
Man jailed indefinitely for refusing to decrypt hard drives loses appeal - davesailer
https://arstechnica.com/tech-policy/2017/03/man-jailed-indefinitely-for-refusing-to-decrypt-hard-drives-loses-appeal/
======
smsm42
This reads as extremely bizarre. I mean, reading the fifth amendment makes it
pretty clear - no one should be compelled to witness against oneself. However,
it looks like the current executive and judicial are thinking "well, those
Founders were just idiots for putting such an amendment in, clearly it'd be
much easier to prosecute people if we could compel them to witness against
themselves, so why don't we just ignore it and put people in jail indefinitely
until they agree to witness against themselves?". Terrifying that it is so
easy for them to completely ignore all constitutional protections.

~~~
jaredklewis
Your interpretation of the 5th amendment is quite different than it has been
historically interpreted by the courts.

For example, in a trial, the prosecutor might subpoena some documents and you
cannot refuse to turn over those documents, unless doing so would trigger a
5th amendment assertion. Turning over the documents implicitly testifies to at
least two important pieces of information: that the documents exist and that
you know about the documents.

So if you're asked for the documents and the prosecution has no evidence that
the documents exist or that you know about them, the 5th will cover you.

However if during a police interrogation you admit that the documents exist,
when they are subpoenaed, you can't withhold evidence.

I imagine that the 5th will work much the same with passwords. If it is known
that you have the ability to unlock the device, refusing to do so will be
withholding evidence.

However if revealing the password implicitly reveals the hitherto unknown
information that you know the password, 5th will work.

~~~
Sir_Substance
So here's my concern: guy's now been in jail without charge for 18 months. The
prosecutors say his guilt is a foregone conclusion, but apparently it's not
foregone enough that they're willing to go ahead and prosecute without the
contents of his hard drive. They're gonna hold off until they get what they
need.

We're starting to get to the edge of the point where this guy might
legitimately forget his password. I think we can assume the FBI has been
running a common passwords/dictionary attack with common password symbol
substitutions for the last 18 months, and apparently they haven't found the
answer, so this password is probably a pretty good one that's not based on a
word or even a sentence.

If he stays in jail without trial for another two years and then says "I can't
remember my password any more", what should we do?

~~~
dublinclontarf
> what should we do?

Release him and pay millions in compensation for violating his writ of Habeas
corpus.

~~~
umanwizard
A court granted him a writ of habeas corpus? When? That changes everything if
true, but I'm pretty sure you're mistaken.

------
hackuser
Some discussion overlooks that this is a special case:

 _... the appeals court, like the police, agreed that the presence of child
porn on his drives was a "foregone conclusion." The Fifth Amendment, at its
most basic level, protects suspects from being forced to disclose
incriminating evidence. In this instance, however, the authorities said they
already know there's child porn on the drives, so Rawls' constitutional rights
aren't compromised.

The Philadelphia-based appeals court ruled:_

Forensic examination also disclosed that Doe [Rawls] had downloaded thousands
of files known by their "hash" values to be child pornography. The files,
however, were not on the Mac Pro, but instead had been stored on the encrypted
external hard drives. Accordingly, the files themselves could not be accessed.

 _The court also noted that the authorities "found [on the Mac Book Pro] one
image depicting a pubescent girl in a sexually suggestive position and logs
that suggested the user had visited groups with titles common in child
exploitation." They also said the man's sister had "reported" that her brother
showed him hundreds of pictures and videos of child pornography. All of this,
according to the appeals court, meant that the lower court lawfully ordered
Rawls to unlock the drives._

~~~
hackuser
And for ease of reading, I'll reply to my own comment with other interesting
issues:

* _" The fact remains that the government has not brought charges," [his attorney] Donoghue said in a telephone interview_. It seems a warrant is at issue, if I understand correctly.

* _The contempt-of-court order against Rawls was obtained by authorities citing the 1789 All Writs Act. The All Writs Act was the same law the Justice Department asserted in its legal battle with Apple_

* _The authorities, however, said no testimony was needed from Rawls. Rather, they said, (PDF) "he can keep his passwords to himself" and "produce his computer and hard drives in an unencrypted state."_

* My completely amateur thoughts: If they already can prove he has child porn, then they don't need the additional evidence. If they do need the additional evidence, then he is incriminating himself.

