

Judge orders child porn suspect to decrypt hard drives - nkhumphreys
http://arstechnica.com/tech-policy/2013/05/in-reversal-judge-orders-child-porn-suspect-to-decrypt-hard-drives/

======
spindritf
> the Milwaukee-area man now must either ... or must provide an unencrypted
> copy of the data

How will they know if he provided an unencrypted copy of the data or some
other data? Also, what if he forgot the password?

I have at least one pendrive with an encrypted partition that I wouldn't be
able to decrypt. It's empty but that is supposedly unprovable. I should
probably reformat it.

On the political side, the government is cleverly eroding the right to
privacy. Virtually no one will stand up for a paedophile (whether the charge
is true doesn't matter) so they get to set a precedence here and use it
against whomever they want later.

~~~
wpietri
I don't see an erosion here. Has the right to privacy ever allowed people to
prevent access to something where there is probable cause to think there's
evidence of a crime?

~~~
mikeash
I think it's a wholly new situation. Previously, you couldn't be compelled to
e.g. hand over the combination to a safe, but the police are free to just
break into it, once they have a warrant. There's no "breaking into"
cryptography, which sets it apart.

In any case, I don't see how the Fifth Amendment wouldn't apply here. Maybe
we'd prefer that people not be able to take refuge in it for this stuff, but
that means amending the Constitution, not ignoring inconvenient parts of it.

~~~
rosser
Based on previous rulings, the 5th Amendment doesn't apply because the State
already has specific knowledge that this guy has child porn on an encrypted
drive, through other means. That being the case, the act of decrypting the
drive is no longer _testimonial_ , as, by itself, it does not implicate him.

If they merely believed _really, really strongly_ that he has CP on an
encrypted drive, then compelling its decryption _would_ be testimonial,
because the State would have knowledge (namely, that he possesses child porn)
after the act of decryption that they did not have before it. That makes the
act of decryption, itself, testimonial, and subject to 5th Amendment
protection.

EDIT: as has been noted else-thread, however, Wisconsin is in a different
Federal Circuit than the aforementioned previous rulings, and so isn't bound
by them.

~~~
cjhopman
My understanding is not that they have good evidence that there is CP on the
encrypted drive, but rather that they have good evidence that the drive
belongs to the guy and that he can decrypt it/has access to/knowledge of its
contents.

The idea about not having to give up a combination/password is that by doing
so you would essentially be admitting ownership/access/knowledge about the
contents that were protected by that combination/password.

------
btilly
My attitude is simple.

If they have enough information to incriminate him, then they don't need the
password. If they don't, then the 5th applies.

After he's been duly convicted by a jury (and NOT by the judge!) and being
incriminated is no longer an issue, then they can compel him to decrypt the
rest.

Or, alternately, they can compel him to decrypt it, but then all of that data
is inadmissible in court.

------
joezydeco
_"...after devoting “substantial resources” in the case, FBI agents apparently
have been able to decrypt one of the drives. The government argued that
because it had found “numerous files which constitute child pornography..."_

So if they've found the evidence they're looking for, why keep pressing?
Because they don't want to spend the extra effort to decrypt the rest and are
looking for a plea bargain?

~~~
3825
>The government argued that because it had found “numerous files which
constitute child pornography,” “detailed personal financial records and
documents belonging to Feldman,” and “dozens of personal photographs of
Feldman," Feldman therefore has “access to and control over” the set of
drives.

So if the FBI puts my bank statements (PDF) and my photos in a drive along
with "some files that constitute child pornography", am I guilty as well? "We
found three safes. We opened one of them and found some illegal things in it.
We swear we didn't put them there. We also found some financial records and
photos belonging to this guy. We didn't put those there either. Pinky swear!"

~~~
DanBC
I'm assuming they would have taken forensic images of the drives, rather than
the drives themselves.

Tampering with evidence would be stupid. They'd go to jail, they'd risk all
previous cases they've been involved in, etc. I guess it happens, but you need
a lot more than "I bet they did it".

~~~
yebyen
Yeah, so I'm convinced that the FBI would not have done the tampering. Now
show that no other person has had access to the drives' contents prior to
their collection as evidence.

He would certainly strengthen the case for that (his ownership and control of
the data) if he was able to decrypt the drives himself.

~~~
gamblor956
They don't need to do that. The drives went from the defendant's house
straight to the FBI evidence bag when they were picked up by the FBI evidence
tech while searching his home.

If the defendant wants to argue that someone hacked his computers and put the
CP on his drive before the FBI took them, that is for him to argue. If he
can't provide any proof of such (note that he is not required to provide
proof), it is unlikely that the jury will believe such a defense.

~~~
yebyen
Yeah, you're right. I would like to know how they decrypted the drive though.
"Substantial resources" does not say much. It could mean a lot of computing
power, or just a lot of brute-force sleuthing to find the backdoor. What
exactly should a third-party frame-up look like?

In my mind, at least, how they came to be able to decrypt the drive could
possibly lend some credibility to their claim that he owned it and was in
control of it, and the remaining drives as well.

~~~
rosser
Totally guessing, but the password is probably the weak point.

~~~
yebyen
I would have guessed otherwise, if this guy is an IT pro, he probably knows to
use a long and secure passphrase. I'll be surprised if someone who knows can
say the password was the weak point. Maybe you're right, but...

I'd think the most likely way to get in would be to find the passphrase had
been cached somewhere, or the unencrypted key was accidentally copied
somewhere onto a swap file from some shoddily built backup process that used
up most of the RAM compressing files, resulting in that or some similar leak.

Same as you though, I don't really have the slightest idea.

------
kefka
Now, is this "possession" of child pronography crap images that ended up in a
Content.IE5 directory, or in Mozilla's cache? Or perhaps, even deleted from
those locations? Or are these images that were in C:/windows/fonts/child_porn
hidden folder?

And that, why is child porn illegal? It is only a picture of a CRIME THAT HAD
TAKEN PLACE. Yet, snuff films and other films and pictures that show active
murder are completely legal. And considering there is no mens rea for this
possession, I believe that it should not be a crime.

For the people whom nodded me down, please answer this: why is child porn
illegal but videos/pictures of murder NOT illegal?

~~~
rmc
_why is child porn illegal? It is only a picture of a CRIME THAT HAD TAKEN
PLACE._

An important question is: Does criminalizing the possesion of child porn
reduce the chance of those original crimes from happening? I think it does,
and I think that's a good reason to ban it.

It's also a good way to discourage people who like child porn, to tell them
that there is something wrong with them, and that they should not do it.

~~~
thezilch
That's his point. Would criminalizing violent movies reduce chances of
violence? Many think it would; so ban those movies? Video Games? Guns? Knives?
Rice cookers?

~~~
jacquesm
You're totally missing it. A CP image _is_ a record of a crime, a violent
movie is just a depiction of something that would be a crime except that it
isn't real. So criminalizing child porn is of a different degree than
criminalizing violent movies, the one is somewhat reasonable the other is
ridiculous.

~~~
lotharbot
In many countries, virtual CP is also illegal. US law specifically includes a
clause regarding material that "is, or _appears to be_ , of a minor engaging
in sexually explicit conduct" --
<http://www.law.cornell.edu/uscode/text/18/2252A> section (a)(6) .

------
Torgo
The difference here seems to be that they successfully decrypted one of his
drives and were able to prove that there was child pornography and that the
drive belonged to him. At that point, as I understand it legally, he can be
compelled to decrypt the drives because they already know he was possessing
child pornography on at least one of his drives. It would be different if they
did not actually know he had child pornography on his stuff.

~~~
kinghajj
So they can only force you to violate your 5th amendment rights if they
"really _really_ know" that you're guilty anyways?

~~~
danielweber
You are begging the question of whether decrypting a hard drive is a violation
of your Fifth Amendment rights.

~~~
rosser
Your 5th Amendment rights are completely and utterly irrelevant to their
decrypting your drive.

~~~
yebyen
Unless you are the one who is being compelled to decrypt the drive. Producing
the key is an act of testimony. You could not state for the record, the
passphrase for the key, if you did not know it.

Breaking his crypto in some way, to access his files without cooperation, on
the other hand... that is no fifth-amendment violation, to be sure. It also
doesn't prove that he's been in control or owns the data.

------
_lex
I wonder what happens in a case like this if the person is simply unable to
remember the password.

~~~
general_failure
Just click the forgot password link :p

------
cobrabyte
I wonder what the punishment will be for not providing the passwords or
decrypting the drives.

~~~
venomsnake
Contempt of court probably, but raynier can say in details.

Interesting thing will be what will happen if you are really unable to decrypt
the stuff. If you store the keys away from the drives (lest say ram only
server somewhere) that expires if it does not receive confirmation code every
24 hours. And the keys are lost forever this way.

~~~
nicholaides
Would that still be contempt of court? Or destruction of evidence, or
whatever. Couldn't it be argued that it's a purposeful destruction of evidence
if once they know they are going to court they stop putting in the code to
keep the data from being destroyed?

------
codezero
From the article: He can't be compelled to provide a password if the court
can't prove that he is the owner of the drive.

The work to decrypt one of the drives was done to prove that the drives were
his property. If the court is convinced the drives are his property, they can
compel him to release the contents of the property.

I imagine that:

1) If he doesn't know the password, he would have the first admit ownership of
the drive -- this would allow the court to use evidence from the other drive
against him.

2) If he doesn't own the drives, or maintains that he does not own them, the
court has to rely on forensic evidence they can gather. Their case would be
much stronger with more evidence and proof that the drives belong to him.

------
t0mas88
Can somebody (in the US) be ordered to aid their own prosecution? In the EU it
would be against the European convention on human rights as far as I know. So
I'm guessing the US constitution protects suspects in the same way?

~~~
yebyen
Yes, it's called the Fifth Amendment to the Constitution here.

    
    
      No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or
      indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual
      service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in
      jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be
      deprived of life, liberty, or property, without due process of law; nor shall private property be taken for
      public use, without just compensation.

~~~
t0mas88
Ok, but not being a witness against oneself is not the same as not being
forced to aid in prosecution? Because I think not to aid in your own
prosecution is broader, allowing the suspect to refuse this court order. Or
was this court order unconstitutional?

~~~
yebyen
I'm not arguing anymore whether it's constitutional or not. I think the
argument is that he's already proven to be in possession of Child Porn, so
there's no harm to his case in providing the rest of the evidence on the
remaining drives.

I think that's a despicable argument, as I thought "what would a frame-up look
like" and if I was doing that to someone, I would have left the keys hidden
conspicuously in an accessible place to one drive that I 0wned while in the
process of setting this guy up. Now the remaining drives are automatically
suspect.

The difference now is that they claim they are not asking for his testimony
implicating him, since he's already implicated. I just don't see how things
are much different now than they were before. You might be right, about the
difference between aiding and being a witness. I'm not even sure, though, how
to go about proving that a person is in control of a hard drive, encrypted or
not.

Unless of course you found a thumb drive on their person with the keys,
unprotected by a passphrase, and they can immediately be used to decrypt the
drives.

------
im3w1l
AFAIK it is physically possible to construct drives that cannot be backed up
and that self destruct if you decrypt with the wrong key (using quantum
magic).

