegal to possess child pornography. A way to hide child pornography is to encrypt the child pornography. If the only information you have is that a person uses encryption software, there is no way you can prove that the person possesses child pornography. However, if you have other evidence that a person possesses child pornography, the information that the person uses encryption software becomes relevant, in that it provides a legitimate explanation of why the offending material cannot be found.

IANAL, so I don't know if this line of reasoning is a valid legal argument, but this was how I understood the comparison the GP post was trying to make. I'm not awake enough to decide if I personally think this should be valid or not...

Re:Encryption use != evil

So here it is my gentle little nerd friends... the root of the issue is above.

If perv had bookshelf, and had hid the pictures of a 9yo girl/boy with legs akimbo in said bookshelf it would be a damn sight more relevant than the fact that he had PGP installed on his PC. There is no suggestion that encrypted files were found so this is not the damning piece of evidence you paranoid little sunlight dodgers think it is.

Basically this sicko pervert kiddie fiddler was caught with a whole load of evidence proving quite conclusively that he had done some horrific things to the next generation and as a sideline there was a small amount of evidence that he may have had intent to try to cover his tracks.

This is like walking into a tobacco company office and finding a memo dated in the 50's from the CEO saying 'yeah we know smokes are REALLY bad for people but fuckit, why don't we keep selling them' RIGHT NEXT TO THE SHREDDER. It is the document that is the damning evidence however the shredder may be considered relevant in some small way as a means of covering up this evidence.

HOWEVER NO F**KER IS EVER GOING TO TRY TO BAN SHREDDERS!

And that means that in this case:
NO F**KER IS EVER GOING TO TRY TO BAN PGP BECAUSE OF THIS CASE!

In case any of you long haired bandwidth monkeys did not read that correctly I shall repeat.

NO F**KER IS EVER GOING TO TRY TO BAN PGP BECAUSE OF THIS CASE!

PGP is a small factor in this case, hell it is not really a factor at all. The guy was not convicted for having PGP he was convicted for TAKING OBSCENE PHOTOS OF CHILDREN

Now as for the 'how will this affect those who have EFS on their Windows box or encryption on their Mac or the triggers to the worlds nuclear arsenals on their Linux boxes'

IT WON'T

Say there is a hit and run...

You have a driving licence.

Not particularly relevant.

Say there is a hit and run...

You do not know how to drive.

REALLY RELEVANT
Because if you can't drive, odds on you were not out driving around at the time the hit and run happened.

Say there is an armed robbery...

You own a gun which has recently been used

Maybe slightly relevant.

Say there is an armed robbery...

Everyone in your street/block/state/country owns a gun which has recently been used

NOT AT ALL RELEVANT

So if you have not figured it out by now...

If everyone has encryption software then it ceases to be relevant in cases like this. It is only now because PGP and the like is the preserve of the penguin hugging elitist coffee slurpers that it can be considered relevant.

So, the moral of the story is stop whining about how the government is clearly trying to prevent you from hiding the fact that you could be jerking off to pictures of little girls and concentrate on explaining to people out there that PGP is little more than an envelope for your email, a safe for your documents and a lock for your front door.

Re:Encryption use != evil

[mrogers]

Nice server you got here. Sure would be a shame if it ended up on the Slashdot front page...

Re:Encryption use != evil

[ninewands]

RTFA. It said no encrypted files were found on the computer. He was convicted on the testimony of a 9 year old "model" he had photograpehed and a repeated history of web searches for "Lolitas."

This ruling is really really evil. It could be extended to "Having nmap and ethereal installed on your computer is evidence of criminal intent of to crack systems."

Re:Encryption use != evil

[Ithika]

You're assuming he *did* save and encrypt the alleged files. They're not mentioned anywhere in the articles I've read; merely that he had software installed. Considering most Linux distros come with GPG, Mac OSX comes with FileVault and Windows comes with EFS this proves nothing.

If he *had* encrypted files, then they'd have evidence to show for it - a virtual "locked safe", which at the very least arouses suspicion. Just having a safe with nothing in it implies nothing.