~~~
nickpsecurity
"My completely amateur thoughts: If they already can prove he has child porn,
then they don't need the additional evidence. If they do need the additional
evidence, then he is incriminating himself."

That's a good point. They either have proof he downloaded child porn or they
don't. They're definitely trying to do more than prove it. Probably set a
precedent increasing their power as usual.

~~~
Godel_unicode
"so you, Mr expert witness, are telling me that hashes collide? What's that
you say, there are actually people who actively look for and produce such
hashes for fun?? Ladies and gentlemen of the jury..."

And so on. I'm pretty sure pedophile is near the top of the "you better make
damn sure they don't get off" list.

~~~
undersuit
>I'm pretty sure pedophile is near the top of the "you better make damn sure
they don't get off" list.

It's not illegal to be a pedophile. It's illegal to possess child pornography.

------
goodplay
Sitting directly in front of me are two moderately large encrypted hard drives
the passwords for which I forgot. If I get a subpoena to produce their
contents, I will potentially remain in jail of the rest of my life for the
crime of being forgetful.

That judge's behavior and (the laws that enables it) is sickening. You either
have enough evidence to convict a person, or you don't.

~~~
rayiner
The Court's opinion explicitly addresses that (at 18-19). It first recognizes
that impossibility of compliance is a defense to a contempt charge. But it
then explains why the trial judge reasonably did not buy that argument:

> At the contempt hearing, the Government presented several witnesses to
> support its prima facie case of contempt. Doe’s sister testified to the fact
> that, while in her presence, Doe accessed child pornography files on his Mac
> Pro computer by means of entering passwords from memory. Further, a
> detective who executed the original search warrant stated that Doe did not
> provide his password at the time because he wanted to prevent the police
> from accessing his computer. Doe never asserted an inability to remember the
> passwords at that time.

~~~
pinum
18 months later, though, it is completely plausible that he really has forgot.
I don't think I would remember a complex password that I haven't used for 18
months. Hell, I sometimes have to reset simple passwords that I created last
month. If you don't use knowledge, you forget it.

~~~
timv
Perhaps, but the judge can only make judgements based on the arguments
presented.

If the defendant wanted to argue that he no longer remembered the password
(but would be willing to decrypt the drive if he could), then that's something
that the judge would consider. But a judge can't (and won't) simply say "Oh,
maybe he hasn't complied because he just forgot the password. I'm going to let
him off"

~~~
michaelmrose
Its literally impossible to prove someone has or hasn't forgotten something.
You shouldn't be able to jail someone indefinitely for not producing something
you can't prove exists.

~~~
timv
Yes, but that's fairly well tested ground and isn't unique to this case.

Witnesses (in the sense of being called to that stand in a courtroom) are
frequently asked to tell the court what they saw/heard/did, or from where/whom
they received information. Refusing to answer may get them pulled up on
contempt charges, and if they claim not to remember then the judge needs to
decide whether they are lying.

Given the impossibility of proving (in an absolute sense) that the witness
does in fact remember (at that exact moment), it's a game that witnesses are
likely to get away with (hence the standard "I don't recall" answer from
politicians and beuracrats​), but it's not a universal solution to the "I
don't want to tell you" scenario.

~~~
michaelmrose
I think that the difference is that people are generally good at remembering
the details that judges are normally interested in. People are notoriously bad
at remembering passwords.

------
ahelwer
Here's a recording of the oral arguments for the US Court of Appeals, Third
Circuit back in September:
[http://www2.ca3.uscourts.gov/oralargument/audio/15-3537USAv....](http://www2.ca3.uscourts.gov/oralargument/audio/15-3537USAv.AppleMacProComputer.mp3)

The gov's argument seems to be that because the defendant doesn't have to give
the government the password but rather produce the decrypted hard drives, his
actions aren't protected under the fifth. Analogy drawn with unlocking a safe.

EFF counter-argument to the safe analogy is that the encrypted documents do
not simultaneously exist in a decrypted form protected by an obstacle, like a
safe, but rather are produced as an act of translating the data from decrypted
to unencrypted form; the government already has the data on the drives, they
just can't understand it without the contents of the defendant's mind.

