Slashdot Mirror
UK Computing Student Jailed After Failing To Hand Over Crypto Keys
stephendavion sends news that Christopher Wilson, a 22-year-old computer science student, has been sent to jail for six months for refusing to hand over his computer encryption passwords. Wilson has been accused of "phoning in a fake warning of an impending cyber attack against Northumbria Police that was convincing enough for the force to temporarily suspend its site as a precaution once a small attack started." He's also accused of trolling on Facebook.
Wilson only came to the attention of police in October 2012 after he allegedly emailed warnings about an online threat against one of the staff at Newcastle University. ... The threatening emails came from computer servers linked to Wilson. Police obtained a warrant on this basis and raided his home in Washington, where they seized various items of computer equipment. ... Investigators wanted to examine his encrypted computer but the passwords supplied by Wilson turned out to be incorrect. None of the 50 passwords he provided worked. Frustration with his lack of co-operation prompted police to obtained a order from a judge compelling him to turn over the correct passphrase last year. A judge ordered him to turn over these passwords on the grounds of national security but Wilson still failed to comply, earning him six months behind bars.
Everything about this is a fiasco.
"He's also accused of trolling on Facebook."
If that doesn't spell out terrorist, I don't know what does.
* draws a a giant black X over England *
Would have been nice to see Stonehenge, the castles, some Shakespeare... Ho, hum.
Maybe if enough of our younger generation see how unjust these laws are, they will vote and get the crooks out of office.
The passwords worked, they were just case sensitive and the police didn't realize they had Caps Lock on.
I'm not saying this is likely, but what if he forgot the passphrase? This was two years ago after all.
Who's to say if he has actually forgotten it or just doesn't want to supply it?
(Haven't read the article of course, so maybe they covered this...)
I wish the penalties for trolling legislation would be at least half as severe ...
Data stored digitally on your computer is the equivalent of your own memory.
Encrypting it keeps others out of it.
5th amendment protects against self-incrimination, period.
This trumped up charge needs to be dropped.
The judge needs to be de-benched and sent to prison for being a constitutional terrorist.
The prisoner should sue the City, the district attorney's office and the judge for everything they have for wrongful imprisonment, falsifying charges, and basic ass-hattery.
Who is general failure, and why is he reading my hard drive?
I'll never visit that police state. I recommend no one else does. I may be spied on in the US, but at least I'm not charged with the crime of "trolling facebook".
God damn, you eurotrash need to stop this shit before it spreads to the US.
So now threatening to deface a police website is a matter of national security. Got it.
We don't have a state-run media we have a media-run state.
There is no "5th Amendment" in the UK.
The UK has the RIPA act. It effectively gives life in prison for withholding a password. It is used similar to the following:
Judge: "What is the password?"
Defendant: "Sorry, no go."
Judge: "That will be another three years. What is the password again?"
Six months in the cooler is light compared to how the law is written, which can put someone in for life.
They won't, young people are mostly dis-enfranchised and don't vote. I'm not exactly young and I don't vote because it changes nothing (my vote under the system here is worth about 0.013 of a vote).
The problem that I see on the issue is that once you hand your computer to the police, it's easy, too easy for them to plant evidence.
Religion: The greatest weapon of mass destruction of all time
What if he did give them the right one, and they just typed it in wrong?
What if the government is lying? They can now jail you without any proof.
It is UK, so there is no 5th amendment, but I believe that they have something similar.
This is England. The Fifth Amendment doesn't apply. Period.
When our name is on the back of your car, we're behind you all the way!
Except this isn't a U.S. court. Its a U.K. court.
5th amendment doesn't apply.
Real question...what happens if somebody legitimately forgets their password? If they're paranoid (or realistic) enough to use AES to begin with, they're likely going to have a good strong password. That's a lot of entropy for a human to remember for a number of years, especially if they don't decrypt it very often.
"Never let your sense of morals prevent you from doing what is right" - Salvor Hardin
I do not remember the password.
Proof of contempt
Although the court’s power to punish through contempt is broad, contempt is meant to be exercised rarely and is presumed not to exist.
A person may not, for example, be jailed for failing to turn over property not in his possession. But for this exception to apply, the inability to comply must be involuntary. If a person puts himself in a position where he is unable to comply with the order, then he may still be held in contempt.
If I do not remember the password, it is no longer in my possession.
The judge needs to be de-benched and sent to prison for being a constitutional terrorist.
Right, because that's not reactionary at all ...
The prisoner should sue the City, the district attorney's office and the judge for everything they have for wrongful imprisonment, falsifying charges, and basic ass-hattery.
They have nothing. You can only take money from your community.
Why is it so hard to only have politicians for a few years, then have them go away?
Seems the founders of computing as we know it have lost their way.
The 5th Amendment is a US thing. This happened in the UK. They may have something comparable but it won't be identical.
Ok, this is the UK and everything is admissible. So he's done unless there some EU Right (unlikely).
But in the US -- mass lawless (warrentless) behaviour of the NSA & other govt agencies is such that any evidence from them should be considered "fruit of the poisoned vine". The agents willfully behave this way, apparently believing that prevention is more important the punishment (or that they can parallel (perjury) construct a conviction.
They want it this way, so why not formalize it?
People have argued the right to not incriminate themselves right up to the European courts, but it was rejected. When you are arrested in the UK you are told that if you fail to mention when questioned anything you later rely on in court it may harm your defence, so there is no right to silence either.
What isn't clear from the story is if this guy just forgot his password or if he refused to hand it over. The law says that the police must prove you knew the password, e.g. by showing that you used it very recently.
Either way, it's a fucked up law that needs to be repealed.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Sounds like you woke up from a coma and think it still is the 20th century.
If that is the case : Times have changed, my friend. Times have changed and not into the direction of flying cars.
Don't fight for your country, if your country does not fight for you.
That's why you create two copies: you hand one over to them with password. Second copy, you keep sealed with dual keys, like in a bank locker. You change password on the original and continue your business.
This is UK, queen and all. I don't think 5th amendment applies there.
Data stored digitally on your computer is the equivalent of your own memory.
Encrypting it keeps others out of it.
I suggest a better analogy is that it's the equivalent of a locked file cabinet of your papers. What's the law on locked cabinets?
More specifically, what's THE LAW IN THE UK?
(Hint - 5th amendment doesn't apply in the UK, so I'll kindly not comment on the rest of your post.)
SB
5th amendment protects against self-incrimination, period.
This trumped up charge needs to be dropped.
The judge needs to be de-benched and sent to prison for being a constitutional terrorist.
The prisoner should sue the City, the district attorney's office and the judge for everything they have for wrongful imprisonment, falsifying charges, and basic ass-hattery.
The problem that I see on the issue is that once you hand your computer to the police, it's easy, too easy for them to plant evidence.
No it's not...from a forensics standpoint it's quite difficult to plant evidence on a computer and not have timestamps completely out of sync with the rest of the system.
Forgetting is not a legitimate defence, much like torturers say, you would say that wouldn't you?
"He even suggested sending nasty messages on a condolence page set up for two female police officers shot dead in Manchester" this here will get you fucked up by the law. All the other stuff is just throwing whatever might stick at him in my opinion.
"Kill 'em all and let Root sort 'em out"
He is in the UK. The 5th Amendment to the US Constitution does not apply.
One of them is it only applies in the United States, not in the United Kingdom. duh.
Another is that if you agree to give up your right (i.e. offer a password), then you can be punished for lying about it (i.e. offering a false password).
excitingthingstodo.blogspot.com
Good! That's the community's punishment for voting in these asshats!
Digital files are no more equivalent to your own memory than paper files.
