Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Sorry, I've Forgotten My Decryption Password' is Contempt Of Court, Pal - US Appeal Judges (theregister.co.uk)

Posted by msmash on from the know-your-rights dept.

Thomas Claburn, reporting for The Register: The US Third Circuit Court of Appeals today upheld a lower court ruling of contempt against a chap who claimed he couldn't remember the password to decrypt his computer's hard drives. In so doing, the appeals court opted not to address a lower court's rejection of the defendant's argument that being forced to reveal his password violated his Fifth Amendment protection against self-incrimination. In the case under review, the US District Court for the Eastern District of Pennsylvania held the defendant (referred to in court documents as "John Doe" because his case is partially under seal) in contempt of court for willfully disobeying and resisting an order to decrypt external hard drives that had been attached to his Mac Pro computer. The defendant's computer, two external hard drives, an iPhone 5S, and an iPhone 6 Plus had been seized as part of a child pornography investigation.

21 of 522 comments (clear)

  1. Contempt of the court... by ruir · · Score: 5, Insightful

    I do not even know any of the passwords I use either at home or work....random passwords+2FA. I could not even remember them, even if my life depended on it.

    1. Re:Contempt of the court... by Midnight_Falcon · · Score: 4, Insightful

      But you have some way to summon them through a password manager, and a Court would simply order you to release those credentials.

    2. Re:Contempt of the court... by Anonymous Coward · · Score: 0, Insightful

      Technically, Contempt can only be used as long as its an effective way for the court to get someone to produce something. The idea being the person in contempt has the keys to his own freedom.

      After some period of time in jail, most people just go crazy, at which point the court cant really keep them in Jail, however there are cases of up to 17 years in jail for contempt on something that did not exist (money lost in bad stock trades, could not be proven to exist, but the court felt he was good at hiding the money).

      He could be in Jail for a long time because of this ruling.

      this is true up to but not including the point where the court violates the fourth and fifth amendment rights of the person in question. You can form the argument any way you want (as the Trump administration tends to do, and the Bush administration before it... But ... but TERRORISM! But but.. The Children! but but.. ) The court cannot violate the constitutional rights of anyone. They are using this as a way to take advantage of the ignorance of the law of the people in question. If it were me, I would move for a mistrial because clearly there is no way this court is going to hold to the letter of the law and the constitution. Good luck getting it to stick though if the judge is going to play fast and loose with the rules. This is what you get guys.. when you vote Republican! Go ahead and mod me down and prove me right!

      Just because you don't like a fact does not magically make it not true all of a sudden. This is why most of the world looks at the election of Trump and thinks that Americans are idiots. They forget the majority of us voted for Hillary. We are on a slippery slope here!

    3. Re: Contempt of the court... by Calydor · · Score: 3, Insightful

      A friggin' mole hill would still be higher than what the rest of the world thinks of Comrade Trump.

      --
      -=This sig has nothing to do with my comment. Move along now=-
    4. Re:Contempt of the court... by Anonymous Coward · · Score: 0, Insightful

      This is what you get guys.. when you vote Republican!

      Why didn't Obama and the dems clear this up (since that was an appeal)? Right, because it has nothing to do with political parties.
      I mean you led with the repetition of logical thought from other posts, but then you let the crazy slip out and lost any sense of credibility or surprise. Whoops.

    5. Re:Contempt of the court... by Altrag · · Score: 3, Insightful

      Well someone, somewhere needs to have the ability to decrypt them. They're rather useless otherwise and you may as well just delete the files. And if you have a way to decrypt them at all, then they could easily extend this ruling of contempt to include any intermediate steps required.

      The only way "I don't know how to decrypt them" really holds up even in a hypothetical is if you were using an asymmetric key to generate the encrypted files for an anonymous third party that you have no direct contact with, and they managed to get you at just the right time between purging your local copies and shipping off the encrypted ones.

      And even then, you'd have to have some way to get the data to said third party which means a trail of some sort (albeit possibly a cold trail if it leads out of the country or something.)

      Sadly your best bet in a situation like this is to appeal to the constitution.. somewhere between the 4th and 5th amendments in this case.. but even that's on shaky ground as the courts are still trying to figure out how (or even if) 200 year old laws should be applied to modern digital devices.

