Hacker News new | comments | show | ask | jobs | submit login
Man jailed 16 months, and counting, for refusing to decrypt hard drives (arstechnica.com)
667 points by doener 221 days ago | hide | past | web | 485 comments | favorite



I have a question...

Suppose the suspect Alice only has a portion of the key. Someone else (Bob...) has the remaining key bits.

Alice is busted, and 'compelled to give the key', and DOES provide her portion of the key.

Bob is never found.

Then Alice would be indefinitely imprisoned, even if she would have actually complied with the court order.

It seems unethical, to me.

Bonus question: Alice pretends that Bob exists, but actually he does not, but police cannot prove that. What then?

A possible answer to the first question: Alice is not compelled to provide the key. She is compelled to decrypt the drive. Obviously she can't do that without Bob. Alice is screwed and will spend the rest of her life in prison.

Seems harsh.


> A possible answer to the first question: Alice is not compelled to provide the key. She is compelled to decrypt the drive. Obviously she can't do that without Bob. Alice is screwed and will spend the rest of her life in prison.

Yes, and in this scenario she would not be held in contempt, so your hypothetical does not apply.

You can only be held in contempt for refusing to comply with court orders, not for the failure of a desired outcome.

Let's put it another way: you are totally misunderstanding why this fellow is in jail. It is not because the hard drive remains encrypted - it is because he defied a court order to decrypt it. Granted, if the drive were decrypted by other means he would likely be let out of prison because the point of holding him for contempt would be frustrated - but that does not mean that he was put into jail because the drive was not decrypted. Contempt is solely about defying court orders.

If Alice gave over her half of the key, she would have complied with the order, therefore, there would be no grounds for contempt.


There's no observable difference between inability to produce a result and refusing to produce a result. How do they know he didn't just forget the password? Or that the password was recorded somewhere that he no longer has access to? After sitting in jail for many months, it is very easy to forget a password that you no longer use regularly.


There's also no directly observable difference between killing with or without intent, which is why we have murder trials. The ability to decrypt data can be inferred from the surrounding circumstances, which is what happened here[1]:

> The defendant did not testify at the hearing and did not offer any other evidence or testimony in support of his contention that memory failure prevented him from complying with the court's order. On September 14, 2015, the court issued an order granting the government's motion, App. 6-10, finding that Doe was engaged in a “deliberate ruse” in claiming memory failure as to the external hard drives and that he intentionally disobeyed the court's orders directing him to decrypt the devices.

[1] Government brief, p 12: https://arstechnica.com/wp-content/uploads/2017/02/fedsrawls....


Yes, the court system exists precisely to determine fuzzy things like this.

I'm still curious, what kind of evidence or testimony might be considered believable in this case. Whether someone remembers a particular sequence of words and symbols seems like a thing that's very hard to determine, and by its nature it's unlikely there is any evidence either way.

From the quote you give (and I'll admit I have not read up on this case beyond the article, so it's possible I'm missing something), it sounds like he claimed he didn't remember the password, the court responded with "I don't believe you because you haven't proven that you don't remember it, so have fun in jail until you decrypt."

How would you prove, if you were brought into court, that you don't remember a specific password?


By giving credible oral testimony. The defendant chose not to do that, perhaps because it would have exposed him to cross-examination, and perjury charges if his implausible story was rejected (he remembered other passwords and had been caught with child pornography on other encrypted volumes, and the government may have had evidence about how recently and frequently he had decrypted the external drive, because they were able to decrypt his OS drive). Hopefully, if you really did forget a password you'd be able to give a believable explanation that holds up under cross-examination.


>credible oral testimony.

So the system as it stands is you can be jailed indefinitely because a judge does not believe you actually forgot a password? That doesn't sound ideal.


He gave no testimony, so there's nothing to disbelieve. Everyone has the right to not self incriminate, but that's not a get out of jail free card.

Honestly, what do you envision as an ideal system? The legal system can't be structured like software. You have to be able to cope with unknowns, things that cannot be proven 100%, and people who won't cooperate. This stuff isn't binary.


Regardless of cooperation I disagree with indefinite detention. Write a law that requires you to hand over a key to law enforcement(this will likely require a constitutional amendment) with a specific penalty or follow the constitution as written.


well you can start by codifying your laws and getting rid of juries. there's different types of legal systems.

https://en.m.wikipedia.org/wiki/Civil_law_(legal_system)

civil law / roman law, as used in a large part of the world including Europe. (different from civil law as the term is used in the US)

things are quite a lot more clear cut if you just codify (yes, exactly like code, our law books look like code in human language, precisely worded) instead of reinterpreting the law on case by case basis and some ancient writings reinterpreted to fit a modern setting (even they were made by smart folks, it's still almost religion)


This doesn't answer the parent's point. Most cases turn on the facts, even in civil law systems. Defendants still get locked up when judges don't believe them, and judges can still get the facts wrong.

Most U.S. federal law is codified, including the contempt provision that applied here (18 U.S. Code § 401). Codification does not remove the need for courts to resolve ambiguities. The constitutional right in this case is a good example: there is no explicit privilege against self-incrimination in the European Convention on Human Rights, yet the European Court of Human Rights has found that Europeans do have this right, and has explained its scope by 'reinterpreting the law on a case by case basis' [1].

[1] http://cardozolawreview.com/Joomla1.5/content/30-3/ASHWORTH....


Preposterous. Are you serious?

If I ask you to sink 10 baskets and then 0 baskets are made, there is an extremely obvious difference between 10 airballs and refusing to step onto the court.

Stop thinking like a software engineer and start thinking like a human observer. The court system does not use Jenkins to test conditions in the real world - the court system's "runtime" are the faculties of observation and reason of the judges and juries. There are countless, extraordinarily obvious differences between refusing to comply with an order and complying with an order but failing to produce the desired result. In other words, humans do not judge compliance based on satisfaction of test conditions that have to be written down and then run by a computer - they use their own eyes, ears and brains.

As a result, the difference between genuinely not remembering a password or trying, but failing, to decrypt a drive, is totally and obviously different than telling a judge to take a hike, claiming "fifth amendment" or giving testimony that is obviously untruthful. Frankly, this statement:

> There's no observable difference between inability to produce a result and refusing to produce a result

Is just outrageous. There is no difference between failing to detect the higgs boson and not even trying to detect it? I posit that these two scenarios are outrageously different: (1) building the LHC and not finding the higgs boson and (2) not buidling the LHC. Both situations have failed to detect the higgs boson - but they are, in all other respects, remarkably different. I genuinely cannot believe that you hold this point of view to be true.


There's no observable difference between trying and failing, and refusing by pretending. We can obviously observe an open refusal.


I disagree, and the court system is predicated on this idea.

Judging the credibility of testimony is not only one of the primary activities of judges and juries, but, again, I categorically do not believe that you truly believe there is no difference, whatsoever, in indicia or outward evidence, between telling a lie and telling the truth. It's not a remotely credible position to take. It is absolutely the case that humans can be very bad at judging the difference between lying and telling the truth, but the assertion that there is no observable difference is nonsense. It is the reason there are such a thing as "good" actors and bad actors. It is the reason that athletic events in movies are staged, as opposed to actually performed. It is why special effects exist.

Additionally, these judgments are made in context. You aren't judging the atomic, context-less testimony of a spherical witness on a perfectly cubical witness stand suspended in an infinite vacuum. You are judging a human, sitting in a court, in the context of a whole host of other evidence and testimony. So, basically, you are making one of two claims: (1) that humans cannot judge the difference between truth and lies and (2) that it is improper for humans to make these judgments in the context of criminal justice. I disagree with both, but in this case all that matters is the latter - I will cede that it is often the case that humans mess up on individual judgments, but this does not mean that putting humans in charge of these decisions is not the best option we have when it comes to criminal justice.

What you are pointing out is that justice gets tested at the edge cases - and what we have here is an edge case. I understand the engineer's desire to have proof-positive, objectively testable indicia to differentiate between different case-states - in this instance, the difference between being a convincing liar and telling the truth - but that is the central reason we have a court system that is populated and run by humans and not machines. Our "best guess" is what it comes down to. This does, in fact, result in miscarriages of justice - there are supposed to be correcting mechanisms built into this system to compensate for this as well, and the general release-valve for these errors is the idea that you are supposed to be innocent until proven guilty. We have, in fact, stumbled upon a bug in this system here - judges can incarcerate individuals for contempt indefinitely, and this should not be the case. There are other factors going on in this circumstance that render the issue more complicated, and there are ways to address this bug with procedure - hearings, appeals, evidentiary testimony or expert testimony - but to simply state that the solution is to make the system recognize that it is impossible to tell the difference between truth and lies is an absurd notion that totally undermines its very foundation. It is not just throwing the baby out with the bath-water - it is then bulldozing the house too.

It is a primitive, or axiom, of the court system, that humans can be asked to make value judgments about the truth and falsity of assertions presented to them and to judge the veracity of the witnesses making those statements. If you categorically disagree with that axiom, you disagree with the entire jurisprudence system. In this case, I'd like to quote Churchill, when talking about Democracy:

"It's the worst form of Government, except for every other."

If you have a better idea about how to run the court system, I'm all ears.


In my attempt to be clear about the piece of your rant I was calling attention to, I was imprecise. Your previous comment had been directed at asserting there was obviously a difference between someone verbally stating refusal and someone attempting to comply. I can see how you could choose to read that into what the other poster said, but it is not a charitable interpretation.


> There's no observable difference between inability to produce a result and refusing to produce a result.

I don't see how that is open to interpretations, regardless of charitability. I think it is total, unabashed poppycock.

> How do they know he didn't just forget the password? Or that the password was recorded somewhere that he no longer has access to?

Credible testimony and other evidence.

> After sitting in jail for many months, it is very easy to forget a password that you no longer use regularly.

Right, and that is not the issue. Obviously the judge did not find this guy to be credible in the first instance.

That having been said, I'm a corporate lawyer, so my apologies if I was unnecessarily aggressive in my reply to your post. It is something I always have to watch out for, but your points are appreciated and thanks for taking the time to engage.


> I don't see how that is open to interpretations,

I can see a few things the author might be trying to convey. The most interesting would probably be "[There are cases where t]here's no observable difference [...]". I think the alternative I suggested ("[...] produce a result while pretending not to.") is better supported as the authors probable intent (while being a stronger statement and correspondingly less likely to be accurate).

In any case, pragmatics + charity should tell us someone wasn't asserting we can't tell the difference between a person saying "I can't" and a person saying "I won't", and if you can't figure out what else they might have meant the first thing to do is ask.


> it is very easy to forget a password that you no longer use regularly.

Heck, some weeks ago I forgot part of a passphrase I did use regularly. Fortunately, I remembered enough of it that I could feasibly brute force the rest.


From the article: "Rawls, the government argues, (PDF) "repeatedly asserts that the All Writs Act order requires him to divulge his passcodes, but he is incorrect: the order requires no testimony from [Rawls], and he may keep his passcodes to himself. Instead, the order requires only that [Rawls] produce his computer and hard drives in an unencrypted state.""


That does not change the parent's point – he is in contempt for refusing to comply, not for being unable to comply. Contempt must be willful: https://www.justice.gov/usam/criminal-resource-manual-753-el...


Yes, and the people who are holding him in a cage are the people deciding whether he is unable or unwilling. Not exactly any consolation.


Yes, the state ultimately decides whether someone's behavior justifies their detainment or not. Is this really news to you? Should they just let him go because he said "Shoot, turns out I don't remember!" How would any criminal justice occur if we let people off with flimsy excuses like that?

Most of the time, absolute certainty that someone is guilty is not possible; that's why the criminal standard is "beyond a reasonable doubt", not "proven to the point of mathematical certainty".

In this case, the simple fact is that the court does not believe Rawls's assertion that he is unable to comply, so he remains detained on contempt. This will change once the court is convinced that Rawls is indeed no longer able to comply.


Beyond a reasonable doubt does not mean "hurr guilty cause i tink u lying cause i don like ur face". Observers cannot be relied on to make correct judgements and the observers of the observers cannot be relied on to assess if they made a correct judgement. Indefinite imprisonment via unconstitutional contempt of court laws is the real issue here and not encryption.


> should they just let him go because he said "Shoot, turns out I don't remember!"

No, I don't think any private individual should be jailed for failing to decrypt data, regardless of whether they are able to, as part of a case wherein they are the accused. This should be a basic fundamental right of the accused, and I think the current working interpretations of the fifth amendment are unjust.

> How would any criminal justice occur if we let people off with flimsy excuses like that?