That's why you need two factor authentication. A password and a keyfile stored on floppy disk. Ideally an old floppy disk with multiple read errors. If you are arrested you can say that the police must have damaged the disk.
Alternatively TrueCrypt's plausible deniability works well.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Wrong, wrong, wrong, and wrong.
Leaving aside that this is UK news and the UK doesn't have the 5th Amendment, protection from being forced to testify against yourself is not based on this ideology you assume it is where your memory would be protected. You misunderstand the entire reason for the right. The reason for the right is because of the long history of forced confessions. History teaches that when the police interrogate them long enough and hard enough they can get them to "confess" to almost anything; even heinous crimes carrying the death penalty. This can be achieved without traditional torture, with just hard questioning and lack of sleep. Because of the physical power the police hold over a person who has been arrested, this is a pervasive problem in places without these protections, including historical England.
But the 5th Amendment doesn't protect physical facts, and it doesn't protect your memory; it protects you from testifying about your memory. If your memory could be read by doctors using a harmless mind-reading machine, that would be allowed, because it would be physical evidence, not testimony that might have been compelled.
Another problem with compelled testimony is where they attempt to accuse a person of lying in their claim of innocence, even before it is established that they are guilty. Prosecutors are very good at that; finding some innocent detail you remember wrong, or perceived differently than witnesses, and then using that to "prove" you're lying. And your denial contains lies, that is almost the same as a confession in the hands of a skilled prosecutor.
Another example of what can be compelled is the location of a key to safe, or the combination to a safe; assuming the police have a warrant, no physical evidence is protected by the 5th Amendment, including things like the location of a key. The safe is physical evidence, not testimony. And the location of the key is an objective physical fact that is not prone to the type of abuse that a compelled confession is.
And you would send a judge to freakin' prison over your lack of understanding of the very rights you claim to value, yet somehow know nothing about. You even then somehow manage to work in a false accusation of terrorism. There is nothing basic about your ass-hattery; you're a first class champion ass-hat!
Comment removed based on user account deletion
Encryption keys are not incriminitory. They may provide access to information that is, but they themselves are not. Similarly, a court can require someone to turn over physical keys to a safe that contains incriminatory documents. Whether it should be allowed is debateable, but the same standard should apply to physical and digital keys.
Reactionary? What are you, a shill for tyranny?
Forgetting is not a legitimate defence, much like torturers say, you would say that wouldn't you?
So basically marriage is a good preparation for criminal defense.
"Never let your sense of morals prevent you from doing what is right" - Salvor Hardin
Well, the community keeps demanding tougher and tougher cops and laws, or at the very least keeps voting in people who promise them (and vote out people who don't). Fining the community for being too tough on crime (to the point where it violates human rights) is an appropriate response. (If anything, it's too lenient.)
That is a totally different issue, because if they plant evidence on your computer, they don't need encryption for that. And if they're going to "go there" they can just plant some drugs on you if for some reason they don't have the technical skill to get it onto your computer, or if you have encryption.
Take a page from the politicians' playbook.
As bad as the US is getting, I sure AM glad I don't live in the UK with THIS crap going on...
THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
Encryption keys are not incriminitory. They may provide access to information that is, but they themselves are not.
What a bunch of newspeak bullshit. This reminds me of the 'justification' for free speech zones in the US: "You're still allowed to speak, but you have to do it over there." Nope. The entire universe is a "free speech zone." Likewise, it's absolutely ridiculous to force someone to hand over information that might lead to them providing evidence against themselves and say that they didn't incriminate themselves.
http://xkcd.com/538/
Brings new meaning to "brute force" hacking. Or is that whacking?
Life is not for the lazy.
Which is one of the reasons the founding fathers started a new country. With the right to due process. And blackjack. And hookers.
In fact, forget the blackjack and hookers. Ahh, screw the whole thing.
The US constitution not applying to other countries aside; a locked journal is also equivalent of your own memory, but authorities would certainly break into said journal.
Seems to me if you want to stick to the strict letter of the law, just hand over your crypto key... so the police can decrypt your file... which is itself still encrypted with something else.
Sorry, you asked for Key A, that's what you got, now you want another one? Call a lawyer and start again!
Mostly random stuff.
It's called a dead man's switch. You can set up something to delete your data if you don't log in every so often.
If the authorities have a proper search warrant, I don't see why he can't be compelled to give his encryption keys. It is no different than being compelled to provide the key to a locked desk. The location of the key is irrelevant, whether it be in his mind or on his keychain.
None of the 50 passwords he provided worked
I really want to meet the cop who said, after failure 35: "Hey come on guys let's ask one more time!"
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
But they would be equivalent to paper files written in a code only you know how to decipher. It isn't your responsibility to interpret your own files for the police.
Nah effectively you have to prove conclusively that you have forgotten what the keys were, else they consider it to be a convenient lapse of memory and therefore you are hiding something. Since the UK police used to consider silence as an indicator of being guilty....
Additionally, if keys are not incriminatory, why is he in jail for not providing them?
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Except a few years ago a case collapsed because it was unknown if the time stamps were reliable or not. IIRC (which I might not) found 'bad' images on a persons HDD, except they weren't sure if it was them who put them there or not.
Starting with this shit judge.
Gag orders and such have already been flaunted; the law comes up with bullshit to try and force childish "you can't do that!" rules and other simpleminded "solutions" that seemingly box things in. Then people circumvent it with deadman canaries that they can't be accused as "responsible" for.
My immediate reaction was a 24-48h deadman that locks up and send the decrypt to someone random on a list. The list includes sythetic names. By nature the message obviously signifies duress (or death) and the messenger will make an appropriate approach.
"I can't decrypt it. That's not a figurative claim; I literally do not have the capability to decrypt it, and I don't know who does."
I'm sure people more clever than I could imagine solutions better than my proof-of-concept.
I remember the shock in the US whem the UK decided they could hold your silence against you. You were he heroes, the original English system on which much of the US is based, how sad you are straying.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
And since when does the US 5th Amendment apply to anything in Northumbria?
-- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
I believe cron job technology might be able to pull this off.
I am just stating that taking money from a police force, a city, a county, state or the feds does nothing to stop the behavior. These people have unlimited funds.
Why is it so hard to only have politicians for a few years, then have them go away?
[boot up in single user mode so syslog and ntpd are not running]
# date 0417212012
# su - victim
$
[pigs copy incriminating files at will using cp without -p]
[could change the date numerous times for different files]
Yeah, that's REAL hard. They just planted files with an mtime, ctime, and atime of 2012.
How can timestamps be "out of sync with the rest of the system"? Every file in the system has different timestamps as it is.
This didn't happen in Portland, OR but in Her Majesty's People's Republic, yet
another shithole of a country where people don't have rights.
Eventually the disenfranchised (it's not hyphenated, btw) youth will be the older generation(s) and the ones who go all crazy voting these days will not be around anymore.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
Reactionary? What are you, a shill for tyranny?
An independent judiciary is a keystone of a free society. So, yes, jailing judges for their rulings is quite reactionary.
"He's also accused of trolling on Facebook."
It has begun.
...and here we have the real analogy. Authorities can't force you to interpret evidence for them. The analogies with the safes and lock boxes is way off.
I would love for gmail to give people the option of a random noise uuencoded .sig to be attached to each and every e-mail. Flood the world with random data and this issue goes away. No one would be able to say for sure what was encrypted or not. If done ubiquitously, it could bring all the STASI-like agencies to their knees.
So what would you do with tyrant judges like this one? Let them do anything they want? Would you prosecute the judge if he murdered someone? Locked someone up for life for contempt because he doesn't like the cut of his jib or got up on the wrong side of the bed?