    6. Re:Contempt of the court... by dougmc · · Score: 5, Insightful

      This is not a Constitutional question — the guy is not asked to testify against himself. What he is to say is not under oath and will not be used against him.

      It is indeed a Constitutional question. He's accused of a crime, and he's being asked, er forced to aid the prosecution. What happened to his right to remain silent, his right against self-incrimination?

      And yes, I do believe it is the goal of the prosecution to use any passwords he provides to find stuff that *will* be used against him. They are *demanding* that he aid their prosecution of him by divulging secrets ... how is that not testifying against himself? Next, are they going to waterboard him for the passwords?

      What is demanded of him is a key to the premises, for which a perfectly valid search-warrant has already been issued.

      If they were demanding a physical key, he could refuse to tell them where that is too. That said, without that ... they'll just knock down the door.

      Also ... has a search warrant been issued to search his brain?

      This stinks to high heaven. I thought that it was already established by case law that you did not have to say anything to aid the prosecution in any way, that your right to remain silent was absolute in a criminal case?

    7. Re:Contempt of the court... by ChrisMaple · · Score: 1, Insightful

      This is what you get guys.. when you vote Republican!

      Lying under oath is standard operating procedure for leftists. So is abusing public office and flouting the law. Some of it can even be found in leftist strategy books like "Rules for Radicals".
      Just take a look at the two rejections of Trump's executive orders on entry to the US, both of which were based on the judges opinion of Trump's statements and were completely unrelated to law.

      --
      Contribute to civilization: ari.aynrand.org/donate
    8. Re:Contempt of the court... by William+Baric · · Score: 3, Insightful

      If you show me an encrypted disk drive that was connected to my Mac, either I know the password, or it's stored in the keychain of the Mac so you can access it with the keychain password.

      People who call me because they have forgotten the password of their own computer and who want me to reset it is not unusual. Do you think those people are lying and they only call me to hear my beautiful voice? Don't get me wrong, I'm pretty sure the guy remembers his password, but a justice system where someone can be put in prison only because I'm pretty sure of something, without any kind of evidence, is not something I want.

    9. Re:Contempt of the court... by AmiMoJo · · Score: 3, Insightful

      Trump's travel bans ran into difficulty because Trump himself said that they were Muslim bans and targeted at Muslims. After the first one failed his staff started talking about how they could make minor, cosmetic changes that meant it was still a Muslim ban but addressed the very narrow point in law that the first ruling was based on. Naturally, the courts didn't fall for it, especially as all this was said in public.

      Trump's executive orders keep failing because he is an idiot, surrounded by idiots, and none of them know how to run a government or write a legally sound executive order. Nothing to do with the judges' opinions of Trump, and everything to do with the fact that he basically argued the plaintiff's case for them outside the court so they could simply submit his speeches and tweets as their evidence.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. What if by markdavis · · Score: 4, Insightful

    >"upheld a lower court ruling of contempt against a chap who claimed he couldn't remember the password to decrypt his computer's hard drives"

    I am not saying that is the case here, but what if a defendant really doesn't remember the password? Throw him in jail forever? Some devices don't need a key/password UNLESS they are disconnected or reset, and it is very plausible someone might have been using something for a long time without knowing.

    1. Re:What if by ShanghaiBill · · Score: 5, Insightful

      How about we work on improving justice for all without regard to socioeconomic status or race.

      Sure. But if we fix it only for the rich white guys, then they no longer have any motivation to fix the system for others, and it is they that are empowered to do so. We should indeed fix it for everyone. But we need to start at the bottom.

  3. That's not good law by Baron_Yam · · Score: 5, Insightful

    This amounts to "We know you're guilty even though we can't prove it so we're not going to bother with proof", and worse, they're using that to apply a potentially unlimited sentence.

    Just because the guy is accused of having a child porn collection doesn't mean the niceties of law shouldn't apply.

    I'm actually not so much for the right against self-incrimination, but I am very much for the right to a fair trial based on evidence and not what people 'know'. I'm also very much on finite sentences proportional to the needs of protecting society, punishing enough to scare the next guy, and attempting to reform the convicted if possible... but there shouldn't be a sentence at all without a just conviction.

  4. Direct violation of the Constitution by nightfire-unique · · Score: 3, Insightful

    Nothing more to say, really.

    --
    A government is a body of people notably ungoverned - AC
  5. In fairness by HeckRuler · · Score: 5, Insightful

    So when are the politicians going to be charged with contempt of court when they "do not recall"?

