Child Porn Suspect Jailed Indefinitely For Refusing To Decrypt Hard Drives

An anonymous reader quotes a report from Ars Technica: A Philadelphia man suspected of possessing child pornography has been in jail for seven months and counting after being found in contempt of a court order demanding that he decrypt two password-protected hard drives. The suspect, a former Philadelphia Police Department sergeant, has not been charged with any child porn crimes. Instead, he remains indefinitely imprisoned in Philadelphia's Federal Detention Center for refusing to unlock two drives encrypted with Apple's FileVault software in a case that once again highlights the extent to which the authorities are going to crack encrypted devices. The man is to remain jailed "until such time that he fully complies" with the decryption order. The government successfully cited a 1789 law known as the All Writs Act to compel (PDF) the suspect to decrypt two hard drives it believes contain child pornography. The All Writs Act was the same law the Justice Department asserted in its legal battle with Apple.

So forgetting a password

[allo]

May keep you in jail. Forever.

Re:So forgetting a password

[Tukz]

Wasn't there a similar case, albeit with less sinister crimes, a few years ago where they held a guy in contempt for not unlocking something encrypted.

IANAL and all that, but can't they hold someone in contempt indefinitely?

Re:So forgetting a password

The sad thing is that they don't have enough evidence to convict him.

The authorities have called two witnesses. One was the suspect's sister who claimed she looked at child pornography with her brother at his house. The other was a forensic examiner who testified that it was his "best guess" that child pornography was on the drives

Meaning that the only thing they have on this guy is an accusation from the sister. The other witness have essentially only said that "Well, it's encrypted, what else could it be?"

This means that if you want to put someone in jail forever all you need to do is to hide an encrypted drive (Or fill it with random noise) in their home and accuse them of keeping child porn on it.
Without being able to produce a decryption key the poor bastard will be kept in custody indefinitely, probably with less access to exercise and books than a convicted pedophile would.

Re:So forgetting a password

I totally agree. Without EVIDENCE there is no case here. Just because somebody in power 'thinks' he has committed a crime, without any evidence, there is no reason to keep him in prison, and just as you say, you just have to hide an encrypted drive in somebody's house and accuse them of owning child pornography, and they can be kept in prison indefinitely, for having done nothing!

Re:So forgetting a password

[ShanghaiBill]

I totally agree. Without EVIDENCE there is no case here.

There is evidence. Certainly not enough to convict, but enough to get a warrant to search for additional evidence. The key question is whether he can be compelled to assist in that search. The Supreme Court has ruled that a suspect cannot be compelled to provide the combination to a lock, so I don't see how this is significantly different.

Re:So forgetting a password

[Maritz]

It's different because terrrrristchildrens.

Re:So forgetting a password

[TFAFalcon]

Well that solves the whole problem of 'lack of evidence'. The court can just order each defendant to produce the evidence to convict them. If they don't, then jail them until they do.

Re:So forgetting a password

[Harlequin80]

Who knows. Maybe there is a full on conspiracy here and there isn't child porn on there but state secrets of his true employer, Mossad. Or it could be KFC's secret herbs and spices recipe. Or it could be child porn. Or he could be an officer of the law who is standing on principle and saying fuck off you're not allowed to do this.

Frankly we don't know.

Re:So forgetting a password

[fey000]

Or we can throw them in the ocean to see if they float or drown.

Re:So forgetting a password

[mysidia]

IANAL and all that, but can't they hold someone in contempt indefinitely?

It is only legal to hold them in contempt if they ARE capable of complying with the order.

At such time as the person is physically or mentally incapable of complying with the order, for example, they don't have the information required, or it is not possible for them to perform as requested, they cannot be held in contempt.

Re:So forgetting a password

[Richard_at_work]

A judge is also required to take into account the probability that further incarceration is likely to be conducive to the goal - holding someone in contempt of court is not a punitive measure, its a conducive measure, so if its unlikely to achieve the goal required then a judge is not supposed to continue holding someone in contempt.

Re:So forgetting a password

[wbr1]

So having authorities request a password you never had or knew, because you pissed them off, can keep you in jail forever.

Just pointing out how this can be used as a weapon against anyone, anytime.

Re:So forgetting a password

[houghi]

Throw them in the water. If they are innocent, they will sink. If they are guilty, they will float.
Worked in the past, so I see no reason why it won't work here.

Re:So forgetting a password

[ole_timer]

under the 5th amendment he can't be compelled to "utter" the passphrase, but he can be compelled to provide the unencrypted contents in most jurisdictions.

Re:So forgetting a password

[msauve]

I find that court contemptible, and won't change my mind.

Re:So forgetting a password

[JoeMerchant]

How do you determine if someone actually remembers a password or not?

I certainly have forgotten passwords to systems I left on the shelf for 7 months or more.

Re:So forgetting a password

[gweihir]

It is only legal to hold them in contempt if they ARE capable of complying with the order.

Which happens to be impossible to prove due to fundamental restrictions of how reality works. Hence the government just assumes they are capable and you need to prove they are incapable. Which you cannot do, due to fundamental restrictions of how reality works.

And there your argument goes out the window completely.

Re:So forgetting a password

[gweihir]

And in other news, if the judge just says "screw him" then the person is screwed. And nothing is ever going to happen to the judge for that evil act.

Re:So forgetting a password

[gweihir]

This interpretation is just fundamentally evil as it negates the intended protection for the accused. But what do you expect in a police-state.

Re: So forgetting a password

Alleged...

As someone who had to assist in a NCIS hunt for child porn on a subordinates computer who of course had none but all it takes is an accusation, I dont trust searches like this.

Not to mention that information would fall directly into the Fifth Amendment as that information would be providing witness against yourself.

If they need that one HD in order to nail this guy then they don't have enough evidence... Should have tried harder. They didn't build a solid enough case with enough evidence before pulling the trigger.

Re:So forgetting a password

[phishybongwaters]

You don't think this is actually about child porn, do you? You can't be that thick, can you? You must understand, even at a very basic level, that kiddie porn has been, and always will be, a lynch pin in the restrictions of your rights and freedoms. We must outlaw encryption because.... TERRORISM! But... the terrorists didn't use encryption. KIDDIE PORN! EVERYONE HATES THAT! I've called this so many times. In fact, if you go through my post history you should find some posts on the Apple case with the FBI, where I literally said this exact this is going to happen (unless I posted as AC, depends on the computer i'm at). They've used this to fight piracy and boost copyright laws. They've used it to completely destroy usenet. And they are using it now to destroy encryption. And the best part of all of this? The NSA and any law enforcement agency that bothers to ask, already likely has access to the network these images came from. This isn't about stopping child porn, and it's not about protecting kids and putting pedophiles in jail. It's about outlawing, or neutering, encryption because it takes slightly more effort to spy on you if you use encryption. It has never been about child porn. Ever

Re:So forgetting a password

If there is kiddie porn on those drives, then he's actually making the smart move. Either way, he's fucked. But at least this way, the state has to pay for his room and board. If he turned over his passwords, conversely, he would get several years in prison anyway but then also be thrown out at the end on the sex offender registry, pretty much guaranteeing that he will never be able to get a job or place to live ever again. As long as they hold him in jail, he at least has food and a place to live and there remains a chance that he may make it out of this without being on the sex offender registry.