Hiding evidence of your crimes using encryption probably is.
I hold in my hand a paper notebook. Inside, I have written what looks like gibberish, but which is actually a foreign language.
It is not my job to teach you that foreign language, and that fact does not change just because the notebook is made out of metal discs and the pen used was a magnet.
We don't have a constitution.
Yes, you turn over they keys to the safe and inside they find sheets of paper with what appears to be random letters and numbers written on them. Can the court compel you to disclose the "meaning" of what is written on those documents?
And in the US, you can be similarly compelled in some circumstances.
https://www.youtube.com/watch?... - interesting presentation by the EFF on forced disclosure laws.
The 5th amendment does _NOT_ always apply.
That's why the pull the drives out of the system and put them in their own system. A better solution would to be have two keys one to decrypt the other to install malware/viruses and destroy all data on the system the drive is attached to.
Well, it is a monarchy there...
There are two types of people in the world: Those who crave closure
If the prosecution try and imply that your word is unreliable, just point out to the court that if that argument is applied to you then they should also treat the arresting officer;s word as unreliable as he will have told you a deliberate lie when arresting you. The words of the (UK) caution include "You are not obliged to say anything, but anything you do say MAY BE GIVEN IN EVIDENCE". As there are things which you could say which would (according to the rules of court) not be allowed to be given in evidence, the police officer told you a deliberate untruth.
That will not work - UK law expects you to keep safe copies of all your keys and passwords so that you can provide them when asked to do so - you go to jail for not being able to provide them, saying you forgot them does not get you out of jail.
Wrong country fucktard.
The problem with demanding the key and jailing him for not doing so is that they haven't (as far as I know) proven he actually remembers the key at all. Have they done anything to prove that he didn't genuinely believe the passwords he told them would decrypt the data? People do forget things all the time, even very important things. Throw in some duress and mental anguish over being jailed plus autism and it's a wonder if he gets his middle name right.
The fundamental problem with any penalty for not testifying is that it hinges on punishing someone for a crime you can never actually prove them guilty of. That might actually be good reason to punish a judge, or at least remove them from the bench. Not being punished unless proven guilty is a fundamental right that goes well beyong the Constitution or any particular foundational document.
That would only work for a secure system. That is, one that is still running at your home and not powered down in a police evidence locker. Once they grab it, they can copy the data off without giving two bits what your dead-man switch thinks it's going to do at the top of the hour.
Once the data is in their hands, you have lost the ability to destroy it.
The computing student should learn to use hidden partitions:
http://www.howtogeek.com/10921...
After that, he can just fill the normal encrypted partition with porn, give the police password for that and just tell them he was embarassed to download so many xxx films.
I'd say the 4th and 5th amendments would say they could not search your memory. At least in the US. And if you're not a Muslim.
There are two types of people in the world: Those who crave closure
3 things to take into consideration.
1) The first thing that happens when your equipment is seized is that they do a 1:1 copy of the content of your hard drives.
2) A dead man's switch would only work if it still had power and you were storing all the content somewhere else, will not help you in the case of your pc drives hosting the content in question.
3) You could easily have an encryption system that scrubs the drive with the right "wrong" password or after a couple failed attempts, which brings you back to point 1, they just reload their image and try again.
"Look, I can't give you a password even if I wanted to, because that's not encrypted terrorism on that drive. It's just static. I use it for randomizing things."
How inappropriate to call this planet Earth, when clearly it is Ocean.
To be fair, in the US they'd have just charged you with a bunch of more serious crimes as well, which they'd offer to drop if you plead guilty for the one they wanted you for.
If your memory could be read by doctors using a harmless mind-reading machine, that would be allowed, because it would be physical evidence, not testimony that might have been compelled.
Actually, given the fallibility of human memory, I don't see how you could convert imperfect memories into anything better than a "machine-forced testimony". You just can't beat entropy by using a magical machine.
Ezekiel 23:20
that's a fiction, you are no more interpreting your files than the police are. it's encrypted and decrypted by an algorithm that requires a specific key... the person interpreting for you and for them was whoever designed the software. if you want to use the "interpreting" argument, you'd have to write your own encryption software.
It isn't at all difficult to fake a timestamp on a typical filesystem. There are standard system utilities that will let any user do that to any file he has write permissions for.
Because a court ordered him to, and he didn't. The fact that encryption keys are the subject of the order or whether they unlock anything incriminating is pretty much irrelevant under the circumstances, disobey any court order and you face going to jail.
Blank until
I know what you want to say, and it is largely correct, but I won't let that get in the way of pedantry. The UK does have a constitution, which is often referred to as "unwritten". This is a bit of a misnomer, as most of the constitutional provisions in the UK are written down somewhere. For instance, most of what would be the equivalent of the US Fourth Amendment protections against unreasonable search and seizure are contained in the Police and Criminal Evidence Act 1984. The UK constitution is not codified, and there are no framework constitutional principles (well maybe Parliamentary Sovereignty ), but it does exist. There are rules and processes that govern what become laws. It's more that Parliament can decide to remove any rights by repealing any enabling legislation, PACE, HRA, whatever. In the US, rights are supposedly natural, and cannot easily be taken away by government. Certainly, in the UK Parliament has not granted the citizenry any general protection from self incrimination. While there are laws against torture and other practices that could lead to malignant self incrimination, even the police caution when being interviewed reminds you that "You do not have to answer any questions, but it may harm your defense if you do not now mention something which you later rely on in court." So you definitely do not enjoy the same broad protections from self incrimination in the UK as you do in the US.
He probably has evil porn on there - the kind that would get him a few decades in prison.
Alternatively TrueCrypt's plausible deniability works well.
If they're going to throw someone in jail for forgetting a password, despite an inability to prove the person did not forget it, I don't think they'd have any problem with throwing someone in jail for not providing the "right" password, despite an inability to prove the existence of a secret second partition.
Did the police try the "Forgot my password..." link under the password field? That works for me when my users don't have their password :-).
So you do not believe in Elon figuring out the cure for ageing soon, then?
How inappropriate to call this planet Earth, when clearly it is Ocean.
What if the key was destroyed? E.g an encrypted disk via a key file rather than a password? High entropy pass phrases are hard to recall. What if they are stored on a digital wallet? That only opens via a digital key that gets shredded automatically if a fail safe override isn't applied?
That's affectivity throwing papers into an incinerator "sorry its gone man, gone nothing will get it back...what now judge? Is good old fashion police work too difficult or have the police gotten too fat and lazy and just rely on hacking peoples PCs?"
No. People try to make this analogy, but with filing cabinets, (and shoe boxes, wall safes, safe deposit boxes, garages and everything else that is physical) access isn't controlled by the conscious mind. It isn't illegal to lose a key or forget a combination, but it is apparently illegal to forget a password.
Good! The sooner that Republican cesspool is destroyed, the better. It is such an effective tool for their kind to use to continue their oppression.
Wrong, wrong, wrong, and wrong.
Leaving aside that this is UK news and the UK doesn't have the 5th Amendment, protection from being forced to testify against yourself is not based on this ideology you assume it is where your memory would be protected. You misunderstand the entire reason for the right. The reason for the right is because of the long history of forced confessions. History teaches that when the police interrogate them long enough and hard enough they can get them to "confess" to almost anything; even heinous crimes carrying the death penalty. This can be achieved without traditional torture, with just hard questioning and lack of sleep. Because of the physical power the police hold over a person who has been arrested, this is a pervasive problem in places without these protections, including historical England.