Justices then press the gov lawyer on whether there are fourth amendment
issues in the case, as in whether the government can search all files on the
hard drive, if decrypted, for evidence of criminality beyond the specific
files they seek. Gov lawyer punts on the issue.

Basically it seems like a steep hill for proponents of encryption. The
justices talk about how we're heading for a world where almost everything is
encrypted, and encryption proponents are asking the government to give up an
enormous amount of power.

~~~
zer0t3ch
Can you be compelled to provide something that you don't have access to? Were
anyone else in this situation, wouldn't it be plausible to simply claim you
don't know that password?

~~~
null0pointer
I've wondered about scenarios where you can legitimately claim to not know the
password to decrypt a drive. A few different cases I can think of which may be
ruled differently by a court.

1) I use a password manager so I don't know the password. However, I have the
means to acquire the password.

2) I use a password manager but somehow lost access to it unintentionally.

3) I use a password manager and lost access to it by design. (eg. Using a dead
man's switch of some kind that deletes it if I don't "check in" for some
period of time)

4) I used to know the password. However, I suffered a traumatic brain injury
and cannot recall it.

I obviously don't have the answers but I think these are interesting to think
about as different points in a large legal grey area.

~~~
meesterdude
one i've ben thinking of is a shuffled keymapping or keyboard - you know what
password you type, but not what it actually translates into.

~~~
Karlozkiller
Not bad, but that key-map would have to be accessible unencrypted from the
encrypted device no? Unless somehow hard-mod a physical keyboard or something?

------
ryan_j_naughton
Thought experiment: What if there were an encryption system whereby if a user
inputs one decryption key, the encrypted data decrypts to one set of values
and if the user uses a second key, it decrypts to a second set of values.

Sure, in order to encode both sets of data into a single encrypted result
would require more storage space, but that is a small price to pay for
protection against self incrimination from our ever growing police and
surveillance state.

The end of the article captures why this idea would be so effective, viz. "The
authorities, however, said no testimony was needed from Rawls. Rather, they
said, 'he can keep his passwords to himself' and 'produce his computer and
hard drives in an unencrypted state.'"

It is absolutely true and valid that the government has the right to compel
people to hand over evidence that they are KNOWN to possess (in the same way
that legal discovery is essential to civil cases). The line the government is
drawing between self-incrimination and forced cooperation in an investigation
is they they don't want him to tell them the password or what is on the drives
-- they simply want him to hand over the drives in an intelligible state.
Thus, if one could decrypt the drives to an intelligible set of data but not
the data they desire, then you would be complying with the court order and
could not be held in contempt.

Can someone on HN who knows more about cryptography help poke holes in my
idea?

~~~
harryh
Thought experiment: What if you kept two sets of bank records for your
business. One set of bank records were truthful and demonstrated your guilt.
The others were falsified and demonstrated your innocence.

What would happen if, after your bank records were subpoenaed, you hand over
the falsified records?

Well, you'd be committing a crime. Maybe you get away with it, or maybe law
enforcement figures it out and you get caught. Depends on how clever of a
criminal you are.

Same thing here with your double-plaintext encryption.

~~~
_archon_
Hmm... I believe there may be a distinction here. Decrypting to the false
virtual contents would be more like presenting a copy of the bank records that
were correct, but the file had been corrupted and the data was unusable.
However, the corrupted but true records had been created before the subpoena
(not trying to obstruct) and were handed over in good faith.

You wanted the contents of this drive? Here they are!

The owner of the drive is definitely in a legal and moral grey area, but it
would be supremely difficult to prove mens rea in this case.

Interesting thought experiment: What happens when someone fills a hard drive
with junk data and then encrypts it, then gets subpoena'd for the unencrypted
contents of the drive?

~~~
harryh
The scenario you describe is not at all like the situation at hand. Data
corruption and encryption are not the same thing as encryption is a fully
reversible process.

Further, the owner of the drive is not in a legal or moral grey area. They are
in a "black" area where it's quite clear that they are being intentionally
deceptive in defiance of a court order.

------
NightMKoder
This case is interesting. If I'm reading
[https://en.m.wikipedia.org/wiki/United_States_v._Hubbell](https://en.m.wikipedia.org/wiki/United_States_v._Hubbell)
correctly, the fifth amendment only applies if "they don't know what they're
looking for." In this case, because there is (enough) evidence of CP on his
computer, they are subpoenaing him to produce the unencrypted drives. In some
sense, they're not asking for a password - they're asking for the drive
contents, which they know to at least partially be illegal. IANAL though.

Assuming that interpretation of the 5th is correct, subpoenas can easily be
used to access encrypted information. I just hope the judges that decide when
to grant subpoenas know where that line is.