Justice in my view is the presumption of innocence, with the duty to demonstrate guilt beyond reasonable doubt placed on the prosecution. Forcing accused to decrypt data obviously helps the prosecution, but so would warrantless searches, and I oppose both for precisely the same reason.


>Justice in my view is the presumption of innocence, with the duty to demonstrate guilt beyond reasonable doubt placed on the prosecution. Forcing accused to decrypt data obviously helps the prosecution, but so would warrantless searches, and I oppose both for precisely the same reason.

Warrantless searches are unjust because the police can come in and execute them without oversight. In this case, the neutral overseer (the court) has directed the accused to comply with a request from the investigators.

Warrants are a check against rampant tyranny. They are issued or declined by an independent judicial officer whose incentives are, at least theoretically, not aligned to favor either party.

Warrants don't exist because we think it's unfair to comply with reasonable requests from the organs of the state in the their pursuit of justice, even when you're among the accused. Rather, they exist to make sure that the requests remain reasonable and fair and serve the interests of justice.

Like many things in our government, these are checks to limit and constrain the power of distinct government bodies and ensure that they do not get out of control. It is incorrect to assume that these restrictions exist for the convenience of criminal suspects, because they don't.


Just because one branch of government performs an action rather than another does not change my views of the action. A court cannot compel someone to testify against themselves just because they're the court, right?


No entity exists neutrally; that is fucking niave. Courts can favor accused police and political officials. The laws must then be designed not to act to grant power to an assumed neural party, but set the stage where all parties have equal power within the confines of the legal process. A fair race.


>This should be a basic fundamental right of the accused

Well, it's not, and that's a terribly naive viewpoint. This is akin to a legal search. Are you also against those? How is this any different than compelling a suspect to e.g. open a safe in their home?


It's very much unlike a legal search. Legal searches require no participation on the part of the accused. I do also oppose compelling an accused person to open a safe, but I have no problem with the authorities breaking into a safe with a warrant. Likewise I have no problem with the authorities confiscating a hard drive and performing any transformations to the data they please


Ah, yes... the legal equivalent of "I'm not touching youuuuu...."


That's like being forced to translate your own notebook written in code.

Not my problem, get your own codebreakers to do it.


It's different because you can't verify the authenticity of the custom hand-rolled cipher. This is a request for the accused to produce the keys only, not to do the work of manually decoding.


In a way still testimonial. I must provide secrets that reveal information about myself.

It is literally the same as ordering me to tell them how to make sense of the unreadable data.

I'm not giving them a plaintext copy of something already existing elsewhere (assuming no unencrypted backups), but producing new information for them.

And unless you used FDE with full authentication (AEAD), which almost nobody does, there's nothing that says that this particular ciphertext represents the exact plaintext I've had at any given point in time.

With XTS mode (Truecrypt) you can cut and paste together different blocks from different ciphertexts under the same key for as long as they're in the right positions. Depending on how much you know about the computer and if you've got access to multiple backups, you can splice together something that even if it doesn't contain anything illegal, it would look suspicious and incriminating.

Consider for example LE getting your full file version history of a container from Dropbox.

And revealing the keys is a kind of testimony that you have had read/write access to the drive, and that it indeed is encrypted (not just random).


No, you're exactly wrong. The demand on Rawls is that he do whatever work is necessary to produce the drives in an unencrypted state. If he hid a printout of the password on Mount Everest, that means he is compelled by the court to climb Mount Everest.


I'm speaking in practical terms here. I haven't read the actual order, but I understand the language of the order may technically require him to do the work necessary to render his drives in a decrypted state. That's because they expect the only requirement to be entering the key.

If he had a password hidden on Mt. Everest and demonstrated that to the court's satisfaction, and then cooperated with the court's order to reasonably assist in decryption (e.g., allowing the court access to the sherpa that routinely retrieves this key and enters it to decrypt his disks via some remote mechanism), I assume he would be considered compliant.


This explanation (and the other forms in which it's presented in this thread) is really troubling to me. It sounds like in order to offer a defense of the inability to comply with the order, the accused has to provide evidence which could be used against him in the trial. In your example, the existence of the password on Mt Everest could be used against him, and was evidence the prosecution probably could not have discovered but for his compelled testimony. It's even more troubling in the case of the Sherpa: revealing the identity of an accomplice (as it were) is surely self-incriminating!

But if this were really how he obtains the password (and similar schemes of off-site passwords and accomplices aren't so outlandish in the case of servers which might require the keys on reboot a few times per year), how could he possibly defend himself from the contempt charge? It sickens me to imagine being in the same situation. If this isn't an instance of the cruel trilemma, I don't know what is =(


And that is the fucking problem. It's a principled issue and you admit that it is. What your arguing about is how much is enough to violate the principle. Since people can only agree on principles, you shouldn't kill, then the law needs to fucking operate on principle alone.


Isn't the grandparent quote stating the opposite of what you've said here?


Technically, maybe. The court's language is meant to clarify that the accused does not have to disclose his key, he need only unlock his disks. There is no reasonable expectation that this would require a significant effort or testimony on his part.

His case hinges on whether he can prove that the work necessary to decrypt the disks, which is understood to mean entering the keys which he remembers, is testimonial self-incrimination and thus illegal under the Fifth Amendment.

Believe it or not, most judges are aware of smartasses and are not required to accept "Well, I don't remember, and you can't prove that I do, so ha! You have to let me go now!" The evidence surely indicates that this man used his computer regularly, which necessarily required unlocking his disks, and that means that by all rational conclusions he is, or at least was, capable of complying with the order.

Until the court is fully convinced that he is no longer capable of complying, or until the order is dropped, modified, or stayed, Rawls will remain detained for his failure to comply.


> There is no reasonable expectation that this would require a significant effort or testimony on his part.

Whether or not this is true is precisely the crux of the matter. Your comment echoes the government's position: Decrypting the hard disk is not equivalent to testimony, and is therefore not protected by the fifth.

The defence and EFF's amicus brief argue instead that we live in a world where our phones and computers are effectively an extension of ourselves, and asking to decrypt those is equivalent to forcing you to testify on your most intimate secrets, which is most certainly not kosher.


> The evidence surely indicates that this man used his computer regularly, which necessarily required unlocking his disks, and that means that by all rational conclusions he is, or at least was, capable of complying with the order.

Well that is understandable but what if he burned the passwords just before he got arrested, heck he might even chewed them up and those are long gone. How would they find out? If he is a such dangerous child molester should they go full Sam L.Jackson Unthinkable style on him?


How far can court orders go? Let's say he was a crooked accountant and the police couldn't understand his spreadsheet. Is he obligated to show him what he was doing?

To me this is what the disk encryption is like. The cops can't understand how to read the disk. Is he obligated to help them? What if the pictures in there are encoded using a weird format? Should he be forced to produce a program to read them?


How does the Fifth Amendment apply here?


What if the fellow made a sworn statement he doesn't remember his credentials? It happens to me on a regular basis.

IIRC, the I don't recall defense has worked wonders for others in the past.


I wonder if he had an encryption scheme that deleted the data in the event of n password failures and also something of legal value like bitcoins on the drive. Perhaps, then he could argue that knowingly attempting to log in using potentially incorrect passwords constitutes undue harm.


Such a scheme could probably be circumvented by making copies of the encrypted file (or the entire disk), or denying the decryptor write access etc.


I co-authored a project that works on Debian that do unattended reboots of encrypted disk drives which allows for scenarios where Alice don't know any part of the key. Every time the machine boots up bob get a request on the network and he can chose to approve or deny. Bob in turn could be in a different country which would make coercion a bit hard.

(Project called Mandos)


I think I remember you giving a talk about this at SmashTheStack in Malmo, Sweden.

I believe I asked then about maybe having support for non-debian systems and eventually something like Windows in the distant future.. What kind of support would you need for it to be worthwhile investing in that?


(Other co-author here.) We did do that, yes.

(I’m not sure what support or investing would mean in this context.) A Windows programmer could probably port the server side program (which holds the passwords) relatively easily, since it is currently implemented as a normal daemon in Python, and could therefore conceivably be ported or re-written to suit any Internet-connected platform, and the network protocol is fully documented. The client program (which receives the password and uses it to de-crypt the disk), on the other hand, is not so simple to implement. But the problem is not the network protocol; that is relatively simple. The hard part is instead running in the limited environment which exists before the password is available. In Debian, this means writing a program to run in the initramfs system where a kernel is available, but no networking is configured, and no standard system services are available. I have no idea what this would mean in a Windows context. I have toyed with the idea that it might be technically possible to re-write the client to run in the EFI environment, but I have not looked into it – it may or may not be feasible; would one have to write one’s own ZeroConf library? How about a TLS library supporting OpenPGP keys (as per RFC 6091)? How would one even provide a password for unlocking the disk to, for instance, VeraCrypt? Would one have to write the whole thing as a kind of module in VeraCrypt, if such a thing is even supported? I haven’t the foggiest notion of any answers to these questions, and I’m not a Windows nor a macOS programmer, and we implemented it on Debian since that is what we used at the time (and still do). Also, I’m gainfully employed full-time, so I’m not really looking for more work. To sum up, I would not personally be very suited for this kind of work due to inexperience on other platforms, nor could I take it on even if I were, due to personal time constraints. However, I would gladly support (by being available on the Mandos development mailing list) anyone doing this kind of work.


Had to reset my password to login to write this.

I love the idea of Mandos, but I've had some trouble setting it up and getting it working in the past :( And there doesn't seem to be much help on the internet; most guides are flimsy with no real information in them


I’m both sorry and surprised about that, since I thought we had documented everything appropriately. The thing to do after installing the mandos-client package, for instance, is to read /usr/share/doc/mandos-client/README.Debian.gz. That file contains the instructions for setting it up, and also the command to verify that it works before rebooting.


>Alice pretends that Bob exists, but actually he does not, but police cannot prove that. What then?

Well it's pretty obvious what happens then. The police claim Alice is lying and hold her in contempt indefinitely. The man from the article claims that he doesn't remember the passwords anymore and can't possibly comply, he's still being held in contempt even though there's nothing concrete to show that he still knows the password.


Not just unethical. Illegal. Indefinite detention without charge is against the law.


What's the current status on §§ 1021-1022 from the 2012 NDAA bill? [1] Did that become law as it was written, and is it still active? It made provisions for the US military to indefinitely detain US citizens without due process. I've found these things difficult to keep track of frankly, with so many egregious laws from just the last ten years.

[1] https://www.aclu.org/news/president-obama-signs-indefinite-d...


Wikipedia indicates that it's still in effect.

https://en.wikipedia.org/wiki/Indefinite_detention_without_t...

This is mainly because nobody has standing to challenge the law. To my knowledge, no US Citizen has yet been detained as an enemy combatant since the law was passed. It will be an interesting court case once that happens.


Obama quietly signed the following in January: https://www.congress.gov/bill/114th-congress/senate-bill/294...


Quietly? is that a necessary or even applicable verb here? It's public record, he was the President of the United States, and it's a major budgetary act for the biggest military in the world and covered by hundreds of news agencies. Are you quite sure he signed it quietly?


Well I can't edit my now-0 comment, but the point is, slipping in words like "quietly" assigns an intent which may not be present. As though Obama were trying to sneak the NDAA past everyone.

It's hard to covertly sign any legislation as the president, notwithstanding secret courts and laws (fisa, patriot act secret interpretations, etc).

Just saying, we don't need to try to make people think a certain way by guiding them with weasel words, people can read facts and make a judgement, without trying to subtly assign some bias in either direction.


Doesn't this boil down to the "I am willing but unable" situation? The man in this case was the "unwilling but able" situation. My question is wouldn't the man be shifted into the former situation if he just claimed to be now willing but to have forgotten his keys.


He did claim he'd forgotten the keys. Maybe he changed his mind on that later, but I haven't seen any statement of the sort.


This is a gambit that is often tried by folks in this situation. There is a famous case where someone was held in contempt for decades that you can read about on Wikipedia. At first he refused to turn over ordered monies, but later he had "lost" the money.

So, I'd say, if you're going to try to go with the "I forgot" defense, you'd better be very sure not to give the court a reason to doubt your honesty (e.g. initially refusing then changing your story).


Agreed. I also think it's hard to make the "I forgot" defense without demonstrating an effort to comply. "I tried to help but can't remember", while still suspect, is more compelling than "I can't remember and I don't feel like trying".

Although that makes me wonder if there's any legal incentive not to attempt to comply if you're not confident you remember. Maybe there's some greater legal vulnerability if the failed attempt is interpreted as deceit and treated more seriously than refusal.


The one bright spot is this leads me to hope they can't decrypt at will via some non-public method.


