Slashdot Mirror

← Back to Stories (view on slashdot.org)

Judge Orders Child Porn Suspect To Decrypt His Hard Drives

Posted by Soulskill on from the ruining-it-for-everyone dept.

An anonymous reader writes "After having first decided against forcing a suspect to decrypt a number of hard drives that were believed to be his and to contain child pornography, a U.S. judge has changed his mind and has now ordered the suspect to provide law enforcement agents heading the investigation with a decrypted version of the contents of his encrypted data storage system, or the passwords needed to decrypt forensic copies of those storage devices. Jeffrey Feldman, a software developer at Rockwell Automation, has still not been charged with any crime, and the prosecution initially couldn't prove conclusively that the encrypted hard drives contained child pornography or were actually Feldman's, which led U.S. Magistrate Judge William Callahan to decide that forcing him to decrypt them would violate his Fifth Amendment right against self-incrimination. But new evidence has made the judge reverse his first decision (PDF): the FBI has continued to try to crack the encryption on the discs, and has recently managed to decrypt and access one of the suspect's hard drives... The storage device was found to contain 'an intricate electronic folder structure comprised of approximately 6,712 folders and subfolders,' approximately 707,307 files (among them numerous files which constitute child pornography), detailed personal financial records and documents belonging to the suspect, as well as dozens of his personal photographs."

11 of 802 comments (clear)

  1. What kind of encryption did the FBI break? by samriel · · Score: 5, Interesting

    Reading that made me ask three questions:
    1) What kind of encryption did the FBI break?
    2) Can they do it again, for any arbitrary encrypted data?
    3) If 2), what kind of decryption should we use instead of 1) ?

    1. Re:What kind of encryption did the FBI break? by Obfuscant · · Score: 4, Interesting

      Agreed. Besides, they're making things up --> an intricate electronic folder structure comprised of approximately 6,712...

      You're accusing them of making up the numbers, or of using non-technical language when they described the contents of the disk? Yes, they used non-technical language, but I think it would be easy to imagine what "an intricate folder structure" would mean, and to understand that the important part of the document is the "6712 folders" and seven hundred thousand plus images they contain.

      If they successfully decrypted a single drive, and found evidence, it is strong enough to build a case.

      It is.

      Encryption is boolean; you either discovered the key, or you haven't. There isn't a "key" out there the will give a "partial" decryption.

      Where did you come up with the phrase "partial decryption"? They decrypted one of the disks they had, the rest remain unbroken.

      So, what is happening is that they have evidence to move forward with an indictment, but they're trying to set a legal precedented to override the 5th for future cases, IMHO.

      Or they're trying to recover files that might help identify new victims or show a trail of transfers that will lead to other criminals.

      This is basically the same tactic used in U.S. schools on the children now a days. You know, Billy said you did it,

      No, it is more than "Billy said". They've got the files and sufficient evidence to show that the disks belong to the alleged criminal. He's already been incriminated, it's a "foregone conclusion" at this point. He's not even being forced to tell the cops his password/passphrase, he's only instructed to enter it unobserved into the system so the disks will be unencrypted. So you can't argue that they cops are learning anything new regarding putting this guy in prison. "Oooh, your passphrase is 'i hid the body under the old oak tree out back', we're going diggin..."

    2. Re:What kind of encryption did the FBI break? by Obfuscant · · Score: 4, Interesting

      Well look at it this way, going by the blurb for the low-info voters, everyone is now guilty of having child porn.

      When you stop the quote at "6712 folders", yes, it might look that way. When you consider that the remainder of that sentence talks about images that are child porn in those folders, I think most people will recognize that the relevant criterion for being guilty of possession of child porn is not just "6712 folders".

    3. Re:What kind of encryption did the FBI break? by Anonymous Coward · · Score: 2, Interesting

      Well look at it this way, going by the blurb for the low-info voters, everyone is now guilty of having child porn.

      When you stop the quote at "6712 folders", yes, it might look that way. When you consider that the remainder of that sentence talks about images that are child porn in those folders, I think most people will recognize that the relevant criterion for being guilty of possession of child porn is not just "6712 folders".

      Yeah, "(among them numerous files which constitute child pornography)" could be 3 files in the folder "~/browser/cache".