~~~
ethbro
It is amazing that anything produced would be admissible.

I don't see how this is different than having circumstantial evidence that
someone is a murderer, so ordering them to lead you to where they buried the
body.

~~~
NightMKoder
I think they key is that the evidence is beyond circumstantial - they have
concrete evidence that he uploaded files that were CP from that computer. It's
a bit worrying why that isn't circumstantial (hacked computers aren't a
thing?), but maybe the standard for issuing a subpoena is lower than guilt but
higher than circumstantial.

Sounds like the only right answer for your password is "I do not recall"

~~~
RUG3Y
This might be a stupid thought but if they already have enough concrete
evidence against the suspect, why do they require the contents of the drive?

~~~
NightMKoder
My bet would be to up the sentence. Go from 2 counts of CP to 200 - 5 years in
jail to life sentence.

~~~
naasking
But then that seems to undermine the whole argument, because they actually
_are_ requiring the suspect to incriminate himself.

~~~
Terribledactyl
Each photo in possession is a separate crime and they, presumably, know about
and want a single photo. However different legal doctrines say, if they find
more in the normal course of events, they are now admissible and can be used
to create new charges.

~~~
naasking
> However different legal doctrines say, if they find more in the normal
> course of events, they are now admissible and can be used to create new
> charges.

Sure, but that's not the case here. They apparently already know he possesses
a certain number of such photos, and now are now trying to compel him to
incriminate himself further.

------
mgamache
So if I forget my password, I can be in jail forever?

~~~
danso
That would be an interesting case but that's not what seems to be argued here.
The state is arguing that they have enough evidence that "the presence of
child porn on his drives was a 'foregone conclusion.'". It's likely the
defendant didn't use forgetting-the-password as a defense because it was
obvious via IP traffic and witness testimony that he had regularly and
recently used his computer.

The ruling here seems focused on the point of whether the knowledge/use of a
password constitutes self-incrimination, which people have a Constitutional
right not to engage in. IANAL, but it seems akin to arguing that you have a
Fifth Amendment right not to give up a DNA sample.

edit: Looks like I'm wrong, defendant did use forgetfulness as a defense at
one point, though that was ultimately not his only reasoning for appeal.

Look at page 7 of the document here:

[https://arstechnica.com/wp-
content/uploads/2017/03/rawlsopin...](https://arstechnica.com/wp-
content/uploads/2017/03/rawlsopinion.pdf)

    
    
            Approximately one week after the Quashal Denial,
            Doe and his counsel appeared at the Delaware County Police
            Department for the forensic examination of his devices. Doe
            produced the Apple iPhone 6 Plus, including the files on the
            secret application, in a fully unencrypted state by entering
            three separate passwords on the device. The phone contained
            adult pornography, a video of Doe’s four-year-old niece in
            which she was wearing only her underwear, and
            approximately twenty photographs which focused on the
            genitals of Doe’s six-year-old niece. 
    
    
            Doe, however, stated
            that he could not remember the passwords necessary to
            decrypt the hard drives and entered several incorrect
            passwords during the forensic examination. The Government
            remains unable to view the decrypted content of the hard
            drives without his assistance.
    
    

However, in the next paragraph, the document refers to a ruling in which the
court found that there was enough evidence to show that the suspect
"remembered the passwords needed to decrypt the hard drives but chose not to
reveal them because of the devices' contents". I imagine the details of that
evidence was in the Oct 5., 2015 hearing in which the suspect "neither
testified nor called witnesses. He offered no physical or documentary evidence
into the record and provided no explanation for his failure to comply with the
Decryption order".

~~~
mirimir
> Forensic examination also disclosed that Doe [Rawls] had downloaded
> thousands of files known by their "hash" values to be child pornography. The
> files, however, were not on the Mac Pro, but instead had been stored on the
> encrypted external hard drives. Accordingly, the files themselves could not
> be accessed.