Or they're just not willing to divulge the methods existence for a kiddy porn case.


Using the same two-key method, attorney–client privilege might be of use, though not sure:

https://en.wikipedia.org/wiki/Attorney–client_privilege


IANAL, but it would fail to meet the basic criteria, as the communication was not for the purpose of securing legal advice and, the prosecution would argue, the communication was made for the purpose of committing a crime.


IANAL, but what if the same keys were also used to encrypt client-attorney communications?


They compel you to release everything, but don't allow the client-attorney communications to be used as evidence.


Alice can also just embed the message into the noise of a JPEG file. A noisy image can be used for plausible deniability.


Or Alice can just claim that the random file is the key to another encrypted file :)


Alice has created a file containing random data. Authorities think it is an encrypted volume and wants Alice to give up the key. Alice has no way to prove it is just a file with random data and is imprisoned indefinitely for essentially having a file with random data =]


Mallory has created a file containing random data and planted it on Alice's drive. Then Mallory phones in an anonymous tip to the police...


Nice, even in times of Stalinistic oppression things weren't as easy...


So typing the simple command

    cat /dev/random > filename 
can actually get you imprisoned. Good to know.


Alice is able to switch the tracks on a trolley hurtling towards the encrypted only copy of the rest of her key towards a track where Clive, the only person who knows the key to that secondary encryption, is tied...


Interesting thought experiment, but ultimately flawed. For this to make any sense, you first need to answer a question: Why are the authorities looking at Alice's computer in the first place?

Also, it's extrapolating a lot from a case that's actually a fair bit less sinister than what you're suggestion. Facts of this particular case here are that:

  1. The guy was a suspect to begin with, and they had
     enough evidence of him doing something wrong (from
     the Usenet side of the operation) that they got a
     warrant to search his computer.
  2. The disks are encrypted with off-the-shelf OS-provided
     full-disk encryption, which is relatively easy to verify,
     rather than some "purely random data that might or might
     not be encrypted".
  3. At no point has he denied having access to the keys (at
     which point it would essentially stop being a 5th amendment
     case).
Now, I'm actually of the opinion that he should _not_ have to decrypt those disks, but that's strictly a fifth amendment thing, rather than the more convoluted scenario you're suggesting.


Not sure what the man's crime is here. Does he even remember his keys after sixteen months in the slammer? I don't even remember my Gmail password after 16 days of vacation. Basically, like the article says, it like not opening a safe for an inquisitor: you are damned if you do, you are damned if you don't. Encryption is nothing new people, you are just putting your data in a safe.

We have a tendency to misconstrue, willfully misinterpret, or altogether ignore the law when it comes to prosecuting individuals who we believe to be standing on much lower moral ground. We do so because we want so badly to punish the accused that we are willing to reduce or eliminate greater good that some privacy laws are aiming to provide (i.e. Trumps silly travel ban which is based on his hatred of Muslims built upon imaginary news stories and personal exaggerations of particular recent events -- all laws out the window)


This was pretty much inevitable :(

> Encryption is nothing new people, you are just putting your data in a safe.

Well, you could also be held indefinitely for refusing to provide the combination for a safe. If there were safes that could keep them out indefinitely, anyway.

I suspect that they nailed him using ICAC's Black Ice app. It's a hacked version of the Freenet client that logs peer IPs, and tracks hashes that they handle. So his mistake was assuming that deniability was adequate, and failing to hit Freenet via Tor.

Edit: 2016-05-26 - Police department's tracking efforts based on false statistics: https://freenetproject.org/news.html#20160526-htl18attack


> Well, you could also be held indefinitely for refusing to provide the combination for a safe.

Is there case law supporting that? Traditionally I think the combination would be considered forced testimony.


Sorry, I got confused. In the US, keys can be compelled, but not combinations.[0] But the tide seems to be turning :(

0) https://www.quora.com/Can-a-search-warrant-compel-me-to-unlo...


Thanks for the background, but somebody has to say it: his failure was looking at child pornography.


>his failure was allegedly looking at child pornography

FTFY

It doesn't matter what they accuse him of, until they prove it, he's innocent.


Thanks.

I don't care what the charge is, if the government can not prove their case without compelling the person to testify / provide evidence against himself the judge needs to throw that case out. This is terrifying that anyone could be jailed for using what anyone would consider their 5th amendment right.


He's innocent in court (and my non-lawyerly (aka worthless) sense says the fifth amendment favors him).

But we're not a court, and our standard for speech shouldn't be "beyond a reasonable doubt". The parent poster was right. His failing was looking at child pornography.


What should our standard be? Being accused equals being guilty?

Tread carefully. The protections you give others are the protections you'll enjoy yourself if needed. And hoping you'll never need them is a very shortsighted strategy.


Well said.


But we're not a court, and our standard for speech shouldn't be "beyond a reasonable doubt". The parent poster was right. His failing was looking at child pornography.

That's what you think until you're falsely accused of such a crime...


For everyone who's poo-poohing this, go read the government's brief (https://arstechnica.com/wp-content/uploads/2017/02/fedsrawls...). There are logs that show him visiting child pornography groups, there are recorded requests of him accessing files whose hashes matched child pornography, his sister says he showed her child porn and told his entire family that he had a problem with child pornography, and he admitted that he may have been emailed child pornography.

Now, replace child pornography with any other thing. Would you question me saying that he'd been downloading that thing?


Says who? Neither of us saw it, so we can't know.

There's a procedure though that we use to determine the likelihood of someone's guilt, based on evidence and legal arguments. Would you like to hear about it?


I think it's legitimate to say, in a discussion like this one where we're not dealing with punishment, that we should hold to a weaker standard (preponderance of evidence?) than should a criminal court.

That said, as far as I'm aware the only evidence we've seen is that he's been accused of the crime. I don't what portion of accusations are false (or even a proxy like conviction rate in comparable situations).


That might seem reasonable at first glance, but it tends to turn into a witch hunt — especially with modern day communication channels.

That is, you are effectively dealing with punishment (by treating a suspect as a criminal and tarnishing their reputation before being convicted) by not applying the same rigour as the courts.


I agree that social condemnation - especially mass condemnation - is a form of punishment, and should be treated with corresponding care. But I reject the attempt to extend that to all related reasoning - it is specifically a question of requiring a high confidence for punishment.


There's a lot more evidence in the government brief, which was linked in the article.


Fair enough.


This is not an activity I want to engage in or even associate with people who do, but a nonviolent private activity is not a reason to violently persecute someone, especially to this degree.


It's not a private activity, it directly supports an industry of violence against children


You can make the same argument for the adult porn industry, and that leads to one of two conclusions:

- That the viewer of adult porn shouldn't be prosecuted for viewing porn.

or

- That there is a societal / governmental acceptance of the exploitation of men and women, as long as they are adults.

The easy argument out of this hypocrisy is to claim that while children can never consent, adults can, but then that opens the can of worms of whether they're "consenting" under coercion, like under threat of not getting hired again to do work or if they're enslaved, and the answer to that is that it depends on the case.

At this point it turns political, with one side generalizing that most do consent, and another side also generalizing that most do not consent, and reaching an agreement is impossible because there is a half-truth to both sides, and after a lot of heated arguments, people get worn out, and nothing gets resolved.

So instead I'm just going to direct people to read up on the topic of victimology, which is a sub-genre of criminology, specifically how it affects human traffic (which are >90% women, and has a total volume of enslaved people higher than it was when slavery was legal) and get informed and then make up their own mind about it without bothering others.


Or you can make the same argument for the diamond industry. Buying a diamond you are committing a crime against humanity, as you are supporting war, slavery and a whole lot of violent stuff somewhere in Africa.


I'm surprised you haven't been called a pedophile/pedophile supporter yet. Every time I tried to have that argument, it happened (tho not in HN).


And that is the reason you can never have a rational discussion about the subject. No matter how strong the arguments you present, the other side can always say "b... but... but think about the terrorists and the paedophiles!" and if you reply you get called a sympathiser - for having a rational discussion.

Welcome to 2017.


Or 16, 15, 19xx, 18xx. Principled defense of something seen as morally wrong was always fraught with "so, you defend it, so, you must like it. Probably, you even do it, don't you?"

It's one of the first strategies in the book of shutting down your opposition and probably was one of the first things people tried the moment discussions started.


Yet another reason a universal basic income makes sense. Slavery by another name becomes much less likely.


This is a tenuous argument at best, even more so considering the protocol in question is freenet. Sure it's possible to force a commercial model onto any system, but I'd think freenet would be an especially terrible way to monetize. (And "industry" - seriously??)

Furthermore, there is presumably enough existing child pornography out there to satiate any viewer for their entire life. Perhaps increasing access to it is the way to discourage more being made! At any rate, paying for it could still be a crime, as opposed to the insanity of strict liability for bitstring possession.


I've seen articles about people using CGI as bait to fight it.


Supporting or undermining it by unpaid distribution of its disgusting output material? If he was directly supporting it, he would be already convicted based on tracing the payments, I guess.

And if obtaining and distributing the output material of a content industry without payment is supporting the industry, let that be put in writing…


> directly supports an industry of violence against children

Not necessarily, and even so, can it be proven?


If I see proof (undoctored video) of a dog being beheaded (a child being sexually abused) I think I'm safe to conclude that a dog was killed (a child was raped).

If then that video was sold (or distributed in any way) to fetishists of dog beheading I could conclude that there is some kind of commercial (distribution) process going on here.

Note for children: I'm using parenthesis in a way that shouldn't be done.


My point was that the distribution of the material, especially free of charge does not necessarily encourage further abuse, nor does its possession. I do not know, though I admit that I suspect that the abuse would be encouraged because it is being paid for.

Edit: In my opinion, the following offences ought to exist with relation to child pornography and abuse:

(1) Child abuse is an offence as it currently stands, or with revised ages of consent to better reflect philosophical, scientific and psychological evidence (2) The act of recording of abuse with majority or express intention of furnishing the material for charge or otherwise in order finance or encourage continuing abuse is an offence

I think the second part needs some elaboration. I don't think that recording a certain act taking place ought to be illegal, nor I do I think it ought to be illegal to share that material with others. However this presents a dilemma: the abuse may be encouraged by the fact that the material is being sold or even enjoyed. If this encouragement to continue abuse can indeed be proven in a court of law, by some standard deemed appropriate (either the standard 'beyond a reasonable doubt' or the more strict 'balance of probabilities') then the act of making the recording and the act of furnishing the recording, I believe, ought to be an offence.

On the other hand, if the recordings are made merely to provide the enjoyment of others, and not for the purpose of encouraging abuse, I do not think there should be an offence.

At the risk of over-emphasising the point: A child abuser may be encouraged by (i) money (ii) the thought that people are watching the recording (there may be further motivations).

If it can be proven that abuse continued and the abuse was contingent on one or more of these factors, there is sufficient reason to believe that the intent of the recordings aided another crime, which I think may be sufficient to culminate in an offence.


Well, enjo-kōsai is merely controversial in Japan. But bare female skin is illegal in Saudi Arabia.[0] De gustibus non est disputandum. What's key is mindfulness.

0) http://livinginsaudiarabia.org/73/pornography-in-saudi-arabi...


But without 100% proof he can't be jailed. The prosecutors don't have enough evidence to prove it, so how can he be jailed for it already?

"Innocent until proven guilty" is the foundation of our legal system


There are other precedents I think.

Here (Sydney Australia) the penalty for refusing a roadside alcohol test is the same as the top range blood alcohol penalty. So you can refuse a test, and they'll penalise you assuming the worst-case result you could have produced.

I'm guessing this guy is in a quite perplexing quandary - he's betting on whether they'll keep him in jail for as long for refusing to decrypt the drives as they would for the crimes that decrypting the drives expose?

(At least I _hope_ that's his quandary - I sincerely hope the reality isn't that he's genuinely forgotten the passwords, and when the FBI/NSA _finally_ bruteforce it, they end up with baby photos, teenaged angst poetry, and a few bittorrented Hollywood movies... That does, at least, seem quite unlikely...)


If he was using Freenet, there's no doubt that his node handled chunks of CP files, and that at least some of those chunks remain on the drive. Let's say that he never viewed any CP. Even then, can he be sure that investigators won't discover evidence that could be spun to demonstrate that he did view CP?

It is quite a quandary :(


If you didn't request it, your node won't hold decryption keys to the files.

Might not help him if they believe that the encrypted keyless fragments is enough (which would be a horrible legal argument).


That's true, of course.

But LEA are selecting nodes based on the hashes of those fragments. Many of them won't have cached CP fragments, but merely relayed them. But if his node did, prosecutors could argue that they've identified CP on his computer based on hashes, and have experts testify about reliability, etc. How many jurors would understand Freenet design?


