
Suspect jailed indefinitely for refusing to decrypt hard drives - hvo
http://arstechnica.co.uk/tech-policy/2016/04/child-porn-suspect-jailed-for-7-months-for-refusing-to-decrypt-hard-drives/
======
sandworm101
Those Americans who believe that persons cannot be held without trial are
completely naive and need to spend time watching what goes on at an actual
courthouse or police station. There are countless persons held without any
allegation let alone formal charges. Material witnesses top the list. Jail (as
opposed to prison) isn't about punishment. It is about the state holding
people it deems useful to hold.

As a lawyer, my advice is always to stay as far away from police as possible.
Do not volunteer anything. Do not participate. Online, always work under the
assumption that you are the target of an investigation. Encrypt everything.
Use VPNs, preferably overseas VPNs by default and Tor where necessary. If
asked, never speak to any investigator without first talking to an attorney.
Do no rely on some lay interpretation of a constitution. That document is not
the friend people make it out to be.

~~~
afarrell
What should folks who are the victim or witness to a violent crime do?

~~~
relaytheurgency
Hire him.

~~~
sandworm101
Lol. I'm the wrong type of lawyer. I'd send you to a friend who deals with
criminal matters on a daily basis.

------
noonespecial
That's not a slippery slope. That's a cliff. If all it takes is a forensic
experts "guess" that there might child porn on there somewhere to access
everything you've got _without even filing charges_ then kiddie-porn is just
the quick way to say that the 5th has been repealed.

~~~
maxerickson
The guess is slightly more compelling when considered together with the
testimony of the sister that she viewed images of abuse on the computer.

Like, the line of questioning could be, did you find any images on the
computer, did you find any evidence of techniques used to obscure information
on the computer, could the images that so and so observed be stored using
those techniques. It isn't confirmation that the images are there, but it is
more than guessing out of thin air that there might be images there.

~~~
luso_brazilian
The government doesn't have a case with that evidence alone, that's why they
are trying to compel the defendant to decrypt the hard drive. Here is how
that's an end run around the 5th amendment:

 _> State: you are under arrest on suspicious of possession of child
pornography. You have the right to remain silent, anything you say can and
will be used against you in a court of law. Do you understand your rights?_

 _> Defendant: yes_

 _> Witness: I saw what he has it in that computer_

 _> State: now reveal the password_

 _> Defendant: I invoke the right to remain silent. Have charges been pressed
or am I free to go?_

 _> State: no charges pressed, you are detained until you reveal the password_

Here is how that could play differently in the future:

 _> State: you are under arrest on suspicious of murder. You have the right to
remain silent, anything you say can and will be used against you in a court of
law. Do you understand your rights?_

 _> Defendant: yes_

 _> Witness: I saw what he did to the victim_

 _> State: now reveal the whereabouts of the body_

 _> Defendant: I invoke the right to remain silent. Have charges been pressed
or am I free to go?_

 _> State: no charges pressed, you are detained until you reveal it_

If the All Writs Act allows the government to do the first it also allow the
government to do the second.

~~~
philovivero
I'm not in the legal profession, but I don't see those two as equivalent at
all. Are you sure those are legally equivalent?

The first case allows police to make a search they couldn't make before.

The second is... I don't even know what. I would expect if you wanted them to
be equivalent, you'd make the second more like: "We know you hid the body in
your yard. Unlock your gate so we can enter and find it."

~~~
pyrophane
The key difference between the two is what is revealed by the disclosure that
they are trying to compel.

In the case of the hard drives, providing the decryption key establishes only
that the drives belong to him or that he at least has access to the
information they contain.

In the second case showing the police where a body is located is in itself
strong evidence that he was involved in the crime.

~~~
oarsinsync
Having access to information contained on disks that is considered illegal to
access is strong evidence that he was involved in the crime.

------
infogulch
If they can jail someone for not decrypting data, what stops law enforcement
from piping /dev/random into kiddie_porn.tc and getting some 'expert' to
'guess' that it contains illegal images as an excuse to jail some inconvenient
individual forever?

~~~
maxerickson
Procedure and integrity. Which are in play in almost every aspect of law
enforcement anyway.

The thing to be concerned about here is the ever more complicated legal
theories being tested against really old laws.

~~~
toolz
>Procedure and integrity. Which are in play in almost every aspect of law
enforcement anyway.