      If they have really found child porn files, and they bothered with showing numbers like "approximately 6,712 folders", don't you think they would have at least bandied about "tens of thousands of child porn image files", or more appropriately "approximately 72,532 child porn images"?

      If all 6700 folders are hold porn, does it make sense to have each containing less than 10 files? Wouldn't the logical conclusion be that 6700 folders are ALL the folders in the PC, and they only have a hand full of alleged child porn images? "Alleged" because if those are child porn files without doubt, the FBI would have brought the case to court or reached a plea bargain with the guy already. The fact that they are bothering to get the judge to force the guy to decrypt means they don't have enough evidence, and is either bluffing or plain lying to the judge.

      P.S. so FBI agents nowadays are poorly educated they don't even know the first thing about significant figures? How the hell can you have an "approximate" number correct to 4 significant figures? "the blurb for the low-info voters" is exactly what TFS is.

    4. Re:What kind of encryption did the FBI break? by FatLittleMonkey · · Score: 5, Interesting

      and to understand that the important part of the document is the "6712 folders" and seven hundred thousand plus images they contain.

      Seven hundred thousand files. But you genuinely heard it in your head as "images", right? And that is why prosecutors play such word games with, what should be, mundane technical information, because it does the same thing with the judge and jury.

      "707,307 files" becomes "700,000 images" becomes "700,000 porn images, much of it kiddy porn."

      --
      Science is all about firing a drunk pig out of a cannon just to see what happens.
    5. Re:What kind of encryption did the FBI break? by dj245 · · Score: 5, Interesting

      All of this information is in the initial filing, which wired posted here, including the fact that the government figured out partial patterns to his passwords. You should read the filing, though I warn you, you will want to retch by the end of it: http://www.wired.com/images_blogs/threatlevel/2013/04/fedswantdecryption.pdf

      After reading the request, I am amazed that the judge issued the first ruling at all. The download logs clearly showed entries that graphically describe pedophilia being written to a secure disk. I think the agents freaked out a bit, and assumed the disks would self destruct (as far as I know, the maxtor disks don't in fact do so).

      I know it's unpopular to say on slashdot, but the government has a job to do, and is doing it well.

      Regardless of the circumstances, ordering someone to decrypt a hard drive should be against the 5th amendment. I look at this the same way as any other "evidence is in a very hard place to get" situation.

      If I lock evidence in a locker or a house, the authorities are going to break my lock or break down the door. They can't order me to give them the key if the location of the key is unknown to them. If I have an electronic keypad, they can't order me to give them the passcode.

      If I kill someone and, having decided that a "shallow grave" is likely going to get me caught, bury the body in a 1000ft grave (suppose I own a drilling company), they can't make me dig up that body. It is upon them to dig it up. If I weigh someone down and dump them in the ocean, they can't force me to tell them the exact latitude/longitude. They can gather evidence all day long through any legal means, but forcing someone to actively incriminate themselves has never been, and should not be, legal in the US.

      The fact that we now have locks that are effectively unpickable and unbreakable is unfortunate for law enforcement, but that doesn't change the 5th amendment. There should be no exceptions. The nature of the crime or the amount of other evidence doesn't matter to the 5th amendment.

      --
      Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
    6. Re: What kind of encryption did the FBI break? by TheCRAIGGERS · · Score: 4, Interesting

      What about looking at it from another direction?

      Say the FBI suddenly raided you, and brought you up on say, pedophilia charges. They confiscate your computer hardware, as is standard procedure.

      Now, I'm going to take a leap of faith here and presume you have no child porn on your PC. And for the sake of my point, no encryption. But they are sure you have it somewhere, so they naturally assume that you must have encrypted ghost partitions or whatever on your hard drive(s). Maybe they even have a log provided by your ISP that says at one point, you navigated to a website that provided such encryption software in the last decade. They demand that you hand over your passwords for your encrypted drives.

      Or, to use your example with the safe, say that safe was in the house that you bought, and didn't get the combination for it from the previous owners. Maybe it was hidden, and you didn't even know of its existence before the feds demanded you hand over the combination.

      Being brought up on charges for forgetting or even "forgetting" your password to incriminating evidence is already bad enough. But the scenario above is what I'm truly afraid of. The problem is, in some cases they could be treated the exact same if the judge sides with the authorities after hearing your "excuses".

    7. Re:What kind of encryption did the FBI break? by bluefoxlucid · · Score: 4, Interesting

      That's not the issue. The government has a job to do, but they have certain responsibilities. The police are allowed to lie, cheat, threaten, frighten, and do all kinds of things to bend a confession out of someone; these confessions are then admissible in court. Police are not well-trained interrogators; a well-trained interrogator could get anyone to confess to anything in short order. Still, locking an innocent young woman in a room with a big scary angry police man is going to get some level of cooperation...

      Do we want this? Do we want thug-cops that beat confessions out of people, psychologically or physically? Do we want courts that say, "Well, we know you're guilty, so give us all the evidence against yourself and fuck constitutional law!"? Do we want wide-spread surveillance because you have nothing to fear if you have nothing to hide? How about inventing charges using collected circumstantial evidence to get rid of people who are not criminals, but are undesirable in society and not really liked by anyone anyway?

      The real issue is this: The government is power. People in the government have power. That makes them your adversary. You want it to be hard for them to exercise power over you and anyone else; if you're a criminal, well damn, but in support of *my* interests I hope it's very hard for them to nail *you* even though I think you should be locked up. If you murder someone, I hope they just *barely* manage to get a conviction after a huge fucking ass-dance and tons of sunken public money and massive investigations turning up some damn solid evidence before they execute you, just so the next guy whose house burned down from a fire started in a garage near a can of kerosene isn't executed because "it looks like he murdered his family, due to the use of an accelerant to start the fire some time shortly after he left his home". You fucking prove it.

      --
      Support my political activism on Patreon.
  2. "constitutes" child pornography. by Anonymous Coward · · Score: 5, Interesting

    Weasel-wording it like that makes me think it's probably random manga pictures from his browser cache and not real child pornography.

  3. I imagine it's to set a precedent by tlambert · · Score: 4, Interesting

    Conspiracy bits aside, if the FBI found something, why would they demand he open the gates to more?

    Could they not simply prosecute him based on just what they have so far? That way there would be no 5th Amendment violation, and they would (should?) have sufficient evidence so far to successfully prosecute him anyway.

    [ Realize up front that I think people like they are accusing the defendant of being should probably burn, not in Hell, but in the here and now ... ]

    I imagine it's to set a precedent.

    If the demand is not successfully defended against, they are more likely to be granted a future order without expending "considerable resources". The next time, they will be able to argue "we could expend considerable resources and crack this drive too, but since it's going to be decrypted one way or the other, you might as well have him hand over the keys now". It's a really thin wedge, given that the FBI claiming someone owns a drive when they don't claim ownership, so 5th amendment considerations would likely still attach, but they might be able to find an agreeable judge to push the precedent a little further.

    Using the sparing sector list as part of the key might confound decryption, if the encryption is drive level rather than all in user space where it could be fed a false set of sparing sectors, so it's possible that future SanDisk products (among other SSD vendors) might be immune from use of forensic copies.

    I think though, that 5th amendment issues might still attach, if they can't demonstrate that he actually has the keys. It'll be interesting to see if the defense tries to play it that way, and what results, if any, come from that angle.

    The "it's manufactured data" angle would also be interesting, since presumably they could have obtained pictures and financial data from other sources to make it appear that way. Given that the FBI has "considerable resources" to expend on this type of thing, it's not that unreasonable to ask how those resources were expended: decrypting the drive, or manufacturing evidence which can only be disproven if the drive is decrypted with the keys he may or may not have in his possession, since if it's manufactured, it might still not be his drive.

    I'm glad the court ruled against the forced decryption initially, and it will be interesting to see how this plays out, and whether the FBI gets their wedge, and if so, they are successful in using it to leverage further erosions of 5th amendment in a future case, or not.

    1. Re:I imagine it's to set a precedent by wvmarle · · Score: 3, Interesting

      It seems the current situation is:

      Prosecution: "This is an encrypted drive, give us the password."

      Suspect: "That drive doesn't belong to me, can't help you."

      I don't see how suspect could plead the 5th in this situation, as doing so implies this encrypted drive is his, and that he knows the password and contents (as otherwise there is no ground to plead the 5th). To get to that point, the prosecution would first have to prove the drives are indeed his.