He's not jailed for having CP. He's jailed for contempt.


How can they prove he is in contempt of the court? Someone who forgot the password would very well be found in contempt of the court, despite not doing anything wrong. How can you jail someone for being in contempt of the court when there is no proof that he has the password?

In fact, it seems dangerous for the judge to be able to jail anyone without a jury verdict. It seems to bypass legal protections.


> But without 100% proof he can't be jailed.

The standard is not "100% proof". Perhaps you should learn something about the legal system.


The standard for US criminal law is "proof beyond a reasonable doubt". I think "100% proof" is a close enough summary of that phrase... If the proof doesn't 100% convince the jury, then reasonable doubt still exists and prosecution should fail.


Beyond reasonable doubt can admit that doubt does exist, it's just not reasonable to entertain it. 100% proof strongly implies that there is no doubt at all.

https://en.wikipedia.org/wiki/Reasonable_doubt


I don't think there's a difference. For instance, let's say we have a video of little Timmy shoplifting a candy bar. Clear face shot, maybe the video even has sound and there's a vocal-print match. Pretty slam-dunk case, right? Not much room for reasonable doubt there.

Oh, but you see, little Timmy was actually being telepathically controlled by a diabetic alien about to pass out from hypoglycemia, who had him steal the candy bar. Can you prove this was not the case?

This is what reasonable doubt protects against. There will always be the ability to create a (probably fanciful) scenario in which the defendant is not guilty. An unreasonable scenario, one might even say. Being able to convince the jury beyond reasonable doubt is as close to 100% proof as you are reasonably going to ever get.

> Beyond "the shadow of a doubt" is sometimes used interchangeably with beyond reasonable doubt, but this extends beyond the latter, to the extent that it may be considered an impossible standard. The term "reasonable doubt" is therefore used. [Emphasis mine]


I understood that reference to "Impossible standard" to mean from a jurisprudence perspective.

If you want to insist that "100% proof" and reasonable doubt are the same, that's of course your choice. I think you'll find that people will tend to disagree with you.


Fair enough. I think anything beyond this point dives pretty fast into a philosophical debate on "knowability", which I don't think either of us are actually interested in. Cheers.


Indeed! I'm sure there's a lot of great judicial literature on the topic if you're interested in diving further. My armchair is pretty comfy though, and I think I'm likely to doze off before getting too deep into it. :)


That seems like a silly distinction. It's easy to come up with "unreasonable doubt" for any argument.

"I doubt that, because a fairy whispered something to me in my sleep."


I've expressed my layman's understanding of reasonable doubt. How does your understanding differ?


> I think "100% proof" is a close enough summary of that phrase...

Not even close.


Do you have any refutation to the logic in the rest of my post? Or is "nope neener neener" the only thing I get?


That's just semantics. He's jailed without a conviction at this point.


Maybe. But we don't know whether he looked at CP or not.


And lets face it, the NSA claim - and win in court with this claim - that "collecting and storing" personal communications doesn't count as surveillance, until a human queries the database and reads from the collected interceptions.

While a personal hard drive full of child porn is unlikely to be "innocently" explained away quite that easily, I wonder if owners of, say, usenet binary hosting newsservers ever need to claim that defence?


Bogus defense IMHO. Acquiring the ability to query a database is enough to constitute surveillance. I wonder if my land lord could use the same logic to legally record me in the shower.

We have to understand that, much like it's a military's responsibility (and desire) to go to war, it is the goal of spy agencies to gather all the intelligence it possible can. In both cases it is up to law making bodies comprised of "the people" to check these agencies' ambitions.


I completely agree with you. It baffles me that anybody can stand up in front of their peers and claim "bulk collection" doesn't violate your privacy until/unless some human ever reads the data you've collected, and it's beyond parody that a judge in a court agreed with this example of mental gymnastics...


>until a human queries the database and reads from the collected interceptions.

Didn't it go further than this? Just searching the data for some signal wasn't a "search" because a machine did it, it was only a "search" if you were a match and if you were a match then they had "probable cause" for the search.

Not entirely sure how accurate that is but FWIW it seemed like that was the accepted reading of the twisted reasoning on HN back when that came out.


It's actually pretty clear that he did if you look at pages 3–10 of the government brief. The government just doesn't know exactly what's on the encrypted external hard drives, but they suspect it's a lot more child pornography, which could bolster the case against him: https://arstechnica.com/wp-content/uploads/2017/02/fedsrawls...


His crime is disobeying a court order, which is a crime that you can go to jail for. Just like if you had the key to a safe, and the court orders you to open the safe, you would go to jail if you refuse to do so. If he forgot the keys he could have told the court that and the court would evaluate his credibility.

*edited changed from key to combination because combination locks are protected by the 5th amendment and keys are not.


The courts can compel you to turn over something that you have. Something that you know is protected by the fifth amendment, in particular for combination locks.

https://supreme.justia.com/cases/federal/us/487/201/case.htm...

"""

JUSTICE STEVENS, dissenting.

A defendant can be compelled to produce material evidence that is incriminating. Fingerprints, blood samples, voice exemplars, handwriting specimens, or other items of physical evidence may be extracted from a defendant against his will. But can he be compelled to use his mind to assist the prosecution in convicting him of a crime? I think not. He may in some cases be forced to surrender a key to a strongbox containing incriminating documents, but I do not believe he can be compelled to reveal the combination to his wall safe -- by word or deed.

"""


...you just pasted the text from the ONE dissenting judge; the other EIGHT disagreed and ruled in the opposite.

https://www.oyez.org/cases/1987/86-1753


Per my other reply, the case he was dissenting about was not about being compelled to provide the combination for a lock. The dissent simply contained a supreme court judge's opinion regarding combination locks. If you can find actual caselaw for combination locks, I'll take it. Otherwise, I'll take the supreme court justice's opinion.


The other eight unanimously agreed with him, they disagreed that the particular case was analogous to a combination, the other justices were of the opinion that it was really a "key".


great, now look up what "dissent" means. Dissent is legal mumbo jumbo for "stuff that ain't law."

When you have a panel of judges, we go with the decision of the majority of judges. The decision of the minority of the judges is still published under the heading "dissent." It isn't the ruling and it doesn't affect the law, but it's published just to note that they disagreed and their reasons.

There are some 5th amendment encryption cases where there is a question about whether the government has shown that there is a reasonable certainty that the files contain the evidence being sought. In those cases the 5th amendment would act to protect the info. That doesn't seem to be the case here and in that case, it seems like clear law that he would have to give up the data.


I am well aware of what "dissent" means. Fortunately, this is a supreme court justice talking about a case that was not about a combination lock. Unless you can show something that says that you can be compelled to open a combination lock (I couldn't), I'll take the supreme court justice's word for it.


You're right, combination locks are protected by 5th amendment as Testimonial evidence. I was wrong in my original post, however this doesn't apply to computer encryptions which the court seems to treat more like keys to a safe which are not protected, I'll correct my post accordingly thanks.


So if I put a dial interface on my computer I can't be compelled to give up my "combination"?


You're combination is protected under the fifth, but you can be compelled to unlock your computer using that combination, which is exactly what the judge is ordering in this particular case.

And don't complain too me that it's essentially the same thing; this is the judge's reasoning, not mine.


> His crime is disobeying a court order, which is a crime that you can go to jail for.

Sure, but isn't the question whether he should go to jail indefinitely? If defying a court order is a crime, then perhaps it should have a well defined jail term.


It does, the term is "until you comply".


That's not what well-defined means. You might as well say we should jail people until their victims feel better.

Furthermore, there's no evidence demonstrating he actually can comply.


What about the 5th amendment? I think we can agree without too much of a stretch that our storage data is just an extension of our mind (verily, suppose someone had illegal data stored on their drive and an idedic memory? Destroying the data on the hard drive wouldn't destroy the data in their mind), and thus just as protected by our right not to testify against ourself?


His crime is disobeying a court order, which is a crime that you can go to jail for.

That's not his crime, or as the subtitle below the story's headline states: "He's not charged with a crime." He's held in custody, not serving a sentence for a crime of which he has been convicted. He has never been convicted of any crime by any jury. That's a huge difference, both legally and morally.


Some are arguing that the court has no right to order him to do so. 5th amendment and some case rulings are mentioned.


> Encryption is nothing new people, you are just putting your data in a safe.

I know this is an old argument, but what if I put the contents in a paper shredder, in the safe? It's still the data, it's just that it went through the shredder. Why is ok for the government to compel you to change the state of the data from encrypted to unencrypted? They couldn't compel Apple write software to decrypt a phone. Why can they compel me to write an encryption key to decrypt data.

Discloser all of my data is encrypted, and if the government asked I would really be torn about giving them keys.


Or, what if you had a paper in a safe that was written in an invented language? They may be able to compel you to open the safe (i.e., provide a BIOS password), but can they compel you to teach them how to read that invented language?


That's actually a much better example. Seriously, can they? It seems ridiculous, but then compelling you to decrypt anything is obviously ridiculous as well. Maybe you are reading and writing this data as is, who is to say?

I guess, the real reason why this question stands is that nobody gives a fuck about logic and solid law, someone (obviously) just wants it to be a crime and it is easy to sway public opinion in a way that allows for it to account as one. Which, again, reminds us that the current state of the law is that it is rotten by default.


>They couldn't compel Apple write software to decrypt a phone.

no, they didn't compel apple


FBI tried but didn't get their will through


> Not sure what the man's crime is here.

He didn't commit a crime. He is being held in jail for contempt of court. This is how the system works. This is no different than if a judge demanded that you turn over any other form of evidence - it should not be so shocking that you can be held in contempt for refusing to obey a court order.

It is bad, however, that he is being let to rot indefinitely. That is the problem here - not that he was jailed for contempt in the first place.


I would dare say that the really bad part is that there's no way to know for sure if he can even comply with that order. As I understand, he claims that he has forgotten the password. Obviously, it's a convenient excuse, but it's not something utterly improbable. What if he actually did forget the password? Why is the word of the judge alone sufficient to assume otherwise? There seems to be an obvious lack of checks here.


> Why is the word of the judge alone sufficient to assume otherwise? There seems to be an obvious lack of checks here.

Because the judge's finding is based on evidence – see my other comment[1]. The judicial power to make findings of fact is checked by the appeal process, which is now underway.

[1] https://news.ycombinator.com/item?id=13633968


> He didn't commit a crime. He is being held in jail for contempt of court.

The problem is that contempt isn't classified as a crime and so it doesn't have a fixed term. There are moral hazards with having fixed terms like this, but the moral hazards of not having them, like this case, seem worse.


The difference is that the authorities can crack open a safe without the suspect cooperating. But it's virtually impossible to decrypt something without the receiving the key.


Unless it's something akin to a Da Vinci cryptex that destroys the contents when forced open. Just scaled up to modern day encryption levels.


He shouldn't have to decrypt his hard drives, and I support his decisions.

The problems with this are numerous.

First of all no one has any duty to provide the police with evidence as a 5th amendment protection. It's not a "right" for the police at all to have.

Imprisoning someone for failure to disregard their constitutional rights is absurd.

They have no evidence to hold him period.


"no one has any duty to provide the police with evidence as a 5th amendment protection"

I like that idea. However, the 5th amendment's protection is something different: "No person shall be compelled in any criminal case to be a witness against himself."

Consider the case of someone running a drug lab or counterfeiting press in their residence. Police show up with a warrant based on probable cause to search the residence. The person is required to unlock the door and let the police in because the police have a warrant. The person is not testifying against themselves, they are unlocking the lock to allow a warranted search. If they do not unlock the door after being presented with a warrant then that is a new crime they can be charged with, and the police will come in anyway.

In these cases with encryption the courts have consistently been finding that the password is comparable to unlocking the door to a house to which the police have a search warrant.

It has also been counterargued that speaking or writing down a password is a form of testimony, one that can be self-incriminatory, and therefore is protected by the Fifth. Most courts have not been sympathetic to this argument, though there has been one exception.

In this case the man is in possession of a lawful order from a judge to facilitate a search and he is refusing to cooperate. Thus the judge jails him until he decides to cooperate with the lawful order from the judge. This is how it is done.


The difference is, one doesn't have to cooperate with a search warrant. The idea of encryption being a lock like on a locked door is ludicrous and downright dangerous. Using a fantasy metaphor in place of actual reality is incredibly misleading and outright manipulative.