Procedure and integrity are in play in almost every aspect in life. The
problem is that when you give absolute power, the ones who aim to use it the
most are the minority who seek to abuse the power.

~~~
rhino369
Why bother framing you. They can just take you out back and shoot you.

~~~
umanwizard
Although I agree that we're heading this direction at a scary rate, it's an
exaggeration to claim that the U.S. is already a place where this is routinely
possible.

~~~
AnimalMuppet
The U.S. is a place where this is currently routinely _possible_. It is not (I
believe) a place where this is currently routinely _done_.

~~~
mdpopescu
Most people did not believe, pre-Snowden, that intercepting everyone's
communications was something that was routinely done (though they might have
believed it was possible).

------
jordanb
The courts have always held the power to compel disclosure of evidence, and to
hold those who refuse in contempt.

What this shows is that encryption does not lock justice out and that it's
really no different than papers in a safe in a person's house. If prosecutors
have a valid reason to access the information they can go to a judge, get a
lawful court order and serve it against the person who owns the safe.

Encryption backdoors aren't about justice. They're about the government's
ability to conduct fishing expeditions: to surveil massive numbers of citizens
without their knowledge and without their right to a day in court.

~~~
Veratyr
> What this shows is that encryption does not lock justice out and that it's
> really no different than papers in a safe in a person's house. If
> prosecutors have a valid reason to access the information they can go to a
> judge, get a lawful court order and serve it against the person who owns the
> safe.

This situation has actually come up before and it was ruled that while a
person can be compelled to unlock a box with a physical key, a person cannot
be compelled to provide the combination to a safe. [0] goes into a lot of
depth on this.

[0] [http://www.uclalawreview.org/the-fifth-amendment-
encryption-...](http://www.uclalawreview.org/the-fifth-amendment-encryption-
and-the-forgotten-state-interest/)

~~~
derefr
A stronger analogy, falling between the two scenarios, would be: presuming the
original key for a lock has been destroyed, but you have memorized the
particular key-cutting metrics that would be required to produce a working
duplicate, could you be compelled to reveal those metrics so such a key could
be created?

------
seibelj
This means that anyone who uses freenet can have a warrant against them. I
would attack the warrant itself. From what I remember about freenet (it's been
many years since I looked into it), plausible deniability is given because
each node is requesting keys that another node requested. For instance, if
node A wants file X, then A will request X from B, C, and D, who will in turn
request it from more nodes, and no one knows who the original requester was.
So every person on freenet is holding a cache of data that other nodes have
requested, and has no idea what was requested, and are themselves requesting
files on behalf of other nodes which they have no idea about.

In summary, if you are on freenet, you are not only requesting your own files,
but files on behalf of others, some of which could potentially be illegal
material.

If being on freenet and requesting a key (even for someone else) is enough to
get a warrant, _all people using freenet from a traceable IP should
immediately get off freenet_.

I don't know anyone who uses it, I thought tor superseded it, but this sets a
very dangerous precedent. The defense should be reaching out to a computer
scientist who can explain the fundamentals to the court.

------
esoteric_nonces
Can a rational argument be made, that addresses the emotions involved, for
repealing laws that criminalize the existence or transfer of information?

The best argument I can come up with is that digital security simply isn't
understood well enough for us to have solid evidence trails.

It's far too simple for an attacker (not necessarily law enforcement, a
frustrated savvy neighbour is enough) to target someone and the consequences
are so dire.

The War on Drugs criminalized the possession and transfer of physical objects,
in the process providing convenient mechanisms by which to persecute
undesirable individuals.

Laws against the transfer of information seem to provide the same loophole,
but in a digital space. To me, that's far more worrisome.

~~~
philovivero
Best comment on this story thus far.

------
qq66
This means that forgetting one's passphrase could be a life-ending mistake.

~~~
anotheryou
Or just trying truecrypt once and typing
"asdfdlcwgnvldtrobiaedtpaeoaeuodtrn1234567hgr" as the passphrase, leaving the
container in your tmp folder. I really hope (and guess) there is more evidence
here about the probable contents.

------
Joof
Child porn is pretty messed up, but also one of those scary things because
it's so easy to move data into any computer without consent. Then it's an easy
claim to make against anyone whether or not it's true.

~~~
Paul_S
Not much different from any other way of planting evidence. It happens.

~~~
dkopi
This isn't just planting evidence of a crime. This is planting the crime
itself (Possession of child porn).

~~~
Paul_S
I don't follow. How does it differ from planting drugs?