If he takes the kiddie porn charge, it's almost as bad as a death sentence. His life will be destroyed and there will be no options to even survive.

Re:So forgetting a password

[Harlequin80]

But that doesn't make it ok to lock him up indefinitely. They can't prove their case. That is the end of it. Charge him with refusing to obey a court order, and find him guilty of that. If that means he goes away for 2 years, then fine. But you can't imprison someone without a conviction. That is wrong.

Re: So forgetting a password

[Mr+D+from+63]

But it was more than just an accusation. The way I read it, they were monitoring a known child porn site online and seeing who was accessing it. They traced one of the accesses to this guy. They talked to people and his sister confirmed she'd seen child porn. They then seized his computer and forensically analyzed it.

Now, what we don't know is what that analysis found. They 'may' have seen that those disks were used at the same time as the accessed the child porn site, and 'may' had other evidence on his computer that showed he likely downloaded. If so, that would all be pretty compelling evidence as a whole.

Re: So forgetting a password

[Ihlosi]

They then seized his computer and forensically analyzed it.

Well, maybe they should have anticipated encryption and devised a way to obtain the encryption keys (surveillance, keylogger, whatever).

Re:So forgetting a password

[Ihlosi]

This is significantly different because a lock can be cut open,

You can devise a locking mechanism that cannot be opened by force without destroying whatever the lock is supposed to protect.

What would you suppose the court should do if it has seized documents as evidence, but they're all written in a fantasy language that only the defendant uses? "Please Mr. Defendant, translate this for the court."?

Re:So forgetting a password

[Mr+D+from+63]

Child porn has been aggressively prosecuted long before online trafficking and encryption became and issue. But hey, never miss a chance to deflect. There is a battle over encryption, but that does not mean everything it touches becomes ONLY about the encryption.

Re:So forgetting a password

[SecurityGuy]

Agreed, this is appalling. I have two encrypted databases on my phone. Why two? Because I forgot the password to the first one and had to start over. No power in the world can compel me to unlock that first one. Believe me, I tried.

The notion that I could be put in jail forever because I legitimately don't remember a password is insane.

Re: So forgetting a password

[ooloorie]

Now, what we don't know is what that analysis found. They 'may' have seen that those disks were used at the same time as the accessed the child porn site, and 'may' had other evidence on his computer that showed he likely downloaded. If so, that would all be pretty compelling evidence as a whole.

Then they don't need to force him to decrypt his hard drives, do they?

And make no mistake: while this sort of thing starts with the lest likable characters, it will eventually be used against anybody from Snowden to your grandmother to go on legal fishing expeditions against anybody that police, prosecutors, or the executive branch doesn't like.

Re: So forgetting a password

[Applehu+Akbar]

"Not to mention that information would fall directly into the Fifth Amendment as that information would be providing witness against yourself."

Would any of our lawyers care to explain how the All Write Act takes precedence over the Fifth Amendment in this case?

Re:So forgetting a password

[Immerman]

What makes you think they have too? He's not being detained as punishment for a crime - that would require proof. He's being detained for contempt of court, in order to attempt to coerce him to do something they assume he can. This is the kinder, gentler version of "rubber hose decryption", and there's far more leeway for that.

Besides, being able to access encrypted files on your computer is a pretty safe bet, especially if the timestamp indicates they've been accessed recently. Unless someone else put them there, the only really plausible way to claim otherwise is if it requires a keyfile that you were able to destroy in the presumably brief window between having the cops show up and being detained.

Re:So forgetting a password

[ole_timer]

no, it's narrower than that. under our system you can't utter or sign. but you have to give the other side (in this case the gov't) the unencrypted data.

Re:So forgetting a password

[Jason+Levine]

Along those lines - and since I don't know everything about encryption - I wonder if it's possible to have an encrypted area that decrypts to your data if you enter one password and decrypts to an innocent looking set of data if you enter a second password. So the police arrest you and tell you to decrypt your drive. You type in "12345" and show them an innocent looking web browsing history and a boring set of family photos. You get home, type in your real password, and all your actual data gets displayed.

Would such a system be possible? Would it give any indications of having a second hidden layer?

Re:So forgetting a password

[NatasRevol]

Per the 5th amendment, yes?

Re:So forgetting a password

[hairyfeet]

Except that means exactly jack and shit thanks to trolls, there is even an article on Wikileaks called "confessions of a child pornographer" where he brags about using viruses to infect random guys that go to one of his legit porn sites and filling their PCs with CP and having them connect to known FBI honeypots because he thinks its funny to have the cops chasing their tails and figures the more time they waste going after his fakes the less time they have to go after his legitimate customers.

According to my buddy at the state crime lab the whole charade is just that, a bullshit waste of time, which is why he is trying to get transferred out. He says he can't even remember the last time they actually caught a predator online (those they catch when someone the scumbag molests comes forward) but instead all they ever catch is porn addicts which could easily be treated with a little therapy but instead they have to pretend they are dangerous because...well the prosecutor wants to get a shot at congress or the governors chair in a couple years.

So hundreds of millions are spent, the actual predators get to sit back and laugh about it because they keep their stash on an encrypted server in bumfuckistan and just access it via VPN, and you get to pay millions to keep some losers that haven't left their basements in years in solitary because they couldn't get it up anymore after watching a billion hours of porn without watching the sickest shit they could find, but hey, the prosecutor can say he's "tough on crime" and will get that shot at the big chair where he can clean up off the backroom deals....welcome to reality where its ALL politics..and then folks wonder why guys who take the job spend all of 6 months and then start looking for the exit.

Re:So forgetting a password

[ooloorie]

no, it's narrower than that. under our system you can't utter or sign. but you have to give the other side (in this case the gov't) the unencrypted data.

Your idea that this is a settled question only shows that you are utterly ignorant of how "our system" works.

In our system, the meaning of the Constitution is interpreted by the courts, and their interpretation has changed significantly over the years. Whether anybody is obligated to decrypt their own data for the government or not still is an open question, to be decided probably by lots of court cases and legislation.

Re:So forgetting a password

[adamstew]

If he's using a proper True Crypt volume, encrypted with AES-256, you're off by about 50 orders of magnitude. AES-256 will survive brute-force attacks until pretty much the heat death of the universe.

Re:So forgetting a password

[Agripa]

and if he is actually innocent of possession of child porn, he can get full exoneration by cooperating.

You're kidding, right?

Nothing will ever exonerate him even though he has not even been charged yet.

Re:So forgetting a password

[fustakrakich]

It's not about child or encryption. It's about compelling the assistance in one's own prosecution. Unfortunately I'm one of those in the tiny minority that believes it should never be allowed. I'm hoping the guy holds out for what it's worth. Maybe it's better for him to remain a suspected 'child porn suspect'.

I'm half way expecting a constitutional convention to come up within a couple of years. We can kiss the bill of rights and other civil rights goodbye when it happens. The general attitude has turned against them.

Re:So forgetting a password

[Mattcelt]

That's actually precisely what the fifth amendment is about - that the courts do not (and should not!) have the power to compel the accused to produce evidence that would be incriminating or harmful to themselves or their case.

This is fairly clearly an abuse of judicial power. Abstracting the incrimination one level does not suddenly make it acceptable.

