
Fifth Amendment shields child porn suspect from decrypting hard drives - leephillips
http://arstechnica.com/tech-policy/2013/04/fifth-amendment-shields-child-porn-suspect-from-decrypting-hard-drives/
======
obviouslygreen
This seems like the first time in quite a while someone's rights _have_ been
protected (as far as what's in the news goes, anyway). Unless the guy is
convicted, he still has all of those pesky things -- regardless of how obvious
his guilt may or may not be to anyone -- and it's a lot better for all of us
if they're actually taken seriously once in a while.

~~~
rayiner
What you don't see in the news is the zillions of times a day the system
protects peoples' rights through criminal appeals, etc, and the massive
overhead that arises from actual criminals abusing those protections in order
to try and get out on technicalities.

My friends who have clerked for judges talk about how frustrating it is to
deal with appeal after appeal from people who are clearly guilty and just
abusing the system.

You have to take what you see in the news in context of the reality of the
people who work within the system every day. It is a system, after all, and
systems involve balancing competing interests, but the tech media rarely
tackles the complexities of that process.

~~~
rhizome
Isn't the case in the story also one of "technicalities," since the police
seem reasonably sure the material is on one of the drives, just not exactly
which one?

People who clerk have a skewed view of the judicial system compared to someone
who has been convicted.

~~~
rayiner
> People who clerk have a skewed view of the judicial system compared to
> someone who has been convicted.

I'd argue it's a much less biased view that incorporates more and better
information.

~~~
betterunix
I am pretty sure clerks are seeing only a fraction of the people who were
arrested or convicted, and that that fraction is strongly biased towards
people who have money to spend on lawyers. The overwhelming majority of the
millions of prisoners we have in America never had a trial.

I do not know where you got the idea that our criminal justice system is
serving its purpose. It may be great at putting criminals in prison, but it is
meant to protect innocent.

~~~
rayiner
> I am pretty sure clerks are seeing only a fraction of the people who were
> arrested or convicted, and that that fraction is strongly biased towards
> people who have money to spend on lawyers.

The bulk of nearly any judge's case load is criminal appeals from run of the
mill criminals. They might be pro se, they might have a public defender, they
might have a cheap local lawyer, but they're not deep pocketed by any means.
Indeed, clerks see a skewed picture of things, but one that is if anything
skewed towards seeing fewer actually guilty people, not more, for the obvious
reason that actually innocent people are more likely to file an appeal than
actually guilty ones.

> I do not know where you got the idea that our criminal justice system is
> serving its purpose. It may be great at putting criminals in prison, but it
> is meant to protect innocent.

The purpose of the criminal justice system is to protect the law-abiding
public by putting criminals in prison. That is its sole reason for existing.
An important constraint in doing so is protecting the innocent, but that's not
its purpose. If it were, then you could design the perfect justice system
simply by never putting any people in prison. But the world has bad people,
lots of them, and that's not a tenable option.

You design a justice system the same way you design any system. You pick a
false-positive rate you can live with, then design the rest of the system to
maximize throughput while still hitting that false-positive target. It's the
only sane way to design something that works as opposed to a non-working
platonic ideal.

------
mindstab
This is the same scare tactic they always tout to take away your rights with.
The Canadian government said the exact same thing last year while promoting
their internet spying bill. It's garbage.

~~~
rdtsc
Whether there is an agenda by lobbying groups or other interests in increasing
surveillance or just federal agencies need more power and funding to
"protect", the effects are predictable -- make a showcase example using some
horrible crime (terrorism, child pornography, in the past maybe communism or
drug war related). It doesn't matter as long there would be maximum rage
against the perpetrator and nobody in the public sphere would dare defend them
and still remain standing as a public or political figure.

People like stories and laws are slowly eroded by scary stories. Joe-Smith-
child-pornographer and Molly-Johnson-the-terrorist cases are brought as
examples of the evil of encryption and anonymity. It is very easy, the script
is always the same.

Again not saying there is top down shadow conspiracy to all this just how the
constraints and incentives are set up these things emerge as a result.

------
smoyer
This is one of those issues that leaves you arguing with yourself ... I'm 100%
against child pornography (or really the exploitation of anyone), but 100% for
rights to privacy, both digitally and in "in real life".

We can only hope that if this suspect is guilty, they find evidence that can
be obtained without violating his rights ... and of course if he's innocent, I
hope he avoids the stigma being a suspect might bring.

~~~
aliguori
This is not about privacy, it's about self incrimination which is far, far
more important.

You can be compelled to testify under oath for many reasons none of which
involve doing anything wrong. When you testify under oath, you must answer the
questions asked truthfully or face unlimited jail-time for contempt.

The fifth amendment is the only form of protection you have from being called
to testify and being grilled about any random topic. It's a balance to the
otherwise tremendous power that a court has.

The prosecution must be able to make their case without the defendants
assistance. This is a fundamental aspect of our legal system.

~~~
aspensmonster
Unfortunately it seems that discovery and testimony have become increasingly
conflated over time. I don't buy the arguments that compelling someone to
decrypt something is discovery rather than testimony. The precedent that tips
the scale between discovery and testimony hinges on whether the prosecution
"knows" that the data is there, which is bogus to begin with precisely because
the supposed data is encrypted. They couldn't possibly "know" what is there
without compelling the defendant to decrypt. And if there is already
"sufficient evidence" to tie a defendant to supposed encrypted data, as has
come up in certain cases, than there is no need to compel the defendant to
decrypt in the first place. Provide your "sufficient evidence" to the court
and let the judge and jury do their jobs.

