In what could potentially be a landmark Vermont case, judge says thanks to the Fifth Amendment, a child pornography defendant doesn't need to turn over his laptop's PGP passphrase.
Don't buy these one-trick ponies--unless you like gizmos that gather dust.
The Net giant, ever eager for a faster Internet, debuts its Google Public DNS service. With it, Google could become even more central to the Net.
News at the intersection of technology, politics, and law, ranging from intellectual property to censorship to tech policy.
Add this feed to your online news reader
However, if there is enough evidence to get a proper search warrant for the contents of the drive, the password must be released.
In this case, the man already confessed to customs officials that he was in possession of child pornography.
If the drive were configured to permanently encrypt itself if it was inactive for a few hours/days, there's no way for anyone to recover it.
No - I thought he said THERE MIGHT BE.
Can you be 100% sure your p0rn is child pr0n free?
What if someone slipped the p0rn onto your machine, or you had some image from some pop-up advertisement that was.
cops - that they are going get this passphrase out of this guy, one
way or the other? Which, conveniently, works to set a precedent to
force others to release passphrase to the cops...
A password inside the mind of the accused is no different than him knowing conspirators in a robbery or what he saw when he broke into a house. The government cannot compel him to say things that will incriminate himself, end of discussion.
Though many would say that it's more important to convict a possible pedophile, if he is forced to divulge his passwords in this case, then that could be done to anyone.
What if, for example, a photographer returning from Iraq has photos of war crimes committed by US soldiers and US customs demands he decrypt the photos, then arrests him on "national security" reasons to prevent him from releasing the photos or blowing the whistle?
If the government is allowed to invade the mind -not the hard drive, the MIND - of the defendent, then any violation of privacy is possible.
I have the highest regards for the USSS, except when it comes to computer forensics. I have seen them in action, or in this case, inaction. The disk can be decrypted, but because of the existence of an arcane system and the failure to seek contractors who could decrypt the disk, the USSS deserves what it gets when they continue to think "inside the box."
Now comes a larger question: Why was the defendant's computer examined and what was the issue for probable cause in probing for contraband images?
Just as a matter of fact, people will tell their computers what their spouses, hairdressers, barbers or best friends don't know!!!
As long as the majority of telecom traffic was in the airwaves as satellite or microwave transmission, they were easy to monitor.
Now that many are moving in commercially encrypted or through various cable or protected media, the government feels its capabilities to monitor have been significantly degraded and nationally security has been hampered.
And now, as Declan points out, using PGP as a 5th Amendment mechanism to secure records from subpoena was something that may have never been intended, but a brilliant adaptation nonetheless.
Presumably law enforcement or a plaintiff can still have your your file cabinets, hard drives and DASD removed under a subpoena, but whatever is covered under public key, private key systems like PGP appears to be safe from legal scrutiny.
Curioser and curioser...
Thomas H. Lipscomb
Senior Fellow, IT and Telecom
The Heartland Institute.
lawsuit. The defense thought I had information on the hard
drive of my computer that wasn't protected by atty work product
privilege and they wanted. They got a court order to "preserve"
the hard drive - two of their goons showed up and took a brand
new Mac apart with screwdrivers and pry bars. All the data on
the computer was encrypted with PGP.
They sued me to compel me to give them my password. They
said it was "inevitable" they would break the password "soon,"
so I should just give them the password. This was the '90's and
I was using 128 bit PGP encryption. I argued there was a lot on
the drive that wasn't related to the case, (which there was), that
what was related to the case was protected by privilege and that
there was no way they would ever break the encryption within
the next fifty years or so...
Ultimately, the underlying case settled and my case never went
to trial. I cross complained against the defendants and they sent
me the hard drive back - in pieces - and bought me a new
computer. I always wondered where this case would have gone,
if it had gone past the complaint/answer stage...
forcing them to turn over the passphrase can lead to a
conviction. That's because the fellow technically isn't being
convicted based on his passphrase; he's being convicted for
what it unlocks. Isn't the law grand?"