Another problem with compelled testimony is where they attempt to accuse a person of lying in their claim of innocence, even before it is established that they are guilty. Prosecutors are very good at that; finding some innocent detail you remember wrong, or perceived differently than witnesses, and then using that to "prove" you're lying. And your denial contains lies, that is almost the same as a confession in the hands of a skilled prosecutor.
if this is true, then how is it legally possible to waive your 5th amendment rights? it shouldn't be, and yet...
Actually, they just wanted to be free to persecute those who didn't subscribe to their narrow view of christianity.
Not true. (http://www.bbc.co.uk/news/uk-25745989 guy wasn't convicted until he decided to reveal it as part of separate proceedings proving he hadn't forgotten it; I'm surprised they didn't have him for perjury or something too.) Think about it - if that was the law every time you visit an SSL secured website you'd be breaking the law since your computer doesn't record the session keys. And perfect forward secrecy would be illegal too. Not that I'd put any of that past the government here, mind you, but it hasn't happened yet.
Another is that if you agree to give up your right (i.e. offer a password), then you can be punished for lying about it (i.e. offering a false password).
Prove I lied. Prove that I deliberately gave you a false password and that my memory doesn't just suck.
You can't.
It seems you can be compelled to reveal your passwords in the US if they're looking for evidence they already know to exist rather than information they may not know about.
I stole this Sig
There is no "5th Amendment" in the UK.
and apparently no common sense........ or any sense for that matter, to bad germany didn't completely implode the country.
When you are arrested in the UK you are told that if you fail to mention when questioned anything you later rely on in court it may harm your defence, so there is no right to silence either.
That isn't a right to silence. You're quite free to keep your mouth shut from arrest to the end of the trial. The only worrying part is that maintaining silence can be taken as an indication of guilt*. Talking about something in court which was not mentioned during police questioning may harm one's defence because anyone in the court is likely to think "if that would have helped, why didn't you say when you first had the chance?".
*This might be another one of those things that is only in English or Scots law, like a scottish court returning a verdict of "not proven"**.
**Which basically means "We can't prove you did it, but we know you did. Don't do it again."
So what would you do with tyrant judges like this one?
I would allow the defendant to appeal the ruling. I would also allow the legislature to impeach judges that engaged in misconduct.
Would you prosecute the judge if he murdered someone?
Yes. He should be prosecuted. I think we can all agree that judges shouldn't be allowed to murder people with impunity.
"Tyrant judge"?! He was applying the law. A bad law in the opinion of many people, sure, but nonetheless crystal clear in its scope and effect. Are you saying the judge should have not applied the law? That he should have ignored the statute and made up his own rules? You're in favor of "activist judges"?
My next sig will be ready soon, but subscribers can beat the rush
This would not help. The exact offence is "failing to make readable encrypted data". In order to convict, the prosecution only have to prove that the data is encrypted, that you had control over that encryption and that they have not been able to read it. Loss of damage of the encryption keys is not a defence. The law was specifically designed this way in order to discourage self-destructing encryption keys, etc. The only defence against such a prosecution is to keep a backup of the encryption keys available, so that they can be handed over on request.
Actually, the first founders just wanted to make a bunch of money. You must be thinking of those latecomers, the Pilgrims.
I'll take a pragmatic court system over the savage curtailment of civil liberties in a futile pursuit of safety any day. Alas, I seem to be losing that option in the UK and being forced to endure both.
The problem that I see on the issue is that once you hand your computer to the police, it's easy, too easy for them to plant evidence.
No it's not...from a forensics standpoint it's quite difficult to plant evidence on a computer and not have timestamps completely out of sync with the rest of the system.
If you use the OS/file system this may be true especially given most file systems are journaled.
However if you were to simply write something incriminating to an unlinked heap of free space to raw disk using 'dd' then use a recovery tool to discover planted evidence there are no timestamps or any way of knowing what was done.
The key is that they have to prove you had control over it. If you have lost control, because you forgot the key or because they destroyed it, you can't be held responsible. If you destroy the key that would come under simple destruction of evidence.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
If your memory could be read by doctors using a harmless mind-reading machine, that would be allowed, because it would be physical evidence, not testimony that might have been compelled.
Typical lawyer doublespeak bullshit.
same asshattery that gives
Actually, every file in the system does not have different time stamps and they tend to be in clusters (e.g., different groups of system files).
Timestamps can be manipulated in various ways and they are often taken at face value, but it does get quite a bit harder if the investigator digs deeper. For example, in your proposed situation the inodes for the newly created files would not be as expected for files having those time stamps.
That's why you create two copies: you hand one over to them with password. Second copy, you keep sealed with dual keys, like in a bank locker. You change password on the original and continue your business.
That won't work. They will just subpeona that copy as well.
If you are not allowed to question your government then the government has answered your question.
That one really blew my mind. I don't see how it's any different from, "We're going to let you rot in prison until you take us to the body, even though we don't have the evidence to convict you without it," which is pretty much exactly what the Fifth Amendment was supposed to prevent.
An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
...this isn't just limited to encryption keys.
They can jail you for failing to hand over a password for authentication.
So failing to hand over a password (when asked) that logs you into say, slashdot? Jail for you!
The UK is truly a fascist country.
Police: "Give us your password."
Me: "No."
*jail for six month*
Police: "Give us your password."
Me: "No."
*repeat*
Just keep doing it. I'm sure after about 20 years they'd clue in to the fact I have no intention of coughing up the password.
Besides, I'd be quite happy to waste as much taxpayers money as possible doing so.
Over time I have used a lot of passwords at a lot of different sites as well as on storage devices. There is no way i could ever recall many of them. A judge might as well order me to walk on water and raise the dead. This type of thing tells me that the judge has not have a lot of time on computers or he has a memory that is long term, photographic in nature.
Good luck with that.
Funny isn't it - the US doesn't allow compelled testimony, but resolves 97% of federal cases through plea-bargain, so that's >97% conviction rate.
I'm sure plea bargains are always always guilty people accepting a lesser charge to reduce their punishment, and never the innocent feeling compelled threatened or coerced into pleading guilty to a lesser charge, but in the UK where it's not used I think the prosecutors only get about 80% convictions - and you'd think they would be much _more_ careful to pick the strong cases because they have to have the expense of trial every time.
So, hats off to the US law enforcement and prosecutors or being so very very good at identifying the guilty, or at compelling the innocent to admit guilt (in the land of the fifth) whichever it is...
Probably wire fraud, resisting arrest and impeding a police officer's fist with your face.
SJW n. One who posts facts.
and never the innocent feeling compelled threatened or coerced into pleading guilty to a lesser charge, b
You know what? If an innocent person pleads guilty before a judge, they are perjuring themselves.
That's what "No Contest" pleas are for.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
How do you prove that you cannot remember something?
How do you prove that they destroyed it?
The issue here is that you have to prove your innocence, and there is no viable way to do so.
Burden of proof lies with the prosecutor not the defendant.
In the US the fact that encryption was a part or the origin of the case would not matter much after some quality parallel construction.
Hint at a list of concurrent and consecutive court options and you sign before the case goes to court or turn informant.
Domestic spying is now "Benign Information Gathering"
People have argued the right to not incriminate themselves right up to the European courts, but it was rejected. When you are arrested in the UK you are told that if you fail to mention when questioned anything you later rely on in court it may harm your defence, so there is no right to silence either.
I enquired about that. Here's a situation where it "may harm your defence". Let's say you are a crime suspect. You say you have a witness you can give evidence that you were nowhere near the crime scene. What should happen is that you tell the police who your witness is, they question your witness, and either let you go because the witness convinces them you were not there, or the witness says your story is bullshit, or they decide not to believe your witness and investigate further. In the last two cases this will then come up in your court case.