Re:So forgetting a password

[mysidia]

Which happens to be impossible to prove due to fundamental restrictions of how reality works. Hence the government just assumes they are capable

The government is not allowed to assume that you are guilty. It does not matter how inconvenient this requirement becomes due to how reality works.

The law requires the government to show you are guilty beyond a reasonable doubt, otherwise the legal principles at the basis of our rule of law say that you must be presumed innocent, in that case you should be released.

If the suspect has forgotten the password, and reports to have forgotten or never knew the password and has no access to the password, then I do not believe there is any legal basis for holding them in contempt beyond that point.

Only way they could is they have definitive proof that someone has access to the password, and it's being withheld under the control of the suspect.

Re:So forgetting a password

[jbmartin6]

The SC has never RULED this. It was mentioned in a different case. However, there is clear precedent in the US in the case law regarding combination safes. The defendant can be compelled to open/unlock in cases where there is clear evidence that relevant items are held by the lock. e.g. if the guy wrote in an email "I keep all that illegal porn on this encrypted volume". One cannot be compelled for a fishing expedition or under the rubric of a more general search warrant. I would guess from the invocation of All Writs that this isn't what happened in the case at hand. Or perhaps as others say it is an attempt to leverage All Writs for a wider precedent. I didn't read the case details, though.

Re:So forgetting a password

[gurps_npc]

We are saying that the power to compel to produce requires proof that the evidence exists.

Say you are a prosecutor. You have a picture of the defendant holding a bloody knife. You ask for and get a court order requiring the defendant to produce that knife.

Should that defendant be jailed for producing a slab of melted steel that they claim is the knife?

Of course not. He produced what he could. They demanded he produce the hard drive. He did. He can't be required to produce the password, as he can easily claim that he has forgotten it.

The only way the judge can charge or hold him if the judge can prove that he has not forgotten the password. Not "thinks he hasn't forgotten it', prove he hasn't forgotten it. Yes, that's impossible to do. Which is why the Judge should not be able to give this order.

Re:So forgetting a password

[Cytotoxic]

...and yet Hastert only gets 15 months.

This is actually very relevant to this case.

Hastert got 15 months. For withdrawing less than $10k from his bank account several times. Literally. That is the crime he was convicted of. It is illegal to move less than the reportable amount of money ($10k) in order to avoid having it reported. It is called structuring. Could be the most ridiculous, made-up crime of all time. And for this made-up crime the prosecutor said he should get 0-6 months.

But because he was also a dirty molester and they couldn't convict him on that, they said they should make an example of him to deter other molesters so they would know that they couldn't get away with it. Literally. This is what both the prosecutor and the judge said.

So not that he doesn't deserve worse - but there is something fundamentally wrong with the notion of punishing people for crimes they have not been convicted of or even charged with. "Everybody" knows this cop is a dirty child-porn watching creep. So let him rot in jail. Hastert admitted that he did something wrong with some high school boys, but we can't get him because of the statute of limitations. So find something else and push his punishment beyond the guidelines. (they also tacked on a $250k payment to a victim reimbursement fund and mandatory sex-abuse counseling - things he was not charged with)

In the immortal words of Clint Eastwood, "Deserve's got nothin' to do with it." Either we are a nation of laws, or we aren't. And letting the gross and creepy edge cases define our law is not the way to be a nation of laws.

Re: So forgetting a password

[Cederic]

the end result of this is the same, a pervert sits behind bars

Fuck you and your evidence free condemnation of someone.

If he's committed a crime, prove it, provide the evidence, and a court will convict him and apply appropriate measures in response.

In the meantime an innocent person - pervert or otherwise - is in prison. Since you're also a pervert*, perhaps we should ask for you to be locked up indefinitely too?

*based on the simple refrain: I'm kinky, you're a pervert

Re: So forgetting a password

[drinkypoo]

And, quite frankly, the end result of this is the same, a pervert sits behind bars.

Careful with that 'pervert' brush. It is frequently applied to everything from pedophiles to people who have a fetish... which is damned near everyone. The most common fetishes in America (last I checked) were stockings, pantyhose, and feet, approximately in that order. I don't see many stockings any more, so pantyhose are probably creeping up. Heh.

The point of this story is that even if you like it being done to this guy, it can happen to you next.

Re: So forgetting a password

[ooloorie]

Unless you are an omniscient deity, the disk is indistinguishable from one with random bits. So there are no "actual files" on the disk until it gets decrypted. Furthermore, there is a pretty clear line between searching someone's possessions (legal with a court order) and forcing them to assist in their own conviction by producing evidence (unconstitutional). This falls under the latter category.

Re:So forgetting a password

[Sarten-X]

No.

The definition of the word "produce" is important. If the evidence already exists (as encrypted data on the hard drive), then the court can compel someone to produce (deliver) it to the investigators.

The 5th Amendment protection is to intended to prevent the court from forcing confessions. To that effect, the court is not allowed to compel a defendant to produce (create) evidence against themselves that did not already exist.

As an analogy, the court cannot compel you to write a confession. If you already wrote one and put it in a safe, they can compel you to give them the combination to the safe.

Re:So forgetting a password

[msauve]

Courts do not have the power to compel a person to provide evidence against themselves,which is not specifically known to exist. Read the 5th Amendment, then read United States v. Hubbell. The prosecution is fishing.

Re:So forgetting a password

[msauve]

" If the evidence already exists (as encrypted data on the hard drive)"

Ah, but it's NOT known to exist. The prosecution only suspects there's evidence on the hard drive, and they're fishing.

Re: So forgetting a password

[INT_QRK]

While hard to be sympathetic given the nature of the accusation, we do need to seriously guard against a slippery slope of presuming guilt based on the mere existence of encrypted storage, or worse yet, allowing precedent for encrypted data itself evoking "probable cause" for legal search.

Re:So forgetting a password

[JustAnotherOldGuy]

It is only legal to hold them in contempt if they ARE capable of complying with the order.

This is the perfect way for the government to incarcerate anyone they want for as long as they want. Drop a hard drive in your home, and voila, instant incarceration.

Prosecutor: "Oh my, we suspect you of having child porn on this hard drive. Unlock it or go to jail."
You: "That's not my hard drive."
Prosecutor: "What part of, 'go to jail' seemed unclear?"
You: "I can't unlock it, that's not my hard drive."
Prosecutor: "See you in 5 or 10 years."

Re:So forgetting a password

[JustAnotherOldGuy]

As an analogy, the court cannot compel you to write a confession. If you already wrote one and put it in a safe, they can compel you to give them the combination to the safe.

Yes, but not if they only suspect that there might be a confession in the safe. Otherwise it's a fishing expedition and that's not allowed.

If this was permitted then cops would be able to pick any house at random and search it for whatever they suspect might be in there.

Re:So forgetting a password

[russotto]

If you already wrote one and put it in a safe, they can compel you to give them the combination to the safe.

No, they can't, if the combination is only in your mind. They can compel you to give them the safe and they can crack it, but they can't force you to give them the combination.

Re:So forgetting a password

[Solandri]

No, the intended purpose of the 5th Amendment is to prohibit use of a refusal to testify as evidence of guilt. In the bad old days, a ruler or government would put you on trial and tell you to confess. And if you refused, your refusal was accepted as evidence of your guilt, thus creating a catch-22. The 5th Amendment's protection against being forced to testify against yourself put a cold stop to that.

If the court has reason to believe someone is hiding evidence, the State compelling him to give it up is not prohibited by the 5th Amendment. e.g. If the State is reasonably sure a guy killed his wife (blood all over the house, bloody knife with his fingerprints all over it, bloody drag marks to the garage, and blood in the trunk), they can press him to reveal where he dumped the body. The 5th Amendment does not protect him from that. All it does is prohibit using his refusal to cooperate as evidence of his guilt.

If there's a transgression here, it would be the 6th Amendment - right to a speedy trial. This is actually a hole in our legal system. While you cannot be held indefinitely if the police (executive branch) does not press charges, you can be held indefinitely if the court (judicial branch) gives you an order and you refuse to obey it (contempt of court - no trial needed). About a decade ago there was some journalist who spent 2 years in jail because a court ordered him to reveal his source for a story, and he refused.

Re: So forgetting a password

[Cederic]

If this guy is innocent then he can work with them to show he is innocent. Let the Project see the evidence.

Ok, so lets lock you up. I'll draw up a list of crimes you may or may not have done and we'll keep you in prison until you've worked with the Innocent Project to prove your innocence on all of them.

Shouldn't take too long, I'll keep the list down to a couple of thousand different offences.

That said, if YOU were accused of having child porn I tend to think you would do everything in your power to show that wasn't the case. If you don't want child porn, think murder, rape or embezzlement.

That has nothing to do with whether I'm innocent though, and certainly nothing to do with whether it's appropriate to imprison me with no evidence.

Re:So forgetting a password

[ooloorie]

How convenient. The meaning of the law is inconvenient

Under an original reading of the Constitution, it's questionable whether there would even be a case, since the Constitution does not grant the necessary powers to the federal government.

I'm simply pointing out that even under the malleable reading of the Constitution that we have these days, it is far from a settled matter whether courts can compel you to give up a password.

oh hey, I know! -- lets "interpret" it to mean something else. Yeah, that's not tyrannical or anything

Historically, the widespread use of case law and an independent judiciary have actually been forces counteracting tyranny. So, indeed, it's decidedly "not tyrannical or anything".

Re: So forgetting a password

[ooloorie]

The 4th amendment protects you from illegal searches, but the authorities have a warrant so there is nothing illegal about this search.

And the government is free to search to its heart's content. It should not be free to compel action on the part of the defendant that would result in self-incrimination.

The suspect is actually committing a crime called obstruction of justice by not complying.

That's your view, not settled law. I and many other Americans find that view of "obstruction of justice" to be dangerous and unacceptable.

Re: So forgetting a password

[ultranova]

Defending encryption doesn't mean having to defend every disgusting pervert or criminal that uses it.

Yes, it does: if I don't defend a criminal's fundamental rights, I weaken mine. After all, I have accepted them being merely conditional, rather than truly fundamental, and signaled this acceptance through my lack of action. Cultural consensus has shifted, eroding said rights ever so slightly.

And, quite frankly, the end result of this is the same, a pervert sits behind bars.

Some accused of being a pervert sits behind bars. This is used by authoritarians to cause an emotional response, which can then be used against you later. Don't go into the trap.

Re: So forgetting a password

[tnk1]

A court can require you to turn over evidence that you have in your possession. The fact that it happens to be the defendant is actually not the point.

You are protected against self-incrimination, but if you were in a car accident and you ran away, you wouldn't be protected from not producing your vehicle, even if you had locked it and hidden it in your garage. That is because the very car itself is not incriminating. It's the evidence that could be derived from the car that would be incriminating, perhaps, but you're not self-incriminating by producing it, as the existence of the car does not prove anything and it isn't necessarily tied to you (someone else might have been driving, etc.).

In this case, the court does not "know" that he has committed a crime, but has seen evidence that there may be contraband in the encrypted filestore. Those files themselves are not immediately incriminating for the defendant, because even if they were contraband, they would have to be tied to the defendant for the defendant to be found guilty of a crime. For all we know, the files were added to the filestore by the sister who supposedly saw the images.

Granted, the process of tying him to the images would be relatively straightforward, but producing the decrypted files is not an admission of guilt.

The one thing that I think the defense rests on is that the self-incrimination is not that there is contraband, but that his very knowledge of how to decrypt a filestore with that material on it is linking the defendant to the contraband. In other words, simply finding those files, unencrypted on his hard drive might have a defense of "someone put them there", but his ability to decrypt the files would mean that not only did he have the files, but he processed the files. It's sort of like a crime is known to have been committed with the gun in the conservatory, and you admitting that you had the combination to the rather solid and undamaged gun safe where the murder weapon was known to be stored.

Re: So forgetting a password

[lgw]

Sound like you believe the police. Never do that. If they had found evidence that would convince a jury, they wouldn't bother with his hard drive, they'd just go to court. Clearly the evidence thus far isn't very compelling.

Re: So forgetting a password

[SumDog]

5th amendment protects against self incrimination. He's compiled with the warrant. They have possession of the items. You are not required to incriminate yourself.

This goes well beyond what lawmakers anticipated. We are talking about unbreakable safes.

Despite what you may believe about this man and his alleged crimes, encryption is the key technology in promoting free speech and preventing though crime. Let me as you this: what if it had been gay porn and we still lived in a system where that was illegal (which wasn't that long ago)?

Re: So forgetting a password

[lgw]

If this guy is innocent then he can work with them to show he is innocent. Let the Project see the evidence.

Yes, yes, "guilty until proven innocent" is so much easier for the state. A liquor store was robbed? Just arrest the nearest black person - he probably can't afford a lawyer, so the charges will stick. Kiddie porn downloaded? Arrest the first person you find with encrypted files - if they provide a password, demand they produce the other password, for the hidden partition.

Re:So forgetting a password

[lgw]

No, the 5th amendment was explicitly about preventing the state from torturing confessions out of suspects. A practice that had recently been in fashion in the 1700s, and which seems to be coming back into fashion again. Won't confess? To jail with you until you do!

Re: So forgetting a password

[MattskEE]

But it was more than just an accusation.

In what way is it more than an accusation? Yes, there is some evidence against him. And at some point he may be charged and convicted of a crime. But unless and until this person is charged and convicted, they have merely been accused of committing a crime.

That's the way our legal system works, and although the distinction is very fine, it is also critical. Otherwise you would have the situation where police can say that they have evidence against anybody and people then think that this person is automatically guilty and its okay to deprive them of rights or due process. But police make mistakes, either willfully or by accident, and the accused needs their day in court so that they have the ability to defend themselves.

I don't know about the particulars of this case - but I see a lot of people who think its okay to give police worrying amounts of power over the lives of people who have only been accused of a crime, as though suspicion of a crime is the same as conviction of a crime. Innocent until proven guilty.

Re: So forgetting a password

[allo]

Your point of view is strange.

When i am innocent and accused of anything, nothing should happen when i stay silent all the way. If anything happens without any evidence (which cannot be there, because i am innocent) and they require me to prove my innocence, we've lost our liberty.

Re: So forgetting a password

[macs4all]

They then seized his computer and forensically analyzed it.

