Suppose the suspect Alice only has a portion of the key. Someone else (Bob...) has the remaining key bits.
Alice is busted, and 'compelled to give the key', and DOES provide her portion of the key.
Bob is never found.
Then Alice would be indefinitely imprisoned, even if she would have actually complied with the court order.
It seems unethical, to me.
Bonus question: Alice pretends that Bob exists, but actually he does not, but police cannot prove that. What then?
A possible answer to the first question: Alice is not compelled to provide the key. She is compelled to decrypt the drive. Obviously she can't do that without Bob. Alice is screwed and will spend the rest of her life in prison.
Yes, and in this scenario she would not be held in contempt, so your hypothetical does not apply.
You can only be held in contempt for refusing to comply with court orders, not for the failure of a desired outcome.
Let's put it another way: you are totally misunderstanding why this fellow is in jail. It is not because the hard drive remains encrypted - it is because he defied a court order to decrypt it. Granted, if the drive were decrypted by other means he would likely be let out of prison because the point of holding him for contempt would be frustrated - but that does not mean that he was put into jail because the drive was not decrypted. Contempt is solely about defying court orders.
If Alice gave over her half of the key, she would have complied with the order, therefore, there would be no grounds for contempt.
> The defendant did not testify at the hearing and did not offer any other evidence or testimony in support of his contention that memory failure prevented him from complying with the court's order. On September 14, 2015, the court issued an order granting the government's motion, App. 6-10, finding that Doe was engaged in a “deliberate ruse” in claiming memory failure as to the external hard drives and that he intentionally disobeyed the court's orders directing him to decrypt the devices.
 Government brief, p 12: https://arstechnica.com/wp-content/uploads/2017/02/fedsrawls....
I'm still curious, what kind of evidence or testimony might be considered believable in this case. Whether someone remembers a particular sequence of words and symbols seems like a thing that's very hard to determine, and by its nature it's unlikely there is any evidence either way.
From the quote you give (and I'll admit I have not read up on this case beyond the article, so it's possible I'm missing something), it sounds like he claimed he didn't remember the password, the court responded with "I don't believe you because you haven't proven that you don't remember it, so have fun in jail until you decrypt."
How would you prove, if you were brought into court, that you don't remember a specific password?
So the system as it stands is you can be jailed indefinitely because a judge does not believe you actually forgot a password? That doesn't sound ideal.
Honestly, what do you envision as an ideal system? The legal system can't be structured like software. You have to be able to cope with unknowns, things that cannot be proven 100%, and people who won't cooperate. This stuff isn't binary.
civil law / roman law, as used in a large part of the world including Europe. (different from civil law as the term is used in the US)
things are quite a lot more clear cut if you just codify (yes, exactly like code, our law books look like code in human language, precisely worded) instead of reinterpreting the law on case by case basis and some ancient writings reinterpreted to fit a modern setting (even they were made by smart folks, it's still almost religion)
Most U.S. federal law is codified, including the contempt provision that applied here (18 U.S. Code § 401). Codification does not remove the need for courts to resolve ambiguities. The constitutional right in this case is a good example: there is no explicit privilege against self-incrimination in the European Convention on Human Rights, yet the European Court of Human Rights has found that Europeans do have this right, and has explained its scope by 'reinterpreting the law on a case by case basis' .
If I ask you to sink 10 baskets and then 0 baskets are made, there is an extremely obvious difference between 10 airballs and refusing to step onto the court.
Stop thinking like a software engineer and start thinking like a human observer. The court system does not use Jenkins to test conditions in the real world - the court system's "runtime" are the faculties of observation and reason of the judges and juries. There are countless, extraordinarily obvious differences between refusing to comply with an order and complying with an order but failing to produce the desired result. In other words, humans do not judge compliance based on satisfaction of test conditions that have to be written down and then run by a computer - they use their own eyes, ears and brains.