But let's say you refuse to say who the witness is. The police has no chance to check if the witness says the truth or not because they don't know who the witness is. And in your court case you suddenly present the witness. In that case, the judge can throw that witness out because the police had no chance to investigate.
So you do have the right to remain silence, and it doesn't harm your defense if you remain silent all the time including the court case. It _can_ harm your defense if you remain silent but only until you appear in court.
In short, in terms of cryptographic schemes, time expiry doesn't work. You can always control its execution environment (see VMs). A proper dead man's switch would be physically implemented, likely with multiple triggers (perimeter alarm, building exterior breach, power failure, interior motion sensors, case alarm, accelerometer...), would not rely on having a power source to actuate (you might have a powered mechanism and a mechanical failsafe for power interruption). For instance: magnetic latches holding a spring loaded striker over a vial of acid which cracks and dissolves the chip with your key. Thermite might work too, but you'd have serious safety issues with that system.
The maximum time for key entry to disable it should take into account the length of time you can stand being beaten with a pipe wrench and the length of time needed for the mechanism to act vs the amount of time it would take to disassemble the system and prevent disruption of key material. Also, these systems only work for things that you'd rather lose than have become public.
Nope, they would just try you for contempt if you don't provide your key instead.
Go USA USA!
Alternatively TrueCrypt's plausible deniability works well.
I tend to start twitching a little whenever our neighborhood geek starts talking long and loudly about his "plausible deniability."
The denial is there, in spades. I'll give him that.
The plausible, not so much.
The poor guy probably had the password written down on a Post-it note underneath the keyboard because it was too long and complicated to reasonably remember. The police in their hurry, when they confiscated the computer, lost that little note. How can anyone prove that this was not so. How can anyone prove that the guy does indeed not remember the password? After all, humans are forgetful creatures. I suppose being forgetful can land you in jail in the UK.
A sufficiently advanced simulation is indistinguishable from reality.
That's why you create two copies: you hand one over to them with password. Second copy, you keep sealed with dual keys, like in a bank locker. You change password on the original and continue your business.
That won't work. They will just subpeona that copy as well.
Now if you don't make a copy they will put you in jail for not producing the second copy they supeonad that they don't believe doesn't exist.
Well, if officially you do remember the password and provide it, and officially the keyfile is on a disk, and officially they have that disk, then when it doesn't work, you can claim they did something that damaged the disk or the keyfile on it, and there's nothing more you can do. The proof that it was destroyed is that it didn't work. The proof that they did it is that it worked last time you used it.
~Anguirel (lit. Living Star-Iron)
QA: The art of telling someone that their baby is ugly without getting punched.
Or a physical layer of security that damages the drive in the event of a jostle/power-down/whatever.
Actually, you are incorrect.
The 5th absolutely protects the "contents of one's mind". The Supreme often uses those exact words in many cases affirming the notion. In fact, one common analogy the court uses in deciding these issues is that the government can force a suspect to produce the key to a safe, but it cannot force him/her to produce a combination for a safe.
The 5th does protect against coerced testimony, and that includes passwords or knowledge of physical evidence. However, once the government knows that physical evidence exists and is in the possession or under the control of the suspect they can compel the suspect to produce the evidence, whether that evidence be business records, personal papers or computer data. So while the suspect cannot be compelled to reveal his password, if the government knows an encrypted drive contains incriminating evidence it can compel him/her to produce the unencrypted data. That is why the suspect are not ordered to reveal the password, but to unlock the data for the police.
One key distinction here is that the government must have ‘reasonably particularity’ concerning the evidence it requests. They cannot merely suspect the evidence may exist. Cases where defendants are compelled to produce unencrypted drives usually have other factors such as U.S. v. Friscou where the government had recordings of the defendant talking about the incriminating contents of the encrypted data. Or, in re Boucher where police saw the unencrypted content of a laptop that was turned on, but then lost access when it was powered down.
In the safe analogy the police cannot compel a suspect to produce a combination, but if they have sufficient reason to believe the safe contains a incriminating accounting ledger, they can compel the suspect to open it and produce the ledger.
Kind of silly reasoning. Physical evidence means Cort orders. Tell the judge no and he says "Fine we have a place for those of that opinion."
The 5th Amendment exists because people were "asked" to testify, then, when the first charge didn't convict, try them for perjury on their testimony.
That, and beat a confession out of them.
Those were the main reasons for the 5th Amendment. Not to protect your computer files. You are required to hand those over (arguably in the format the prosecutor wants), so long as they get a valid warrant first. But that's a different Amendment.
Learn to love Alaska
An idea: to defend against this forced self-incrimination, prepare ahead of time -- encrypt your data using strong methods such as Blowfish or AES, then generate an XOR one-time pad of the ciphertext which, when combined with it, renders something innocent like the text to your Harry Potter fanfiction-in-progress. You can provide them the XOR key, they get some plaintext that obviously makes sense, and you have plausible deniability.
You do realise Newcastle is in the UK, don't you?
Actually, the UK law now explicitly states silence will be taken as admission of guilt.
In the UK you still have the right to remain silent. All it means is if you don't tell the police something when they ask, but then in court you do give evidence, such as an alibi, then the prosecution are allowed to tell the jury that you didn't bring up this evidence when questioned and that the jury can therefore take that in to account.
The purpose is really to prevent people wasting police and court time. If you had an "alibi" that you only bring up in court, many people would think it strange that you were unwilling to mention it when you were asked in police questioning: "do you have an alibi?". If you can present evidence about why you couldn't or were unwilling to mention it in questioning you can do that, such as "I didn't understand the question" or "my solicitor wasn't present". Ultimately it'll be up to the jury to decide whether your refusal to answer the question was reasonable or not.
The question I guess we have to decide as a society is, is it reasonable for the prosecution to highlight to the jury that the defendant refused to answer a question about something that is a part of their defence case that they present in court. In the UK we've decided that it is reasonable to do that.
4th would certainly require a warrant. A low bar for you to claiming they "could not."
Who came up with the idea that it was a good idea to knowingly convict the wrong person, because you have thrown out the only evindence that proves you have the wrong guy?
And after doing so, are they going to close the case, or are they going to continue looking for the real perpetrator, thus proving that they know they jailed the wrong person, or do they wait until more victims turn up before starting to look for the real perpetrator? And in the latter case, who gets punished for letting the perpetrator go free, when he could have been caught before committing more crimes?
Don't have "no contest" in English law either (Scotland might, but I don't think so).
An additional safeguard against punishing the innocent - if they admit something they didn't do then they were guilty of perjury anyway...
Stop talking about stuff you know nothing about.
You can write to a drive without even mounting the file system. You can make copies without detection, manipulate them however you want then write the final version back in. There will be no trace of manipulation - you can set the timestamps to whatever you want.
Alternatively copy child porn images to unused space on the drive and then "find it later" and claim the "perp" had lots of child porn and deleted it.
Everyone will be glad they caught the pervert and not think too much about it as long as "the children are now safe".
The odds someone would do that to you are normally low but I don't think you can say it's impossible given what we've seen various Governments do. That includes the UK government -just look at the UK shooting of Menezes - all the lies and cover-ups.
The only way I would trust such an investigation is if right at the beginning two trusted 3rd parties for each side made copies of the drive using a write blocking device and then got secure crypto hashes of the copies and the hashes all matched. But if the drive was out of sight at any time before this was done, it's suspect.
What if the passphrase was something like "I hid the murder weapon under the floorboards in the kitchen"? So that the phrase itself was incriminating? Can you be compelled to reveal such a phrase, or if you did would the prosecution be prohibited from using it?