The difference between a lock and encryption is that all locks in the physical world can be broken by outside parties. If someone doesn't want to open the door for a search warrant, the cops can bust it down. That can't be done with encryption. The only metaphorical equivalent to breaking encryption would be to brute force it which, given proper encryption, is unlikely to succeed. So now we have an innocent person being held indefinitely based on some metaphor the courts decide must hold up in the real world that has no real world basis in reality. Instead of the courts logically following up their own thinking, they now expect the defendant to do the police and prosecutor's work.

If it's a lock, the police/prosecutor should break it after obtaining a warrant. It's not the defendant's job to testify and give them the information they need to break it. If they are incapable of carrying out their job, why should the innocent defendant be compelled to do it for them?

Why should the innocent defendant be made to languish in jail indefinitely because the police/prosecutor are inept and incapable of doing their job without reverting to unconstitutional tactics?


I think this argument would be more compelling if instead, you pointed to the fact that they cannot prove that the hard drive contains anything at all. The problem of deciding whether or not the hard drive is encrypted is equivalent to decrypting the hard drive. It's like the police showing up with a warrant to enter a house that they cannot prove exists, or that I am the owner, and then holding me in contempt for failing to open it.

What if your hard drive was encrypted maliciously and then taken into evidence? Is it even possible to prove that this isn't the case?


It's not fantasy. Fantasy is a world where you can tell the police "I know how to open that thing that you have a lawful order to investigate, and you don't, so any crime of which I'm suspected is now uninvestigatable, nanny nanny boo boo". The analog with other difficult locks is just fine; the fact that these locks are so good that they are unbreakable doesn't really change anything about the accused's obligation to cooperate with lawful orders.

The protection in the Fifth is to prevent a perverse system of coerced confessions, where innocent people can be placed on the stand and forced to falsely confess before the court. This has been expanded to preclude other types of unreliable confessions. Impeding the execution of a legitimate warrant, even when that warrant is issued in order to obtain evidence to prosecute oneself, is not protected by the Fifth Amendment.

The Fifth is not there to allow criminals to get away with things, antagonize the police, or make it hard for society to maintain order. It's not there because keeping "one innocent person out of jail is worth 50 guilty going free" or similar sentiments that are frequently expressed. It's there to prevent a common corruption in the justice process.

>Why should the innocent defendant be made to languish in jail indefinitely because the police/prosecutor are inept and incapable of doing their job without reverting to unconstitutional tactics?

Because he's violating a lawful order. If the accused wants to challenge the legality of that order, he can file a lawsuit to do so (and from the article, it sounds like he has). But unless the judge supervising that lawsuit issues a stay on the order in question, the accused is still obliged to comply and can be detained based on his/her refusal to do so.

Reformation of the contempt of court power is probably reasonable, however. This guy should be charged with obstructing justice and tried instead of kept in prison indefinitely. It'd probably be good to set an upper limit of something like 12 months on contempt of court detainments.

I'm not a lawyer.


Except it seems there is good case law to show that in fact suspected cannot be forced to open a combination lock, as it falls under fifth amendment protection. They can, however, be compelled to provide a key if it is a key-based lock. This applies similarly to biometric-based locks.

It's hard to believe that an encryption key is any different than a combination lock in this "encryption is like a safe" metaphor.

Relevant cases:

https://supreme.justia.com/cases/federal/us/425/391/case.htm...

https://supreme.justia.com/cases/federal/us/487/201/

https://supreme.justia.com/cases/federal/us/530/27/case.html


Could it just come from our particular choice of words?

An encryption key sounds closer to a safe key than to a combination lock. A small broken analogy later, the judge rules that encryptions keys are keys, and the defendant may be compelled to provide them.

Just because we called it a a "key", instead of the more accurate "combination", or "code".


Law can be difficult because tiny nuances like this can sometimes matter. It's usually not because judges are too inept to comprehend the subject matter, but because they feel that the laws still on the books require them to undertake a stringent interpretation that has an effect most people would consider undesirable. In some highly technical cases, while judges can generally be taught the meaning, their unfamiliarity with the subject matter may cause them not to fully appreciate the effects and ramifications of some of their rulings.

Legal professionals tend to be technically minded and frequently accept conclusions that do not serve the interests of justice (except in the theoretical, abstract context of a perfectly-reflective, well-functioning republic) in order to comply with a strict reading of the text of the law.

That's a double-edged sword. It provides some protection against judges who would "legislate from the bench" (i.e., change the effects of the law based on their personal values instead of the values the community has codified through the legislature), but it also frequently restrains what would be considered a rational and fair implementation of the law in order to serve an ideological commitment to the particularities of wording.

Pretty much everything involved in attempting to create a generally applicable, fair legal system is a delicate balance. Too much familiarity with a subject and the judge can be accused of bias; too little and the judge may not understand the impact of their rulings. Too much commitment to legal wording can lead to some plainly undesirable conclusions where the real people and businesses before the judge become the collateral damage of a thought exercise, but insufficient commitment to implementing the community's values instead of one's own can lead to judges whose influence becomes oppressive or despotic. It comes down to needing judges with good judgment.

Constitutional reforms may be reasonable to modernize the system to be more responsive to the community's values and less dependent on the technicalities of outdated verbiage (the All Writs Act, which is referenced in this case, was codified into law 227 years ago), now that we live in an age of instant global communication and industrialism. Many such reforms could happen at the state level.


Gosh, compelled is such a nice euphemism for "psychologically and physically brutalized until complicit". I don't think it is right to "compel" you to produce anything, key nor combination.


I mean, yes, the thing that ultimately underpins all authority is the ability to exert physical force to see it honored.

I'm not clear on what you're suggesting.


I think it's pretty clear that the parent is accusing the state of using torture to coerce compliance, which is a strong indication that the state itself is no longer legitimate.


The state cannot exist without violence to back it up. Why would anyone pay taxes if you couldn't be thrown in jail for non-compliance?


I think you make the mistake of thinking that people oppose all state violence. Many people approve of some state violence in the name of maintaining societal order, but oppose torture. And I would posit that coercive incarceration is a form of torture.

It is a mistake to believe that people are ideologically consistent. And I would be hard pressed to believe that torture is not more extreme or less legitimate than other forms of violence.


Thank you. That pretty much sums up what I was getting at. I understand the need for violence when one man attacks me or my family. And I understand the need for violence when one man attacks any human around me.

These people break the Golden Rule and remove themselves from its binding contract of being treated equally. BUT, they still deserve to be treated fairly.

Sometimes, even you can get them to see the error of their ways, and use their past to create a better future for others, and all without violence. But asking someone to give you a variable to a mathematical algorithm that he owns is absolute horse shit.


This is just a very abstract way to say that you don't like some of the things that the state has characterized as crimes. That's fine, and you can utilize the organs of representative democracy to make your will on that point known (though a world where only violent crimes are recognized, like you're suggesting, is not usually considered appealing).

However, attempting to trivialize the issue by abstracting it out to "giving a variable to a mathematical algorithm" is not persuasive. Any sort of cooperation could be extrapolated to a similar point of abstraction that makes it sound absurd; in fact, furnishing a physical key to a physical lock could be described with no modification to your terms. In that case, you're ultimately asking for the pattern needed to actuate the pins such that they stick up in the lock mechanism and cause it to disengage. That's just "providing a variable to an algorithm"; the physical key itself is an implementation detail.

If you do not believe the court should have the power to compel some types of individual cooperation with the police, you should take that up with your local legislator. The Fifth Amendment itself provides no such protection. It prohibits the government's usage of only a very specific tactic: mandatory testimonial self-incrimination. Allowing the police to execute warrants and complying with lawful orders pursuant to the state's interest in enforcing its laws is not testimony.


[flagged]


Please don't conduct any more ideological flamewars on HN. It's definitely not what this site is for.

Also, please be civil to others when commenting here.


I'm sorry, but I didn't conduct any sort of ideological flame war. I simply stated my stance on the issue that the thread was about. Other commenters took up the mantle of twisting my words and forcing me to more clearly explain myself.

I didn't realize "gtfo" was too uncivil for HN. I generally do not use such language here, but...

Be civil. Don't say things you wouldn't say in a face-to-face conversation. Avoid gratuitous negativity.

I did not break that rule. I was not gratuitous about it and was trying to end an argument.

I understand that you think you know what this site is for, but my original comment was in line with the subject matter and was not flamewar bait.


>I understand that you think you know what this site is for

I would say that while probably imperfect, dang's understanding of "what this site is for" is pretty reliable, since it's his job to moderate it. ;)


And while I'm sure he does a fine job, I'm contesting his assessment of my motivations and insinuating that I broke any rule. You really like to drag things out. Why don't you just drop it?


>I am stating my views on state violence, and what power the state should have over others. And the state should never use violence, physical or psychological, to "compel" people to do anything.

This allows only for crimes of commission. Crimes of omission, like negligence, failure to pay taxes, etc., could not be prosecuted against this, because the state would be using its monopoly on violence to compel compliance with laws which impose affirmative requirements on individuals instead of merely enforcing laws that proscribe individual behavior.

Are you arguing only against indefinite detention on contempt charges or are you arguing against deploying state force to compel any type of active compliance?

>If they are a danger to society, then they can be locked away, but if they are not provably a danger to society in an uncompromised court of law, then that's it. Indefinite incarceration without legitimate reason is torture.

This isn't indefinite detention without reason. Habaes corpus is fully satisfied here. The government has given the detainee a rationale for his detention and, in this case, they've provided a remedy that he can employ to end his incarceration at will.

For the third time, I believe that the virtues of indefinite detention via contempt-of-court are dubious and that reforms are welcome. I'm not sure what you think you're disagreeing with here.

>Are you telling me if I have a problem with the way my state is run I should call my local Republican state representatives and not discuss my views on a mature open forum? Gtfo with that shit, this isn't your forum my dude.

Expressing your views to your state representative (not sure why the party of that representative is significant) is not mutually exclusive with expressing your views on HN. I was suggesting an option by which you could attempt to enact your views in order to clarify that those views do not reflect the current state of the law and would need legislative action to be realized. That has nothing to do with where you're allowed to express them.


If a citizen does not want to pay taxes, and if the taxes are fair and used efficiently, then they still should not be compelled but they can be denied all government aid as well as access to certain infrastructure, or possibly even deportation. None of these things compel someone to do anything.

If the person wants to live on their own, in the wild, then there is no reason our government needs to collect taxes from them. But do I believe someone should be jailed for not giving our country money annually to be spent on things they don't support? Absolutely not. I don't even agree with sales tax. Traditionally that tax is paid for by vendors, but in modern times it has been passed on to the consumer.

And this "if you don't like it, go somewhere else" mentality most folks have about things like taxes is something an abusive partner would say. Sometimes people can't feasibly go somewhere more in line with their beliefs, but they still choose to live peacefully on their own terms.

And believe me, I have attempted to communicate with my representatives and it is fruitless and now I receive spam mail I can't seem to get rid of. Even when I get direct responses, they are empty and simply say, "I get you feel this way, but this is how I feel."


The thing is, the person that attacks your family already broke the rule, so you can use violence against him.

You can be 100% peaceful and the state will still use violence against you based on its own criteria.


I don't think you understand what I'm saying.


It sounds like you believe the only legitimate state is one where a criminal suspect can say "no thanks" and walk away in response to a court summons or arrest warrant. What brings anyone to walk into a courtroom to face charges at all, other than the knowledge that they will be tied to a chair and wheeled in if they refuse?

Of course the state uses violence to extract compliance with social norms. That's what it's for. The much more interesting questions are about which norms it should enforce (criminal codes) using how much force (sentencing, prison conditions, police rules of engagement, etc) and subject to what controls (due process, civil rights, etc).


This seems like more a flaw in the legal systems desire to make decisions based on analogies, rather than a reason for the right to exist.

There's a public good from the right to avoid self incrimination, it's less clear what the public good of protecting people's right to keep content hidden in the face of a court order.


Your first citation has nothing to do with disclosing combinations. It's a question of whether documents that would be protected by the Fifth Amendment if they were in the clients' possession are likewise protected when they've been transferred to the clients' attorney's possession. SCOTUS ruled that the documents would've been ineligible for Fifth Amendment protection because they are evidentiary, not testimonial, so it didn't matter whether or not the attorneys or the clients physically possessed them.

Quoth Justice White from that decision:

    > Within the limits imposed by the language of the Fifth Amendment, which we
    > necessarily observe, the privilege truly serves privacy interests; but the Court has 
    > never on any ground, personal privacy included, applied the Fifth Amendment to 
    > prevent the otherwise proper acquisition or use of evidence which, in the Court's 
    > view, did not involve compelled testimonial self-incrimination of some sort.
The second case also does not involve either the disclosure of combinations or compelled opening of locks. It affirms that compelling a person to sign a document granting banks permission to transmit any account records which may exist to the government does NOT violate the Fifth Amendment because it is not testimonial self-incrimination.