As a result, the difference between genuinely not remembering a password or trying, but failing, to decrypt a drive, is totally and obviously different than telling a judge to take a hike, claiming "fifth amendment" or giving testimony that is obviously untruthful. Frankly, this statement:
> There's no observable difference between inability to produce a result and refusing to produce a result
Is just outrageous. There is no difference between failing to detect the higgs boson and not even trying to detect it? I posit that these two scenarios are outrageously different: (1) building the LHC and not finding the higgs boson and (2) not buidling the LHC. Both situations have failed to detect the higgs boson - but they are, in all other respects, remarkably different. I genuinely cannot believe that you hold this point of view to be true.
Judging the credibility of testimony is not only one of the primary activities of judges and juries, but, again, I categorically do not believe that you truly believe there is no difference, whatsoever, in indicia or outward evidence, between telling a lie and telling the truth. It's not a remotely credible position to take. It is absolutely the case that humans can be very bad at judging the difference between lying and telling the truth, but the assertion that there is no observable difference is nonsense. It is the reason there are such a thing as "good" actors and bad actors. It is the reason that athletic events in movies are staged, as opposed to actually performed. It is why special effects exist.
Additionally, these judgments are made in context. You aren't judging the atomic, context-less testimony of a spherical witness on a perfectly cubical witness stand suspended in an infinite vacuum. You are judging a human, sitting in a court, in the context of a whole host of other evidence and testimony. So, basically, you are making one of two claims: (1) that humans cannot judge the difference between truth and lies and (2) that it is improper for humans to make these judgments in the context of criminal justice. I disagree with both, but in this case all that matters is the latter - I will cede that it is often the case that humans mess up on individual judgments, but this does not mean that putting humans in charge of these decisions is not the best option we have when it comes to criminal justice.
What you are pointing out is that justice gets tested at the edge cases - and what we have here is an edge case. I understand the engineer's desire to have proof-positive, objectively testable indicia to differentiate between different case-states - in this instance, the difference between being a convincing liar and telling the truth - but that is the central reason we have a court system that is populated and run by humans and not machines. Our "best guess" is what it comes down to. This does, in fact, result in miscarriages of justice - there are supposed to be correcting mechanisms built into this system to compensate for this as well, and the general release-valve for these errors is the idea that you are supposed to be innocent until proven guilty. We have, in fact, stumbled upon a bug in this system here - judges can incarcerate individuals for contempt indefinitely, and this should not be the case. There are other factors going on in this circumstance that render the issue more complicated, and there are ways to address this bug with procedure - hearings, appeals, evidentiary testimony or expert testimony - but to simply state that the solution is to make the system recognize that it is impossible to tell the difference between truth and lies is an absurd notion that totally undermines its very foundation. It is not just throwing the baby out with the bath-water - it is then bulldozing the house too.
It is a primitive, or axiom, of the court system, that humans can be asked to make value judgments about the truth and falsity of assertions presented to them and to judge the veracity of the witnesses making those statements. If you categorically disagree with that axiom, you disagree with the entire jurisprudence system. In this case, I'd like to quote Churchill, when talking about Democracy:
"It's the worst form of Government, except for every other."
If you have a better idea about how to run the court system, I'm all ears.
I don't see how that is open to interpretations, regardless of charitability. I think it is total, unabashed poppycock.
> How do they know he didn't just forget the password? Or that the password was recorded somewhere that he no longer has access to?
Credible testimony and other evidence.
> After sitting in jail for many months, it is very easy to forget a password that you no longer use regularly.
Right, and that is not the issue. Obviously the judge did not find this guy to be credible in the first instance.
That having been said, I'm a corporate lawyer, so my apologies if I was unnecessarily aggressive in my reply to your post. It is something I always have to watch out for, but your points are appreciated and thanks for taking the time to engage.
I can see a few things the author might be trying to convey. The most interesting would probably be "[There are cases where t]here's no observable difference [...]". I think the alternative I suggested ("[...] produce a result while pretending not to.") is better supported as the authors probable intent (while being a stronger statement and correspondingly less likely to be accurate).
In any case, pragmatics + charity should tell us someone wasn't asserting we can't tell the difference between a person saying "I can't" and a person saying "I won't", and if you can't figure out what else they might have meant the first thing to do is ask.
Heck, some weeks ago I forgot part of a passphrase I did use regularly. Fortunately, I remembered enough of it that I could feasibly brute force the rest.