~~~
ikeboy
Drug possession is not strict liability, child porn is. That means you don't
need to have intention; if I email you a file and you open it, then the feds
break down your door, you have committed a crime. Or rather, as long as it's
on your computer (say a website downloaded it in the background), you're
liable. Even if you have 100% solid proof that it wasn't your fault, you're
guilty.

With drugs, you can at least sometimes get off with proof that you didn't have
intent.

~~~
DanBC
> Or rather, as long as it's on your computer (say a website downloaded it in
> the background), you're liable. Even if you have 100% solid proof that it
> wasn't your fault, you're guilty.

Do you have a cite for the law? What you say isn't true for the England; I
doubt it's true for the US.

EDIT: Here's the English law.

[http://www.legislation.gov.uk/ukpga/2003/42/part/1/crosshead...](http://www.legislation.gov.uk/ukpga/2003/42/part/1/crossheading/indecent-
photographs-of-children)

[http://www.legislation.gov.uk/ukpga/1988/33/part/XI/crosshea...](http://www.legislation.gov.uk/ukpga/1988/33/part/XI/crossheading/possession-
of-indecent-photograph-of-child)

> Where a person is charged with an offence under subsection (1) above, it
> shall be a defence for him to prove—

> (a)that he had a legitimate reason for having the photograph [F5or pseudo-
> photograph] in his possession; or

> (b)that he had not himself seen the photograph [F5or pseudo-photograph] and
> did not know, nor had any cause to suspect, it to be indecent; or

> (c)that the photograph [F5or pseudo-photograph] was sent to him without any
> prior request made by him or on his behalf and that he did not keep it for
> an unreasonable time.

~~~
oarsinsync
> (c)that the photograph [F5or pseudo-photograph] was sent to him without any
> prior request made by him or on his behalf and that he did not keep it for
> an unreasonable time.

I can't find the citation, but there was a case brought up in my uni it
ethics/law module that noted that visiting a website that then downloaded
something like that in the background was sufficient to disqualify that
condition from applying, as there was a prior request to visit the webpage
that delivered the image. even if the website wasn't visited with the
intention of the image.

and the person involved was jailed. they may have gotten out on appeal mind,
but again, i can't remember more details than that to verify

------
joesmo
One way or another, it looks like we'll find out if the 5th Amendment still
holds any water in this country. My guess is probably not, but it all depends
on how much money this guy has, I imagine.

~~~
Joof
I wonder if the EFF is bold enough / has the resources to help. Encryption
really should fall under the fifth.

In this case he isn't charged with anything, so I'm not sure the fifth
applies? I want a lawyer friend lol.

~~~
mjevans
If he's not charged with anything, then why do they need to know what's on his
encrypted drives (which he may or may not be able to access anyway).

~~~
justinlardinois
They have a warrant for the contents of his drives.

~~~
Zigurd
They have the content of his drives. The content is indistinguishable from
random numbers. Same as if they found printed cyphertext in his home.

~~~
justinlardinois
You're ignoring the context of the comment I replied to.

~~~
Zigurd
How so? Had they found printed cyphertext in his house, would he be in jail?
Or, more cogently, one sheaf of random numbers and one of cyphertext?

The point is, the whole "lock" analogy is wrong. Encryption is not an
unbreakable lock, nor is it a game-changer. It's been there for hundreds of
years at least, as long as there have been cyphers.

------
dkopi
So if he ends up forgetting his password while in prison, he's facing a life
sentence?

~~~
tjohns
Not likely, but he'd be there for a very long time.

Generally speaking, when being held in jail for contempt charges, you can be
held indefinitely, so long as you remain in disobedience to a court order.
That last part is important, since the idea is you "hold the keys" to your own
release.

However, if it's physically impossible for you to comply with said court
order, you no longer hold those "keys", and can no longer be held in contempt.

That said... they're not going to believe you just "forgot" your password. The
courts don't look favorably at folks who try to game the system like that, and
you'd have a hard time proving otherwise.

See Chadwick v. Janecka, where a man was held in contempt for 14 years (!) for
refusing to disclose where he allegedly hid funds from an overseas bank
account during a divorce proceeding. They eventually let him go after they
decided that being held in jail had lost its coercive effect... but again,
that took 14 years.

~~~
mordocai
The problem is that it is actually possible that someone no longer knows the
password to some piece of encrypted data. If the government can just hold you
indefinitely because they don't believe you then that is a huge issue.

~~~
dllthomas
If they can show that you've been using the password regularly, recently, for
a while, then not believing a claim to have forgotten seems, if not
_necessarily_ correct, at least not absurd.

If they can't show that, and the file might not have been accessed since it
was created years ago, then I think it's unquestionably wrong to ignore the
fallibility of human memory.