The third case appears closer to the mark in that it discusses the way in which produced documentation can be employed to incriminate a witness who produced it, but that case specifically seems to involve the interaction of the statute under which the accused was granted immunity. It also deals with a witness who produced documentation pursuant to a subpoena and a grant of immunity provided in connection with that, not an accused who is the subject of the investigation.

I'm not sure where you pulled these citations, but none of them appear to have any relevance to the assertions you've made.

Some research seems to indicate that the question of whether a defendant must supply the combination to a safe has never been directly considered by the Supreme Court, though it's been mentioned, tangentially, as a distinct thing from using a key to "open a strongbox", with the implication that disclosing a combination may be protected but opening a safe with a key wouldn't be. This analogy is employed in one place in the decision issued in the third case, but it's only for illustrative effect.

I'm sure that in the not-too-distant future we'll see a case about this make it up to the Supreme Court (possibly even this one). My expectation is that SCOTUS will rule that it is proper to compel the defendant to decrypt the disks.


> Because he's violating a lawful order. If the accused wants to challenge the legality of that order, he can file a lawsuit to do so (and from the article, it sounds like he has). But unless the judge supervising that lawsuit issues a stay on the order in question, the accused is still obliged to comply and can be detained based on his/her refusal to do so.

So here's the thing about that. If he's filed an appeal on a lawful order, he should not have to sit in jail while the appeals process is working its way through. That alone is coercion. That corrupts the legal process. If he has a legitimate claim that the appeals court doesn't immediately throw out, then the lower court is putting pressure on him to not wait for the appeals court's decision by depriving him of my freedom while he waits.

Yes, the appeals court judge could issue a stay on the order. The fact that he/she hasn't indicates to me that the appeals court would prefer to use their own form of coercion and judicial corruption in the hopes that Rawls will just get tired of sitting in jail eventually and comply.

And that's the problem with contempt-of-court. If you can be held indefinitely without being charged with anything, that's a corruption of the legal process. Someone being held in that manner for long enough will likely do anything to get out of that situation, even confess to a crime that carries a sentence of a defined length, because knowing you'll be out in 10 years (or whatever) might be better than being held indefinitely.


>And that's the problem with contempt-of-court. If you can be held indefinitely without being charged with anything, that's a corruption of the legal process. Someone being held in that manner for long enough will likely do anything to get out of that situation, even confess to a crime that carries a sentence of a defined length, because knowing you'll be out in 10 years (or whatever) might be better than being held indefinitely.

Yeah, as I said in my original post, I agree with this. There needs to be a limit on contempt-of-court.

The flip side, however, is that someone who does something that would carry a large prison sentence would be incentivized to violate orders, spend one year waiting out contempt charges, get charged with obstruction and sentenced to 3-5 years, making a total of 4-6 years jail time. That could be a big win for the criminal if complying with the government's order would allow them to prove a crime that carries a much stiffer sentence.


> The flip side, however...

I think I'm ok with that. If the prosecution can't compile enough evidence on their own with the defendant's court-ordered, self-incriminating "help", I don't think they deserve a conviction.

Assuming the court order is lawful, I think a shorter sentence just for violating the order is a fair compromise. Obviously no law is perfect, and there will be exceptions, though.


I'm not a lawyer, but doesn't he also have the option to comply the order to decrypt, and then ask that the evidence should be supressed because the order contradicted the 5th amendment? That would provide a separate route for the constitutional challenge which would not require him to be in prison in the meantime. (Well, presumably he would be in prison for a child pornography conviction instead, so maybe it's equivalent.)


"The protection in the Fifth is to prevent a perverse system of coerced confessions, where innocent people can be placed on the stand and forced to falsely confess before the court."

That's what's happening here. It has led to an extreme corruption of justice where a defendant's rights are violated until he testifies against himself (which also violates his rights, so a Catch-22 situation). He is compelled to testify against himself (5th). He was not given a speedy trial (6th). He was punished in a cruel and unusual manner with life imprisonment despite not being convicted (8th). He is guilty until proven innocent.

All because he refuses to talk. This particular defendant clearly does NOT have the right to remain silent. In which case, that must not be a right. In which case, the 5th amendment either doesn't exist or is being violated.

We don't even know if this guy has the password. We don't even know if there is any actual data on the drives at all. He hasn't been convicted of anything. Yet he's spending the rest of his life, potentially, in jail because he refuses to be coerced by the corrupt government or does not have the information they want.


>He is compelled to testify against himself (5th).

The courts do not agree with that interpretation. Defendants and witnesses are required to comply with subpoenas and warrants and produce documentation on demand, unless they can satisfy the court that production of said documentation is potentially inculpatory and that providing it rises to the level of testimonial self-incrimination under the facts of the case. That's going to vary and the accused may win a lawsuit to confirm that that is indeed what's occurring in this case. At the moment, it's an unsettled question.

>He was not given a speedy trial (6th).

He hasn't been arraigned, so of course he can't be tried. He's been detained for contempt. If he wants a speedy trial, he can comply with the court order that allows the investigators to continue with his case, and he can go free in the mean time.

Perhaps contempt-of-court needs to be reworked such that indefinite detention under it is not allowed, but that's not a constitutional issue. Contact your representatives and let them know you want this law passed.

>He was punished in a cruel and unusual manner with life imprisonment despite not being convicted (8th).

He can end his detainment at any time by complying with the court order. He is willfully keeping himself imprisoned. He has not been sentenced and, theoretically, will be free to go once he complies with the court's order. It is very likely that he has chosen incarceration and a constitutional challenge because he prefers the remote possibility that he may win this challenge to the near-certainty of a felony sex crimes conviction if he complies.

>He is guilty until proven innocent.

It may be that some type of check on extended contempt detainments is appropriate. For example, convening a jury to evaluate the accused's ability to comply every 90 days may be wise.

But practically speaking, he is not guilty; he is being detained because he refuses to comply with a court order. If the court is unable to enforce its orders any time a person says "Sorry, I don't remember how to do that", its authority will vanish.

I understand the contention is that decrypting disks is testimonial self-incrimination. That's the issue before the court, and for whatever reason (which could probably be looked up), the courts hearing that issue declined to stay the original order while the issue pends.

I personally do not find that argument convincing, as the contents of the disk need not, and indeed cannot, be altered by the accused to plant a "false confession" merely by unlocking them. Any evidence revealed by the decryption would've been as it was before any threat or incentive was issued.

Courts have ruled on a variety of occasions that complying with requests to furnish evidence which may be inculpatory does not by itself rise to the level of testimonial self-incrimination. Imagine the fallout from a world where the courts did indeed rule that the defendant was not required to comply with any subpoena, warrant, or order that may reveal criminal behavior. Our system would fall apart right away.

The 5th is not designed to allow people to destroy or hide evidence. It's designed to prevent inquisitions, where a person's guilt is determined based on the linguistic trickery and/or the direct threats made by an inquisitor, instead of an evidentiary standard that must be proven. The 5th amendment still allows for confessions and it still allows the police to require accused individuals to furnish evidence and documentation, it just provides a protection to check the prosecutor's incentive to force false confessions.

>All because he refuses to talk. This particular defendant clearly does NOT have the right to remain silent.

There is no absolute "right to remain silent" in the United States. There is only the right to refrain from testimonial self-incrimination. Judges can and do regularly order persons to provide legitimate answers to questions, orders, and subpoenas if they cannot satisfactorily demonstrate how responding to them could reasonably jeopardize this right.

>We don't even know if this guy has the password.

True, there's no way to know that with certainty. However, there is a way to know beyond reasonable doubt. His regular use of the computer necessarily required him to unlock the disks. It's clear that at the time the order was issued, he knew how to do it.

Perhaps he can make the case that sixteen months after the fact, he is no longer able to recall the passphrases, and maybe that's his strategy; at some point, as time wears on, this will have to be considered credible.


> It's not fantasy. Fantasy is a world where you can tell the police "I know how to open that thing that you have a lawful order to investigate, and you don't, so any crime of which I'm suspected is now uninvestigatable, nanny nanny boo boo".

And your alternative to this "fantasy" is that you go to jail for the rest of your life if you refuse to comply? I find that far more ridiculous.


Yes, effectively. The alternative to effectively giving oneself a life sentence is to comply with the order and allow the government the access they need to proceed with the criminal case. This man's incarceration on contempt charges will end on the day that he complies with the lawful order.

Rawls is rolling the dice here. He's hoping that he can press this issue on constitutional grounds and that he'll prevail, which will prevent the investigators from accessing the contents of his disk and, in all likelihood, prevent his conviction. If he wins on the constitutional matters, he'll be able to walk free as a bird when the case is decided (and may end up being entitled to compensatory damages). That's the outcome he's hoping for.

If he loses the constitutional case, he will probably decrypt the disks and allow the justice system to finish processing his case so that he can get an end date on his incarceration. In all likelihood, complying with the order will lead to his criminal conviction and a sentence of at least several years. After that sentence completes, he will be a convicted felon, and in most states, he will have to register as a sex offender. He will have to live under a variety of restrictions related to those statuses for the rest of his life.

Rawls's hope is that the court will rule that he cannot be ordered to decrypt his disks on constitutional grounds. This is all a wager on his part. As his incarceration on contempt charges is essentially voluntary, characterizing it as an "indefinite" or "life" sentence is improper. He has no sentence. To go free, he need only comply with the lawful order that was served upon him (of course, he will probably be arrested on charges related to the data on his computer shortly thereafter, potentially before leaving the jailhouse), or convince a higher judge that the order should be stayed pending the outcome of the lawsuit challenging its validity.

Another potential avenue to freedom, at this stage, would be convincing Congress and the President that the law should be modified so that either a) the judge's order is invalidated by new statutory requirements and the constitutional matter is no longer relevant; or b) the crime being investigated is no longer criminal.


> "I know how to open that thing that you have a lawful order to investigate, and you don't, so any crime of which I'm suspected is now uninvestigatable, nanny nanny boo boo"

So "I know stuff about a thing that you have a lawful order to investigate, and you don't, so any crime of which I'm suspected is now uninvestigatable, nanny nanny boo boo" is fine, real and serious, but "I know a thing that would allow you to open that thing that you have a lawful order to investigate, and you don't, so any crime of which I'm suspected is now uninvestigatable, nanny nanny boo boo" is laughable?

Should you be also compelled by indefinite arrest to disclose location of the body of your victim (when other evidence against you is insufficient)? Because it looks mighty similar to disclosing password to encrypted evidence of the crime.


>So "I know stuff about a thing that you have a lawful order to investigate, and you don't, so any crime of which I'm suspected is now uninvestigatable, nanny nanny boo boo" is fine, real and serious

No, this isn't fine. If there is a lawful order to gather evidence related to the crime, the accused can be compelled to comply. For example, the accused can be compelled to provide documentation under subpoena, submit to police interrogations, be a witness in court, etc.

They cannot be compelled to testify against themselves. When someone invokes the Fifth Amendment, the presiding officer must decide whether there is a reasonable claim that responding to the question or demand as posed may incriminate that person. If the presiding officer is not satisfied that such a connection exists or that the inculpatory value of the response does not rise to the level of testimonial self-incrimination, they can, and do, order the person to comply. If the accused feels this order has been wrongly made and that their Fifth Amendment rights either were or could be violated, they are free to challenge the order in court, but that doesn't mean that there won't be consequences for non-compliance while the challenge processes (a judge overseeing the challenge may or may not issue a stay or restraining order to limit such consequences).

>Should you be also compelled by indefinite arrest to disclose location of the body of your victim (when other evidence against you is insufficient)?

No, because that unquestionably rises to the level of testimonial self-incrimination, whereas granting access to something found during the execution of a legal search warrant does not.

>Because it looks mighty similar to disclosing password to encrypted evidence of the crime.

Ultimately the courts will have to decide whether this is similar enough or not. Under the current law, the answer is non-obvious, and it must be established by the conventional legal process, which yes, is indeed pain-stakingly slow. But there is no exceptional injustice underway here. This is the way the system works. It's not always pleasant, but then, neither is the real world.

If you want to discuss reforms that could require all cases to reach a final resolution within 12 months of their initiation, I'm all for that. Dragging these proceedings out over 5-10 years is very frustrating. But again, the backlog and slow conventions of the courts are a different matter than whether or not this man's constitutional rights are being violated (except insofar as these apply to the 6th Amendment, which guarantees the right to a speedy trial; it does not, however, guarantee the right to a speedy appeal), whether his detainment qualifies as "torture", or whether some other grave miscarriage of justice is occurring here.