Most of the time, absolute certainty that someone is guilty is not possible; that's why the criminal standard is "beyond a reasonable doubt", not "proven to the point of mathematical certainty".
In this case, the simple fact is that the court does not believe Rawls's assertion that he is unable to comply, so he remains detained on contempt. This will change once the court is convinced that Rawls is indeed no longer able to comply.
No, I don't think any private individual should be jailed for failing to decrypt data, regardless of whether they are able to, as part of a case wherein they are the accused. This should be a basic fundamental right of the accused, and I think the current working interpretations of the fifth amendment are unjust.
> How would any criminal justice occur if we let people off with flimsy excuses like that?
Justice in my view is the presumption of innocence, with the duty to demonstrate guilt beyond reasonable doubt placed on the prosecution. Forcing accused to decrypt data obviously helps the prosecution, but so would warrantless searches, and I oppose both for precisely the same reason.
Warrantless searches are unjust because the police can come in and execute them without oversight. In this case, the neutral overseer (the court) has directed the accused to comply with a request from the investigators.
Warrants are a check against rampant tyranny. They are issued or declined by an independent judicial officer whose incentives are, at least theoretically, not aligned to favor either party.
Warrants don't exist because we think it's unfair to comply with reasonable requests from the organs of the state in the their pursuit of justice, even when you're among the accused. Rather, they exist to make sure that the requests remain reasonable and fair and serve the interests of justice.
Like many things in our government, these are checks to limit and constrain the power of distinct government bodies and ensure that they do not get out of control. It is incorrect to assume that these restrictions exist for the convenience of criminal suspects, because they don't.
Well, it's not, and that's a terribly naive viewpoint. This is akin to a legal search. Are you also against those? How is this any different than compelling a suspect to e.g. open a safe in their home?
Not my problem, get your own codebreakers to do it.
It is literally the same as ordering me to tell them how to make sense of the unreadable data.
I'm not giving them a plaintext copy of something already existing elsewhere (assuming no unencrypted backups), but producing new information for them.
And unless you used FDE with full authentication (AEAD), which almost nobody does, there's nothing that says that this particular ciphertext represents the exact plaintext I've had at any given point in time.
With XTS mode (Truecrypt) you can cut and paste together different blocks from different ciphertexts under the same key for as long as they're in the right positions. Depending on how much you know about the computer and if you've got access to multiple backups, you can splice together something that even if it doesn't contain anything illegal, it would look suspicious and incriminating.
Consider for example LE getting your full file version history of a container from Dropbox.
And revealing the keys is a kind of testimony that you have had read/write access to the drive, and that it indeed is encrypted (not just random).
If he had a password hidden on Mt. Everest and demonstrated that to the court's satisfaction, and then cooperated with the court's order to reasonably assist in decryption (e.g., allowing the court access to the sherpa that routinely retrieves this key and enters it to decrypt his disks via some remote mechanism), I assume he would be considered compliant.
But if this were really how he obtains the password (and similar schemes of off-site passwords and accomplices aren't so outlandish in the case of servers which might require the keys on reboot a few times per year), how could he possibly defend himself from the contempt charge? It sickens me to imagine being in the same situation. If this isn't an instance of the cruel trilemma, I don't know what is =(
His case hinges on whether he can prove that the work necessary to decrypt the disks, which is understood to mean entering the keys which he remembers, is testimonial self-incrimination and thus illegal under the Fifth Amendment.
Believe it or not, most judges are aware of smartasses and are not required to accept "Well, I don't remember, and you can't prove that I do, so ha! You have to let me go now!" The evidence surely indicates that this man used his computer regularly, which necessarily required unlocking his disks, and that means that by all rational conclusions he is, or at least was, capable of complying with the order.
Until the court is fully convinced that he is no longer capable of complying, or until the order is dropped, modified, or stayed, Rawls will remain detained for his failure to comply.
Whether or not this is true is precisely the crux of the matter. Your comment echoes the government's position: Decrypting the hard disk is not equivalent to testimony, and is therefore not protected by the fifth.
The defence and EFF's amicus brief argue instead that we live in a world where our phones and computers are effectively an extension of ourselves, and asking to decrypt those is equivalent to forcing you to testify on your most intimate secrets, which is most certainly not kosher.
Well that is understandable but what if he burned the passwords just before he got arrested, heck he might even chewed them up and those are long gone. How would they find out? If he is a such dangerous child molester should they go full Sam L.Jackson Unthinkable style on him?
To me this is what the disk encryption is like. The cops can't understand how to read the disk. Is he obligated to help them? What if the pictures in there are encoded using a weird format? Should he be forced to produce a program to read them?
IIRC, the I don't recall defense has worked wonders for others in the past.
(Project called Mandos)
I believe I asked then about maybe having support for non-debian systems and eventually something like Windows in the distant future.. What kind of support would you need for it to be worthwhile investing in that?
(I’m not sure what support or investing would mean in this context.) A Windows programmer could probably port the server side program (which holds the passwords) relatively easily, since it is currently implemented as a normal daemon in Python, and could therefore conceivably be ported or re-written to suit any Internet-connected platform, and the network protocol is fully documented. The client program (which receives the password and uses it to de-crypt the disk), on the other hand, is not so simple to implement. But the problem is not the network protocol; that is relatively simple. The hard part is instead running in the limited environment which exists before the password is available. In Debian, this means writing a program to run in the initramfs system where a kernel is available, but no networking is configured, and no standard system services are available. I have no idea what this would mean in a Windows context. I have toyed with the idea that it might be technically possible to re-write the client to run in the EFI environment, but I have not looked into it – it may or may not be feasible; would one have to write one’s own ZeroConf library? How about a TLS library supporting OpenPGP keys (as per RFC 6091)? How would one even provide a password for unlocking the disk to, for instance, VeraCrypt? Would one have to write the whole thing as a kind of module in VeraCrypt, if such a thing is even supported? I haven’t the foggiest notion of any answers to these questions, and I’m not a Windows nor a macOS programmer, and we implemented it on Debian since that is what we used at the time (and still do). Also, I’m gainfully employed full-time, so I’m not really looking for more work. To sum up, I would not personally be very suited for this kind of work due to inexperience on other platforms, nor could I take it on even if I were, due to personal time constraints. However, I would gladly support (by being available on the Mandos development mailing list) anyone doing this kind of work.
I love the idea of Mandos, but I've had some trouble setting it up and getting it working in the past :( And there doesn't seem to be much help on the internet; most guides are flimsy with no real information in them
Well it's pretty obvious what happens then. The police claim Alice is lying and hold her in contempt indefinitely. The man from the article claims that he doesn't remember the passwords anymore and can't possibly comply, he's still being held in contempt even though there's nothing concrete to show that he still knows the password.
This is mainly because nobody has standing to challenge the law. To my knowledge, no US Citizen has yet been detained as an enemy combatant since the law was passed. It will be an interesting court case once that happens.
It's hard to covertly sign any legislation as the president, notwithstanding secret courts and laws (fisa, patriot act secret interpretations, etc).
Just saying, we don't need to try to make people think a certain way by guiding them with weasel words, people can read facts and make a judgement, without trying to subtly assign some bias in either direction.
So, I'd say, if you're going to try to go with the "I forgot" defense, you'd better be very sure not to give the court a reason to doubt your honesty (e.g. initially refusing then changing your story).
Although that makes me wonder if there's any legal incentive not to attempt to comply if you're not confident you remember. Maybe there's some greater legal vulnerability if the failed attempt is interpreted as deceit and treated more seriously than refusal.
cat /dev/random > filename
Also, it's extrapolating a lot from a case that's actually a fair bit less sinister than what you're suggestion. Facts of this particular case here are that:
1. The guy was a suspect to begin with, and they had
enough evidence of him doing something wrong (from
the Usenet side of the operation) that they got a
warrant to search his computer.
2. The disks are encrypted with off-the-shelf OS-provided
full-disk encryption, which is relatively easy to verify,
rather than some "purely random data that might or might
not be encrypted".
3. At no point has he denied having access to the keys (at
which point it would essentially stop being a 5th amendment
We have a tendency to misconstrue, willfully misinterpret, or altogether ignore the law when it comes to prosecuting individuals who we believe to be standing on much lower moral ground. We do so because we want so badly to punish the accused that we are willing to reduce or eliminate greater good that some privacy laws are aiming to provide (i.e. Trumps silly travel ban which is based on his hatred of Muslims built upon imaginary news stories and personal exaggerations of particular recent events -- all laws out the window)
> Encryption is nothing new people, you are just putting your data in a safe.
Well, you could also be held indefinitely for refusing to provide the combination for a safe. If there were safes that could keep them out indefinitely, anyway.
I suspect that they nailed him using ICAC's Black Ice app. It's a hacked version of the Freenet client that logs peer IPs, and tracks hashes that they handle. So his mistake was assuming that deniability was adequate, and failing to hit Freenet via Tor.
Edit: 2016-05-26 - Police department's tracking efforts based on false statistics: https://freenetproject.org/news.html#20160526-htl18attack
Is there case law supporting that? Traditionally I think the combination would be considered forced testimony.
It doesn't matter what they accuse him of, until they prove it, he's innocent.
I don't care what the charge is, if the government can not prove their case without compelling the person to testify / provide evidence against himself the judge needs to throw that case out. This is terrifying that anyone could be jailed for using what anyone would consider their 5th amendment right.
But we're not a court, and our standard for speech shouldn't be "beyond a reasonable doubt". The parent poster was right. His failing was looking at child pornography.
Tread carefully. The protections you give others are the protections you'll enjoy yourself if needed. And hoping you'll never need them is a very shortsighted strategy.
That's what you think until you're falsely accused of such a crime...
Now, replace child pornography with any other thing. Would you question me saying that he'd been downloading that thing?
There's a procedure though that we use to determine the likelihood of someone's guilt, based on evidence and legal arguments. Would you like to hear about it?
That said, as far as I'm aware the only evidence we've seen is that he's been accused of the crime. I don't what portion of accusations are false (or even a proxy like conviction rate in comparable situations).
That is, you are effectively dealing with punishment (by treating a suspect as a criminal and tarnishing their reputation before being convicted) by not applying the same rigour as the courts.
- That the viewer of adult porn shouldn't be prosecuted for viewing porn.
- That there is a societal / governmental acceptance of the exploitation of men and women, as long as they are adults.
The easy argument out of this hypocrisy is to claim that while children can never consent, adults can, but then that opens the can of worms of whether they're "consenting" under coercion, like under threat of not getting hired again to do work or if they're enslaved, and the answer to that is that it depends on the case.
At this point it turns political, with one side generalizing that most do consent, and another side also generalizing that most do not consent, and reaching an agreement is impossible because there is a half-truth to both sides, and after a lot of heated arguments, people get worn out, and nothing gets resolved.
So instead I'm just going to direct people to read up on the topic of victimology, which is a sub-genre of criminology, specifically how it affects human traffic (which are >90% women, and has a total volume of enslaved people higher than it was when slavery was legal) and get informed and then make up their own mind about it without bothering others.
Welcome to 2017.
It's one of the first strategies in the book of shutting down your opposition and probably was one of the first things people tried the moment discussions started.
Furthermore, there is presumably enough existing child pornography out there to satiate any viewer for their entire life. Perhaps increasing access to it is the way to discourage more being made! At any rate, paying for it could still be a crime, as opposed to the insanity of strict liability for bitstring possession.
And if obtaining and distributing the output material of a content industry without payment is supporting the industry, let that be put in writing…
Not necessarily, and even so, can it be proven?
If then that video was sold (or distributed in any way) to fetishists of dog beheading I could conclude that there is some kind of commercial (distribution) process going on here.
Note for children: I'm using parenthesis in a way that shouldn't be done.