He was running a Freenet node. Investigators were also running Freenet nodes,
which peered with his. The were using a tweaked Freenet client that logs lots
of stuff. So they know that chunks of child porn files went to his node. What
they arguably don't know is whether he requested them, or merely relayed
requests from other peers. But they have experts who will bullshit
convincingly enough about that.

Edit: The Freenet Project, in my opinion, has irresponsibly relied on
"plausible deniability".

~~~
mickronome
Interesting, didn't think it could be Freenet related, as lists of hashes
during synchronisation was stated. If so it could explain why the prosecution
want the drive decryped although they on the surface seems to have enough
evidence.

But then the foregone conclusion argument could to be slightly disingenuous,
depending on exact details which appears to be unknown at the moment?

~~~
mirimir
By running their own Freenet nodes, investigators can create databases of
observable chunk hashes and file content. And they can see traffic to peers.
So they know that his node handled child porn.

But they can't really know that _he_ was looking at child porn without finding
saved files. They may also be interested in communications with other
potential suspects.

------
fencepost
This is an interesting contrast to the article reported this past week about
Nigel Lang, a black man in the UK who was accused of having or sharing child
porn because of an extra digit added to an IP address during
investigations[1].

One relevant section from the apology/explanation letter: "The issues around
the downloading of IIOC [indecent images of children] are that statistically
out of a cohort of offenders, the predominant characteristic is that the
offence will be committed in the main by white males. Only a very small
percentage will be black, around 3%, and only around 2% will be female.
Consequently, any arrests that are made for this offence will revolve around
the male in the address as the starting point for the investigation."

Notably Rawls (the man indefinitely jailed) is black.

[1] [https://www.buzzfeed.com/matthewchampion/this-mans-life-
was-...](https://www.buzzfeed.com/matthewchampion/this-mans-life-was-
destroyed-by-a-police-typo?utm_term=.sq1RxMpPw#.dly024JKV)

~~~
bsder
> The issues around the downloading of IIOC [indecent images of children] are
> that statistically out of a cohort of offenders, the predominant
> characteristic is that the offence will be committed in the main by white
> males. Only a very small percentage will be black, around 3%, and only
> around 2% will be female.

That's quite a remarkable statistic. I wonder why.

~~~
c3534l
Fewer black people for one.

~~~
j2kun
US is like 12% black, no (and 50% female)? Doesn't explain the discrepancy.

~~~
devmop
The quote is from a UK report

~~~
j2kun
In that case it lines up exactly

------
alphabettsy
Almost like they chose this particular topic to set a precedent...

~~~
mjolk
Or, this is a case in which a defendant had a non-foreign-government reason to
accept whatever consequences come from not cooperating (thus not having
political machinations at work) and it's a case with real human harm that
makes it worth pursuing for the prosecutor.

------
Steeeve
It goes to show that regardless of what protection encryption theoretically
provides, security is only as good as the weakest link in the chain. Torture
in some fashion is _always_ an option to force decryption.

The same goes for constitutional protections. The more time goes on, the more
constitutional protections will be attacked and minimized.

The fact that a child pornography case is being used to break encryption via
the courts should come as no surprise. Emotion is being used to broaden the
power of the courts.