I think, apart from ignorance of the prevalence of encryption technologies in computers, the judge is conflating cryptology with steganography. Encrypting the files would make them more obvious, and couldn't account for the fact that they are not to be found.

It's my opinion that the prosecution are encouraging this confusion in an attempt to vilify the defendant, to gloss over that fact that their only other evidence is the word of a nine-year-old girl. If there is more to the case I'd be interested to find out what, but the articles I have read do not reveal much:

http://www.corante.com/importance/archives/2005/05 /24/mere_presence_of_encryption_on_pc_relevant_to_ criminal_acts.php
http://techdirt.com/articles/20050524/1639237_F.sh tml

Good. Encryption is a tool too

[Dancin_Santa]

And with other evidence, why shouldn't it be? In fact, the presence of it ought to lead prosecutors to tack on the charge of conspiracy.

Just like the presence of a gun during a robbery lifts the crime to armed robbery, the presence of encryption ought to imply not only that the culprit intended to commit the crime but also intended to cover it up as well.

Not a good result, even if it was child porn

[lavalyn]

Yes, the crime is reprehensible and unforgivable.

But that doesn't mean the presence of encryption tools meant he was guilty. Encryption tools have many uses, some of which are good - like authentication and assurance of confidentiality. It's great to have encryption tools like PGP when you're sending an email to your broker that you want to issue a stock trade from your investments account. Or to be reasonably assured that discussing a prototype / secret business proposal will not be intercepted.

Encryption is merely a tool, to be used for both good and evil. A mail envelope can contain mail, or it can contain anthrax. An encrypted document could be a plot by terrorists, or it could be just any other email.

can anyone say...

[remove+office]

dangerous precedent?

5th Amendment violation?

[Fookin]

IANAL, but if you refuse to give up your private key and you have something to hide, can the state force you to reveal it? Or is that tantamount to forcing you to incriminate yourself? I would think that any information concerning encrypted data in that scenario would be inadmissable since it would probably prejudice a jury.

As a side note, with that earlier /. article about the MS guy saying to write your passwords down, is encrypting my password list an act with criminal intent?

Awesome.

[cfalcon]

I used Fedora Core 2. Encryption built right in, 256 bit in any of a few flavors. I encrypt my journal, which has nothing illegal in it. But, if I'm unwilling to let someone read my personal files, why not accuse me of any number of terrible things? Terrorist? Necrophile? Hell, rack'em up boys! If he has an encryption program, he's obviously a criminal?

Good citizens have nothing to hide, after all. Why don't we just ban encryption entirely? And we'll install the cameras here and here...

Seriously...

I'm not totally familiar with what this means legally, but I know it's a bad thing. And a reason for every OS to include it by default, PRONTO!

If this stands up, privacy will take a beating.

c'mon stupids

Read the article! Quit posting in a vain attempt to be first.

He already committed the f'ing crime.

Levie's conviction was based on the in-person testimony of the girl who said she was paid to pose nude, coupled with the history of searches for "Lolitas" in Levie's Web browser.

The guy wasn't convicted because of the crypto. It's like finding the dead body... and then finding the shovel, the canvas bag, etc.

Porn bad. PGP good.

[rice_burners_suck]

I would not view this decision as a threat against PGP in particular or encryption software and/or algorithms in general. The court is merely trying to determine the intent of the defendant.

The encryption software here is treated in the same manner as an item such as a large bag would be treated in a shoplifting case. That is, if you go into a store, see something you like, grab it, and run, the court would likely view that as something that you did at the spur of the moment, without putting much forethought into it. The crime, while still very much a crime, would likely be treated as a stupid action you took because you didn't stop to think if it was right or wrong, and the sentence would likely be applied with some leniency. In such a case, assuming the item costs less than $400.00, the crime would be treated as a misdemeanor. On the other hand, if you had entered the store with an unnecessarily large bag that is mostly empty, this might, in the eyes of the court, show that you had planned to shoplift from the outset, and you would receive a much stiffer punishment. In this case, the crime would likely be treated as a felony, regardless of the item's value.

In much the same way, the court handling this pornography case is probably trying to determine under which of the statutes the aforementioned materials fall, and the presence of software used with the intent to traffic in such material, regardless of the software's generally accepted purpose, can allow the prosecution to go for a crime with stiffer penalties.

In other words, if you use PGP, don't worry, because it's not going to be outlawed. But if you're the guy in that pornography case, be afraid... be very afraid. Here in Soviet Russia, pornography encrypts YOU!

As an aside, one should not look at pornography, because it can have an adverse effect on future relationships that you might have.

Re:Porn bad. PGP good.

[RedBear]

You, like many others today, miss the important distinction, and the mods didn't catch it. What possible purpose could you have for carrying a large empty bag into a store, other than shoplifting? Its presence is a strong indicator that you were planning on shoplifting something. The mere presence of encryption software has no relation. It is not a strong indicator of anything, unless they can establish as fact that you purchased or used the software specifically for committing a crime. It is merely a general tool, like the computer itself, or the envelopes you use to mail letters. The fact that he uses envelopes to mail letters, or the fact that he owns a computer in the first place, was not used as supporting evidence of criminal intent.

There are so many other legal uses of encryption software that a ruling like this should always be considered very dangerous. It is not his use of the software to encrypt photos that is being used, because they have no evidence of that. It is the mere presence of the software, implying that its only possible use on his computer would be for criminal intent. That is the bad part.

Locks and Keys

[rscrawford]

My front door has a lock which can be opened only with my key. Therefore, I am hiding something reprehensible inside my house.

Logic, people, logic!

Hmm

[pHatidic]

The article says the conviction was based in part on his searching for child pornography through search engines. However, if he used PGP to encrypt his HD then there is no way that law enforcement could have known this. Does that mean that Google or whichever search engine he was using logged his search history and handed it over to police??

Keys and Passwords

[urbaneassault]

Keys and passwords can be obtained during discovery, and failure to provide them is the same in the eyes of the law as not providing keys to your premises; you can be found in contempt for such.
Why on earth did the court rule that the mere existence on this criminal's systems constituted criminal action?* Why didn't they ask for keys as part of the trial and find out what he had encrypted? All this does is punish us in the tech world by alluding to the use of cryptography as a criminal action.

*And yes, this guy certainly deserves what he had coming, but don't punish me for his actions...

Re:Oh come on

[wankledot]

Wrong. This is simply adding intent and conspiracy elements to the crime, it would be the same as you killing someone with a knife and then buying five gallons of bleach to clean up the blood splatters on the walls. Buying bleach is of course legal, and no one is questioning that, but adding the fact that you bought/used the bleach for a specific purposes related to the crime absolutely shows that you a) knew what you were doing b) had the presence of mind to clean up after yourself c) intended to conceal the crime.

This is one of those cases where use of a legal tool to aid or cover up a crime can absolutely be part of the case, and it is NOT an indictment of the tool.

what else is there to say?

[DJOtaku]

What can I add to this that hasn't already been said half a dozen times. I use GPG (Gnu version of PGP) to digitally sign my email messages on my Linux machine. This is because certificates and other authentication methods cost money. GPG allows others to certify that I sent the message that claims to be from me. This is helpful for spam that parades as coming from me as well as other things. Additionally, as my family is starting up a business and we will all be in different states, the safest way for us to exchange information cheaply. Yeah, we have free long-distance on our cell phones, but for that we may as well be yelling out our windows. Email is likewise able to be tapped without some encryption. Thunderbird, enigmail, and GPG allow me to get a decent amount of protection for free. It isn't NSA-grade encryption, but it's good enough to stop most people. So yeah, I'm not a criminal because I use encryption. I just like to have some privacy. Otherwise why not just post my SSN to slashdot?

Re:absolutely ridiculus

[wankledot]

You don't get it. This case is not claiming his use of encryption is/was illegal, it's not even adding the use of it to the charges, it's simply showing *criminal intent*

If you built an underground cavern with a hidden door, security cameras, and multiple locks to hide the dead bodies from your killing rampage, the fact you spent all that time doing it should be evidence in the case of your intent.

This person is not being indicted for using crypto, his use of it is simply being used to show intent... why is that so wrong?

If you hide evidence in the course of any crime, the fact that you hid it is a perfectly reasonable thing to be brought up at trial, is this any different?

If someone gets arrested with bolt cutters breaking into a building, it's reasonable to use the presence of the bolt cutters at trial, just as it's reasonable to show any other tools (such as crypto) that were used to commit a crime.

Re:Any relationship to gun ownership?

[Sheetrock]

I think the relationship they're trying to draw is similar to finding locksmithing tools in the jacket of a suspected burglar.

The unfortunate thing about encryption is that it's not as pervasive as it should be. Virtually everybody has a lock on their house, and only rarely are they trying to conceal a criminal act. Virtually everybody puts mail -- particularly sensitive mail -- in envelopes before sending it, and again this is to retain privacy rather than deter law enforcement. But encrypted files are uncommon and therefore draw attention, right or wrong.

This is another example of where our justice system has gone round the bend when it comes to understanding new (and not even -that- new) technology and its relation to currently accepted practices in other parts of life. Locksmithing tools are specific to that practice, but encryption tools are general purpose and not only legal but encouraged for use by average citizens to retain their privacy.

Horrible precedents are usually set over reprehensible crimes, when said crimes represent only the tinest portion of the larger picture. Hopefully that won't be the case here when everything shakes out, but I have a feeling encryption will be severely curtailed in years to come as average people become more familiar with it and it becomes harder for law enforcement to deal with.

The charge of forgery was dropped...

[craXORjack]

...after it was discovered that the pen Mr. Levie had been carrying was actually a laser pointer. He was subsequently charged with intending to shine it in the eyes of airline pilots during landing and then sent to Cuba for a speedy but secret trial. His court appointed defense attourney later said, 'I've never met Mr. Levie but he was obviously guilty or he would not have been charged. May he rest in peace.'

From the decision itself:

[amliebsch]

Finally, Schaub testified that, in a file entitled "research," he found the text of Minn. Stat. 617.246, which included "the definition of minor sexual performance, sexual conduct, things of that nature." He also testified that he found an encryption program, PGP, on appellant's computer; PGP "can basically encrypt any file;" and, "other than the National Security Agency," he was not aware of anyone who could break such an encryption. But Schaub also admitted that the PGP program may be included on every Macintosh computer that comes out today, and appellant may have had the text of Minn. Stat. 617.246 in his computer because of prior allegations against him.

This appears to be the only discussion of the encryption issue:

ANALYSIS I. Relevance Appellant first argues that he is entitled to a new trial because the district court erred in admitting irrelevant evidence of his internet usage and the existence of an encryption program on his computer. Rulings involving the relevancy of evidence are generally left to the sound discretion of the district court. State v. Swain, 269 N.W.2d 707, 714 (Minn. 1978). And rulings on relevancy will only be reversed when that discretion has been clearly abused. Johnson v. Washington County, 518 N.W.2d 594, 601 (Minn. 1994). "The party claiming error has the burden of showing both the error and the prejudice." State v. Horning, 535 N.W.2d 296, 298 (Minn. 1995). Appellant argues that his "internet use had nothing to do with the issues in this case;" "there was no evidence that there was anything encrypted on the computer;" and that he "was prejudiced because the court specifically used this evidence in its findings of fact and in reaching its verdict." We are not persuaded by appellant's arguments. The record shows that appellant took a large number of pictures of S.M. with a digital camera, and that he would upload those pictures onto his computer soon after taking them. We find that evidence of appellant's internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him. See Minn. R. Evid. 401.

The entire case is available at http://www.lawlibrary.state.mn.us/archive/ctappub/ 0505/opa040381-0503.htm

BS on CNET

[statemachine]

This is what the judge said (from the article):
"We find that evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him," Judge R.A. Randall wrote in an opinion dated May 3.

He did not say the encryption program was evidence of guilt.

To say otherwise is tabloid "journalism."

Re:BS on CNET

[Beryllium+Sphere(tm)]

The trial judge allowed the jury to hear about the installation of PGP. The trial judge was accepting it as evidence of guilt.