Edit: In my opinion, the following offences ought to exist with relation to child pornography and abuse:
(1) Child abuse is an offence as it currently stands, or with revised ages of consent to better reflect philosophical, scientific and psychological evidence
(2) The act of recording of abuse with majority or express intention of furnishing the material for charge or otherwise in order finance or encourage continuing abuse is an offence
I think the second part needs some elaboration. I don't think that recording a certain act taking place ought to be illegal, nor I do I think it ought to be illegal to share that material with others. However this presents a dilemma: the abuse may be encouraged by the fact that the material is being sold or even enjoyed. If this encouragement to continue abuse can indeed be proven in a court of law, by some standard deemed appropriate (either the standard 'beyond a reasonable doubt' or the more strict 'balance of probabilities') then the act of making the recording and the act of furnishing the recording, I believe, ought to be an offence.
On the other hand, if the recordings are made merely to provide the enjoyment of others, and not for the purpose of encouraging abuse, I do not think there should be an offence.
At the risk of over-emphasising the point:
A child abuser may be encouraged by (i) money (ii) the thought that people are watching the recording (there may be further motivations).
If it can be proven that abuse continued and the abuse was contingent on one or more of these factors, there is sufficient reason to believe that the intent of the recordings aided another crime, which I think may be sufficient to culminate in an offence.
"Innocent until proven guilty" is the foundation of our legal system
Here (Sydney Australia) the penalty for refusing a roadside alcohol test is the same as the top range blood alcohol penalty. So you can refuse a test, and they'll penalise you assuming the worst-case result you could have produced.
I'm guessing this guy is in a quite perplexing quandary - he's betting on whether they'll keep him in jail for as long for refusing to decrypt the drives as they would for the crimes that decrypting the drives expose?
(At least I _hope_ that's his quandary - I sincerely hope the reality isn't that he's genuinely forgotten the passwords, and when the FBI/NSA _finally_ bruteforce it, they end up with baby photos, teenaged angst poetry, and a few bittorrented Hollywood movies... That does, at least, seem quite unlikely...)
It is quite a quandary :(
Might not help him if they believe that the encrypted keyless fragments is enough (which would be a horrible legal argument).
But LEA are selecting nodes based on the hashes of those fragments. Many of them won't have cached CP fragments, but merely relayed them. But if his node did, prosecutors could argue that they've identified CP on his computer based on hashes, and have experts testify about reliability, etc. How many jurors would understand Freenet design?
In fact, it seems dangerous for the judge to be able to jail anyone without a jury verdict. It seems to bypass legal protections.
The standard is not "100% proof". Perhaps you should learn something about the legal system.
Oh, but you see, little Timmy was actually being telepathically controlled by a diabetic alien about to pass out from hypoglycemia, who had him steal the candy bar. Can you prove this was not the case?
This is what reasonable doubt protects against. There will always be the ability to create a (probably fanciful) scenario in which the defendant is not guilty. An unreasonable scenario, one might even say. Being able to convince the jury beyond reasonable doubt is as close to 100% proof as you are reasonably going to ever get.
> Beyond "the shadow of a doubt" is sometimes used interchangeably with beyond reasonable doubt, but this extends beyond the latter, to the extent that it may be considered an impossible standard. The term "reasonable doubt" is therefore used. [Emphasis mine]
If you want to insist that "100% proof" and reasonable doubt are the same, that's of course your choice. I think you'll find that people will tend to disagree with you.
"I doubt that, because a fairy whispered something to me in my sleep."
Not even close.
While a personal hard drive full of child porn is unlikely to be "innocently" explained away quite that easily, I wonder if owners of, say, usenet binary hosting newsservers ever need to claim that defence?
We have to understand that, much like it's a military's responsibility (and desire) to go to war, it is the goal of spy agencies to gather all the intelligence it possible can. In both cases it is up to law making bodies comprised of "the people" to check these agencies' ambitions.
Didn't it go further than this? Just searching the data for some signal wasn't a "search" because a machine did it, it was only a "search" if you were a match and if you were a match then they had "probable cause" for the search.
Not entirely sure how accurate that is but FWIW it seemed like that was the accepted reading of the twisted reasoning on HN back when that came out.
*edited changed from key to combination because combination locks are protected by the 5th amendment and keys are not.
JUSTICE STEVENS, dissenting.