I think precedent leaned this way precisely because people understood that
otherwise, guilty people would definitely walk. And they couldn't have that,
even if it meant that the spirit of the 5th amendment was violated.

------
nazgulnarsil
The trouble with fighting for human freedom is that one spends most of one's
time defending scoundrels. For it is against scoundrels that oppressive laws
are first aimed, and oppression must be stopped at the beginning if it is to
be stopped at all. -H. L. Mencken

------
nothxbro
Question-

I had a idea about how to make this type of punishment non feasible.

Replace the standard truecrypt bootloader with one of a design that has a
'self destruct'

What I mean by that is, when you turn on your computer and the boot loader is
initialized it actually deletes its keyfile from disk and only keeps it in
ram. If you dont enter the correct password in xxx minutes or if you restart
the computer, that data is lost and restoring it becomes impossible.

There could be another option as well, a 'extra' unlock code that you could
not prove the existence of, which could overwrite the deletion of the above.

Basically its a way to say "The FBI turned on my computer without asking me
for instructions and destroyed my data- Its not possible for me to restore it,
but this WAS my password"

~~~
zizee
In reality, forensic data people tend to just pop the drive out of the machine
and connect it to a specialized machine that can clone the drive, whilst
ensuring there is no write capability, so it is guarenteed to not modify the
drives contents. This is done to preserve the "chain of custody", so the
investigators can't be accused of fiddling with the evidence.

I think that the only way to do it would be to have something like a fully RAM
disk, that is erased when power is lost. But this is problematic because of
power outages, so you would be tempted to use battery backups or something,
which would in turn make the system transportable, and more likely to not be
deleted.

I guess in the case of the article, it was TSA agents, so your proposed system
could do the trick with incompetants.

------
6d0debc071
I wonder why people place themselves in a position where it's possible for
them to decrypt the drives under coercion. If I wanted to secure something and
I thought that I might be under coercion at any point, then I'd stick part of
my key files on a system that would delete them if it didn't get the all
clear, and have another part that I could destroy in an off hand manner -
maybe by smashing a USB key with a hammer or burning a bit of paper with an QR
code or something on it,.

"Unencrypt that." "No longer possible."

Whether I'd have backups somewhere, well, who knows. But it's certainly
possible to imagine systems under which the likely actions of an attacker such
as the police would render the files useless.

~~~
gyardley
Isn't destroying evidence obstruction of justice?

~~~
chacham15
It depends on the intent. If you create the system explicitly to destroy
evidence if the police are looking for it then yes. If, instead, you create a
"safe" that as an anti-tamper measure destroys the contents, then no (BUT
IANAL).

~~~
drakeandrews
In the UK, that would qualify as destruction of evidence 9/10 times. Source:
Looked into doing something similar to protect confidential information and
sought legal advice first.

------
cdjk
This seems somewhat narrow, unfortunately. Suppose I have a laptop with an
encrypted hard drive, and I'm known to use that laptop. It's going to be hard
to convince someone that I don't own the laptop and drive, so it seems like
the government could still compel me to decrypt it.

Of course, this would protect me if I happen to have encrypted hard drives
scattered randomly around, but that's not typically how one would store data.

~~~
corin_
Obviously it comes down to the judge's judgement call (no pun intended) but
based on this ruling there could perhaps be other ways to cause doubt which
lead to this ruling, for example could you argue that your laptop has the
ability for you to use it without unencrypting said drive, while potentially
allowing one or more other people to use the encrypted part? Or if you are
using encrypted files (e.g. TrueCrypt but not encrypting an entire drive) then
having multiple encrypted files, perhaps even labelled in a way to suggest
multiple users, such as stored in a folder called "Shared storage"?

Obviously all these things would need to look like they were genuine rather
than thought-up for legal purposes, so I imagine if I ever ended up in this
situation this comment might act against me... but as a non-American, the
fifth is unlikely to be relevant anyway. On top of the fact that I currently
have no encrypted drives.

Even without circumstantial suggestions that there are multiple options, I
wonder if you could simply make the argument that possession of a single
encrypted drive does not indicate usage of said drive, and therefore there is
no reason to believe you have access to the encrypted contents?

------
dkulchenko
Say, for the sake of argument, that I have an external SSD with 5 partitions,
2 of which are filled with random data (passing a chi-square test), the
remaining 3 are TrueCrypt volumes.

The way I understand it, I have plausible deniability that I have _any_
encrypted data on this disk. Failing that, wouldn't being forced to divulge
which of the partitions are actual encrypted volumes be self-incrimination?

~~~
ethanbond
You don't have to decrypt anything no matter what. You can't be compelled to
give up the key.

~~~
hnriot
... unless you're in guantanamo bay

------
tomphoolery
It's kinda weird that they took care to not mention his name in the article,
but they say his last name in the quotes by the Judge.

~~~
smoyer
The judges statements will already be in the public record, but I'm glad
they're not mentioning his name prior to a conviction.

~~~
corin_
Tomphoolery's point was that his name was included in the Judge's statements
_quoted in this article_ , i.e. that even though they avoided using it in the
text they wrote themselves, the article still included it.

------
patrickgzill
Apparently some think that the root password to the US Constitution is
"4daChildr3n"

------
JulianMorrison
It would be more accurate to say "Fifth Amendment shields child porn suspect
from proving a hard drive's data belongs to him by showing he can decrypt it."