Spoken like a true lawyer. Furiously blurting half truths out the side of your mouth, eager to show you have the answer because you are just smarter than everyone else. Missing the part where there is no amendment giving anyone the power TO take a memory dump using a mind-reading machine. I must've missed that -- where is that granted? AFAIK that has not been ruled on either way. That actually means it is not "allowed" asshat, that is the entire modus operandi of the Constitution.
Also:
http://en.wikipedia.org/wiki/Fifth_Amendment_to_the_United_States_Constitution#Computer_passwords
Courts have given conflicting decisions on whether forced disclosure of computer passwords is a violation of the Fifth Amendment.
In In re Boucher (2009), the US District Court of Vermont ruled that the Fifth Amendment might protect a defendant from having to reveal an encryption password, or even the existence of one, if the production of that password could be deemed a self-incriminating "act" under the Fifth Amendment. In Boucher, production of the unencrypted drive was deemed not to be a self-incriminating act, as the government already had sufficient evidence to tie the encrypted data to the defendant.[66]
In January 2012 a federal judge in Denver ruled that a bank-fraud suspect was required to give an unencrypted copy of a laptop hard drive to prosecutors.[67][68] However, in February 2012 the Eleventh Circuit ruled otherwise - finding that requiring a defendant to produce an encrypted drive's password would violate the Constitution, becoming the first federal circuit court to rule on the issue.[69][70] In April 2013, a District Court magistrate judge in Wisconsin refused to compel a suspect to provide the encryption password to his hard drive after FBI agents had unsuccessfully spent months trying to decrypt the data.[71][72]
Where are your sources, Mr. legal professional? Or are you just making things up?
"no physical evidence is protected by the 5th Amendment, including things like the location of a key"
where are your sources for this dubious claim?
The 5th amendment does not say "except for physical items, because I have an urge" contrary to your fictional power trip fantasy.
So 6 months (he'll probably end up doing about 2 if that) of free food, free board, free Sky TV for the pleasure of sticking it too the man.
Well done sir !
It won't work. Police forensics technique is simple. They take 2 or 3 copies of the data. The extra copies are stored as evidence of the original data. The in use copy is then plugged into a device that denies writes, preventing the data being overwritten.
http://www.youtube.com/watch?v=NA9B6-s6r7Y
Think about it - if that was the law every time you visit an SSL secured website you'd be breaking the law since your computer doesn't record the session keys.
No, because in that case you never knew the keys yourself. The whole thing hinges on the police being able to prove that you, at the time of asking, know what the password is but are simply refusing to divulge it.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Wouldn't they need some sort of physical evidence already?
If not, no warrant. At least in theory.
There are two types of people in the world: Those who crave closure
You just said that being stupid should be a crime. So what is the IQ cutoff where you consider that people should not be breaking the law by merely existing?
In certain legal crimes, intent matters. If you kill someone, then they have to prove you intended to harm the person. But in other crimes - it does not matter at all. For example, your intent does not matter at all if you are charged with reckless endangerment. Your belief that intent matters here is false. We don't care if you accidentally gave us the wrong password or intentionally did it.
excitingthingstodo.blogspot.com
You're assuming they can prove it isn't his own encryption algorithm. The output ciphertext of a well made cipher is indistinguishable from random data. If they could prove what algorithm was used and what key they needed, then sure your argument might hold up. Until then, they are asking you to interpret evidence, plain and simple, and that should not be allowed.
What if your encryption pass phrase is "I hacked them real good."? I think that would be incriminating.
Actually, this can happen to a fashion in the United States as well. In a trial, both sides are required to give the list of witnesses and evidence to the other side in advance of the trial so they can perform whatever investigation/interviews/... they need to. The witness out of nowhere seen in movies doesn't happen. There are however two exceptions I know of: 1) one side presents something, like a statement from a witness not contained in depositions, and the other side then produces a witness to refute it, and 2) when new evidence is discovered that didn't allow time for the pretrial notification (they still have to convince the judge it really is newly discovered and has a significant impact on the prosecution/defense). Having a witness you know of and not revealing who it is until you want to call them to the stand, would fail the above test and the witness would not be allowed to testify, no matter what you feel they would have to say.
Not true about reckless endangerment. For a person to be guilty of that crime, they must knowingly have committed the act that caused others to be endangered and known that it could endanger them (or at least a reasonable person would have known). The "intent" part is when caution was thrown to the wind. A drunk driver doesn't intent to kill the minivan full of people, but they chose to drink then to drive, and that is where the intent came in. They intended to be reckless.
Governments do not have unlimited funds, and enough payouts are going to hurt. At some point, somebody's going to step in and say "Stop doing this, we can't afford it." I've seen it happen.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Both US cases I'm aware of where a judge has required a password be given were when there was already strong evidence of a crime, and that they were pretty sure the defendant had the password. In one, the defendant had child porn showing on his laptop as he went through customs, and two agents saw it. In the other, the defendant told the police that the evidence was encrypted, he had the key, and he wasn't giving it to them. In general, if you aren't an absolute idiot, you can probably avoid giving away keys in the US.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
There are procedures to prevent such. It's the prosecution's job to prove, beyond a reasonable doubt, that any evidence found wasn't planted. This means that the original disk is copied once, with a write blocker, and then sealed away somewhere safe with a good chain of custody. It can later be compared to what the prosecutor says was on it. Further, the defense can have somebody examine the copy for evidence of tampering. (In the O.J. Simpson murder trial, the defense cast sufficient doubt on the evidence by giving good evidence that a police detective had tampered with the evidence.)
If these measures are not generally sufficient, due to corruption of the criminal justice system, it really doesn't matter. They're going to convict you regardless of guilt, innocence, or evidence.
So, there's no real need to worry about planting evidence specifically on your computer. If they're going to do that and get away with it, things are already so bad that it doesn't matter.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Statutes like PACE lack one essential attribute of a constitution: they are not entrenched, so Parliament could remove the protections by a simple majority. If you don't include that as a requirement of a constitution, it is difficult to see what the word "constitution" means.
There have been suggestions that there is an English constitution (it's difficult to speak of a UK constitution, since the UK does not have a single legal system - PACE, for example, is part of the law of England and Wales, with some application in Scotland). The House of Lords, for example, suggested that an attempt to abolish the right to trial, or to extend the length of Parliament, would simply not be effective and would be ignored by the Courts. In practice, if those were attempted the result would be constitutional crisis and much would depend on the practical question of who forces like the police listened to.
I'd also point out that the idea that England has an unwritten constitution is fairly old and often repeated - but there are a lot of contemporary legal scholars who think the extent of any unwritten constitution that does exist is so small, and so toothless, that it's a bit disingenuous to say that it exists at all.
The problem with demanding the key and jailing him for not doing so is that they haven't (as far as I know) proven he actually remembers the key at all. Have they done anything to prove that he didn't genuinely believe the passwords he told them would decrypt the data? People do forget things all the time, even very important things. Throw in some duress and mental anguish over being jailed plus autism and it's a wonder if he gets his middle name right.
Assuming that the judge followed the requirements of the legislation - and there doesn't seem to be any reason to think that they didn't - that question will have been answered in the following way:
1. By default, the prosecution would have to prove beyond reasonable doubt that the defendant has possession of the key (in this case, by knowing the password).
2. However, where it has been proved that they had the key, there is a presumption that they still have it. I expect that applied here, since they could probably show that he had accessed the encrypted data.
3a. If the defendant does not bring any evidence, then the presumption will stand and they will be found guilty.
3b. If the defendant disputes it, they do not have to prove that they do not have the key. They only need to show enough evidence to "raise an issue" - i.e. for there to be reasonable doubt as to whether they have it. At that point the prosecution must prove beyond reasonable doubt that they do.
I don't know the specific details here - it would have been helpful if the journalists present had transcribed the judge's entire remarks, rather than just presenting one or two quotes out of context. However, I could imagine a situation where a suspect was known to have used the password regularly up until the date of his arrest, at which point he claimed suddenly to have forgotten it, and where that simply wasn't believable - particularly if he had lied to the police or the court about other matters, and had been generally obstructive*. I would also point out that the judge will (unless he chose not to take the stand) have heard whatever Wilson's explanation was from his own mouth, and will have therefore been in a better position than any of us to judge whether he was telling the truth.
*Which you are, of course, free to do, but which is unlikely to improve your credibility.
Real question...what happens if somebody legitimately forgets their password? If they're paranoid (or realistic) enough to use AES to begin with, they're likely going to have a good strong password. That's a lot of entropy for a human to remember for a number of years, especially if they don't decrypt it very often.
Then you should not be found guilty - I've set out the process that is followed in another comment. (In reality, if it is plausible in the circumstances that you have simply forgotten the password, it is unlikely that it would actually get anywhere near court to begin with.)
We don't know the facts of this case - unfortunately the journalists chose to give us a few selected quotes out of context, rather than a transcript of the judge's entire remarks - but it sounds like the judge may have thought that the claim to have forgotten the password was just the latest in a series of lies that the defendant has told to try to avoid giving up the data. If that is the case, and the defendant has genuinely forgotten his password, that is very unfortunate (although no different to any other trial, in that if you squander your credibility you may find that your truthful remarks are not believed).
It is not at all established that the fallibility of remembering is due to the memories having been stored incorrectly. Most of the work I've seen is suggestive that it is actually just the process of recall that is flawed. Depending what pathways an imaginary memory-reading-machine used, it might be able to access both!
If I were you, I wouldn't be so sure of it.
Ezekiel 23:20
I'm not even a lawyer, ass-hat.
And I guess you'll just have to take my word for it that it makes sense, if you can't comprehend the meaning. There is no double-speak there, nor is there obfuscation, double-meaning, or implication. Every word is meant in its normal literal sense.
Scotland's "not guilty" is the same as the US "no contest" (not available in all States, called something else in some)
I've seen multiple cases where the Judge throws out a plea attempt because they don't believe the person is guilty, but that they got scared into the deal anyways. More often the Judge defers to the accused having admitted something.
But in order to plead guilty you don't just say "guilty" to the lesser charge and everybody goes home. You have to actually explain to the Judge what you did so that the Judge can rule you're guilty; the verdict comes from the Judge. The Judge is ruling that what you're admitting to is in fact the crime accused.
There are also people who try to agree to a plea deal, but are hiding some worse crime, and can't convince the Judge of their story, and end up having to go to trial and getting convicted of the original charge!
So there are multiple levels of safeguards, before even getting to the appeals process and the potential for having agreed to falsely admit something because of poor legal advice. Which isn't perjury, by-the-way, because there is no "criminal mind" when you're doing what your lawyer says.
Yeah, this is already well established in organized crime cases. They have a bunch of circumstantial evidence, phone meta-data, etc., and they believe the ledger is on the encrypted drive. Warrant granted.
If you can't trust the Judge issuing the warrants, then law enforcement already have unchecked power to abuse you and the rest of it doesn't matter.
lololololololololololololol "psychology today" lololololololololol
Notice that it isn't a study, or reporting on a study. It is reporting on a Technology Review article that discusses in general the work of a researched. And also says right there it disagrees with everybody else in the field in the last 100 years. ;)
But it is mostly a disagreement about the terms. If you read the details of the work they're actually adding new information to change what you recall. They're using the term "memory" to mean remembrance. By adding new information and context, they change the emotional content that is experienced when remembering. That is totally different than changing the stored memory.
The confusion is because they say memories are "not unchanging physical traces in the brain. Instead, they are malleable constructs that may be rebuilt every time they are recalled." But that is really what is shown. What is shown is that the physicality of remembering is different each time you remember.
Also note that remembering creates new memories; memory of remembering. So your emotional state when remembering, and the context of that remembrance, are encoded as new memories that are likely to be mixed in with the old memories when remembering.
There is no reason a hypothetical memory-reading-machine could not read each of those parts separately. It would apparently expose not only the true original memory, but how you really feel about it!
I once had a baby rattle (when I was a baby). Why is it reasonable to presume I still have it in my possession? I can't prove that I don't since you can't prove a negative.
As for 3b, he told them his best recollection of the password and it didn't unlock the drive. So there we go, where is the proff that he does correctly remember the key but chose not to tell them?
There may be indications and reasons to suspect, but the standard for jailing someone is proof. Where memory is involved, there can never be proof. At least not with today's technology.
I once had a baby rattle (when I was a baby). Why is it reasonable to presume I still have it in my possession? I can't prove that I don't since you can't prove a negative.
You wouldn't have to prove you don't have it - you just have to show enough evidence to show that the question is in issue. If in the circumstances it is reasonably likely that it isn't in your possession - such as where you have not had it in your possession for years - the question is in issue, and the prosecution will have to prove it beyond reasonable doubt.
As for 3b, he told them his best recollection of the password and it didn't unlock the drive. So there we go, where is the proff that he does correctly remember the key but chose not to tell them?
I don't think there's much point in speculating as to whether he did it. The person who saw all the evidence and who was able to listen to Wilson and assess his credibility was the judge - without any evidence I don't see how we can really question his judgement.
Frankly I think giving 50 incorrect passwords is more likely to be a sign that you were being obstructive than that you were genuinely trying to remember but couldn't, but again - I don't know, because the journalists didn't report any details.
There may be indications and reasons to suspect, but the standard for jailing someone is proof. Where memory is involved, there can never be proof. At least not with today's technology.
The standard for jailing someone is proof beyond reasonable doubt - not absolute proof. I presume that there was sufficient evidence for the judge to conclude, beyond reasonable doubt, that Wilson was lying. If not, I hope he will appeal and be vindicated - but we haven't seen any of the evidence so we don't know.
I would say that courts deal with lots of people who say they "can't remember" or "don't know" something, and have to decide whether they are telling the truth or not - whether that's people who can't remember where they were when a crime took place, or who don't know where some money went, or a million other possibilities. It's a difficult question, but it's an inevitable one for a criminal court to grapple with and they have plenty of experience doing so.
I know the standard of proof. I also know that where human memory is concerned, short of technology we do not yet have, there can not be proof beyond reasonable doubt that he remembers the password now.
Remember when they found out how incredibly unreliable eye witnesses are? Even the mention of a beard will alter every memory in the room, for example.
lololololololololololololol "psychology today" lololololololololol
All right, what about this?
it disagrees with everybody else in the field in the last 100 years. ;)
That's what they told Einstein and Planck, I'm pretty sure.
Ezekiel 23:20
He trolled on Facebook!??! Say it isn't so!
What. the . Fuck.
I'm sorry, but I really don't see how this in any way is the same as some lunatic trying to blow up the queen. This even casts doubts upon the NSA's allegations that they prevented several terrorist "attacks". Did they, or were they just hackers who refused to turn over passwords?.
Since when in democratic countries do these lower level crimes constitute a "threat to the national security"?
IMO that judge should be fired for throwing around those words lightly.
Even the copies that the police lost when they seized your equipment?
Funny, here are 9 disks/books/SD cards labeled "keys" from 1 to 10 and number 8 is missing which makes sense if it was out when the police executed their search and lost it.
I would agree with you if we had to answer the question "does he remember the password" in a vacuum, but we don't.
The court can look at factors that make it more or less likely that he forgot it: did he use it regularly? Does he have a good memory? Is he accustomed to using long passwords? Did he use it shortly before his arrest?
It can also look at factors that bear on his credibility: did he immediately say that he had forgotten the password, or was this the last in a line of excuses that had been proved untrue? Has he been generally truthful and cooperative? Did he seem honest in the witness box, or was he evasive and defensive?
If (in theory - I don't know the facts of the actual case) the defendant had used the password five minutes before his arrest, had an unusually good memory, repeatedly lied to the police after being arrested and only claimed to have forgotten when his previous claims were proved untrue, I think it would be perfectly legitimate for the court to apply something like Bayes' theorem to infer that it was sufficiently likely that he remembered the password to be proved beyond reasonable doubt. I don't see why it is different in principle to other situations where the court looks at all the evidence to decide whether someone is lying.
We can look at many things to loosely assign a probability to it, but none of those probabilities are likely to be beyond a reasonable doubt.
When it comes down to looking at who is lying in the absense of further evidence, it is known as "he said, she said". Except in extreme cases where one person claims that Elvis and the Grays were all there too, it rarely rises to the level of beyond a reasonable doubt.
At most, honest testimony now could say "I think he probably remembers it". Yes, he probably does, but the standard of proof isn't 'probably'.
The thing is, by the time you get to the point of a password being demanded, you have necessarily been put through an ordeal that may have you not thinking clearly. Likely your daily routine where you might have remembered the password is thoroughly disrupted (set and setting is important to memory).
It depends.
We don't know the facts of the case.
However, making credible threats against a police website severe enough to convince them to take it down may just pass the bar.
Why is this different to any other time when the court has to make judgements about someone's state of mind - whether that's a killer who says they only intended to hurt them, or someone who says they took things by accident?
That is done by looking at how the state of mind drove objective action.
In the case of the murder, we can infer state of mind based on how the murder was accomplished. If the accused shot, stabbed, strangled, then dismembered the victim, we may conclude that death was the intention. Dropped the weapon at the scene, tripped 3 times running away, then threw up in the ally, we can guess it wasn't intended. Took the weapon, the bag the body was placed in, cleaning products that were used to clean up evidence to the scene, then lured the victim, we can infer premeditation.
So now we ask what objective actions at the time he was asked for the password would suggest that he still remembers it?
Quite honestly, courts have in general not paid as much attention to determining state of mind as they should.
I suggested a range of factors in the GGP post that would suggest he had or had not forgotten.
I don't see how this is in principle harder than other state of mind questions - these are all hard, but they are an inevitable part of the criminal law.
Alas, no. Your suggestions would determine that he knew it before he was arrested, none suggest his on-going memory of the password.
It's harder because the other questions only have to look at state of mind for a particular moment in the past before police activity could have influenced it.
This is closer to Heisenberg. The act of questioning can cause the accused to forget. That is exactly why this is a screwed up law.
Have you truly never heard someone say "If you hadn't asked, I could have told you?"
You've never known anyone who can type their password by muscle memory but cannot consciously call it out other than by watching themselves type it?
There are a great many factors that can confound memory and all must be ruled out to eliminate reasonable doubt. Furthermore because memory can be malleable and tricky, even evidence that he later recalled the password isn't evidence that he could recall it when asked. It's actually common for an answer to pop into mind once all pressure to remember has passed.
OTOH, there's really only one reason to arrange to meet someone in an out of the way place and take a gun, gloves, and a body bag with you. The prosecution and the judge don't have to determine what the defendant is thinking NOW.
Good point, but "national" security? This is slightly different from some guy threatening to blow up things in airport restrooms.
Did you even read the abstract? That is about disrupting recall, that is all it is about! That is all it claims to be about.
As far as I can tell, 'national security' is not defined in the legislation (I only looked at the primary legislation, and not at much secondary).
This means it can take pretty much any form that is reasonable in English - not only the most extreme form.
It specifically does not say (for example) 'affect national security causing death, or damage exceeding one million pounds'.
It's pretty inarguable that police infrastructure can be national security, and websites in principle could be an important part of that, so counted.
If I was the lawyer in question, I'd be raising that a website which likely has hundreds of hits during the time in question, not tens of millions may be part of national security, but this amounts to a 'de-minimus' part that is effectively zero.
The problem here is more the bad law, than the bad judge I suspect. We do not know if the proper counterargument was made by the defence in court.
I would make two points in response.
First, your factors that might make someone not remember a password are all real, but the judge can take them into account. The judge can weigh up the different possibilities - that's what they are employed and trained to do - and decide whether it's plausible that the defendant cannot recall the password. Often they will probably conclude that the prosecution hasn't proved that the defendant could remember the password; sometimes, though, there will be enough evidence. Unless you are arguing that there is no amount of evidence that can prove this beyond reasonable doubt - in which case, see my second point, which is that this is not restricted to this situation - I don't think your factors prevent the law working (although obviously they must be borne in mind).
Second, your example of the seemingly pre-meditated murder is at the extreme end of the evidence available, but there are lots of situations that are much more difficult. For example:
i. A person gives incorrect financial information to an investor and profits as a result. If they knew it was incorrect they may be guilty of fraud. Did they know it was incorrect at the time?
ii. A person is a passenger in a stolen car. If they knew it to be stolen at the time they may be guilty of an offence. Did they know it was stolen when they got in (assume they weren't involved in the theft)?
iii. An accountant receives money from his client, which unknown to him was stolen. If he suspected at the time that the client might be engaged in criminal conduct, he may be guilty of a money laundering offence. Did he suspect?
You could find hundreds more examples - those are just three that occurred to me off the top of my head, and probably aren't the most troublesome. The point is that proving whether a defendant actually knew a particular fact, or actually had a particular thought, is a common issue in criminal prosecutions. It can be difficult to prove, but it's not impossible and the courts are used to dealing with these types of case.
I argue there cannot be enough evidence to discount that a person cannot recall the password. It's just too common an occurrence and there are simply too many factors that contribute to forgetting going on.
As for the examples you mention: i) Did the adviser have a professional duty to get that information right? Would getting it wrong constitute professional ma[practice? Is there an email or other document that suggests they had the correct information? Did they give other clients the correct information? Did it happen more than once?
But in general, if that's all the evidence you have, one client given wrong information once, it'll never see the inside of a courtroom.
ii. Was the car obviously beyond the means of the driver? Did the driver offer anything like a plausible explanation? Even with that, it likely wouldn't be prosecuted. OTOH, if multiple people heard them talking about it being stolen, they might actually prosecute it.
iii) If he kept two books, they'll likely prosecute. If not, it's doubtful.
More realistically, for i they won't even look in to it unless the client is wealthy. In ii they'll 'find' a baggie. In 3, they might use that as probable cause to search his files.
Note now that i would have to involve incriminating communications or a pattern of behavior. ii would likely not happen unles the cops are crooked, and 3 would involve physical evidence.
How do you square the fact that you say in relation to the password question it would be impossible to prove, but when considering the other examples you are happy to draw inferences if there is sufficient surrounding evidence. Why can't you draw inferences from surrounding evidence when considering the question of whether someone remembers a password?
Did you read my responses carefully? Where I expressed doubt that the prosecution would even try absent physical evidence or witnesses to a discussion of guilty knowledge to back up the theory? For example, an accountant will certainly know if they keep 2 books. A written communication indicating state of mind in the case of the adviser or at least a repeated pattern of behavior.
Actually, I've always sort of had the impression that reconsolidation implied modifying the memory traces in the process. Unless in the Nature paper, they happen to be talking about some completely different process that also happens to be called "reconsolidation"...?
Ezekiel 23:20
Read the abstract, they didn't do anything other than non-invasive tests with recall. There is nothing "implied" by that. Implication is not science.