"It is, perhaps, a fact provocative of sour mirth that the Bill of
Rights was designed trustfully to prohibit forever two of the
favorite crimes of all known governments: the seizure of private
property without adequate compensation and the invasion of
the citizen's liberty without justifiable cause.... It is a fact
provocative of mirth yet more sour that the execution of these
prohibitions was put into the hands of courts, which is to say,
into the hands of lawyers, which is to say, into the hands of men
specifically educated to discover legal excuses for dishonest,
dishonorable and anti-social acts."
--H.L. MENCKEN
"Turning black into white is a job for painters or lawyers."
--DUTCH PROVERB
is that Boucher configured PGP to forget his passphrase, effectively
re-encrypting the Z: drive, after a few hours or days had elapsed.)"
Duh! Why would ANYONE bother to encrypt information and then
configure his computer to automatically decrypt it on request
without his personal intervention?
hard drive, and you didn't want it to get out if the drive got stolen.
Setting the drive to re-encrypt with no passphrase effectively
denies the sensitive info to the thief...
If you're really worried about such things and you use linux you could always set up a daemon to run shred every few days. Then just go in and change the date or time it's supposed to run before it actually runs. Then if you pc runs for a few days and you're not there to reset the date shred goes off and all your sensitive data goes bye-bye.
Or better yet, if something could be set up so if there are say, 5 failed attempts at accessing encrypted files, the files are automatically shredded that would be even better.
Just my two cents
there doesn't seem to be one listed on the case docket. Does that
make this a final ruling and a precedent?
This should be a big lesson to everyone including the us government. Whom by the way does not use pgp to encrypt documents. PGP the best encryption in the world. You would think that they would have entire government encrypted. Especially after a landmark case like this( Sorry feds and Copers, cant lie and cheat your way to a conviction hear.) However you can learn a very important lesson here. PGP is the only way to encrypt some data you dont want viewed by just anyone. The bad to this lesson is that due to the overwhelming incompetence of most people in the u.s. government, they cannot imploy such a complicated method of encryption. To bad United States Residents, Once again our government fails to protect us.
Stecha lives underground
It is the difference between actively resisting the search and not helping them.
If I was on a jury, I would never convict for not remembering. After all, this is the same government that thinks split immunity isn't dishonest. Neither is conveniently forgetting things. You cannot have it both ways.
If you are incredibly dishonest...(I mean incredibly clever in your own mind)...then the defendent can be clever too.
I do think they have to go after the producers of child pornography. I'm not a psychologist, so I don't know what circumstances lead to these sick ppl to want to watch the stuff...but they really need to go after the producers, and stop spending unlimited funds with appeal after appeal, and rewriting laws so that effectively the 5th amendment is a joke, all in an effort to after the sick ppl who view the stuff.
That doesn't mean anything though. I still want 5th amendment protections for all citizens. Think about the number of innocent people in jail right now. The innocence project has been able to free many dozens of people through DNA testing...people who were railroaded into convictions, even under the current system with all its rights.
Think about the Duke LaCrosse players and the demonstrations and demands for their treatment, even though eventually they were found to be innocent.
History says mob mentality demands answers to problems...and that means putting people in jail. The government doesn't always have the guilty party, but they need someone. In the case of Duke Lacrosse team, the crime wasn't even real, and the mob demanded answers.
We need a 5th amendment, the fact that I would give up my password in a heartbeat, doesn't mean I want a government with this kind of power to force people to incriminate themselves...because they can, will, and have done exactly that if you are student of history.
They are trained to get convictions. That means inventing evidence that they don't have. They do it, because it works, and its their job to do things that work.
You should watch the news, expert witnesses that were giving testimony in thousands of cases, and later found to not be following any procedures in the lab.
When I was a young man, and still poor, I lived in a neighborhood where people got arrested. No, not me, but only by the grace of God....an officer came to my friends house one day, and picked him up. She tried to get a statement but he refused.
She testified later that when she picked him up he refused to give a statement because he said "I cannot make a statement today because I am guilty."