> They cannot be compelled to testify against themselves.

In my joking statement (that mirrored yours) I was referring to exactly that. Giving police information that currently is only inside a mind of a suspect. Not documents, not physical keys, not anything else.

I don't care that you can be compelled to provide documents. Which is silly by itself. Whole business of law should expect no cooperation from the suspect and should accept help from him with suspicion. Giving him opportunity to provide documents is giving him opportunity to forge some. Giving him opportunity to provide password to a machine may give him opportunity to give one that will cause the machine to overwrite the data you are trying to gain access to. Giving him opportunity to confess without double checking every bit of information he discloses with hard evidence is providing him the opportunity to take fall for someone else's crime.

> But there is no exceptional injustice underway here. This is the way the system works.

So the system is just temporarily exceptionally unjust. Unless you can somehow say that jailing a guy indefinitely for failing to disclose information only he poses, at the same time having not enough evidence that he committed any crime, is somehow just.


> The protection in the Fifth is to prevent a perverse system of coerced confessions, where innocent people can be placed on the stand and forced to falsely confess before the court.

Do you have a source for this claim? Compelled confessions are already invalid. I'm skeptical that this was the primary purpose of the amendment.


> Compelled confessions are already invalid.

Compelled confessions are not "already invalid" separate from the Fifth Amendment. To the extent that statutory restrictions prevent it, that arises from the same impulse of the Fifth and is most likely primarily intended to be supplementary thereto.

The right against self-incrimination is intended to establish a system of justice that requires prosecutors to obtain real proof rather than making it dependent on manipulating the accused, who may well be innocent, into believing that a confession is the only way out (that is, confessions extracted by coercion).

Similar rights existed in multiple state constitutions prior to the ratification of the federal constitution. Note also that incorporation didn't begin to occur until the late 1800s-early 1900s, so independent state statutes protecting this right would've been necessary, and their existence doesn't mean that the Fifth didn't also target this protection.

>Do you have a source for this claim?

This overview seems pretty accessible: http://www.slate.com/articles/news_and_politics/explainer/20....

Quote:

>The Fifth Amendment [...] was created in reaction to the excesses of the Courts of Star Chamber and High Commission. [...] These courts utilized the inquisitorial method of truth-seeking as opposed to the prosecutorial, meaning that prosecutors did not bear the burden of proving a case, but that sufficient "proof" came from browbeating confessions out of the accused. [...] With the abolition of the Courts of Star Chamber and High Commission, the common law courts of England incorporated this principle of nemo tenetur—that no man should be bound to accuse himself. By the 18th century, English law provided that neither confessions coerced during the trial nor pretrial confessions obtained through torture could be used. This was based on the belief that coerced confessions were inherently unreliable.


Being forced to decode written notes to incriminate yourself is about equal to producing the password that decodes the encrypted data.

In both cases you use a secret and some procedure to derive readable information from some other information.

And in both cases, it is generally impossible to prove you are able to!


The difference is that if a defendant is forced to decode a unique cipher they've made up, there's no independent way to verify its contents. You can't prove that an investigator didn't say "Look, the only way you're going to ever get out of here is if you 'decode' this and make sure it says that you committed the crime."

Whereas with a well-understood, industry-accepted cipher, you can use the key and obtain the evidence exactly as it sits independent of the defendant's disposition and without requiring any unique or special tooling to be provided by the defendant. There is no opportunity to influence the contents of the decrypted disk. Ultimately, encryption may end up strengthening the prosecution's case because it can't reasonably be argued that any evidence tampering or manipulation occurred prior to decryption.

When the defendant either discloses the passphrase or enters it to unlock the disks for the police without disclosing it, the disk will either decrypt or not, and when it decrypts, it will either contain the evidence or not. Nothing said to or done by the defendant since the evidence was seized can have any influence on the contents of the disk. That means the Fifth Amendment's purpose of preserving a prosecutorial justice system dependent upon the use of objective proof rather than individual manipulation remains intact.

It would be interesting to see how this would've played out if Rawls had been using something like TrueCrypt's hidden container encryption, which uses steganographic techniques to allow the user to generate distinct blocks of cleartext from the same block of encrypted data. In that scenario, theoretically, there is no way to prove that the hidden container exists and that you have not fully complied with the police's request to decrypt.



A few points -

Devils advocate, travel back to the 1950s. The government searches your home and takes a letter or other document that is clearly written in code. Can/would they jail you as in the current case until you decode it? And without even charging you with any other crime first?

At what point is "I used a one time pad" or "I don'remember" sufficient? I'm sure all of us have at least once (probably many) times forgotten a password, even for something relatively important.

The 'lock' interpretation also fails. It is obfuscation, they have executed their search warrant and they possess the obfuscated data. Can they force you to translate your documents written in some obscure language because they can find nobody else willing to do so for them?

Re: Orin Kerr - his argument fails as the government can execute their own search warrant to take documents they believe you to have - they need not rely upon you to voluntarily provide them at their request.


This reminds me of Les Earnest's story (http://web.stanford.edu/~learnest/les/crypto.htm) about being investigated for espionage as a teenager during WWII.


> I remember hearing that a local grocer was secretly a Colonel in the Japanese Army and had hidden his uniform in the back of his store. A lot of people actually believed such things.

Some things never change.


That was a quite good read, thanks!


Following from this, if perfect encryption leaves a ciphertext indistinguishable from random noise, then what proof does the court expect that a given decryption is the correct decryption?

If he were to hand them an elaborately constructed fake file system, who would they be to say those weren't the encrypted contents?

(For purposes of thought exercise, mooting arguments about headers / magic fingerprints / leaky metadata)


TrueCrypt let you encrypt your drive in a "plausibly deniable" way. One password would let you see the encrypted contents as would expect, but there was also a sort of duress password. If you mounted the drive with the second password, you would not see files added with the "true" password. You could even add files to this file system so it looked like a fully functioning file system.

How would the authorities know you have given them the correct password?

I'm not sure how effective it was, I remember there being some criticism of it.


There are several ways to utilise TrueCrypt to truly hide data. The issue is "operational security", not the tool you use. You need to think about how the data is stored, what it will look like whilst encrypted, how will you handle that under questioning. "yes my drive is fully encrypted, get stuffed" will not suffice. It'd be nice, but the reality is that you will be required to bow down in digital obeyance to the court/man/gov


It's not that effective against clued-up forensics, I'm pretty sure I've read of cases where prosecution successfully detected TC volumes. It does however deal with garden-variety "gun to the head" scenarios.


A possibly-related topic: https://en.wikipedia.org/wiki/Deniable_encryption

How can they even be sure that the decrypted message is the real one? I assume currently they're just using human heuristics (i.e. I know it when I see it) to tell if the decrypted data is actually valid?


You could perfectly encrypt a hard drive such that it could decrypt to anything, but the "key" (a one-time pad) would be as big as the drive itself. All real-world crypto software uses short keys, which are just big enough that it's impossible to brute-force guess them. In general for a given encrypted drive, there is probably no other key besides the real one that would produce meaningful looking output, because the space of all possible outputs is so much larger than the space of all possible keys.


I get the one time pad size argument (as well as the analog that a shorter key is therefore a hashing function in some respect?).

The thing I found curious though is that the legal argument seems to depend not on providing your encryption key (which is generally assumed to be protected), but the act of decryption.

In the absence of the key, any plaintext produced from a ciphertext is... questionable?


It is like splitting drive to two (interleved sectors for example) and encrypt odd sectors with key1 and evens with key2. And software can try key in first 2 sectors to figure out odds or evens to use.

If software gives you an option to use 2 keys or 1 key in the beginning ( so half data will be garbage ) you can always deny you have 2 keys


> In these cases with encryption the courts have consistently been finding that the password is comparable to unlocking the door to a house to which the police have a search warrant.

I thought it was the exact opposite, where things such as a lock combination or a memorized password could not be compelled, whereas things like a fingerprint or a key can be since they are physical possessions.

_DISCLAIMER_ (IANAL and above is IIRC)

Edit: clicked some links in the article

[0] https://supreme.justia.com/cases/federal/us/530/27/case.html

[1]https://www.wired.com/2012/02/laptop-decryption-appeal-rejec...

So it's a mixed bag. [1] was never enforced because authorities got the password from elsewhere.


This case has typical arguments compelling disclosure and dismissing the arguments against. BTW, I don't agree with this stuff, I'm just summarizing how courts for the most part are presently handling these cases.

http://scholar.google.com/scholar_case?q=GELFGATT&hl=en&as_s...


> In these cases with encryption the courts have consistently been finding that the password is comparable to unlocking the door to a house to which the police have a search warrant.

What proof do they have that he has the password to the harddrive?


And what happens if he actually forgot the password? Then what?


Surely, indefinite detention is an appropriate punishment for forgetfulness?


I have a technical question about this comparison. In the locked door example, is the warrant an allowance for police to enter the area without the owner's permission, or is the warrant an order for the owner to give permission and assist?


If you're home, you have to let them in. If not, they are allowed to break in.


So if they come to John Doe's house with a warrant and he just sits passively on his couch while they legally enter, he has broken the law? This page[0] (ctrl+f "You do not have to assist law enforcement when they are conducting their search.") seems to suggest that a warrant does not require you to assist them, though I don't understand the scope of that; whether it's assisting them in executing the warrant or what.

[0] https://www.eff.org/issues/know-your-rights


> If you're home, you have to let them in. If not, they are allowed to break in.

Right, but is it really a crime not to unlock the door?


Now extend that thought line to embedded brain chips. I don't like where it goes.


Well, they could be un-embedded and read out the hard way.

(Might still be encrypted after that, but the data is going to be made accessible one way or another unless the device self destructs and you won't be storing the key in there but in your wetware.)


Compulsive surgery before a conviction? Even worse.


You're doing this to yourself, all you have to do is give us a key... and think about the risks of such an operation. /s


Just stop claiming innocence and sign this confession and everything will be so much easier!


My thoughts exactly. I really don't understand why would you get down-voted. If there were brain chips, one could easily see the analogy and drawing a line would be much harder.


>The person is required to unlock the door and let the police in because the police have a warrant.

Is this true? The person is required to not do anything to hinder police but is the subject of a warrant ordered to assist them with the search? IMHO the difference between a key and a combination to a safe, which is the whole premiss behind being compelled to produce a decryption key being a violation of the 5th amendment, would seem to be at ends to that interpretation. Obviously if the door is unlocked when the warrant is served then the subject can't lock the police out but if there's an interior door that's locked, can the subject be compelled to provide the combination to unlock it? That's no different than being compelled to provide the combination to a safe so that would imply that the subject of a search warrant doesn't have to assist the police, just not actively impede the execution of the warrant.


Now consider, what if the police find nothing after executing the search warrant? "Hey, we know you have a counterfeit press somewhere -- give us the address where it is located".


Giving them the harddrive is like opening the door. Not my problem they can't read the documents they found.


I think the idea of 16 months for contempt is legally ridiculous. However, they have some evidence. I presume their de-construction of freenet will have given them some insight. The technical issue that concerns me, and I'm not sure if they have addressed, is how freenet stores data and whether the material they allege is his or a 3rd party's. Last time I looked into freenet it was doing the equivalent of storing chunks of other people's data, encrypted of course, on your machine. Like being a torrent server and storing some of the actual data the torrents refer to. A peer to peer data network, not just a reference library. Yes that sounds crazy, but that was the state a few years ago. No wonder it ran like treacle.


Yes, it's a bit crazy the way Freenet works, like mad scientist crazy.

> Freenet not only transmits data between nodes but actually stores them, working as a huge distributed cache.

> While users can insert data into the network, there is no way to delete data. Due to Freenet's anonymous nature the original publishing node or owner of any piece of data is unknown. The only way data can be removed is if users don't request it.

https://en.wikipedia.org/wiki/Freenet#Distributed_storage_an...

You allocate a certain amount of space on your machine to an encrypted cache, that you can't even decrypt yourself or even know what it contains.

So there's no way to prove that someone even accessed a certain chunk of data, unless they saved it unencrypted to their machine, which I guess is what the Feds need to prove.


What happens if he says he doesn't remember his password anymore?

ie: sits down, and seemingly tries to decrypt, but tries 1( or 50 times) and says "Oh shucks, I forgot"?


That's a real concern after 16 months, assuming the password was obscure enough. And I doubt a judge would be amused, raising the specter of indefinite detention without trial.


Any significantly genuine attempt to remember the password will reduce the entropy to such an extent that your rpi could crack it. The fact that in our brain the fragments are hopelessly jumbled and you forgot if you added 1999! or 1990? to the end does not mean a computer cannot achieve a significant shortcut.