  6. Contemptible. by msauve · · Score: 5, Insightful

    I agree, it's contempt of court. As well it should be, since the court is contemptible. The right against self-incrimination is absolute - you don't have to testify against yourself, you don't have to unlock that (combination) safe, you don't have to decrypt files. You have the right to remain silent.

    That is, unless it's the physical key to a safe, or some hardware encryption key. That's physical, and subject to seizure. But a combination or encryption password is a product of the mind, and forcing it out is forcing self-incrimination.

    Sure, law enforcement has a right, with the proper warrant, to break into the safe or attempt to decrypt the contents themselves, but failing that, they're simply SOL.

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  7. Re:Destroy code? by Kardos · · Score: 5, Insightful

    No, it is not even fantasy to have a "destroy everything" password. Even a rookie investigator knows to make a copy first. If you provide self-destruct keys it'll be blatantly obvious.

  8. Re:This is bullcrap by Marc_Hawke · · Score: 4, Insightful

    The Courts (and Law Enforcement) have gotten really lazy, and it's confusing to me why they don't see it.

    During the San Bernardino iPhone stuff and other such stories, there were so many 'seemingly intelligent' people saying how encryption shouldn't be allowed because it made law enforcement difficult. Since when has it been easy? Wearing gloves makes it hard to pickup fingerprints. Should you outlaw gloves as well? However, these people are saying, "You should be forced to live in a way that makes it simple for us to track you all the time." "Papers Please!"*

    Two statements:
    "As more and more people are using encryption these days it's much more difficult for us to obtain evidence." - legitimate
    "As it impedes our abilities to gather evidence encryption in consumer devices should be restricted or should include a law enforcement backdoor." - completely not legitimate

    *(Actually with the 'papers please' that's more about proving you're allowed to be there, rather than checking to see if you shouldn't be there. So it really doesn't apply to the situation.)

    --
    --Welcome to the Realm of the Hawke--
  9. I can relate by AaronW · · Score: 3, Insightful

    I had a couple of encrypted partitions on my Linux setup that I rarely accessed that became inaccessible after a Linux update. In my case I did remember the password but Linux would not accept it. I eventually reformatted it and restored the data from a backup.

    Any time you are arrested you should always choose to remain silent and request an attorney even if you are innocent.

    --
    This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
  10. Re:Destroy code? by Anonymous Coward · · Score: 2, Insightful

    One approach is to use a set associative cache for the device and then store the keys in the cache, but not in the associated blocks on the device. Only with the correct password can you figure out which sectors are safe to read and which ones take extra care.

    So any bulk read, overwrites the cache destroying the keys. The wrong password does the same thing.

    As someone else pointed out, most TPM chips require a password to decrypt the data, and if you give the wrong password more than a couple times in a row, they wipe themselves.

    So you are right, you can't destroy the data on protected offline storage, but as soon as someone tries to read it, it's no longer offline and can wipe itself.

  11. Re: Happens quite often... by Mashiki · · Score: 3, Insightful

    Possibly. That's the real question here, while I've read the case info provided in the article there's a bunch of things that are unclear until I get a chance to read the initial case. But, local police forces which is what this case is doesn't usually have the resources to backdoor things like this unless they're commonly known exploits. And if I remember the cases correctly, if they were seized as part of evidence in the original warrant and they were able to get the information off the drives without his co-operation it wouldn't matter anyway. Since it would have already proven that he was in possession of CP. So that doesn't really matter, in the rare cases where something like this happens they can seal part of the court case to protect the disclosure of things like that which would lead to the compromising of on-going investigations.

    The real thing is is what you pointed out though, where the proof. There is none really. The prosecution states they have "known hashes" but that doesn't mean much beyond that. It's more likely that the sister saw actual CP, and that's it. That in itself leads weight to it, but it still doesn't mean too much without the actual evidence.

    I wouldn't be surprised if this keeps moving through the court system, or their lawyer simply tells them to take the contempt charge which he'll likely serve on weekends and get on with his life. The contempt charge itself could be an entirely new ball of wax especially if it's contested which wouldn't surprise me. The lawyer(s) in question could make their career defining case off of it. Since then the court will have to prove that he knowingly engaged in contempt.

    --
    Om, nomnomnom...