He never made that statement, I was there...he only said he wouldn't give a statement, and did not add the 'because I'm guilty.'
It opened my eyes...once your eyes are open, you cannot close them again.
Police have to get convictions, so they lie.
They aren't following all these rules, they are circumventing those rules, because they have judged the rules to be wrong.
I believe in the 10/10/80 rule. Ten percent are true saints. Ten percent are as bad as anyone they arrest. Everyone else just took the job because they want to drive a car with big blinking lights on top.
Also, if you read the article carefully, the witness said there was adult porn, and Animations of child porn. So there was no real child porn as I read it. Of course, the 'toons will be up in arms if he isn't jailed.
Even if computing speed increases by a factor of 100 or 1000, this guy will be dust.
As an aside, this is why people should always use strong passwords for everything. Hackers get into someones accounts, network, files, etc most of the time because of weak passwords, not cracking acumen.
The rest of the time it is by taking advantage of programming flaws that allow for elevation of privileges or information disclosure.
the only critical word i read in this whole article is "may"--he may have downloaded the filth.
now we are left with the defedant and state agreeing he may have, and we're in court.
the state says he did. he doesn;t not say he didn't.
the other elements, which we don't have here, but are part of the "may" are mens rea and opprtunioty.
in the diseased state of this world, opportunity is a given.
if somebody wants to get into legal insanities here, the fun one would be prosecuting pgp >>civilly<< for aiding and abetting, under the same logic that has been used against manufacturers of tobacco, firearms, etc.
and then see what happens...:-)
I think we should prosecute you for raping english. And thanks for educating them, that appears to be part of the problem. f*cktard.
And even during a border search, doing so violates that person's 5th ammendment protection, AND is also a violation of Article IV of the Constitution. A computer is an external extension of a person's mind. A search of the information on it, without probably cause, is an unreasonable search and seizure.
Of course this Administration has called into question whether the Constitution applies to non-citizens, so in this Canadian's case, he's probably going to lose.
password or passphrase, and allegedly discovered "thousands of
images of adult pornography and animation depicting adult and
child pornography.""
Adult pornography isn't illegal.
Animated pictures -- cartoons -- of adult and child pornogrphy
isn't real child pornography. (How old is a cartoon character? Do
you need to see a cartoon character's drivers license to know
that the cartoon is legal? What's the legal age of consent of a
cartoon? Do cartoons have rights?)
If the best the government can come up with is real adult porn
(which isn't illegal) and animated pictures of cartoon "pedophilia"
(which doesn't involve real children), seems to me they're on
pretty shaky grounds to begin with, issues of self-incrimination
aside.
I think it's interesting how emotional and hysterical people get
when they hear "child porn," but it sounds to me like evidence of
any real child porn is pretty thin on the ground here. Am I the
only one who noticed the "animation depicting" part?
How do you know how old an animation is?
Nobody knows, but a lot of people say they "know" child porn
when they see it...
Also, if he causes the hardware or data to be destroyed in any obvious way they'll certainly charge him with destruction of evidence.
Better is encryption that supports what is called plausable deniability. This is where producing a password produces data from an encrypted block, but there is no way to know if there are other passwords that produce other data from the same encrypted block. Thus, the user can reveal only what he wishes to reveal, and no one can determine if all the data has been produced.
- decision will be overturned by higher court
- by kjharris December 17, 2007 1:39 PM PST
- It wasn't that long ago that a case came before the U.S.Supreme Court in which a man in California, after being involved in a car accident refused to provide his license or registration to the police on the grounds that if he identified himself it would be self-incrimination. His lawyers argued this successfully in the lower courts but the state kept appealing and eventually it reached the Supreme Court which, in a 5-4 decision, ruled against him.
- Like this Reply to this comment
-
-
- Not the same thing at all
- by The_Decider December 17, 2007 1:45 PM PST
- A license is required to drive.
- Like this View reply
Processing -
Showing 2 of 3 pages (177 Comments)This is not the same issue as forcing someone to divulge information in his head.
Since the supreme court is current in lockstep with our totalitarian president, it probably will be overturned.