~~~
mordocai
Good luck showing that in many cases. Especially if it is an encrypted
external drive. I think in most cases they aren't going to be able to show
"beyond reasonable doubt" that a person definitely still knows the password.

~~~
dllthomas
I don't disagree, but I don't think that is a sufficient reason to bear the
kind of risk of indefinitely jailing innocents entailed by not requiring such
a showing.

~~~
mordocai
Necroing this, but the proper thing to do is just don't indefinitely jail
people without proof of something rather than "requiring" such a showing(you
can't really require it since, barring torture/some kind of mind probe, the
person can always sit in jail indefinitely and refuse).

------
peeters
> The other was a forensic examiner who testified that it was his "best guess"
> that child pornography was on the drives

I'm curious how on Earth one arrives at that "guess" for an encrypted drive
other than reasoning "why else would he not decrypt them?" In which case his
expertise as a forensic examiner is irrelevant.

Edit: I'd love to see the original testimony, but I haven't been able to find
it. This article has more information though:
[https://www.techdirt.com/articles/20160428/07395434297/so-
mu...](https://www.techdirt.com/articles/20160428/07395434297/so-much-fifth-
amendment-man-jailed-seven-months-not-turning-over-password.shtml)

> The government’s second witness was Detective Christopher Tankelewicz, a
> forensic examiner with the Delaware County District Attorney’s Office. He
> testified only that it was his “best guess” child pornography would be found
> on the hard drives. (Ex. J at 346). According to Tankelewicz’s understanding
> of the Freenet online network (in which he admits having no training), there
> were signs on an Apple Mac Pro computer seized with the hard drives of a
> user accessing or trying to access message boards with names suggestive of
> child pornography. (Ex. J at 306, 311-312, 339-340). In rather ambiguous
> testimony, Tankelewicz did not appear to say this meant any image traded
> over these boards was on the hard drives. (See Ex. J at 303-317, 336-340,
> 345-350). Instead, he identified a single image he believed there to be a
> “possibility” was on the drives. (Ex. J at 308-309)

However this appears to be the testimony in which the All Writs order
([https://assets.documentcloud.org/documents/2783581/Granting-...](https://assets.documentcloud.org/documents/2783581/Granting-
All-Writs.pdf)) establishes the following:

> Here, the Affidavit of Special Agent David Bottalico, supporting the
> application for a Search Warrant, establishes that (1) the Government has
> custody of the electronic devices; (2) prior to the Government's seizure,
> Mr. Rawls possessed, accessed and owned all the electronic devices; and (3)
> there are images on the electronic devices that constitute child
> pornography. (Affidavit iii! 13-31.) Therefore, under the "foregone
> conclusion" doctrine, requiring Mr. Rawls to assist in the decrypting of
> those devices does not violate his privilege against selfincrimination.

In other words (in my understanding), under the foregone conclusion doctrine,
the government needs to show that they know the document exists and what it
contains. In this case I believe that would mean that they have to provide
evidence that they know there is child pornography on the devices. And the
testimony above seems to be the only thing they are putting forward as
evidence to invoke the doctrine.

One of those cases where you kind of want the government to look inside the
hard drive _in this case_ (since the accused is only objecting under Fifth
Amendment grounds, meaning there probably is legitimate evidence against him
on those hard drives), but I can't support it because of the precedent it
sets.

~~~
vkjv
My guess would be in data found on unencrypted drives that reference files on
the encrypted drive. For example, you might have filenames that hint at child
pornography in metadata (itunes, WMP, etc.) or CLI history.

Sure, the file might be unfortunately named, but, in this case maybe it was
enough evidence to hold him?

~~~
LyndsySimon
I'm no lawyer, but I think that's what they usually call "evidence". If they
have evidence of what's on the drive, then he can be compelled to open it
under current law.

There was a case a while back of a guy crossing a border. The LEO who
inspected the laptop claims he saw CP, and somehow it was turned off before it
could be preserved. In that case, they ruled that it wasn't protected by the
5th because it wasn't a search - they "knew" the evidence was there, they just
couldn't access it.