------
tombert
It seems like the law is kind of ambiguous on this
([https://en.wikipedia.org/wiki/TrueCrypt#United_States_v._Joh...](https://en.wikipedia.org/wiki/TrueCrypt#United_States_v._John_Doe)),
unless my interpretation is completely flawed. I wonder if this will have to
go to the Supreme Court at some point.

~~~
vilhelm_s
In this case, the 3rd circuit applied the same standard as the 11th (the
government can compel decryption if they know what is on the drive), so it
doesn't yet create a circuit split.

However, they don't decide that that is the right standard. In a footnote they
suggest that the correct standard would be more lax (the government can compel
decryption if they know the person knows the password). So if a case comes up
where they rule that way, it would create a circuit split and lead the supreme
court to take the case.

Orin Kerr writes a column about it here:
[https://www.washingtonpost.com/news/volokh-
conspiracy/wp/201...](https://www.washingtonpost.com/news/volokh-
conspiracy/wp/2017/03/20/third-circuit-doesnt-resolve-standard-for-forced-
decryption-under-the-fifth-amendment/)

------
noahbullock
It's my understanding that, while one is obligated to comply with a warrant
granting police access to places or materials in one's control, one cannot be
compelled to aid them in their search or understanding. In other words, if
presented with a warrant, a person would be required to grant access to a home
or to hand over an accounting ledger, but the Fifth Amendment protects against
being compelled to tell police where in the home drugs are hidden or which
line items in the ledger contain embezzlement. A warrant grants the police the
right to search, but not the right to find.

With that in mind, here's a thought exercise:

Let's say that I'm caught on camera signing a document with a man who later
kills my business partner. The camera then records me going into my warehouse
with the document and emerging later without it. The police, believing that I
arranged the murder and that the proof is in the document, duly obtain a
warrant to search the warehouse.

The warehouse is large and when the police enter, they find it is stacked
floor to ceiling with sheets of paper, all indistinguishable except for their
contents. They estimate the number of pages to be in the billions -- far too
many for them to feasibly comb through.

If I understand the right against self incrimination correctly, I can't be
forced to tell the police where I hid the specific piece of paper they're
looking for.

Why is this different from finding a password? Assume we use a 43 character
password (since the encryption key is AES 256, a password longer than 43
characters wouldn't add additional security). If this is the case,
approximately 1.01e86 - 1 passwords effectively yield a garbage document, and
1 password produces the document the police are looking for. If one can't be
compelled to help the police find the solution in a physical search space, why
can one be compelled to help find one in a digital search space?

------
emanreus
The scary part is that someone can be jailed indefinitely. I had no idea that
was legally possible.[1] But it's CP so it's an easy sell.

[1]
[https://en.wikipedia.org/wiki/Indefinite_imprisonment](https://en.wikipedia.org/wiki/Indefinite_imprisonment)

------
cnnjhvyhvc
This reminds me that I need to wipe the drive I was using to test Bitlocker,
as I typed in a random password and have long since forgotten it. I can only
imagine the Kafkaesque horror of being imprisoned until I decrypt it, spending
decades trying to brute force it.

------
bawana
Although most of the comments here have to do with legality, I am more
concerned with the technical aspect. The prosecutors say they know that he has
porn because the hash values they obtained are identical to the hash values of
porn images.

Are hash collisions not a consideration? Can hash values be as incriminating
as direct evidence?

Is it possible to take a hash of a benign image (kitten?) and encrypt it with
an algorithm that gives a result which is identical to an unencrypted hash
value of a pornographic image?

~~~
xeonoex
I'm wondering how they obtained the hashes. You can't hash images on an
encrypted drive. How are they able to obtain a hash of an image without
actually having the image? Were the hash values from what he has downloaded
stored somewhere?

------
ChoGGi
I'm surprised he hasn't argued there's evidence of a different crime on the
disk(s), as a reason why he is refusing under the Fifth.

Edit: Thanks for the downvotes :)

~~~
pmyteh
They'd offer him immunity on the "different crime", then he'd have no defence.

~~~
ChoGGi
That would work? Not a lawyer or American so

(Thanks for the upvotes, and pmyteh for replying)

------
oh_sigh
What happens if this guy just claims that he forgets the password and sticks
to his story? Will he be effectively imprisoned for life, whether true or not?

~~~
jlebrech
if they imprisoned him in a way which is later seen as unlawful he can get a
huge payout. why not just stick to your guns and get $1m+ for sleeping in bed
and doing a few push up.

------
Radle
"The fact remains that the government has not brought charges," Donoghue said
in a telephone interview. "Our client has now been in custody for almost 18
months based on his assertion of his Fifth Amendment right against compelled
self-incrimination."

This should be simple, either they have enough to charge him or not.

------
finkin1
Is there a charitable interpretation of this that I'm not seeing? Or is this
truly as terrifying as it appears?

~~~
mjolk
Head's up that the source goes into some detail and is a miserable, sickening
read.

Per the source ([https://cdn.arstechnica.net/wp-
content/uploads/2017/02/fedsr...](https://cdn.arstechnica.net/wp-
content/uploads/2017/02/fedsrawls.pdf)), the prosecutors already have a case
based on checksums of the media that the defendant had downloaded, and per the
logs, stored on his external hard drive. I imagine that the prosecution wants
the media so they can perform harm reduction services for the identified,
affected children and/or improve their data for going after other/future child
abusers.

~~~
mickronome
But harm reduction and improving data for other cases is not the intended use
of warrants and contempt of court, or is it?

