Slashdot Mirror

← Back to Stories (view on slashdot.org)

PGP Ruled as Relevant For Criminal Case

Posted by Hemos on from the stupid-stupid-courts dept.

waytoomuchcoffee writes "A Minnesota appeals unamimously ruled in a child porn case that "the existence of an encryption program" on the defendants computer could be admitted as evidence of criminal intent. The article doesn't mention if this can be taken into account for sentencing too."

11 of 675 comments (clear)

  1. Encryption use != evil by zoloto · · Score: 5, Insightful

    "We find that evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him," Judge R.A. Randall wrote in an opinion dated May 3.

    I find this very disturbing based on the attitude people have regarding encryption. It's seen in such a negative way as if everyone who uses encryption as evil. Let me put it this way:

    ENCRYPTION != EVIL

    I use this for my day to day communications. Either over IM, E-Mail or moving things from server to server (GPG, then sending the file via FTP etc.). How do we help the public to understand that just because someone wants to keep something secret, even under a mass of public scrutiny, it does not constitute someone breaking the law! I have a TON of letters to and from my girlfriend that are encrypted, that she herself does as well!

    I'm not saying the guy accused of the crime shouldn't produce keys, he obviously was doing something totally heinous by photographing a 9 year old in sexual position, and then those pictures destroyed. Predators of this nature are f-ing sick creatures that need some bad rehabilitation.

    My point is the attitude of the people. Admission of the fact that he had PGP on his computer shouldn't be a condemning factor of his behavior and should be based on his crimes. NOT THE FACILITATOR, MEANS, TOOL (Physical or otherwise) OR SOFTWARE to commit such crimes. He was using perfectly legal encryption utilities and software.

    Just because they were for hiding his crimes/pictures should NOT be a factor in his punishment. What kind of precedent would the judge be inadvertently (or purposely??) placing on the use and ownership of encryption and the tools to do such?

    ~zoloto

    1. Re:Encryption use != evil by rpdillon · · Score: 5, Interesting

      Yes, but by this logic, if someone "takes the fifth", it could be used to incriminate them, which kind of destroys the purpose of the right.

      Why is this relevant? Well, if he is using encryption, and they ask him for his key to decrypt the files, I'd say that would be him testifying against himself. Along those same lines, if he refuses to give the key (because he has the right NOT to incriminate himself), they are basically saying "Hey, we don't need the key, because he wouldn't be hiding anything if he had nothing to hide, so he must be guilty!"

      This really represents a failure on the part of the judge. The only thing encryption represents is an unknown: not intent, not a particular set of data. You might as well hand they police a blank drive and infer from that "He must have erased it, and he wouldn't have done that unless he was guilty!"

    2. Re:Encryption use != evil by amliebsch · · Score: 5, Insightful
      This is one of those rare cases when the slashdot headling is MORE accurate than the headline of TFA. That's because the court did NOT rule that PGP is evidence of criminal intent. Instead, it ruled that the existence of PGP was relevant to the state's case.

      Consider the following analogy: I murder someone on the street and flee in a red car. An eyewitness can't identify me but testifies that they saw a red car speeding away. The state introduces my auto title showing that my car was red.

      The fact that I own a red car is admitted into evidence! But not because owning a red car is itself proof of guilt! Rather, it's because it's relevant to the state's case, as evidence of a plan or simply the means of execution.

      Thus, Slashdot is right - the court found it "relevant" - and TFA is wrong - encryption is not itself evidence of criminal intent.

      --
      If you don't know where you are going, you will wind up somewhere else.
    3. Re:Encryption use != evil by Elshar · · Score: 5, Insightful

      Right, of course the victim (the 9 year old girl) probably doesn't even own a computer.

      How 'bout the other child pornographers that he's likely sharing the pictures with? Oh, yea. Them. They'd probably also be using PGP, as I doubt they'd want their email sniffed/syphoned off and read in an unencrypted fashion.

      And the last remark is uncalled for. Those children subjected to the whims of the pedeophiles might have no idea what they're doing, or they might be bullied, forced, coerced into doing so. How do you know? Maybe the pedophile is related to them?

    4. Re:Encryption use != evil by Patrick+May · · Score: 5, Insightful
      Anytime you plead the fifth you most likely have something to hide

      Not true. If the state is attempting to prosecute me, I have every reason to just keep my mouth shut. There is absolutely nothing I can say to them (as opposed to my own lawyer) that will improve my situation. The default position should be to take the fifth.

    5. Re:Encryption use != evil by calambrac · · Score: 5, Insightful

      Here's the analogy: it's legal to go to a salvage yard. It's illegal to steal someone else's car. A way to profit from stealing a vehicle is to salvage the vehicle. If the only information you have is that a person visited a salvage yard, there is no way you can prove that the person stole a particular vehicle. However, if you have other evidence that a person stole a particular vehicle, the information that the person also recently visited a salvage yard becomes relevant, in that it provides a legitimate explanation of why the car cannot be found.

      Applying it back to the case at hand: it's legal to use encryption software. It's illegal to possess child pornography. A way to hide child pornography is to encrypt the child pornography. If the only information you have is that a person uses encryption software, there is no way you can prove that the person possesses child pornography. However, if you have other evidence that a person possesses child pornography, the information that the person uses encryption software becomes relevant, in that it provides a legitimate explanation of why the offending material cannot be found.

      IANAL, so I don't know if this line of reasoning is a valid legal argument, but this was how I understood the comparison the GP post was trying to make. I'm not awake enough to decide if I personally think this should be valid or not...

  2. 5th Amendment violation? by Fookin · · Score: 5, Interesting
    IANAL, but if you refuse to give up your private key and you have something to hide, can the state force you to reveal it? Or is that tantamount to forcing you to incriminate yourself? I would think that any information concerning encrypted data in that scenario would be inadmissable since it would probably prejudice a jury.

    As a side note, with that earlier /. article about the MS guy saying to write your passwords down, is encrypting my password list an act with criminal intent?

  3. Porn bad. PGP good. by rice_burners_suck · · Score: 5, Insightful
    I would not view this decision as a threat against PGP in particular or encryption software and/or algorithms in general. The court is merely trying to determine the intent of the defendant.

    The encryption software here is treated in the same manner as an item such as a large bag would be treated in a shoplifting case. That is, if you go into a store, see something you like, grab it, and run, the court would likely view that as something that you did at the spur of the moment, without putting much forethought into it. The crime, while still very much a crime, would likely be treated as a stupid action you took because you didn't stop to think if it was right or wrong, and the sentence would likely be applied with some leniency. In such a case, assuming the item costs less than $400.00, the crime would be treated as a misdemeanor. On the other hand, if you had entered the store with an unnecessarily large bag that is mostly empty, this might, in the eyes of the court, show that you had planned to shoplift from the outset, and you would receive a much stiffer punishment. In this case, the crime would likely be treated as a felony, regardless of the item's value.

    In much the same way, the court handling this pornography case is probably trying to determine under which of the statutes the aforementioned materials fall, and the presence of software used with the intent to traffic in such material, regardless of the software's generally accepted purpose, can allow the prosecution to go for a crime with stiffer penalties.

    In other words, if you use PGP, don't worry, because it's not going to be outlawed. But if you're the guy in that pornography case, be afraid... be very afraid. Here in Soviet Russia, pornography encrypts YOU!

    As an aside, one should not look at pornography, because it can have an adverse effect on future relationships that you might have.

  4. BS on CNET by statemachine · · Score: 5, Insightful

    This is what the judge said (from the article):
    "We find that evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him," Judge R.A. Randall wrote in an opinion dated May 3.

    He did not say the encryption program was evidence of guilt.

    To say otherwise is tabloid "journalism."

  5. Oh, this is just *swell*... by cp.tar · · Score: 5, Funny
    I have a penis*.

    Therefore, in a rape case, this can be construed as criminal intent.
    This is good news for all Slashdot users; now you are gong to have sex at least in the eyes of the law...

    Furthermore, I normally keep my penis hidden in my pants, which obviously means I know that's wrong and am trying to hide it.
    As a consequence, criminal intent could not be established for flashing pervs; they do not seem to be hiding anything, at least... so that's OK.

    And to think I actually complain about Croatian judicial system, which is merely inefficient...

    *This is not a latest discovery, nor bragging; I really do need that** to prove my point.
    ** Please stop that.

    --
    Ignore this signature. By order.
  6. After I had my laptop stolen, I lock it down more by steve_l · · Score: 5, Informative

    My laptop got stolen from my own house last year; in hibernate state.

    Revoking SSH keys took as much time as killing card info, There is so many places sensititive data could end up (like your bank login/card info), such as
    -hibernate file
    -pagefile
    -browser password store
    -browser page cache
    -directory where I save PDF shopping receipts
    -mailbox

    Now I lock a lot of the system down. Not just my home dir
    -temp
    -browser cache
    -various program directories.
    This is win32, where the EFS stuff doesnt encrypt filenames, just the contents. Its known that EFS is breakable (just reset the login password or something), but to make it harder

    1. laptop needs a bios password.
    2. that password is also used to enable the HDD
    3. My winnt EFS private key is stored in the laptop TPM module.

    #3 is interesting. I know TPM is associated with 'evil-DRM-Trusted-computing-stuff', but I use it as an unbreakable store of my sensitive keys. If what the inventors say is true (I work with some of them), you'd have to be a stronly motivate government to stand a chance of getting stuff off the TPM, so implicitly, off this hard disk.

    Does this make me a criminal? I dont think so. The police told me off for not bios-locking my last box. Their view is the less usable stolen laptops are, the less valuable they are, so theft reduces all round. It is every laptop owner's duty to lock down their boxes so nobody can get at them!