Well, maybe they should have anticipated encryption and devised a way to obtain the encryption keys (surveillance, keylogger, whatever).

I agree; but being that this was OS X, there is very little chance that something like a keylogger could have been installed without the user's express consent.

Re:So forgetting a password

[gurps_npc]

I hate and despises "magic word tests" put into law. He has a right to not incriminate himself - including a right not to be forced to make a specific statement.

Re:So forgetting a password

[zugmeister]

IANAL, but when you say "they can press him to reveal where he dumped the body", would the word "press" reasonably equate to applying the same penalty he could expect as a convict, even though he has not been found guilty of a crime? Because that's what appears to be happening in this situation.

Well...

The following comes to mind:
https://xkcd.com/538/

Sure it's not a hammer, but incarceration sounds like a reasonably persuasive wrench...

Re:Well...

[zazzel]

Of course, this shouldn't be legal behaviour for the jurisdiction. He DID turn over all documents, so doesn't that constitute compliance with the All Writs Act? Handing over a password (even if it's not forgotten - and that happened to me twice (!) with encrypted volumes) could mean testifying against yourself - and you don't have to do THAT outside of countries supporting The Inquisition's mode of justice.

Surely a fundamental human rights breach?

[advocate_one]

n/t

Re:Surely a fundamental human rights breach?

[Harlequin80]

Fair and reasonable punishment?

Clearly they don't have enough evidence to convict him. So at this stage he hasn't been found guilty of the main crime. However he is refusing to co-operate with a court, but it seems crazy that that could mean he dies in prison.

Re:Surely a fundamental human rights breach?

Article 5. No one shall be subjected to torture or to cruel, inhuman or degrading treatment or punishment.
Article 6. Everyone has the right to recognition everywhere as a person before the law.
Article 9. No one shall be subjected to arbitrary arrest, detention or exile.
Article 10. Everyone is entitled in full equality to a fair and public hearing by an independent and impartial tribunal, in the determination of his rights and obligations and of any criminal charge against him.
Article 11.
(1) Everyone charged with a penal offence has the right to be presumed innocent until proved guilty according to law in a public trial at which he has had all the guarantees necessary for his defence.
(2) No one shall be held guilty of any penal offence on account of any act or omission which did not constitute a penal offence, under national or international law, at the time when it was committed. Nor shall a heavier penalty be imposed than the one that was applicable at the time the penal offence was committed.

Source: http://www.un.org/en/universal-declaration-human-rights/

Re: Surely a fundamental human rights breach?

so just plant a hd full of rando bits and finger someone. of course its a violation of the justice principles.

Re: Surely a fundamental human rights breach?

[bug1]

Nothing to hide == nothing to fear

"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say," - Edward Snowden

https://www.reddit.com/r/IAmA/...

Re: Surely a fundamental human rights breach?

[ZeRu]

He would have complied if there hadn't been anything incriminating on those drives.

Just like people wouldn't complain against The Patriot Act if they weren't supporting terrorism.
But I hope you're just trolling.

Re: Surely a fundamental human rights breach?

[Racemaniac]

"Brussels has effectively enacted curfew and everybody is fine with it"
as a belgian i must say this is the first i heard about that
probably right after the bombings there was some kind of curfew for a short period when they were still hunting down some suspects, but life is just returning to normal, as you would expect.

Re: Surely a fundamental human rights breach?

[mwvdlee]

What if the drive does NOT contain child porn but DOES contain information incriminating him of something completely unrelated?
Would the government be allowed to use that other information?

Re: Surely a fundamental human rights breach?

[phantomfive]

What a great quote.

Re: Surely a fundamental human rights breach?

[CrimsonAvenger]

Unfortunately Snowdon is branded a traitor by half your country

I doubt seriously that half my country even remembers who Snowden is. And that's assuming they ever knew.

The government has a hard-on for Ed Snowden, and a lot of the tech community supports him. Outside that? Not so much....

Re: Surely a fundamental human rights breach?

[BlacKSacrificE]

This counterargument is bad. You need to stop repeating this quote.

The framing of this counterargument accepts the basic premise that the only people who have something to hide are "bad people", and that if you're not a bad person then you won't have anything to hide.

You need to engage with and defeat this presumption that the only people who have something to encrypt are pedophiles.

The best free speech analogy is not this "hurr I have nothing to say" retarded horse shit, but a defense of hate speech on the basis that the sword that defends good free speech (political dissent, etc...) must necessarily defend objectionable speech. This context means that, yeah, pedophiles use encryption, and we object to that, but we can't defend our need to encrypt things we all agree need to be encrypted without also defending pedophiles. And that's a shitty trade-off and we all feel bad about it, but it's not ambiguous or up for debate; there's no way we can evaluate this ethical dilemma and end up putting the prosecution of pedophiles and terrorists ahead of our own encryption needs.

Re: Surely a fundamental human rights breach?

[tepples]

I doubt seriously that half my country even remembers who Snowden is.

Even in my country, most don't remember that Snowden is a fictional snowman from 1997.

Re:Surely a fundamental human rights breach?

[gweihir]

They get around that by claiming this is not punishment. This is just incentive to comply with the court's wishes. Of course, to any sane person, that argument is pure evil in itself and cannot hold water at all.

Re:Surely a fundamental human rights breach?

[cdrudge]

Article 5 - He's not being subjected to any of those (at least no more than any other jail inmate...but that's another issue)
Article 6 - Not sure how that applies here
Article 9 - It wasn't arbitrary. There was a lawful court order. He didn't comply. Contempt of court.
Article 10 - He had a fair and public hearing hearing. Multiple likely.
Article 11(1) - He has been presumed innocent from the original charges. He's being held in contempt
Article 12(1) - He hasn't been found guilty of a penal offense. He's been found in contempt of court. This article subsection applies to ex post facto laws.

Re: Surely a fundamental human rights breach?

[myowntrueself]

What if the drive does NOT contain child porn but DOES contain information incriminating him of something completely unrelated?
Would the government be allowed to use that other information?

The coolest outcome would be if the drive contains evidence of major crimes by the Philadelphia police department going all the way to the top and that he finally does relent and hands over the password to the feds.

What?

[Edis+Krad]

The fifth + habeas corpus? This guy has the shittiest lawyer ever or am I missing something?

Re:What?

[Derekloffin]

Unfortunately for this guy, the 5th has been established to NOT apply in this circumstance, as it is not the suspect's testimony they are seeking, but instead to access something he possesses. It has been likened to if a person has a safe the police have a warrant to search, the person in charge of said safe must provide access to it. I believe the most a lawyer could do for him, given the case law, is get him to enter the password in private so as to not be seen, but that's about it. Now that doesn't mean it is just, but that's what the rules of the system are currently.

Re: What?

[TheReaperD]

Actually, there's case law in the opposite position as well that says you cannot be forced to give over a password under the 5th Amendment; physical encryption keys is another matter. Eventually, this will need to be ruled on by the SCOTUS. He's going to have to wait until his case gets cleared by a judge.

Re:What?

[Edis+Krad]

It's still the fifth
https://en.wikipedia.org/wiki/...

Re:What?

[phantomfive]

Here is an analysis of the topic. So far, the question has not been addressed by the supreme court, and other courts have issued mixed decisions.

Re:What?

[linuxrocks123]

You're almost completely wrong.

Supreme Court case law is 5th Amendment says you don't need to provide a password to a safe. 11th Circuit case law expands this to say you don't need to provide the password to an encrypted disk.

There are no district court decisions which support your position, exactly. There are a few district courts and the Supreme Court of Massachusetts which rather obviously misapplied the foregone conclusion doctrine to get the result they wanted in specific cases, but nothing else.

Pennsylvania isn't in the 11th Circuit. The EFF supports an expansive 5th Amendment when it comes to disk encryption, so I suspect the EFF may take this case up and appeal it to get some precedent set, now that they know about it.

5th ammendment

As much as I lack all sympathy for people in possession of child pornography, how is this not against the fifth amendment?

Re:5th ammendment

Modded you up, god knows how many comments before it took an AC to point out what is the heart of this.

You can't be forced to bear witness against yourself

"nor shall be compelled in any criminal case to be a witness against himself,"

There it is in plain English. The judge holding this man till he complies needs to be tarred feathered then set on fire.

Re:5th ammendment

Personally I don't care about the child pornography pictures and movies. More precisely, to me they're evidence of wrongdoing, they're horrible and I never want to look at them, but they in and of themselves shouldn't be criminal to possess.

That last bit is because it's too easy for another miscarriage of justice to claim another victim. Just punishing for possessing pictures is folly and it doesn't really matter what is in the pictures at all. Worse, the law as it stands means manpower is wasted on symptoms and it drives the real perps, those who actually abuse children making the filth, that much deeper underground, making them harder to catch. I want child abusers to be caught, and for that I want law enforcement to be effective, not stupid and petty. This here case is a good example of stupid and petty, even though apparently this specific situation has been twisted not to fall under the fifth.

What we should do instead? Keep a close eye on people who like child porn and make sure they never get close to actual children. In such situations it's much better to know people's tastes and remain vigilant than to try and punish for "poor taste" just so you no longer have to think about it.

Anyhow, I suspect this guy might figure he's much better off indefinitely imprisoned without conviction than being a cop and a convicted child botherer in prison, effectively until his death in any case. I say might because maybe he's just dug his heels in on principle and is in it to spite the system, even at the cost of life inprisonment without conviction in a supposedly free and just country. Also because being declared not guilty doesn't get him his job back, or his reputation, and this way he's guaranteed minimal but humane treatment. So he's in a bad situation but his options at change are worse. Better to be stuck in limbo then. I know I'd be very tempted to not give in just on principle, regardless of what's on the hard disk drives.

Re:5th ammendment

[phantomfive]

You don't have to be a witness against yourself, but you do have to provide physical evidence. For example, if a fingerprint or blood was found at the crime scene, you can be compelled to give your fingerprint or blood to test for a match.

The purpose of the 5th amendment is to prevent situations where police can torture you, or harass you until you confess. That isn't really an issue in the case of DNA or a fingerprint, because the police can't harass your fingers or blood into confessing.

Even so, the courts are conservative, and won't force you to give evidence if it can be found some other way. For example, they can't force you to open a combination lock on a safe, because the police have the capability to crack the safe. So the court won't force you to do that.

In the case of an encrypted hard drive, there may be no other way to get the evidence other than the owner decrypting it. So how will the courts rule? I have no idea, it's a complicated case, and the use of the "all writs act" makes it even more complicated. As likely as not, the court will rule based on a strange technicality in order to avoid the heart of the problem.

(A person can be held indefinitely if they defy a court order, they will be in contempt of court. I think that is true in basically every jurisdiction in the world. The power of the law is heavy).

Re:5th ammendment

[Ihlosi]

You don't have to be a witness against yourself, but you do have to provide physical evidence.

No. You just have to refrain from resisting the authorities (lawful) attempts of obtaining such evidence.

For example, if a fingerprint or blood was found at the crime scene, you can be compelled to give your fingerprint or blood to test for a match.

No, you can't be compelled to give blood. You can be compelled to refrain from resisting the authorities' attempts to draw blood (or rather: If you resist, you'll be properly restrained first, then your blood will be taken, and then you'll be jailed for resisting). Same thing for fingerprints. If you don't want to get ink on your fingers yourself, the authorities will perform the necessary movements for you.

In the case of an encrypted hard drive, there may be no other way to get the evidence other than the owner decrypting it.

A (written) confession is also physical evidence. Sometimes, there may be no other way to get this evidence than jailing the suspect indefinitely until he produces it. Think about it.

Re:5th ammendment

[Ihlosi]

How is jailing someone indefinitely to get a confession different from torture?

Torture is more unpleasant, but less boring.

Re:5th ammendment

[Ihlosi]

On the other hand, no matter what coercion you use to get him to enter the password, you can't choose what decrypted data you get.

Yes, you can. Just assume that XOR-encryption with a OTP was used; for any such ciphertext you can come up with an appropriate "key" that produces any plaintext you want.

Either he enters the wrong password and you get junk,

"Oh, well, yes I did in fact store 234 GB of seemingly random data on that disk, to use as a quick and easy source of random number."

Re:5th ammendment

[DigiShaman]

In the case of an encrypted hard drive, there may be no other way to get the evidence other than the owner decrypting it.

A (written) confession is also physical evidence. Sometimes, there may be no other way to get this evidence than jailing the suspect indefinitely until he produces it. Think about it.

They have the physical evidence already, the drives. The can copy and replicate the encrypted data to their hearts content. No, what they want is KNOWLEDGE, and it's knowledge that's immaterial. Being that this information is an extension of what's in his brain - requiring the final key to decode - how can the 5th not apply in this case??!!

Re:5th ammendment

Personally I don't care about the child pornography pictures and movies. More precisely, to me they're evidence of wrongdoing [...] but they in and of themselves shouldn't be criminal to possess.

The problem with this argument, and the reason it's been deemed illegal, is that if it's legal to possess something, someone will be happy to sell it to you. If there's money to be made with something, people are more likely to do it, even if it's illegal. Legalizing child pornography leads to a greater incentive to create child pornography.

It's basically the same reason it's illegal to hire a hit man.

There is also a secondary reason, and that's that any child in such a situation cannot have legally given consent to be involved. If it's legal to own, then there is no legal recourse someone would have to remove pornographic pictures of themselves from somewhere. For example, how about seeing something like this on store shelves at the local video store with a nice big sign saying "local talent's first film"?

Yeah, they say that.... but then they hold that animated depictions of children in erotic situations are child pornography and are illegal. So even when there is no child involved at all, it is still a crime. This knocks that "for the children" argument off the table, even though pedophiles do some evil and demented stuff to children in order to produce real kiddie porn.

It is illegal primarily because it is icky. And very few people are willing to go to the mat over something as sick as getting off to images of little kids. Heck, I hesitate to even bring up the point because some idiot is bound to think that I'm arguing in favor of kiddie porn. In fact, I'm gonna post anonymous because folks tend to be incapable of actually comprehending a nuanced argument when "for the children" is involved, and I don't need the drama.

We see the same impulse with vaping. Even though e-cigarettes are orders of magnitude more safe than real cigarettes, the anti-tobacco folks are out for blood on vaping - because it reminds them of smoking cigarettes. Even though all evidence suggests that having e-cigarettes available as an alternative to cigarettes will save lives, our governments are moving to eliminate them as an option.

Similarly, from what I've read psychologists think that looking at kiddie porn can be an outlet for pedophiles and might reduce the impulse to actually act out on their fantasy. So if they are right, then animated kiddie porn might be a way to prevent harm to children. Which makes the finding that animated kiddie porn counts as illegal kiddie porn kinda ironic.

Re:5th ammendment

[Ihlosi]

Being that this information is an extension of what's in his brain

Yes. The need an expert witness. Unfortunately, the only available expert witness is the defendant. They're requiring him to be an expert witness against himself.

how can the 5th not apply in this case??!!

This.

Re:5th ammendment

[organgtool]

As much as I lack all sympathy for people in possession of child pornography

You might want to be careful about saying that. With all of the vulnerabilities in software these days, it would be relatively easy to have someone take advantage of one of those vulnerabilities to upload some reprehensible images to your computer and leave you with one hot potato on your lap. That's my main problem with any laws of possession: the burden of proof that you willfully obtained the contraband is so low that you're effectively presumed guilty until you prove otherwise.

Re:5th ammendment

[SLi]

That's a nice theory, but unfortunately it's wrong. For example, it has been established that compelling a suspect to give a handwriting sample (Schmerber v. California, 384 U.S. 757 (1966)) or to speak for voice identification (United States v. Dionisio, 410 U.S. 1 (1973)) does not violate the Fifth Amendment. Also permitted is compelling a suspect to sign a document that e.g. a foreign bank requires to release some information, although I'm too lazy to come up with a reference.

Re:Encryption is useless

[Kokuyo]

Actually, yes it's hard. I've been failing at it since primary school.

I expect as much as I've killed my social status in the past by adhering to my principles and my sense of how it should be, it could very well happen that one day I'll go out guns blazing, literally.

Conforming is for lower ranks of the pack. Betas can have it hard: They don't have a drive to lead yet will not bow to you unless you prove yourself worthy. Wanna take a guess how many worthy leaders I've met in my time?

Need for timebased passwords

[dr.Flake]

On could imagine a service that is time dependant

Like, you have to log in every three months, or everything is deleted forever. That would be the only place, where a paraphrase is stored that is so complex you cant be expected to be able to remember.

You don't even have to actively use the service.

You just wait three months, than you say: "well I was using this service called KorsakovOnline.com, but they seem to have completely forgotten that i used their service and now they have deleted my profile and data, and they dont keep backups you know. So now its up to you to prove that i am even capable of providing the password."

Your move Mr Prosecutor

Re:IANAL, but...

[Kkloe]

Maybe because you are not giving them any evidence, you are giving them access, there is no evidence in the encrypted drive until they have found something.

Re: Is it even child porn?

[loufoque]

The right solution to this problem is to get rid of all the laws preventing possesion of data. The whole concept is stupid, and it is easily abused.
Want to prevent child porn? Make distribution illegal, not possesion.

Re:Encryption is useless

[MartinG]

Of course it's not useless.

I use full disk encryption all of the time. The threat I'm protecting against is losing my laptop, having it stolen, or selling it and risking someone getting their hands on all my passwords etc that are saved on there.

I'd quite happily decrypt it given a warrant.

Most reasons for using encryption and other privacy tools are not about avoiding capture by law enforcement - far from it.

Having said that I am troubled by cases (and I don't know the details for this particular one) where forgotten keys or passwords somehow imply guilt.

Re:Encryption is useless

[Stuarticus]

Didn't you feel a bit of an idiot when you read that back?

Re:IANAL, but...

[Ihlosi]

wouldt this apply?

If the "obstruction" was already in place before the warrant was served or executed, the person in question had no knowledge of the warrant and cannot obstruct it knowingly. Otherwise, it would be illegal to lock your door when you leave the house (the police may arrive at any time with a search warrant and find you absent and your house locked).

*sigh*

[SharpFang]

I wonder how it would go:

I plead the fifth.

There is no child porn on this drive. But there is software, which I have purchased legally, but don't possess the proofs of purchase; they've been lost during a move a year ago. Currently, the copyright-related laws take the approach 'guilty until proven innocent' upon discovery of such software - without proof of purchase I'm automatically assumed to have obtained it illegally. Therefore revealing contents of the drive would incriminate me on a case entirely unrelated to the current one, and in an especially unfair way since despite being innocent I'd be required to prove my innocence, and unable to do it, proclaimed guilty.

Re:*sigh*

[KagatoLNX]

I am not a lawyer. That said, here are a few comments on how I understand things and where I think they'd go. Your mileage may vary.

I always chuckle at this sort of thing. I like to call this "The Reiser Defense". If you ever followed the Hans Reiser trial, you'll note that he had a fundamental misunderstanding of how law works (or even is supposed to work). As a developer, he saw laws as a program. He thought that he had the program set up so as not to be able to convict him.

As it happens, the Law is not a program or set of mechanical rules. The Law may *appear* to be that way, but that's mostly a side effect of one of its goals. The Law is intended to be predictable so as not to be perverse when applied to people. The theory goes that people can only be held accountable for breaking laws if they can reasonably have been expected to know that they would fall afoul of it.

As it happens, this is not a blank check. You have responsibilities not to be entirely ignorant of the law. You have responsibilities to cooperate with law enforcement and the Court. You do not get to interpret the law any more than is necessary to mount your defense. All of your interpretations are subject to validation and endorsement by the Court. So the process surrounding justice use the trappings of a program or set of mechanical rules, but that is largely a construct to allow you to cooperate with the Court in executing the upholding the intent of the Law.

In fact, it's why it's called Contempt of Court. You have rights under the Law. It's the Court's responsibility to uphold those rights for you. Criminals do not respect the Law. If you behave in such a way as to prevent the Law from being applied by the Court, you show contempt for the rule of law and you hurt your chances in being able to exercise your rights under it. This is a fairly obvious social contract, and that contract--not some expectation that the law function as some sort of autistic machine--is what fundamentally underlies Due Process.

The Fifth Amendment is a law like any other. It's intention is to ensure that the parties involved in justice maintain separated duties. The theory is that you and the prosecution make claims and the court evaluates those claims. If the Court were permitted to compel you to make certain claims, then it's no longer really evaluating them and the integrity of the system breaks down. That's the context that Fifth Amendment lives in and that's the context within which Courts will evaluate it. It is not a "technicality" that gets you out of cooperating with warrants. So, while the law cannot force you to say something is true or false against your will, it *can* compel your cooperation in unlocking the filing cabinet containing the evidence that implies the same thing. That's the difference, evidence is different from testimony.

There is a bit of a grey area around combinations / passwords. This is largely due to prosecutors abusing your unwillingness to give them unfettered access to something as being parleyed into some kind of claim of guilt. That's what the Fifth Amendment addresses--your lack of a statement cannot be construed as a claim of guilt. This started with a dissent from the Supreme Court that mentioned that giving up the combination to a lock amounted to testimony that you had access to what it protects. It's similar to a different case where the prosecution subpoenaed "all of the papers that apply to " and the 5th was upheld as saying evaluating which papers were submitted papers would be tantamount to asking for testimony that some of the stuff was illegal. That fine line between testimony and your duty to comply with the collection of evidence by authorities is something best discussed with a lawyer, because it is not a silver bullet.

I believe that your unconventional take on copyright law isn't likely to get you anywhere. You're effectively claiming that Copyright Law puts you in a 'guilty until proven innocent' which is, more precisely, claiming a violatio

Re:*sigh*

[spain]

Since it's now been seven months and counting, he could attempt the tried and true politician-level response:

"I do not recall."

Per https://en.wikipedia.org/wiki/Contempt_of_court#United_States:

"A court cannot maintain an order of contempt where the imposed party does not have the ability to comply with the underlying order. This claim when made by the imposed party is known as the 'impossibility defense'."

Plausible deniability

[burbilog]

That's why we really, really, REALLY need serious plausible deniability, despite of what security experts say about it. They force you to give up keys, you give up keys and they can't do anything else (unless they dismantle whole western law system). While it does not protect you from torture, does protect you from the law.

Re:Plausible deniability

[slacklinejoe]

Just buy/download one of the cryptolocker malware shells. All of your data is fully encrypted and prompts you for a payment or warns that you didn't respond within the 72 hour window. That would replace your standard crypto GUI, but introduce a reasonable plausible deniability. Not necessarily encouraging this, but it fits the scenario.

Re:Plausible deniability

[MatthiasF]

So, I was just reading the USB-C discussions about how everyone is afraid Intel is trying to add DRM to headphones to "push anti-piracy efforts into headphones and close the analog gap". This made me start day dreaming about just how far copyright companies will go for DRM, eventually putting chips in our heads and such (monsters!).

But as I was reading your explanation, could not the same system be used with a cornea descrambler in the distant future? A computer image is encrypted and displayed on screen in the encrypted state, but looks like noise or has a hidden layer that can only be seen if the person has the right part of the key in a cornea display (like a contact lense or complete cornea replacement). The cornea system would decrypt the message partially so the chip in the brain reads the signal from the visual cortex and makes adjustments so the real image or information can be comprehended.

The computer, or the file, would have the first layer of encryption, whereas the second and third layers would be inside the individual (eyes, brain).

How would the state compel you to get access to the evidence? Ask a court to remove your eyes and probe your brain?

This debate is not about passwords or encryption keys but about the rights of citizens to secure their property from the government. In the not so distant past, the government could take pretty much anything they wanted from you. Some governments had high ethics and would not cause harm to you, but that's just semantics.

Now we are entering an era where technology is allowing us to own property that the government can not take. We can create digital property and encrypt it to the point where they cannot get access to it without our permission. Today it's photos, videos, documents, etc., but in the distant future this might extend to 3D models of actual possessions that could be recreated or perhaps even copies of our own selves, allowing a form of immortality.

Does the government have the right to this information if we do not give them permission and we do have the ability to completely block their access?

That is the question behind this entire debate. Part of the reason government exists is for communal protection, but if we start having the abilities to protect ourselves better than the government or we cannot rely on the government to compel a communal verdict on others, then why do we need that element of the government to still exist in our lives?

Re:Encryption is useless

[LQ]

... it could very well happen that one day I'll go out guns blazing, literally.

Ah, yes, the American Dream.

Boogeymen

[fnj]

Whom you would destroy, first dehumanize him by labeling him. It's OK to do anything to him, deny him any rights, if he's not human.

First they come for the suspected terrorists and suspected child pornographers. But it won't stop there.

Re:Boogeymen

[MrKaos]

Whom you would destroy, first dehumanize him by labeling him. It's OK to do anything to him, deny him any rights, if he's not human.

First they come for the suspected terrorists and suspected child pornographers. But it won't stop there.

You judge a society by how it treats it's most despised.

Tell us where the bodies are buried

[crioca]

So what exactly is to stop a court from ordering someone accused of murder to "tell us where the bodies are buried" and when the suspect says "I don't know" locking them up indefinitely?

Re:Tell us where the bodies are buried

[pellik]

Actually, it's reported that he claims not to know the password.

"...Rawls has a clean record and doesn’t know the passwords prosecutors are looking for, the defense argues" (http://gizmodo.com/child-porn-suspect-held-in-solitary-for-7-months-for-no-1773403443)

If only there was some sort of protection....

[Vermonter]

Perhaps some sort of "right" that protected you from self-incrimination.... perhaps one day America will be a free enough country to have this kind of "right"

Scary implications for Cryptolocker victims

[slacklinejoe]

It goes without saying that this would be a truly scary precedent if applied widely. Victims of cryptolocker for instance would have encrypted hard drives and literally have no way of providing the key or passphrase necessary to comply with a court order. Smart bad guys could just as easily borrow malware engines to do this to disguise their behavior, so it would not be easily apparent. My personal opinion is that passwords are firmly 5th amendment protected, I just wish it came up under a more defendable case. The investigators should have done more surveillance or traditional investigations (with warrant) before pulling the trigger on the arrest and could have easily removed the ambiguity from the situation.

Revenge porn and right of publicity

[tepples]

If it's legal to own, then there is no legal recourse someone would have to remove pornographic pictures of themselves from somewhere.

If child pornography were decriminalized, the producer of the work would need to provide a model release signed by the actor's parent. Otherwise, the recourse would be revenge porn laws and trademark-like right of publicity laws.

Re:Child Porn.... varieties

[phishybongwaters]

I didn't realize this was about the different levels of perversity. I guess I got confused by the fact that it's actually about the court jailing a guy until he de-crypts his harddrive because he MAY have child porn on it. It's not about child porn. It's about building a case against encryption. Terrorism didn't pan out, so they now (as I fully anticipated) fall back to child porn, because who the hell isn't disgusted with that? It's not about the content, it's about convincing Joe Blow and Joe SixPack that encryption is bad because..... kiddie porn.

Re:Encryption is useless

[Luthair]

This sort of thing is why Truecrypt had a number of options around fake partitions etc.

deniable encryption

[ooloorie]

Although fairly new for the US legal system, this kind of "rubber hose" attack on cryptographic systems is nothing new. The solution is to use some form of deniable encryption.

Julian Assange developed the rubberhose file system for this purpose.

Chaffing and winnowing are other ways of achieving secrecy without a traditional encryption key.

Illegal

[bill_mcgonigle]

There's already a federal court ruling that it's a fifth amendment violation to compel a password unless there is already evidence that the password is hiding convicting data.
The All Writs Act is inferior to the Constitution so the judge's action is illegal and he should be held personally liable for violating this person's civil rights. At least PA is not afraid to send a corrupt judge to prison once in a while.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Reasonable

[s.petry]

I have no idea why people insist on forgetting that part. Lets try an analogy. I invent a cypher and print a code on a paper. The court can grant a warrant to get the paper, but that does not mean they can grant a warrant to get the cypher key from my head. The 4th and 5th amendment are very clear on that. Even though our founding fathers are claimed to have never thought about things, they actually knew damn well about encryption and the need for personal secrecy. What if my encrypted paper contained plans to overthrow the tyrannical King. What if my paper was a personal confession for deeds the Church would frown on, but deeds that are not illegal (like Lust).

People always try to press the system for more, and again this is something the founders KNEW. This is why we have a Constitution which states "reasonable search and seizure", leaving no room to think it's everything someone can possibly conceive of.