The appeals judges let this stand, saying in effect that a trial judge has to screw up bigtime before they'll undo that judge's decision, and that in their opinion the trial judge did have a leg to stand on.

And in other news...

[NewtonsLaw]

George Fritz was arrested today on charges of conspiring to commit crimes.

Police were first alerted to Fritz's activities when he dialed 911 to report a burglary in progress at his home in Elmwood drive.

On arriving at the scene, police observed that the doors to Fritz's house were locked and that the intruder had been forced to break a window to gain entry.

After aprehending and speaking with the intruder, police decided not to arrest him, relying on his promise not to re-offend.

Fritz *was* arrested however, on suspicion of being involved in a crime or crimes unknown. Prosecutors say they have a pretty strong case against him -- after all, if he had nothing to hide, why did he lock his doors and draw his curtains -- thus forcing the would-be burglar to break a window?

Film at eleven.

Well, analogies can get you into trouble

[hey!]

Just like the presence of a gun during a robbery lifts the crime to armed robbery, the presence of encryption ought to imply not only that the culprit intended to commit the crime but also intended to cover it up as well.

Well, if I use a gun in a robbery, that makes it armed robbery. But if I own a gun that is not used in the robber (say it's locked in a safe at home) does any robbery I undertake automatically become armed robbery? I mean, don't you think there should be evidence that I actually used the gun in the robbery?

That said, this isn't what the court decision is about. It isn't saying he is guilty because he has encryption software. It's saying the jury can consider that as evidence.

Mathematically, it is true that the significance of a fact depends on context. Thus something which in isolation doesn't mean much can become significant when joined to other facts. However, some things are so commonplace that you can't fit them into anyt kind of logical structure that will help you make a conclusion.

You might as well say that bank robbers wear shoes and the accused owns several pair.

Fortunately with the other evidence against him, I doubt this spurious instruction had any effect.

Re:Good. Encryption is a tool too

[beej]

Just like the presence of a gun during a robbery lifts the crime to armed robbery, the presence of encryption ought to imply not only that the culprit intended to commit the crime but also intended to cover it up as well.

I see what you're saying...but there are several flaws in this reasoning, both theoretical and practical.

1. There was no evidence PGP was being used to encrypt anything, or that he was even planning to do that.

2. The inclusion of PGP in the evidence is intended purely to sway the judge and jurors and presents no real information about the case. This is Cheating. It's like when a newspaper needs a story to be more sensationalistic, they say things like, "Aside from two pounds of marijuana, two guns were recovered from the residence." And then they don't tell you it was just a 22 rifle and a pellet gun.

3. Everyone has strong crypto on their machine. So by your reasoning, every time a crime involves a computer (which is going to be practically every planned crime these days), it should automatically carry some sort of conspiracy charge. This is pointless, just like saying the presense of envelopes in one's house obviously shows that the owner planned to hide his actions when mailing his co-conspirators.

4. Telling people that crypto is bad is also Extremely Bad, as attested to by so many other posts today. Crypto is good. Just like we allow a child pornographer to mail his wares undetected in an envelope, we allow him to email them encrypted. The alternative is simply worse, and we choose the lesser of the two evils. Smart people know this; jurors are more easily swayed, as I mentioned in point #2.

(And for the record, when it comes to child pornographers, there can be no punishment too severe.)

Re:Oh come on

[RedBear]

Wrong. This is simply adding intent and conspiracy elements to the crime, it would be the same as you killing someone with a knife and then buying five gallons of bleach to clean up the blood splatters on the walls. Buying bleach is of course legal, and no one is questioning that, but adding the fact that you bought/used the bleach for a specific purposes related to the crime absolutely shows that you a) knew what you were doing b) had the presence of mind to clean up after yourself c) intended to conceal the crime.

No, I would say this is more like you killing someone with a knife and simultaneously having a bottle of bleach at home in the laundry room, and they have no evidence of you buying or using it for any other reason than doing the laundry, and yet it is somehow taken as "supporting evidence" that your crime was thought out in advance, with you having the bleach on hand specifically to clean up after the crime. Obviously the bleach could have been used to clean up some blood, so that must have been your intention in owning it.

Your mistake is in comparing this to a non-ordinary amount of bleach and suggesting they had some sort of evidence that you used the bleach to clean the blood off the walls. This encryption software is just an everyday, regular size, common bottle of bleach sitting in the laundry room, just like almost anyone would have in their home if they happen to have a laundry room. It indicates absolutely nothing. Thinking otherwise is an extremely dangerous logical fallacy. And it absolutely IS an indictment of the tool. Encryption software is not the logical equivalent of five gallons of bleach.

Re:absolutely ridiculus

[maxpublic]

This person is not being indicted for using crypto, his use of it is simply being used to show intent... why is that so wrong?

Because you, like most of the slashdotters arguing in favor of this ruling, apparently haven't read the fucking article. There is no evidence whatsoever that the man used encryption for ANYTHING AT ALL, much less hiding child porn. None. Nada. Zip.

It was present on his computer. That's it. It's also present on your computer if you use WinXP, Win2000, or have just about any distro of Linux. And we'll be sure to use it as 'evidence' of your intent to 'hide your crime' should we ever suspect you of doing anything illegal.

Max

Brain use == evil

[Vitus+Wagner]

Use your brain.

Oh, no! Using a brain is a crime by itself in modern advertisment-based society.

Read Fahrenheit 451 or many other stories by American SF writers. They warn you 50 years ago that this would end with that - having encyption software is a crime, having gun is a crime, thinking independently is a crime too.

Relax

[jjohnson]

This is no different than the fact that a guy charged with burglary had a crowbar on him. When you're suspected of a crime, the presence of the tools to commit that crime or cover it up are relevent (though not dispositive) in a criminal trial. For a guy charged with making child porn, having a digital camera is relevent; doesn't mean that your digital camera alone is going to get you thrown in jail.

This is a hail mary by the defense attorney that does nothing but put software on the same footing as other tools.

Oh, this is just *swell*...

[cp.tar]

I have a penis*.

Therefore, in a rape case, this can be construed as criminal intent.
This is good news for all Slashdot users; now you are gong to have sex at least in the eyes of the law...

Furthermore, I normally keep my penis hidden in my pants, which obviously means I know that's wrong and am trying to hide it.
As a consequence, criminal intent could not be established for flashing pervs; they do not seem to be hiding anything, at least... so that's OK.

And to think I actually complain about Croatian judicial system, which is merely inefficient...

*This is not a latest discovery, nor bragging; I really do need that** to prove my point.
** Please stop that.

Everybody said: I have nothing to hide

[silence535]

This clearly could only happen because everybody said: I have nothing to hide, so why use encryption?

Every time I hear that argument I almost explode in a rage and claim that at times the usage of encryption alone will be held evidence that you're a criminal.

These times start NOW.

And by the way, this is YOUR fault you lazy bum.

-jsl

After I had my laptop stolen, I lock it down more

[steve_l]

My laptop got stolen from my own house last year; in hibernate state.

Revoking SSH keys took as much time as killing card info, There is so many places sensititive data could end up (like your bank login/card info), such as
-hibernate file
-pagefile
-browser password store
-browser page cache
-directory where I save PDF shopping receipts
-mailbox

Now I lock a lot of the system down. Not just my home dir
-temp
-browser cache
-various program directories.
This is win32, where the EFS stuff doesnt encrypt filenames, just the contents. Its known that EFS is breakable (just reset the login password or something), but to make it harder

1. laptop needs a bios password.
2. that password is also used to enable the HDD
3. My winnt EFS private key is stored in the laptop TPM module.

#3 is interesting. I know TPM is associated with 'evil-DRM-Trusted-computing-stuff', but I use it as an unbreakable store of my sensitive keys. If what the inventors say is true (I work with some of them), you'd have to be a stronly motivate government to stand a chance of getting stuff off the TPM, so implicitly, off this hard disk.

Does this make me a criminal? I dont think so. The police told me off for not bios-locking my last box. Their view is the less usable stolen laptops are, the less valuable they are, so theft reduces all round. It is every laptop owner's duty to lock down their boxes so nobody can get at them!