Slashdot Mirror
Judge Orders Child Porn Suspect To Decrypt His Hard Drives
An anonymous reader writes "After having first decided against forcing a suspect to decrypt a number of hard drives that were believed to be his and to contain child pornography, a U.S. judge has changed his mind and has now ordered the suspect to provide law enforcement agents heading the investigation with a decrypted version of the contents of his encrypted data storage system, or the passwords needed to decrypt forensic copies of those storage devices. Jeffrey Feldman, a software developer at Rockwell Automation, has still not been charged with any crime, and the prosecution initially couldn't prove conclusively that the encrypted hard drives contained child pornography or were actually Feldman's, which led U.S. Magistrate Judge William Callahan to decide that forcing him to decrypt them would violate his Fifth Amendment right against self-incrimination. But new evidence has made the judge reverse his first decision (PDF): the FBI has continued to try to crack the encryption on the discs, and has recently managed to decrypt and access one of the suspect's hard drives... The storage device was found to contain 'an intricate electronic folder structure comprised of approximately 6,712 folders and subfolders,' approximately 707,307 files (among them numerous files which constitute child pornography), detailed personal financial records and documents belonging to the suspect, as well as dozens of his personal photographs."
First porn for kids post!
Reading that made me ask three questions:
1) What kind of encryption did the FBI break?
2) Can they do it again, for any arbitrary encrypted data?
3) If 2), what kind of decryption should we use instead of 1) ?
http://en.wikipedia.org/wiki/Plausible_deniability
So the judge says no you can't do it. Then the FBI goes ahead and does it anyway. Then with this evidence they get the judge to change his mind.
Now, since apparently he did have some child porn, I'm glad he will go to prison, but what's the point of a judge saying no if the FBI will just do whatever it wants anyway?
Weasel-wording it like that makes me think it's probably random manga pictures from his browser cache and not real child pornography.
Pedophiles are animals, and don't deserve rights. Rights are for people, not monsters. If I had a pedophile in a room by myself and some one told me I had an hour I would literally put on some latex gloves, shove a huge tube down their pee hole and cut around it, then I would take a hot iron and burn the remaining portion to leave them dick-less but still able to piss out of the "straw."
It disgust me that this judge was going to let him off in the first place. Fuck pedos and fuck their stupid shit. They're all scum and I want them to all die in a bloody typhoon of death.
He should inform the honorable judge that he's forgotten the decryption parameters or whatever they are called.
This way, he puts the ball back into their court. That is, to prove that he indeed still remembers these parameters.
That will be a tough one to prove.
1) Why can't they break the rest?
2) Why haven't they charged him yet?
having an "intricate electronic folder structure" complete with "detailed personal information" is nefarious? Isn't that, essentially, every install of every desktop OS ever? Hell, I think in my 13k file music collection sorted by album and artist there's EASILY 3k folders. And I think elsewhere on the same drive I have my tax returns...
"Sorry, your honor, but I have forgotten the decryption password." or, actually, that would be stupid since it would imply they are his. It should be "Sorry, your honor, I never had the encryption password". Unless the FBI has concrete proof he actually decrypted them in the past, they're screwed. Go back to cracking away. I also want to know the encryption that they supposedly cracked. Unless it is junk, it is more than likely that they brute forced the encryption passphrase for that hard drive.
It's disgusting if he has CP, but something something plausible deniability.
It's like the IT worker with no morals who quits in an organization where he held all the passwords and then promptly claims to have forgot them all when the company demands them right after they quit. You cannot prove if they were forgotten or not.
Actually refusing to give them out is grounds for legal action in both instances.
-- filgy
So, anyone know the punishment for not complying vs. the punishment for possession of child pornography? In other words, some people have refused a judge's orders and served out a few years, vs. if this guy does comply, does he look at lots more time?
Personally, I think any child pornographer's are scum of the Earth, but if I were facing serious charges like say murder, and a judge ordered me to decrypt a drive I knew would cause me to be incriminated, I'd tell him to take a flying leap.
Where pixels of a certain colour arranged in a certain way on a screen and even the bits used to represent them are illegal. I hate kiddy porn as much as everyone else but feck it throwing people in jail for looking at pictures is taking the piss.
wasn't there already a case in which being forced to decrypt one's hard drives was deemed self-incrimination?
IT IS FURTHER ORDERED that on or before June 4, 2013, Feldman shall do one of the following: (1) meet with law enforcement agents who currently maintain custody of the above- identified storage devices and, without being observed by law enforcement agents or by counsel for the United States of America, enter the appropriate password or passwords into forensic copies of the above-identified storage devices so as to decrypt those devices and allow law enforcement personnel to continue their examination of the files contained therein;
So first, this could be drawn artwork, with no one harmed in the process. Its treated the same in the US. That is stupid.
Secondly, when people are harmed to create child pornography, possession and distribution of the evidence is illegal, and comes with very harsh penalties. This drastically reduces what the police can do, while increasing the confidence of the creates that those they sell to won't turn to the police.
Suppose possession of child pornography was legal, but its creation was not (if it involved real people). This would make any one who acquired any perfectly comfortable submitting it to the police, which would drastically help catch those involved.
You could even ban selling it (but maybe not buying it), and make it except from copyright to cut of the funding. Then any child pornography that got out could be legally circulated, so there would be a nice supply, and no demand to create or purchase any, since the market price would be 0, and its also illegal.
Sure, some people would be bothered by having easy access to child pornography, but I consider hiding our societies crimes from public view (and thus allowing them to continue more easily) worse that exposing them for all to see.
Supposedly they have kiddie pron on the part that's been decrypted. Why don't they just try him on that basis? The excuse for how 5th Amendment protections no longer apply strikes as the worst kind of legal contortionism: http://ia601700.us.archive.org/6/items/gov.uscourts.wied.63043/gov.uscourts.wied.63043.6.0.pdf
(Note: I am not an american citizen and my understanding of the american legal system is therefore limited)
Constitutional rights in the USA should be absolute. Decrypting an hard drive should or should not be covered by the fifth amendment. New evidence should not change its constitutionality because a judge changed his/her mind. I believe that hard disk encryption is too important in too many cases to let a "local" judge decide whether it is constitutional or not. American citizens (or whatever representative has that power) should ask the supreme court to decide on that matter.
What's the penalty for saying "No"?
Table-ized A.I.
So I just read the judge's order granting the ex parte request, and there is something I am confused about. If the 'limited decrypted version' they supposedly have contained child pornography why is he still not charged with a crime? Something seems fishy here.
"In addition to numerous files of child pornography, the decrypted part of
Feldman’s storage system contains detailed personal financial records and
documents belonging to Feldman"
I'm willing to bet they have the file structure (names of files) but have no actual file data, in which case the governments request would add a lot to the case instead of the "little to none" the judge is using to justify the use of the forgone conclusion doctrine.
Not defending anyone for child pornography, I just like everyone else don't like seeing the forced self incrimination of people using the 5th amendment.
they decrypted and found cp?
isnt that enough to charge him?
I only applied a few grams of pressure to the trigger, it's not really my fault the bullet went through his brain.
It's a kinda roundabout way of saying, "You can't [or at least don't need to] give or show them the secret spell, but you better perform it and release the rune for the witches to see, or may they rain hell on you from every applicable plane of existence."
(Magic analogy, because car analogies are so passé.)
You can hold down the "B" button for continuous firing.
If they have an image of a child in a sex act then the guy is done. All they need to do is show the judge 'look what we found' (aka HAVE EVIDENCE) and the guy should be toast. If they really did have even just a SINGLE image he's guilty. They don't need the rest of the drive to convict him.
So that means:
1. What they found is not child porn per se.
2. What they found is 'art' of a nature that would imply that there IS child porn on the drive.
3. They really haven't gotten shit and are throwing a hail Mary.
Its not like the Government can lie to a suspect (they can). But they cannot lie to a Judge (but do).
This case stinks.... if they had the proof they'd show it to the judge. Commence trail by innuendo.
Um, I have a few questions:
1) If they have already accessed one of his drives and found thousands of photos in it, what more do they need to charge him with multiple crimes?
2) From a strategic standpoint, let us say that he a) knows he has illegal photos on his other drives and b) knows he will be charged with possesion of the photos that have already been accessed by the FBI. What possible incentive does he have to do as the judge orders? He knows he will get an incredible prison sentence, probably, but also that he will be charged with being a sex offender regardless. So he decides to sit in jail and ignore the judge. He knows he will never get out, most likely...so how is this not an empty order by the judge?
I practice stenography. Most people find a file, assume it's just an executable or what not, and move on, never realizing that the incriminating evidence was there the whole time. If this guy really wanted to be a dick about it, he could have taken perfectly benign pictures and changed the file names to sexy 6 year old or whatever these ass hats look at.
Whenever a player quits EVE to go play WoW, the Average IQ of both games increase.
If they have sufficient evidence that both the existence of kiddie porn on the drives, and the defendant's ownership and control over those drives, are "foregone conclusions" (which is the standard that needs to be met to avoid 5th amendment protection), why isn't he simply charged on the basis of that evidence?
FBI got into one of the drives (how is irrelevent). They found kiddie porn.
Now that he can (and will) be proven guilty, not sure if self incrimination is still possible since he is already incriminated. Unless of course there is evidence of further crimes (snuff porn perhaps) on those drives.
I am very small, utmostly microscopic.
Or else what exactly? This is what I don't understand. What is the threat against him if he refuses to comply? if he already knows they have other images from other drives, he surely knows that he is epically and royally screwed for the rest of his life. So why would he comply?
when they said intricate folder structure with porn my first thought was of xkcd 981.
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
And that is a full violation of the fifth amendment against self-incrimination.
I don't give two fucks if it's CP or terrorism - we have LAWS.
Thankfully, these laws don't stop me from triggering a full economic meltdown.
And that meltdown is coming.
Enjoy being enslaved to China for your food - both you and your current offspring.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
I noticed the lack of prohibiting a keylogger - though technically would(n't?) that count as observation?
Quo usque tandem abutere, Nimbus, patientia nostra?
With all the silliness in the courts anymore, looks like in order to maintain any sort of confidentiality we're gonna have to take a chapter from the military's book on how to keep the secret stuff. . . well . . . secret. ( Not their new book mind you, since the Chinese are stealing secrets left and right these days :D )
Radical, probably. Effective ? Absolutely.
Of your hard drive stack, ensure the top slot is available. Open an old drive chassis and gut it. Fill with Thermite. Place said unit above other drives. I leave it to you to figure out how to wire it out to initiate the burn. Perhaps a key or, for the really paranoid, wire it to fire by opening the chassis ( intrusion switch ) or ( insert your own imaginative idea here ).
The idea here isn't to make an explosive, just some molten metal to wreak havoc on the drives below it. See you recover the keys for those. . . .
( Oh and remember, a little Thermite goes a long way. Don't go crazy with it )
Number of years in jail does make a difference.
He's already incriminated. The evidence is there that the drives are his. FIfth amendment against self incrimination doesn't provide protection against a search with warrant. Whether it's a house or a disk drive.
that is one festering pile of gibberish you barfed up there
Yes, without being observed. All they want is the decrypted contents. They don't need to know what his actual password is.
This is slashdot, so of course everyone wants to explore the ways to get around this attempt at accessing personal encrypted data, but I hope everyone's not missing the bigger point:
In the first world it is illegal for an individual to possess information. It's just evidence as far as the government is concerned. If he were accused of producing the child pornography, then it would be legitimate that he is facing prison. But simply possessing information will get him sent to prison for what amounts to prosecution for deviancy. This is fascism, this is a socially irresponsible response that does nothing to address the problem, and it is wrong.
"autonuke"
The geek brings into court over-complicated and improbable scenarios, to be presented in a way which will seriously piss off a judge and jury.
"Suck it in, dolts, it all makes sense the way I tell it!"
This is how it is supposed to work in our justice system. Before they knew that there was any pron on the drives, you cannot be forced to self incriminate. Once they know there is something there, (in this case by guessing his password on one drive) it is no longer a matter of self incrimination but one of degree, and you can be forced to reveal the password.
The same holds true for a combination lock. If they know you put something illegal in there, through a recording or whatever, they can force you to open it.
Lets say by ignoring the judges order, he gets 10 years for having , say, 100 photos. The judge gives him an additional 2 for contempt or something.
The alternative is giving the passwords away, allowing them to search, thus finding the additional 900 photos he had. He probably won't get a mere 10 years for those 900. So again, what is his incentive?
It's probably more like the court ordering you to unlock a safe when they have a warrant to search its contents.
-- Sometimes you have to turn the lights off in order to see.
FIfth amendment against self incrimination doesn't provide protection against a search with warrant.
So? They have the hard drives - let them use that evidence. This is an abuse of the "foregone conclusion" doctrine, which has been used (only since 1976 - it's hardly ancient) to force people to hand over evidence. It originally arose in a case about tax files. But suppose somebody wrote all their records in a language they invented and only they knew. They could be forced to turn over those records, but asking the accused to translate them into plain language would be self-incrimination. That's the proper analogy here. The police/FBI have their physical evidence. Let them figure out what it means.
Conspiracy bits aside, if the FBI found something, why would they demand he open the gates to more?
Could they not simply prosecute him based on just what they have so far? That way there would be no 5th Amendment violation, and they would (should?) have sufficient evidence so far to successfully prosecute him anyway.
[ Realize up front that I think people like they are accusing the defendant of being should probably burn, not in Hell, but in the here and now ... ]
I imagine it's to set a precedent.
If the demand is not successfully defended against, they are more likely to be granted a future order without expending "considerable resources". The next time, they will be able to argue "we could expend considerable resources and crack this drive too, but since it's going to be decrypted one way or the other, you might as well have him hand over the keys now". It's a really thin wedge, given that the FBI claiming someone owns a drive when they don't claim ownership, so 5th amendment considerations would likely still attach, but they might be able to find an agreeable judge to push the precedent a little further.
Using the sparing sector list as part of the key might confound decryption, if the encryption is drive level rather than all in user space where it could be fed a false set of sparing sectors, so it's possible that future SanDisk products (among other SSD vendors) might be immune from use of forensic copies.
I think though, that 5th amendment issues might still attach, if they can't demonstrate that he actually has the keys. It'll be interesting to see if the defense tries to play it that way, and what results, if any, come from that angle.
The "it's manufactured data" angle would also be interesting, since presumably they could have obtained pictures and financial data from other sources to make it appear that way. Given that the FBI has "considerable resources" to expend on this type of thing, it's not that unreasonable to ask how those resources were expended: decrypting the drive, or manufacturing evidence which can only be disproven if the drive is decrypted with the keys he may or may not have in his possession, since if it's manufactured, it might still not be his drive.
I'm glad the court ruled against the forced decryption initially, and it will be interesting to see how this plays out, and whether the FBI gets their wedge, and if so, they are successful in using it to leverage further erosions of 5th amendment in a future case, or not.
they're trying to set a legal precedented to override the 5th for future cases, IMHO.
I am not a lawyer, but I suspect that even the most evil SC we can imagine will determine that if a suspect is not subject to prosecution in the absence of an action, then that action is protected.
Imagine again. The Rhenquist SC (generally less evil than the current Roberts SC) said http://en.wikipedia.org/wiki/Herrera_v._Collins that provable actual innocence of a crime is no reason to bar a State from executing someone once they've been sentenced by a court.
An SC that says we can execute someone who can prove they did not commit the crime would certainly be able to authorize anything a prosecutor wants to do. Ironically the generally-more-evil Roberts SC today issued a ruling that substantially undoes the one I cited.
I don't get this at all.
Firstly the just says the 5th amendment prohibits the government from requiring he provide evidence with which to charge and possibly convict the defendant. That was a fact set in stone.
Then the FBI claims that one of the drives have been cracked and they have proof of offending material as well as data present which proves ownership of the drive.
Great. But how does the collection of additional evidence change his constitutional rights against self-incrimination? Perhaps I'm just a big dummy, but providing the government with MORE information is still providing the government with information which incriminates.
Seems to me the government is probably lying about having cracked his drive and wants a fishing license. If they had REAL evidence, they wouldn't need to decrypt any further than they have.
Your Honor,
This data isn't encrypted, these are records for my business written by a program that I do not have the source code for, and the company that wrote the program was incorporated in Outer Mongolia and is out of business. And your honor, the program that would be able to read these records was accidentally destroyed last month, and I have no backups.
--------
Let them prove me a liar.
When the summary says "numerous files which constitute child pornography", are we talking about nude photos of kids (e.g., his own, or friends') in the bath or something like that? In that case, I can totally understand them wanting more substantial evidence against him.
Also, is having "an intricate electronic folder structure comprised of approximately 6,712 folders and subfolders" a crime now? Good God. I have over 10,000 in my home directory alone. Looks like I should expect the FBI to come knocking any moment.
Does this mean the U.S. government is just a bunch of pervs and wants to see this guy's kiddie porn stash?
Too bad he doesn't work for the IRS, he'd be immune.
we're all about to become "child porn suspects".
I'm guessing it's this part of it that protected him:
"nor shall be compelled in any criminal case to be a witness against himself"
There's no clause in the fifth amendment that says "...but if we have good evidence you're guilty, then you have to tell us what we need to know in order to get more evidence."
The police put you in a room and say "CONFESS", and you refuse. Judge says "that's right--you don't have to confess to anything. In fact, you don't have to say anything at all. You can remain silent."
Later, the police find some evidence that suggests you really did something illegal. And really socially repulsive.
Judge thinks for 2 seconds and realizes "Who's going to defend a kiddy diddler? I can rule however I want against this guy and get almost no political backlash. But if I "defend the constitution", I'm a liberal judge letting a monster get away on a technicality." Not a difficult decision for a pragmatic public servant. "Let the beatings begin.".
First they came for the child rapists and I said nothing because everyone would think I was one, too.
"Reality is that which, when you stop believing in it, doesn't go away." - Philip K. Dick
The prosecutor should have to make his case as if the defendant is in absentia.
Wouldn't handing over an encryption key be equivalent to saying: "Yes, this is my computer/data."
Until he hands over that key, he could deny it is his computer, or that he ever had the key. He could claim it was planted there. But as soon as he provides a key, he has admitted it is his computer. And doesn't forcing him to do that violate the fifth amendment?
It's probably more like the court ordering you to unlock a safe when they have a warrant to search its contents.
Last I heard, the FBI can't prove he owned the drives. It is more like the court ordering you to unlock a rented locker (with a combination lock) in a gym, before they can show it was you who rented it. By unlocking it, you proved the content are yours.
They managed to decrypt one of them. As we know, the FBI has nothing better to do with their time, and they have a good idea of the sort of passwords he uses, so they'll probably crack the rest in a little while, if they don't just throw them in a box for the 10years he's in prison and crack them with computers that run at 2^5 times the speed of their current machines then.
Depending on what he has on there, they may not be able to lay out powerful enough threats to make him decrypt the remaining drives, but I don't think this particular guy is what most of us are really concerned about in this case. What IT professional doesn't have an encrypted drive around with hacker tools and perfectly legal stuff they don't want decrypted? Say my neighbor downloaded something sketchy and they know I frequently use his wireless...decrypt my drives for them and have it reported that I had "intricate filesystems containing zillions of porn images and suspicious tools" or spend a few months in jail for contempt? Hence why your normal /.er is all excited about the implications here.
Ok, while not what is going on in this case since stored his files directly and relied on simple encryption, which ultimately is stupid.. But lets say you just setup a freenet node, insert all your stuff into the freenet-cloud and delete your local copies. ( or something similar.. )
Then you store the keys/links in an encrypted ( and if you are smart, hidden ) volume. Would that constitute possession of ' bad information'? You don't have the actual banned data and you just know how to get to it, no better or worse than google search.. It also doesn't prove you ever accessed it, as long as you don't keep browsing history.
Now that isn't to say that i would want a pedophile finding a way to hide, but i can see this becoming an issue for other people who are declared 'political dissidents' as that line is slowly moved to include more and more people over time.
On my work machine:
I really don't see how it applies to self incrimination. This is really no different than handing over a combination to a safe.
The point of the 5th is to not force people to talk not make it impossible for police to investigate and prosectutors to gather further evidence.
We live in a world where advertising is considered protected free speech to get around laws preventing overt advertising in areas and corporations are "people", government wrongdoings are protected under the umbrella of "national security", but an ordinary citizens have to divulge information that could basically be considered a means of self incrimination.
-What's the password?
-12345.
-Didn't work.
-Well, then either the drive isn't mine or you guys screwed the filesystem.
He can own it.
I'm imagining a hard drive with a built in set associative flash cache and the ability to load data into the cache without writing it to the disk. Then you put a key part of your encryption keys into the cache without writing the to the disk.
If someone makes a bit copy of the drive, they will invalidate your cache and erase your keys.
Sure it would be possible to copy the cache before copying the disk, but that would involve popping open an ASIC and extracting the bits the hardway.
It sounds like a trap. They let him into the system unobserved, and then he deletes everything instead of decrypting it. Now he's in deeper shit for destroying evidence. Except, of course, they've got a backup copy of everything. But they can still pin him with tampering/destroying evidence.
Hopefully, he has two different passwords One that actually decrypts the drive. The other one runs a script to wipe out the drive...give me that one. My drive, my data....contempt of court? Yeah, but you still don't have access to it do you?
"new victims" They accused him of possing kiddy porn didn't they? Not *making* it. I notice its usual to conflate the two these days, but that's marketing too. An image of a murder victim is not the same as murdering a person.
" "6712 folders" and seven hundred thousand plus images they contain."
They said files not images. The computer in front of me is a vanilla Windows 7 machine, with some apps on it, it has greater than 32000 folders and more than quarter of a million files (its taking too long to count them). I can't be bothered waiting for it to do the count. I've also visited 4chan,
So they are marketing it, and so did you.
Pay attention to any politician or cop who has to testify under oath. Use their magic words "I don't recall". At this point they already know the drives are his.
Only the State obtains its revenue by coercion. - Murray Rothbard
"If am coerced into giving you evidence ..."
That's the legal distinction. You CAN be forced to hand over evidence. You can't be forced to testify. If the cops have evidence that something I have is evidence of a crime, they can get a court order and take possession of that evidence.
The current ruling is that the files are evidence, so he can be forced to hand them over. Before any drive was decrypted, it hadn't been proven that the he COULD decrypt the drives. Maybe he bought them used and the previous owner encrypted them. The judge's earlier ruling was that he couldn't be forced to SAY "I can decrypt those files (they are mine). Giving up the key would be equalivent to testifying that the files were his. That would have been testimony and therefore protected under the fifth amendment.
Now that the judge is satisfied it's proven that the encrypted drives ARE his, the big question is "what is on the drive" and that's a question of evidence, not testimony. As evidence, it's not protected by the fifth amendment protection against TESTIFYING against useful.
in court demonstration of how the one hard drive was protected, steps they took to try to get into it, what finally did work, and how they found what they say they found.. AND reveal to the court exactly what it is that they found... along with a full audit and custody trail of the confiscated equipment from initial seizure to present day.
if they can't or won't do that.. it's all make-believe to try to coerce cooperation or confession from the suspect...
A good prosecutor never lets something like the law get in the way of a conviction.
I am John Hurt.
The password is in his head. You saying they have the right to extract it?
This is some hellish hyper Orwellian shit going on right here.
Child Pornography has been used by government officials and politicians worldwide to "install" them into the computers of their political enemies and blackmail them. Remember that famous case concerning a prominent Swedish politician where his computer was hacked with NetBus (or BackOrifice, either one) and loaded with kiddie porn, and the police get tipped-off "coincidentally" to investigate, ending that guy's career and ruin his life forever?
That is why civilized society like Japan, CP is legal to possess (but illegal to resale / transfer). If you want to catch the real monsters, you will have better luck in Catholic churches and synagogues.
New Economic Perspectives
Before any drive was decrypted, it hadn't been proven that the he COULD decrypt the drives.
That still hasn't been proven. Maybe he forgot the passphrases years ago. Also, he has already handed over the evidence. It's not his fault if the FBI is too stupid to crack all of the encryption. What he is being compelled to do now is help the prosecution make their case against him more compelling, at least to a jury, by giving them the rest of the passphrases. That's a pretty clear 5th amendment issue. Yet another judge who wipes his ass with the constitution. Anything in the name of child porn. Every right will eventually be lost to a combination of child porn and terrorism. The two greatest weapons of pro police state fascists.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
No. It's more like the court ordering you to give the prosecution some additional evidence to help them ruin your life and/or kill you. There is no way for the court to know or to prove that the suspect has any idea what those passphrases actually are. Suspect says he doesn't know them. Court tells him that if that is true then he is fucked because the court doesn't believe him. He then gets life in prison without a trial for contempt because the judge doesn't believe him.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
I'm not arguing about whether it's right or wrong.
I'm just pointing out that in a number of ways, forcing someone to decrypt an encrypted disk isn't that dissimilar from compelling a defendant from unlocking a combination safe. In both cases, it unlocks a trove of data, and can give the prosecution evidence to help them ruin the defendant's life.
-- Sometimes you have to turn the lights off in order to see.
very approximate.
CLI paste? paste.pr0.tips!
If it were there would be none of these issues as males would just convert to islam or a religion that recognises the early jewish law books and marry a very young girl.
Re: You have a problem here. All the feds have to do is go before the judge, start with an archived copy of the original disk which can be proven to be bitwise identical, apply the correct decryption process, and when out pops all the data they claim was there you'll have to explain how they got the original encrypted bytes to decrypt directly into the alleged criminal data.
I can make you a one-time pad that can decrypt any X of length $L_x$ into any Y also of length $L_x$. Just fucking XOR the values of X and Y and call that Z = (X) xor (Y) . Now, Z is the XOR-decryption-encryption key that will transform X into Y. That can be done for every fucking Y possible in the world. Of course, this is charlatanry. You're not going to use a one-time pad of length 1-terabyte, or are you?
But it's trivial. Say that my code is "12345". Say that I want to decode that into "fuxor". Set Z = "12345" xor "fuxor", and say that Z is the encryption key. Now, (Z) xor ("12345") = "fuxor". Tada. La Voila.
But what if instead I wanted to prove that "12345" really encoded "itsCP" ?? Well, claim that Z_2 = "12345" xor "itsCP". Now, (Z_2) xor ("12345") = "itsCP". Ohmifuckinggod, the code "12345" decodes into the obvious claim that "itsCP"!!! There can be no other answer!!! Hang'em!
And that can be done for the noisy chaff that is encrypted data too. It's like the Queen in Alice Wonderland explaining what words mean: "I can make them mean anything I want them to mean!"
in other words, tl;dr: I can make a one-time pad to prove it's anything...
They could move to an Islamic country or a country that follows Deuteronomy (22 28-29, hebrew), and marry a little girl.
That would be good. Their children could fight against you and your religion (US law)
Lots of posts above say the law enforcement officers in the article must be lying. I can think of a scenario where what they are saying makes sense.
Imagine the following setup. Windows 7 desktop computer, two disk drives. Strong encryption on the d drive. They break the Windows 7 system after some effort. In the browser cache and perhaps logs the see that he has some nasty pictures, has downloaded and spent a large amount of time looking a jpegs on the D: drive in folders with names implying child porn. Nude girl pictures organized by age or whatever. Some of the file names may be relatively well known file names. There are likely enough pictures that can be seen on the C: drive to convict.
The idea is that he boots up windows and unlocks the d drive manually every time he feels the need. You can tell some of what is on it by paths and such.
That said, I personally do not think this is constitutional unless he is given immunity from what is found there if forced to disclose the password.
Deuteronomy 22 28-29 in ancient Hebrew states that if a man rapes a young girl he keeps her and pays her father some money.
Deuteronomy also says to kill those who say to follow another god/judge/ruler. You want us to follow US religion/law.
In Dueteronomy the man is ba'al: master
The God of Deuteronomy is worthy of worship.
Your prison state and religion is not (USA), though you people demand world wide obeyance.
Considering the allegation against this man, this is pretty damning for him whether he truly was guilty or not to begin with. Saying you were accused of child pornography and even found innocent is still going to stop anyone from wanting him..
Deuteronomy 22 28-29 in ancient Hebrew states that if a man rapes a young girl he keeps her and pays her father some money.
Deuteronomy also says to kill those who say to follow another god/judge/ruler. You want us to follow US religion/law.
In Dueteronomy the man is ba'al: master
The God of Deuteronomy is worthy of worship.
Your prison state and religion is not (USA), though you people demand world wide obeyance.
.
Deuteronomy 22 28-29 (In hebrew)
2 Samual 12 (little lamb).
Marrying/keeping young girls is fine in the deuterocanonical religion.
Overthrow the global US religion that denies males sweet nice cute young girls.
There is no pursuit of happiness nor freedom of religion in america. I has it's own religion. Overthrow it.
Let's assume for the sake of argument that this guy is, indeed, guilty. Legally, however, he's no more than a suspect until proven guilty. Since when are defendants required to assist in incriminating themselves? I thought that your constitution protected against that? It's a very, very slippery slope this judge is going down here.
I see no way that a judge has the power to compel a defendant to do anything other than appear in court to face his accusers, and send him to prison if convicted. It's a fundamental right to hire an attorney to speak on your behalf and put the burden of proof on the prosecution. There's just no way contempt of court applies.
He handed over the evidence. If he were the last living speaker of a previously unrecorded language and they couldn't interpret his seized personally diaries, it's tough luck on the prosecution. How can he be compelled by court order to do anything beyond appear in court and let his lawyer speak for him? It can't possibly stick.
...and I absolutely cannot figure out the passphrase to save my life. I have some old code on that drive that I want back. I think it is on that drive anyway. Oh well.
Now that drive is several years old.
I guess it is plausible that this dude forgot his passwords, but to forget 6?
Question, are there unencrypted timestamps anywhere (either the drive itself or on the PC he used to access the drives) that can prove when he last accessed those drives?
I am very small, utmostly microscopic.
They can and should have done something.
Common Law legal definition of assault:
"An assault is carried out by a threat of bodily harm coupled with an apparent, present ability to cause the harm. It is both a crime and a tort and, therefore, may result in either criminal or civil liability." [ http://en.wikipedia.org/wiki/Assault ]
Note the use of the wording "threat.." to "..cause the harm."
In law school I read case to demonstrate this principle. A person (a black person, in the case) who's lunch tray was yanked out of his hand in the company lunch room. Although, the timing of the case had some real relevance to affirmative action at the time, the courts came down that that action was an "assault."
The way to look at it is: Assault: fear of injury, followed by Battery: the actual "hitting."
Sue the kids, the parents and the police in your area of the rock-throwing-assualt-zone.
Or (1) Avoid that area, and instruct your children there is plenty of trouble in the world, don't look for it, learn to avoid it. (2) Explain what "selective enforcement" is. Or (3) Explain how the U.S Judicial system and the police actually "do their jobs", in the hopes the next generation can try and fix what is now broken (Legislation and enforcement paradigms.)
Three choices... pick two..
What IT professional doesn't have an encrypted drive around with hacker tools and perfectly legal stuff they don't want decrypted?
People tend to overestimate the number of people that are like themselves. Just because you have such an encrypted drive and you know of other examples doesn't mean that it's most, let alone your implied virtually all.
Say my neighbor downloaded something sketchy and they know I frequently use his wireless...decrypt my drives for them and have it reported that I had "intricate filesystems containing zillions of porn images and suspicious tools" or spend a few months in jail for contempt?
I'm afraid if the feds have a search warrant for your property, you don't have the choice to refuse. That's kind of what a warrant is. You don't have a right to refuse access because it's an encrypted drive any more than you have a right to refuse access because you have very good locks on your house.
If you have something illegal but unrelated to the "sketchy" file, than bad luck, you may be prosecuted. That's the risk you took when you did the illegal thing. Encryption doesn't give you some kind of right to do illegal things with impunity.
If there is nothing illegal than you're in the clear.
Note, this isn't a justification for fishing expeditions by law enforcement, any more than it would be for a house search warrant. The point I'm making is that it isn't any different from the long standing precedent of search warrants for property. A failed search for stolen goods may still end up with a drug violation being prosecuted.
The legal distinction is between being required to:
a) "Testify" against yourself, which is protected by the 5th.
and
b) Being required to produce documents, for which the "existence, control, and authenticityâ has been established. Which is not protected by the 5th.
There's no dispute that the files on a disk are documents. And having established "existence, control, and authenticityâ, by cracking one of the disks, he's being required to produce the rest of them.
This case is a classic example of "foregone conclusion", not an abuse of it.
Having said that, clearly the digital age has brought uncertainty to this general area, and a new law that is clear about where the lines are would be better than navigating case law, and trying to apply it to new circumstances.
> an intricate electronic folder structure comprised of approximately 6,712 folders and subfolders, approximately 707,307 files Somebody foudn the C:\windows directory :)
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
No, I'm saying once the "existence, control, and authenticityâ of documents have been established beyond reasonable doubt, the defendant has a duty to produce them.
Not doing so is contempt of court, and would probably add to his sentence.
This is true regardless of what novels you chose to mention.
So they cracked one drive that shows it contains his personal, private data and also contains child pornography... This isn't enough to convict based on.......?
Do they just want the numbers to look bigger once they convict? I don't get why what they have isn't enough.
I do see your point. On the other hand, if I have some evidence of your innocence locked in a safe and I'm ordered to turn it over, I have to unlock the safe and hand you the evidence. I can't just hand you the safe and say "good luck".
More accurately, if it's good encryption, it would be more like encasing the paper evidence in concrete, then handing you the block of concrete.
There are two sides to this question. The fact that the judge ruled he did NOT have to decrypt it, then when the facts changed ruled the other way means that the judge is considering both sides.
If they really broke so much of his encryption and found child pornography related stuff, why has he not been charged? Sounds like they don't have any real proof at all and want HIM to provide them with something to use. I don't need to be a judge to say that would come under the fifth.
Some people feel that if you use encryption, you must have something to hide. That idea is often promoted by prosecution in law enforcement. Ever written a short letter to someone? Why didn't you use a post card? "Do you have something to hide, citizen!?" Of course not. That logic needs to be shot down right up front. If someone encrypts their hard drives, it's not because there's evidence of a crime. It may just be because what is on them is nobody else's business, even the government's.
Why not ask the government sometime if you can look through their hard drives. Expect to hear words like "confidential" and/or "national security" or "executive priviledge". Ok. Maybe those things apply sometimes. How about these words: "private", "personal security" and "personal priviledge". Don't those words apply too?
It wouldn't be so easy to be critical of such things if the law worked both ways.
This tells us that the FBI is not all it is cracked up to be. In other words, they can't decrypt. Interesting to know.
The gratuitous description of his file structure makes me think there is a small typo in the write up. I believe they actually caught him with a huge stash of Child Object Porn.
It's good to know that slashdot presumes that I can do whatever I want illegally as long as I store the incriminating information on an encrypted disk.
Seems like his mistake was putting it on his own hard drive; he should have stored everything in an encrypted volume somewhere publicly accessible in the cloud. Access the file from a couple of different IP addresses every now and again. The more people have physical access to the file, the stronger your argument that decrypting the file would give the government something it can't already prove, i.e., that the file is yours. Just make damned sure you trust your encryption.
Change the firmware of the drive to detect an attempt to read the data without the encryption key and write random data to the drive instead.
Or
Don't store all of the data locally, store 1/3 of it in 3 different places. If they lose connectivity with each other, initiate lockdown or wipe.
I'm sorry, but while I can accept that that's the way the coruts are ruling, I can't accept that as valid constitutionally. To me it looks horribly corrupt and subject to tremendous potentiality for abuse. (If I have to give you the evidence, then I don't have it to prove my innocence. If I give you access to my signing key, then you can forge messages and claim they came from me. etc.)
I think we've pushed this "anyone can grow up to be president" thing too far.
If they are established beyond reasonable doubts - surely that's all the prosecution needs. If they need to see them that doesn't sound like 'beyond reasonable doubts' to me at all.
Of course that is ignoring the fact that prosecution already have the storage devices in their possession. Rendering any 'producing' argument moot.
Once they get the 5th amendment killed off, how many will still be left again?
What better way to do that than pick cases for which people will have the least sympathy?
"You must try to forget all you have learned. You must begin to dream." -- Sherwood Anderson
If they are established beyond reasonable doubts - surely that's all the prosecution needs. If they need to see them that doesn't sound like 'beyond reasonable doubts' to me at all.
Of course that is ignoring the fact that prosecution already have the storage devices in their possession. Rendering any 'producing' argument moot.
Good job it's not your decision then.
can't accept that as valid constitutionally. To me it looks horribly corrupt and subject to tremendous potentiality for abuse. (If I have to give you the evidence, then I don't have it to prove my innocence. If I give you access to my signing key, then you can forge messages and claim they came from me. etc.)
</quote>
The law handles both concerns. He was ordered to provide a decypted copy, so he still has (or can get) a copy and he doesn't give up the secret key. That's how it's normally handled with documentary evidence - both sides get a copy.
In SOME CP cases (not this one), after seeing the evidence and seeing that it really is CP, a judge will rule that the defense only gets access to the CP evidence, they don't get to keep a copy. In the cases I'm familiar with, that decision has been made reasonably - when the photos or videos MIGHT be underage, when the defense wants to contest that, they've gotten a copy. When it's been unquestionably CP, the perv was not allowed to keep a copy to enjoy.
I've seen other injustices with regard to CP cases, but the issues you're raised have been addressed pretty well.
Interpret the headline as it really is ... Judge orders suspect to provide evidence needed for his prosecution.
This sig is not paradoxical or ironic.
Perhaps could have worded it better - as far as I'm concerned they have the hardware in question, they can help themselves to all they want to 'produce' the data whatever means they have at their disposal (and I'm sure NSA would be more than happy to oblige and disclose their true capabilities in public court).
Requiring/ordering anyone to provide their passwords is absurd and should be shot down with a big flamethrower outright. (irrespective of the particulars of this case or the obvious claims to think of the children, the terrorists and muslims coming shortly notwithstanding, the potential of abuse of such precedent in wide range of areas starting from journalism, activists and going all the way down to divorce cases or misdemeanours is ... unbelievably large.)
You just countered with evidence possessed by a non-accused. If I ship all my paper documents to a country with no judicial agreement with the US, again, tough luck on the prosecution. The power doesn't exist to compel me to order my documents to be returned to convict me.
So, the FBI has decrypted one drive. On that drive they found child porn. The judge says you must decrypt your other drives. A lot of people here say that violates his 5th amendment rights. Nowhere in the article does it say they want him to decrypt the drives so they can use the data against him. They already have child porn of his. they can, and will, get a conviction. They don't need the other drives to use against him. They want the other drives to gather data on other people he maybe traded with, or to identify victims. Un-encrypting the drives only violates this mans rights if they use the evidence agains him. Again, nowhere does it say they want to do that. What the article does say is, they have evidence that he possessed child porn. Also, for those concerned about charges, if he isn't being held in custody, prosecutors have as long as they want to file charges. The thing with charges though, is that the constitution grants you the right to a speedy trial. Once you file charges, you have to go to trial within a certain amount of time. If you hold off filing while the investigation is ongoing, you have time to collect evidence. Lack of charges doesn't mean lack of evidence. It means they haven't filed charges yet.
The order was suspended on June 4.
"Federal judge suspends order that child porn suspect decrypt own computer files or face contempt" http://www.jsonline.com/news/crime/deadline-is-today-for-west-allis-man-to-decrypt-suspected-porn-files-b9926078z1-210121531.html
"Earlier court order requiring a Wisconsin suspect in underage porn case to decrypt his hard drives for the FBI by the end of the day Tuesday -- or face contempt of court -- has been lifted." http://news.cnet.com/8301-13578_3-57587670-38/judge-child-porn-suspect-doesnt-need-to-decrypt-files/
Ruling: http://www.wired.com/images_blogs/threatlevel/2013/06/Decision-Order-DOC-8-re-Motion-to-Stay.pdf
http://stephan.sugarmotor.org
While I agree that they need to find out what is on those drives I don't agree with their method. At a minimum they should rule out a reason not to decrypt them by giving him immunity when it comes to non child porn related materials.
You just never know if someone could be thinking I don't have child porn, but I do have a ton of pirated software,movies, and music. So if I actually did decrypt it for them it would prove my innocence, however it would give them the power to charge me for pirating.
Version two. You may have information that could hurt your life, like evidence you're cheating on your wife. I don't condone cheating, it's wrong, but you shouldn't have to turn your life upside down to prove innocence to something entirely unrelated.
That's why they should destroy any unrelated obtained data and seal it from the public.
If that were the case I would agree with them telling him to decrypt it.