~~~
mjolk
No, and thanks for catching that.

My understanding is that the prosecution doesn't need the decrypted data to
secure a guilty verdict, but as they're entitled to it, they likely want it
for secondary benefit.

------
moonshinefe
If they've got the evidence, legitimately charge him then? If it's sufficient,
let a jury of his peers convict him then.

How is this any more complicated than that, no matter how you frame it? We
have laws as a check and balance system for a reason, apparently the US courts
are slowly forgetting it or something...

------
theonemind
Quite a minefield of legal issues. Indefinite detention pretty much seems like
an abuse of the court's power to find people in contempt. He should get
charged with a real crime like obstructing justice and serve a sentence for
it, if they have the evidence for that, but this is absurd.

------
pyabo
They are doing the same inquisidores did, they are torturing someone to
confess (in this case decrypt)

------
1024core
Can you refuse a search warrant? My understanding (albeit limited) is that you
can't, if it's been signed by the proper legal authority. Is refusing to
unlock the HDD the same as refusing to unlock a room, when presented with a
lawful warrant? I would think so.

------
Overtonwindow
This raises an interesting idea: why not create two passwords for encrypted
drives, one password decrypt the drive, another password completely wipes the
drive. This way if someone is forced to give a password to decrypt something,
that password renders the data moot.

Thoughts?

~~~
striking
Here's mine: destruction of evidence is a crime.

Probably not the best idea.

Hiding the partition or otherwise making the encrypted data hidden is probably
your only bet.

~~~
Overtonwindow
Which would you rather go down for: destruction of evidence, or what's in your
hard drive? I'm asking a technical question, not a legal one. There are many
instances where this would be preferable than giving up the data.

~~~
striking
If someone released such a tool, the feds would make sure to clone your hard
drive before supplying the password to it, or write a patched version of the
tool that reads it to remove the disk wiping call.

And then you'd be in really hot water.

~~~
naasking
I expect cloning to already be standard forensic procedure, but perhaps I'm
wrong. If not, it should be.

~~~
Kostchei
yep. Work on the copy, or the copy of the copy in my case. It's digital with a
hash, not a vhs tape

~~~
Overtonwindow
Ah cloning, very good point. So that raises a new question: Is there any way
to prevent decryption of a drive, when the password is forcibly obtained?

------
azinman2
If they already know it's on there, then isn't that enough to build the case
and just try him as is?

------
pnutjam
The sad part is he has provided the password, but it's "fuckoffI'llnevertell"

------
tpolm
and this is why the software you use to encrypt hard drives should support
plausible deniability. You give away the (other) password and the decrypted
drive contains nothing but cat pictures.

~~~
silveira
This. This is actually a good solution. Not cat pictures though, it would need
to be something at least shameful, maybe even lightly criminal. This would
work as an alibi for why you are encrypting the drive.

~~~
SolarNet
Or deeply personal like a journal.

------
hollander
Is this another case of "encryption works"?!

------
employee8000
After 18 months in jail, can't the accused legitimately say that he forgot his
password? I don't know if I would remember a relatively complex password if I
were stuck in s jail cell for 18 months with no computer or ability to type it
in every few days.

------
jlebrech
what if there was a password to decrypt the drive into rick astley on a loop?

------
69mlgsniperdad
What would happen if he lobotomized(carefully and mildly) himself, and
legitimately could not remember his encryption keys/pw nor the reason he
performed lobotomy?

~~~
jacobush
Or very carefully shot himself in the heart?

~~~
pc86
Surely this layman knows enough about the brain to know how to lobotomize
himself such that he forgets his passwords, but not such that he forgets how
to perform a self-lobotomy!

~~~
jacquesm
That's easy, just snip the _blue_ neurons. Or was it the red ones? No,
definitely blue. (Snips red neuron.)

------
Zuescho
Okay now, what if my password is the hash of a CP Picture, then there would be
no way for me to offer that password without committing a crime in the first
place. So in that case you would be safe. Or when the password would be some
file that could incriminate me