------
esbranson
Here are the court case identifiers and PACER dockets:

USA v. APPLE MACPRO COMPUTER, et al. (E.D. Pa., case 2:15-mj-00850)
[http://www.plainsite.org/dockets/2nurkco28/pennsylvania-
east...](http://www.plainsite.org/dockets/2nurkco28/pennsylvania-eastern-
district-court/usa-v-apple-macpro-computer-apple-mac-mini-computer-apple-
iphone-6-plus-cellular-telephone-weste/)

USA v. APPLE MACPRO COMPUTER, et al. (3d Cir., case 15-3537) ????

------
dudifordMann
so... if a prosecutor has evidence has been gathered where a defendant has a
drive with +n files that are encrypted. then the prosecutor has their
evidence. However, if the files are when decrypted, then they have +n' -n
files, which were not gathered during the initial investigation.

I recognize that the contempt is prior to formal charging, and thus "during"
evidence gathering. but I feel like this is equivalent to the government
saying: "hey, so we have no proof you did anything, but we have these
107374182400 items that might prove something. So, we want you to produce
107374182400 completely different items that might incriminate you because,
well.... we cant". seems weird.

this is obviously not the first case that this has happened in[1][2]. each
invoking the 5th, but it still seems strange.

[1]
[http://www.wired.com/images_blogs/threatlevel/2012/01/decryp...](http://www.wired.com/images_blogs/threatlevel/2012/01/decrypt.pdf)
[2][https://en.wikipedia.org/wiki/In_re_Boucher](https://en.wikipedia.org/wiki/In_re_Boucher)

~~~
dudifordMann
wow... the grammar... what on earth did i write...

------
cmdrfred
>"The other was a forensic examiner who testified that it was his "best guess"
that child pornography was on the drives."

This guy needs to be fired. How in the hell can you tell that it's even images
or video let alone children if it's encrypted? I'd love to see a technical
explanation of how he came to that conclusion. Can the defendant sue for such
a statement given that it's almost entirely fabricated?

~~~
knodi123
I'm not saying this is what happened, (and from what I've read, it's as absurd
as you think).

However, an expert could hypothetically have all sorts of clue about the
contents of an encrypted drive. Keep in mind that encrypted files still
probably have a "last modified date" maintained by the OS, and that many
viewer/player apps keep a timestamped list of recent files. If they see that
realplayer claims to have played "nude_12_year_old.avi" on a "z:\" drive on a
certain date, and that an encryption app opened an encrypted file a little
while before that.... You can't _know_ , but an expert could, hypothetically,
make an educated guess.

Again, not saying that's what the expert did here. Just saying that this sort
of conclusion is theoretically possible in some cases.

------
tn13
I the defense lawyer is unable to demolish this "best guess" evidence in court
I think quality of law schools in the country is sh __t.

If the judge cant see what is wrong with this "best guess" evidence, the
judiciary has lost its marbles.

If the members of jury don't find it wrong, as society we have probably lost
compassion and empathy and sense.

As marijuana legalization is probably foregone conclusion I think government
is going to start with "war on sex" that will have same effects on society.
New Hampshire recently passed laws that would make sex traffickers out of
totally innocent people.

~~~
oh_sigh
What laws are you talking about re sex trafficking?

~~~
tn13
[http://reason.com/blog/2016/04/23/how-new-hampshire-plans-
to...](http://reason.com/blog/2016/04/23/how-new-hampshire-plans-to-spike-its-
sex)

------
blubb-fish
If a judge within a formally correct legal processing decided that the disk
content is to be investigated then that person is obliged to cooperate and if
s/he fails to do that then the state has to act forceful.

There's nothing bad about it.

Another question is whether the established legal system allowing for such
measures is more harmful than beneficial.

------
LeoNatan25
My "guess" is the "forensic" "examiner" watched CSI Cyber or NCIS the night
before, an episode where the show's forensic "sees" patterns in Matrix-style
flow of data.

------
tdkl
Ah CP, the modern day witch hunt and where all the reason falls through.

------
TazeTSchnitzel
Appropriate the URL is .co.uk. Here in the UK, this is actually explicit law.
If you refuse to decrypt, you can be chucked in jail.

------
godgod
And if he really truly honestly forgot his password...then what? You go to
jail for your entire life because you can't recall a series of cryptic letters
and numbers that will be used to convict you? This is no longer America.
Innocent until PROVEN guilty is a lie.

------
derptron
Held without charges and without evidence on the suspicion that the drives
contain something relevant.

So if his protection against self-incrimination is upheld by courts, can he
turn around and sue for this blatant violation of his constitutional rights?