In fact I cracked one of my own filevault v1 passwords, from a Powerbook G4, using this technique. I had a muscle memory for part of the password, and that was enough to make it tractable. Cf vilefault, https://github.com/libyal/libfvde


That's precisely what happened, and the judge didn't believe him, partly because he declined to say on oath that he had forgotten the password.


>First of all no one has any duty to provide the police with evidence as a 5th amendment protection.

Apparently all these amendments are open to all kinds of BS interpretation by courts, with loopholes like "you don't really expect privacy when you send snail mail", "some random gun freak is the same as a well armed militia", "corporations are people" and other such shenanigans.


The examples you chose are interesting, not only because they reveal an obvious bias.

I think the correct interpretation of the various amendments is to view them in conjunction with the ninth. That is, the default should be to argue in good faith about what rights the amendment is attempting to preserve, not nit-picking them to find technicalities that the state can use to limit or restrict someone's rights.

Your hint at the 2nd Amendment is one such example: it's clear from reading other writings by the Founding Fathers that the 2nd Amendment was written to allow an individual to own firearms. Likewise, the 5th Amendment should be interpreted to allow an individual to refuse anything a court orders him to do that would force him to reveal evidence or testimony that could be used to incriminate him. I would argue that the entire point of that part of the 5th is to prevent exactly what is going on here: torture (involuntary imprisonment without conviction) used to coerce a confession.

Hopefully this issue is decided properly, as we are rapidly approaching a time where it may be possible to do a fMRI-like scan of someone's brain to determine guilt/innocence. Should we allow a court, with only a search warrant, the ability to scan our brain and possibly uncover other evidence of crimes?


I wonder how this argument holds up if the government were to make deniable encryption illegal.

If it is possible to determine that you have encrypted data, and it is possible to verify the accuracy of your testimony, there should be no concern about compelling false testimony.

Which is different from compelling testimony that cannot be verified, at least in the sense that you know that only the people being held in contempt could possibly be innocent.

Maybe the tradeoffs that should.be made in this case are different.


Proper encryption is indistinguishable from random noise


So make random noise illegal? You laugh, but this is precisely how these people think. Also https://en.wikipedia.org/wiki/Illegal_number.


> it's clear from reading other writings by the Founding Fathers that the 2nd Amendment was written to allow an individual to own firearms

It's also clear it was to buttress the perpetuation of slavery in the minds of founders. So, you know.


Could you please mention the number of amendment that restricts the right to refuse self-incrimination in the same way as the 13th amendment restricted the right to own slaves?


> it's clear from reading other writings by the Founding Fathers that the 2nd Amendment was written to allow an individual to own firearms.

This is irrelevant, it matters what made it into the contract, i.e. Constitution.

The second amendment in full is: "A well regulated militia being necessary to the security of a free State, the right of the People to keep and bear arms shall not be infringed."

A well regulated militia is completely dropped from all modern court rulings. Guns can and should be regulated.


It's not irrelevant, because it allows you to understand what words like "militia" and "well regulated" meant at the time. They don't mean what a casual reader might think they do. The Supreme Court frequently goes back an looks at other historical records/writings of the time to dig into the real meaning of the words.

It really doesn't matter, because as Heller held, the first part of that sentence is the prefatory clause which doesn't limit or expand the scope of the actual, operative clause: "the right of the people to keep and bear arms shall not be infringed."


The claim that the first clause is prefatory is some seriously contorted motivated reasoning on the part of the majority in the Heller case, and for those who would like to see what real historians think I would direct you to the amicus brief in that case from Rakove et al (http://www.scotusblog.com/wp-content/uploads/2008/01/07-290_...)


>because as Heller held, the first part of that sentence is the prefatory clause which doesn't limit or expand the scope of the actual, operative clause

Which is exactly the inverse of what it should be: the spirit of the law being above and adjusting the "operative" part.


The supreme court has ruled that the second amendment protects an individual's right to own guns and that right cannot be removed by states. If you don't like that get 2/3rds of congress to agree with you and change the constitution.


>The supreme court has ruled that the second amendment protects an individual's right to own guns and that right cannot be removed by states.

That's what we discussed. Given what the constitution says, that ruling is BS.

The law and supreme courts are politics --not some clean, divine, body that comes with only just rulings.

"Liberty and justice for all", for example, if I'm not mistaken, was in there from the beginning, but the courts could not give a rats ass for slavery, segregation, etc, until they were forced to by popular protests.

So, that 2/3 of the congress is not much consolation either.


The supreme court also ruled that child labor laws were unconstitutional, that collective bargaining was illegal, and that runaway slaves should always be returned to their original owners wherever they were found. Precedent changes, and an activist ruling like Heller that is more political than judicial in its justification is relatively easy to reverse. No need for a constitutional amendment for the first 13 words of the 2nd amendment to no longer be written in invisible ink, just a good case and poof it becomes a collective right the same as it was for the first 175 years or so of US history.


It's impressive that you read "regulate" as somehow not aligned with "an individuals right to own guns".

These are not mutually exclusive, and I personally want people to maintain the right to own guns.

What I don't want is semi-automatic rifles and handguns to be available to the population at large and without any regulation whatsoever so that they can easily be incorporated into some lunatics shooting spree.

I know this will be unpopular: all semi-automatic handguns and rifles should be outlawed.


> and that right cannot be removed by states.

but cities like new york somehow removed it.


"This is irrelevant, it matters what made it into the contract, i.e. Constitution."

This was a correct and useful stance - and a fruitful ground for debate - prior to 2010.

However, what matters now is District of Columbia v. Heller[1] and McDonald v. City of Chicago[2] which "held that the right of an individual to "keep and bear arms" protected by the Second Amendment is incorporated by the Due Process Clause of the Fourteenth Amendment and applies to the states".[2]

[1] https://en.wikipedia.org/wiki/District_of_Columbia_v._Heller

[2] https://en.wikipedia.org/wiki/McDonald_v._City_of_Chicago


Guns already are absurdly heavily regulated. Unless you actually mean banned.


Yes. That's the problem with the whole "this is a government of laws, not men" idea. The laws are always, always interpreted by men. They are enforced (or not) by men, at their discretion.

It's much like the "thou shalt not kill" commandment in the Bible. It's there in black and white, and about as clear and simple as you can get. Yet plenty of Jews and Christians kill, and often do so eagerly and joyfully, even thinking they are doing God's work. As the old saying goes, "Praise the Lord and pass the ammunition." Or "Onward, Christian soldiers!"


> It's much like the "thou shalt not kill" commandment in the Bible.

That's an erroneous translation, although I concede it is very common - but rarely if ever found within a Bible as you claim; both the KJV, which I prefer for the music of its language, and the NIV, which is much more common these days, instead correctly render it as "Thou shalt/you shall not murder". I can't speak for Torah, but I doubt it differs there.

The laws of men distinguish mere murder from killing in general, whether it be manslaughter, justifiable homicide, the conduct of warfare, or any of sundry other nuances. Why, then, should the law of God overlook the same distinction?


>The laws of men distinguish mere murder from killing in general, whether it be manslaughter, justifiable homicide, the conduct of warfare, or any of sundry other nuances. Why, then, should the law of God overlook the same distinction?

Because that's old testament morals that have been deprecated by Christ.

That's the whole point of getting a NEW testament.

And Christ is quite clear about the "not kill in general" part.


> Because that's old testament morals that have been deprecated by Christ.

In general, you're not wrong. In this case, though, you are. Matthew 19:16-19 [1]:

> 16 And, behold, one came and said unto him, Good Master, what good thing shall I do, that I may have eternal life? 17 And he said unto him, Why callest thou me good? there is none good but one, that is, God: but if thou wilt enter into life, keep the commandments. 18 He saith unto him, Which? Jesus said, Thou shalt do no murder, Thou shalt not commit adultery, Thou shalt not steal, Thou shalt not bear false witness, 19 Honour thy father and thy mother: and, Thou shalt love thy neighbour as thyself.

Had Christ intended to modify the commandment to "thou shalt not kill", I expect He would have.

[1] http://biblehub.com/kjv/matthew/19.htm


>Had Christ intended to modify the commandment to "thou shalt not kill", I expect He would have.

Well, he also gave additional commands and advice of his own to that very effect.


I'm afraid I am not familiar with them, but I've never pretended to be other than a rather poor Christian. Perhaps you will do me the kindness of citing them, so that I may improve my ability to live up to my faith.


Isn't "Thou shalt not murder" sailing awfully close to a tautology, though?


No, because like temporal law, the Mosaic code elsewhere defines what is and is not murder. As 'coldtea elsewhere points out, Christ explicitly deprecates most of that code in his teachings - but he cites this one verbatim, and to do so without intending to implicitly affirm at least the distinction between killing which is wrongful, i.e. murder, and killing which is not, seems an unlikely mistake for any rabbi to make.


ooooh, I guess God was ok with killing people as long as it was mass killings so you could call it something besides murder.

Because apparently the exact name somehow makes the act better (or worse?) in God's eyes.

https://www.youtube.com/watch?v=ga_7j72CVlc&t=0m25s

We should go tell Feynman he's nuts...


>Because apparently the exact name somehow makes the act better (or worse?) in God's eyes.

Not a christian per se, but theoretically speaking, the name is not some mere dressing: it gives the justification (or lack thereof) for the act.

So it makes sense that something described with a different name changes the act in "God's eyes" -- the same way that e.g. killing someone to take their money and killing someone to stop them from killing you are not both "murder".

Besides, what's allowed to humans and what's allowed to God doesn't need to be the same thing. No hypocrisy in that, we're talking about different entities, and nobody said they are equal (on the contrary).


> So it makes sense that something described with a different name changes the act in "God's eyes" -- the same way that e.g. killing someone to take their money and killing someone to stop them from killing you are not both "murder".

Which of course is not what's being discussed, so we're not going to go off on that tangent.


"Onward, Christian soldiers" is not about physical war, but about spiritual warfare. Killing isn't usually performed by singing hymns, for example:

    Hell’s foundations quiver
    At the shout of praise;
    Brothers, lift your voices,
    Loud your anthems raise.


Yet, that doesn't stop Christians from misinterpreting the Muslim concept of jihad


That's because militant muslims have been using it for millennia for actual attacks and war, not just spiritual ones.


so exactly like Christians.



Your reasoning is perfectly fine and in line with most jurisdictions word-wide. This is just one of many cases where people elsewhere shake their heads in disbelief. How the US and UK deal with this matter is a big exception and considered both immoral and illegal in much of the rest of the world.

These two countries are 'special' in many regards, and you cannot and ought not take their sense of morality and their system of law as a basis for anything.


Can he appeal this judge's decision to imprison him? Or is he trapped given the lack of a conviction?


They are appealing, but it's not on any rushed schedule so the appeals court is just leaving him in there.


It's not as unjust as it seems because he does have the option of applying for a bail pending appeal which would release him until his appeal date. Unfortunately to do that you have to show that you have a reasonable chance of succeeding, and he doesn't have that. He's going to lose the appeal and he's going to stay in jail until he divulges the info or the judge releases him.

Just to give a bit more info here, this is not an unsophisticated defendant, this guy is a cop he knows the system and he knows what he's doing. He knows that he's better off going to jail for contempt of court than he is going to jail for kiddie porn. He's making a calculated decision to keep himself out of trouble, he's no martyr.


But I bet something led police to the hard drive in question in the first place. I wonder what "that" something was. In the U.S. you can be arrested and held for Reasonable Suspicion (or Probable Cause)


Whatever that was it clearly wasn't a criminal act or he'd have been charged for whatever it was. No further evidence has come to light after 16 months. That's far beyond "reasonable suspicion."

If the police can't find evidence of a crime then this guy should be released, even if he's the reason they can't find it.


Incorrect – the defendant had an iPhone which contained indecent recordings of his niece, and had previously admitted to family members that he had a problem with child pronography, showing them a large collection on the computer that was connected to the hard drives he now claims to have forgotten how to decrypt. This is explained in government brief[1] which was linked in the article.

[1] https://arstechnica.com/wp-content/uploads/2017/02/fedsrawls...


Article mentions Freenet traffic detected at his computer. AFAIR Freenet is like BitTorrent, except nobody knows what you are downloading.


Doesn't mean it was illegal.

Protecting ones privacy and data is not illegal and is no cause for suspicion. Just because they detected freenet or even tor that wouldn't be enough for a warrant.

I wonder what evidence they did have for that warrentbin the first place.


Not indefinitely


Not indefinitely

More

Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: