Slashdot Mirror
Child Porn Suspect Jailed Indefinitely For Refusing To Decrypt Hard Drives (arstechnica.com)
An anonymous reader quotes a report from Ars Technica: A Philadelphia man suspected of possessing child pornography has been in jail for seven months and counting after being found in contempt of a court order demanding that he decrypt two password-protected hard drives. The suspect, a former Philadelphia Police Department sergeant, has not been charged with any child porn crimes. Instead, he remains indefinitely imprisoned in Philadelphia's Federal Detention Center for refusing to unlock two drives encrypted with Apple's FileVault software in a case that once again highlights the extent to which the authorities are going to crack encrypted devices. The man is to remain jailed "until such time that he fully complies" with the decryption order. The government successfully cited a 1789 law known as the All Writs Act to compel (PDF) the suspect to decrypt two hard drives it believes contain child pornography. The All Writs Act was the same law the Justice Department asserted in its legal battle with Apple.
May keep you in jail. Forever.
The following comes to mind:
https://xkcd.com/538/
Sure it's not a hammer, but incarceration sounds like a reasonably persuasive wrench...
n/t
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
The fifth + habeas corpus? This guy has the shittiest lawyer ever or am I missing something?
As much as I lack all sympathy for people in possession of child pornography, how is this not against the fifth amendment?
As it is plain to see. What good does "unbreakable" encryption (if such an animal would really exist) do if you can simply be forced to reveal the passwords? None at all. You might as well forget about it and uninstall all encryption software now - lest it one day be taken as evidence you're hiding something - and get on with your life. Do not make waves. Do not raise suspicion. Conform. Is that so hard to do?
This is why it is suggested to use a hidden crypted partition witihin a crypted partition http://www.makeuseof.com/tag/c...
On could imagine a service that is time dependant
Like, you have to log in every three months, or everything is deleted forever. That would be the only place, where a paraphrase is stored that is so complex you cant be expected to be able to remember.
You don't even have to actively use the service.
You just wait three months, than you say: "well I was using this service called KorsakovOnline.com, but they seem to have completely forgotten that i used their service and now they have deleted my profile and data, and they dont keep backups you know. So now its up to you to prove that i am even capable of providing the password."
Your move Mr Prosecutor
Why are other peoples sig's always more witty ???
Maybe because you are not giving them any evidence, you are giving them access, there is no evidence in the encrypted drive until they have found something.
The suspect does not have to give the authorities access to anything; the authorities may, in this case, legally use force to remove any physical obstacles that keep them from obtaining the object(s) in question.
The right solution to this problem is to get rid of all the laws preventing possesion of data. The whole concept is stupid, and it is easily abused.
Want to prevent child porn? Make distribution illegal, not possesion.
Hmmm... what if you forgot the password? I've a USB stick with an encrypted volume for storing passwords and other private data, and the password is nowhere recorded. Should I forget it and come in conflict with the law I'm going to end in jail forever for having bad memory?
Seems like encryption without any precautions is really dangerous.
wouldt this apply?
Given what we know about the US legal system, this guy is looking forward to a early retirement with a out-of-proportion settlement for damages.
I suspect that within 6 months he will get an epiphany, remember the password, and the drive will turn out to have his collection of grannyporn.
The sister is in on the scam, surely. They both will retire to Panama or some such.
If the "obstruction" was already in place before the warrant was served or executed, the person in question had no knowledge of the warrant and cannot obstruct it knowingly. Otherwise, it would be illegal to lock your door when you leave the house (the police may arrive at any time with a search warrant and find you absent and your house locked).
I wonder how it would go:
I plead the fifth.
There is no child porn on this drive. But there is software, which I have purchased legally, but don't possess the proofs of purchase; they've been lost during a move a year ago. Currently, the copyright-related laws take the approach 'guilty until proven innocent' upon discovery of such software - without proof of purchase I'm automatically assumed to have obtained it illegally. Therefore revealing contents of the drive would incriminate me on a case entirely unrelated to the current one, and in an especially unfair way since despite being innocent I'd be required to prove my innocence, and unable to do it, proclaimed guilty.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
That's why we really, really, REALLY need serious plausible deniability, despite of what security experts say about it. They force you to give up keys, you give up keys and they can't do anything else (unless they dismantle whole western law system). While it does not protect you from torture, does protect you from the law.
If it did, the courts would be guilty of cruel and unusual punishment (misdemeanors don't usually come with an indefinite jail term).
The whole thing is ludicrous as the state is essentially compelling you to offer up evidence against yourself. It's not even a question of evidence tampering, but merely a suspicion that the contents of the hard drive contain evidence, and the legal authority to make you say "uncle".
Perhaps the hard drives contain a list of people he's killed. Perhaps they contain records of gambling receipts. Perhaps it details every furry convention he's been to. Whatever. He has numerous reasons not to divulge to contents of the HDs which have nothing to do with the case, so the whole thing seems like a fishing expedition.
The fact that they are sitting on him instead of going forward with the case suggests the case is weak.
The police are in physical custody of the hard drives. The terms of the warrant are complete. Just because the contents contain a digital cypher instead of an analogue one, it seems we throw every other aspect of legal rulings out the window. They might as well claim he is the Zodiac Killer as well since he is refusing to offer the key to those messages as well.
Whom you would destroy, first dehumanize him by labeling him. It's OK to do anything to him, deny him any rights, if he's not human.
First they come for the suspected terrorists and suspected child pornographers. But it won't stop there.
So what exactly is to stop a court from ordering someone accused of murder to "tell us where the bodies are buried" and when the suspect says "I don't know" locking them up indefinitely?
Perhaps some sort of "right" that protected you from self-incrimination.... perhaps one day America will be a free enough country to have this kind of "right"
Giving the law access to the drive is evidence that you have that access.
that if he's been in jail for 7 months and has not coughed up the password, either he doesn't know it or his stay in jail has been too "comfortable". In the fascist state this may become after the next election, having the guards looks away while his fellow captives make his stay in the jail "uncomfortable" might induce him to comply with the court order.
Doesn't the NSA have copies of everything the guy has been downloading?
It goes without saying that this would be a truly scary precedent if applied widely. Victims of cryptolocker for instance would have encrypted hard drives and literally have no way of providing the key or passphrase necessary to comply with a court order. Smart bad guys could just as easily borrow malware engines to do this to disguise their behavior, so it would not be easily apparent. My personal opinion is that passwords are firmly 5th amendment protected, I just wish it came up under a more defendable case. The investigators should have done more surveillance or traditional investigations (with warrant) before pulling the trigger on the arrest and could have easily removed the ambiguity from the situation.
let me install some WiFi cameras in your house. Let's say the bedrooms and bathrooms. They'll broadcast live stream 24/7 for anyone on the internet to see.
Then you will be the child pornographer. Between the two houses on this lot, there are a 13-year-old and a 17-year-old.
If it's legal to own, then there is no legal recourse someone would have to remove pornographic pictures of themselves from somewhere.
If child pornography were decriminalized, the producer of the work would need to provide a model release signed by the actor's parent. Otherwise, the recourse would be revenge porn laws and trademark-like right of publicity laws.
I hope this goes all the way to SCOTUS. The All Writs Act is a just a law, it does not trump the 4th and 5th amendments!
Its time this thing gets struck.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Much more efficient and ethical would be to make children illegal.
Trust me. I live next to a daycare.
You're effectively claiming that Copyright Law puts you in a 'guilty until proven innocent' which is, more precisely, claiming a violation of due process.
Because most copyright cases are torts, not crimes, the standard is preponderance of evidence, not reasonable doubt. And in cases where it's uncommon for individuals to carefully preserve evidence of title, such as retail purchase of a lawfully made copy of a computer program, preponderance of evidence behaves similarly to "guilty until proven innocent".
Can you show bank records of a purchase that's roughly the right amount?
Not likely, especially if it was on the same receipt as a bunch of other products.
As much as I lack all sympathy for people in possession of child pornography, ...
Why no sympathy? You think possessing child porn is just a character flaw and those people just need to snap out of it or get severely punished?
It's moralizing like that that prevents people from seeking help; whether it's child porn, drugs, alcohol, or mental illness. Most people who end up getting help for those were forced to because they were found out in a public and humiliating way. Their lives are ruined. They will never be employed again and their family lives are many times destroyed. If they are lucky, they get on disability. Most times they end up homeless and an even bigger problem to society.
In our society we have this punishment and revenge mentality that doesn't solve the problem. So, people are just going to do it secretly until they are caught.
What I think we should do, is treat the consumers of child porn and spend our time and effort going after the producers. Now the producers are the ones with the character flaw - abusing children for profit sounds like one asshole to me.
No one should be compelled to aid in their own prosecution.
They have all the access they need. They can read every single goddamn bit on that drive.
This is like me writing a letter in Swiss German and them not finding anybody to translate. How am I responsible for translating it for them when I know it would be used against me?
Encryption is exactly that. Whether it's automated or not, it's just a translation of information into another "language". If Mr. FBI can't read it, then that's tough luck for him, isn't it?
And maybe invest the resources in law enforcement to go after those that produce this stuff and the (doubtlessly many more) that abuse children but do not document it? Naaa, that would not give so many easy "victories" and, worse, the supply of the stuff could dry up because the actual problem gets solved, meaning less funding for law enforcement. We cannot have that, can we? "Cui Bono" looks very, very bad here.
Making the possession of data illegal has many very serious problems, not at all how easy it is to abuse it.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
I didn't realize this was about the different levels of perversity. I guess I got confused by the fact that it's actually about the court jailing a guy until he de-crypts his harddrive because he MAY have child porn on it. It's not about child porn. It's about building a case against encryption. Terrorism didn't pan out, so they now (as I fully anticipated) fall back to child porn, because who the hell isn't disgusted with that? It's not about the content, it's about convincing Joe Blow and Joe SixPack that encryption is bad because..... kiddie porn.
They were from the same year, and I think the all writs act was older. The bill of rights arguable overrides it in any case, just like mu Canadian charter of right overrides both newer and older legislation...
davecb@spamcop.net
Although fairly new for the US legal system, this kind of "rubber hose" attack on cryptographic systems is nothing new. The solution is to use some form of deniable encryption.
Julian Assange developed the rubberhose file system for this purpose.
Chaffing and winnowing are other ways of achieving secrecy without a traditional encryption key.
This looks like a clear case of forceful self-incrimination. When the dust settles, he will most likely get a big fat compensation check sometime in the future for this circus.
-SR
That might be a good idea for now in oppressive countries such as Russia and China. In Western countries, however, it's better to stand up and fight for your rights.
-SR
The "terrrrist" part didn't help the FBI against Apple — much as I, for one, wanted to see Tim Cook sent to jail over the same contempt of a court-order.
In Soviet Washington the swamp drains you.
That's not true for legislators or the courts, because that does not define the competing interest for them. For them, the counter interest is delineated by future electability; if they can stand up there and say they are "tough on CP", they will gather votes.
The only way this can be changed is if a majority of the voting public can be educated as to the validity and importance of the argument you made; but so far, there's not even a hint that might happen.
I've fallen off your lawn, and I can't get up.
It's too bad, in hindsight, we didn't have one of the Kardashian's or maybe Snookie from Jersey Shore revealing the govt. spying. Then, MUCH more of America would feel a vested interest in the situation. :(
There's already a federal court ruling that it's a fifth amendment violation to compel a password unless there is already evidence that the password is hiding convicting data.
The All Writs Act is inferior to the Constitution so the judge's action is illegal and he should be held personally liable for violating this person's civil rights. At least PA is not afraid to send a corrupt judge to prison once in a while.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Judge: "You must tell us where Jimmy Hoffa's body is"
Mobster: "I plead the 5th your honor"
Judge: "But you were the last person seen with Mr. Hoffa"
Mobster: "I don't recollect that your honor"
Judge: "Ok, since we have no body, there must not have been a murder. You are free to go"
I am not sure what the difference is between this scenario and encrypted disks...if there is no body, a crime can't be proven.
Fourth Amendment to the US constitution
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Time to offend someone
The government is trying to coerce the defendant to divulge information that can be used against him. Whether spoken, typed, or written in crayon, the defendant has no duty to comply. By jailing him for asserting his right against self-incrimination, the judge is violating his civil rights under color of law.
If we ever have a functioning justice system in this country again, that judge should be looking at some serious jail time of his own.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
I find it hard to believe that the US government cannot decrypt the HDD. Must be less expensive than keeping someone in jail.
Why UNIX?
Comment removed based on user account deletion
Chances are, this scumbag has cp on the drive. But let's say for this argument, that there is in fact none on the drive. But, he does have some personal pictures (perhaps of an affair), or some corrupt business dealings, etc. If he gives up the password, he would incriminate himself on other things, especially personally with his wife. So, withholding the password does not necessarily mean that he is guilty of the charge.
It isn't that I have nothing to Hide. That is a wrong premise. I have nothing to disclose. That is the right premise.
If this continues, what I expect to see soon is encryption that decrypts in 2 different unencrypted versions, dependent on the decryption key used. I can't imagine its that difficult. Make an encryption program that has the option of just normal encryption with 1 decryption key, but the added option of using a second decryption key, and a second set of files. For example: John Doe has 2 harddisks, each with 40 GB of information. One contains the blueprints of the F22 Raptor, the other the complete works from the Gutenberg Project, in 7 different languages. John Doe uses the encryption program to create a single encrypted file, size 80+ GB on a bigger harddisk. If John enters the password Gutenberg, the program decrypts the file into the Gutenberg library. If John enters the password Raptor, he gets the blueprints for the F22. Now law enforcement, if they find the file, not only have to force him to decrypt it, they have to prove there is a SECOND decryption key. If the program uses standard padding of the encrypted file with 100-200% of the original data, they could not even prove that there is a second decryption key just by looking at the size difference between the encrypted file and the Gutenberg library file.
I have no idea why people insist on forgetting that part. Lets try an analogy. I invent a cypher and print a code on a paper. The court can grant a warrant to get the paper, but that does not mean they can grant a warrant to get the cypher key from my head. The 4th and 5th amendment are very clear on that. Even though our founding fathers are claimed to have never thought about things, they actually knew damn well about encryption and the need for personal secrecy. What if my encrypted paper contained plans to overthrow the tyrannical King. What if my paper was a personal confession for deeds the Church would frown on, but deeds that are not illegal (like Lust).
People always try to press the system for more, and again this is something the founders KNEW. This is why we have a Constitution which states "reasonable search and seizure", leaving no room to think it's everything someone can possibly conceive of.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
This sounds like a Mac and I have no idea how they operate but I'll say it anyway. So they couldn't find ANYTHING in his thumbnail cache, file-open history, file search history, etc? So in other words he's not guilty. It never comes down to just encrypted drives. There is ALWAYS other evidence.
computers are sophisticated enough that they can evaluate your state of mind, and decryption would not only not be possible if you were not the one to decrypt it, but it would further not be possible if you were trying to decrypt it under any kind of duress, so it becomes literally impossible to comply with a court order mandating that you decrypt it for them?
File under 'M' for 'Manic ranting'
If you are an unpopular defendant all rules and notions of fair play go right out the window. Just ask Bill Cosby.
Comment removed based on user account deletion
But not used to go after government agents? The all writs act should be used to get information on directed energy being used to assault citizens as perpetrated by government agents.
obamasweapon.com
That one where it's said that no one can be forced to provide evidences that would incriminate him/her ?
https://en.wikipedia.org/wiki/...
Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
Why? Just outsource the decryption to the guys that cracked the iPhone. What's that? You didn't really crack the iPhone or you want to have your cake and eat it?
Or is this about giving encryption the only-pirates-engage-in-file-sharing treatment?
Innocent until coerced into self-incrimination. Woohoo! Land of the free.
Requiem for the American Dream
You can be "compelled" to do what the state demands, and you have no real recourse.
no fan of children or their pornographers, but i have a technical question related to the future of the revolution and the role cryptography might play: has he not considered the option in truecrypt to use a decoy password? that would work, right? if he had it?
Is this really that much different than when a company dumps a truckload of files when they are force to produce documents in civil case? Bury a few memos in a truckload of documents and hope the other guy misses it. The evidence was produced, but they aren't under any obligation to help you find what you're looking for. In this case the drives are in evidence, the police can poke and prod it for as long as they want. Why should he be compelled to help them find what they are looking for?
The threat of lawsuits from parents ought to be enough to discourage the sexual abuse that occurs during production of CP. Or is the majority of CP produced by parents with their own children? And what sexual abuse occurs during production of animated CP, which some jurisdictions have also banned?
Neither, actually. Unless you count a sniffer on the USB lines as "compromised peripheral". (hm, yes, hiding the sniffer inside the device/inside its USB connector is probably the most inconspicuous method).
"How does the peripheral transmit said keystrokes/mouse clicks to the "command and control" server?"
You don't have to transmit anything if you're capable of retrieving the device. You can pack a few GB worth of flash memory even into tiny devices; and even a fraction of a GB stores days worth of keystrokes and mouse movements.