A defendant can be compelled to produce material evidence that is incriminating. Fingerprints, blood samples, voice exemplars, handwriting specimens, or other items of physical evidence may be extracted from a defendant against his will. But can he be compelled to use his mind to assist the prosecution in convicting him of a crime? I think not. He may in some cases be forced to surrender a key to a strongbox containing incriminating documents, but I do not believe he can be compelled to reveal the combination to his wall safe -- by word or deed.
When you have a panel of judges, we go with the decision of the majority of judges. The decision of the minority of the judges is still published under the heading "dissent." It isn't the ruling and it doesn't affect the law, but it's published just to note that they disagreed and their reasons.
There are some 5th amendment encryption cases where there is a question about whether the government has shown that there is a reasonable certainty that the files contain the evidence being sought. In those cases the 5th amendment would act to protect the info. That doesn't seem to be the case here and in that case, it seems like clear law that he would have to give up the data.
And don't complain too me that it's essentially the same thing; this is the judge's reasoning, not mine.
Sure, but isn't the question whether he should go to jail indefinitely? If defying a court order is a crime, then perhaps it should have a well defined jail term.
Furthermore, there's no evidence demonstrating he actually can comply.
That's not his crime, or as the subtitle below the story's headline states: "He's not charged with a crime." He's held in custody, not serving a sentence for a crime of which he has been convicted. He has never been convicted of any crime by any jury. That's a huge difference, both legally and morally.
I know this is an old argument, but what if I put the contents in a paper shredder, in the safe? It's still the data, it's just that it went through the shredder. Why is ok for the government to compel you to change the state of the data from encrypted to unencrypted? They couldn't compel Apple write software to decrypt a phone. Why can they compel me to write an encryption key to decrypt data.
Discloser all of my data is encrypted, and if the government asked I would really be torn about giving them keys.
I guess, the real reason why this question stands is that nobody gives a fuck about logic and solid law, someone (obviously) just wants it to be a crime and it is easy to sway public opinion in a way that allows for it to account as one. Which, again, reminds us that the current state of the law is that it is rotten by default.
no, they didn't compel apple
He didn't commit a crime. He is being held in jail for contempt of court. This is how the system works. This is no different than if a judge demanded that you turn over any other form of evidence - it should not be so shocking that you can be held in contempt for refusing to obey a court order.
It is bad, however, that he is being let to rot indefinitely. That is the problem here - not that he was jailed for contempt in the first place.
Because the judge's finding is based on evidence – see my other comment. The judicial power to make findings of fact is checked by the appeal process, which is now underway.
The problem is that contempt isn't classified as a crime and so it doesn't have a fixed term. There are moral hazards with having fixed terms like this, but the moral hazards of not having them, like this case, seem worse.
In terms of being stopped and searched when traveling, I just carry a TailsOS bootable live USB. My laptop doesn't have a hard-drive and boots entirely from my TailsOS USB stick. I did not enable any persistent storage and any bookmarks I need to remember, I simply remember them by rote, like in that movie The Book of Eli. My threat model is such that I don't want anybody knowing my business when traveling. The intrusiveness should only go so far as one question, like "Business or Pleasure?" and that's all.
In my opinion you'd be much better with a laptop that booted to windows and looked like it had some simple things installed under a password you don't mind giving them. Then they'll probably never get around to asking you about the usb stick your tailsOS is installed on.
You can now get extremely large usb sticks in very small form factors. I have been toying with the idea of creating something that looks exactly (and nonsuspiciously) like a usb 'charging cable' but with built in memory. Ideally if it's plugged into power or a laptop, it just appears as a normal usb cable, but if the microusb end is not plugged in, it shows as a large memory stick you could also boot from.
Bringing a Windows OS is stupid as Windows doesn't clean up properly after shutting down and leaves a forensic footprint which is difficult to cleanup unless you use something like Bleachbit or CCleaner after using Windows. You typically want to offload cleaning up to the O.S level and avoid using such tools such as CCLeaner in the first place (Keep in mind, since this is Windows, there are issues with free space on the drive that leave deleted files remaining on the hard-disk, even after explicitly stating they should be deleted).
With TailsOS, In other words, you can browse freely and with peace of mind that you won't leave a forensic footprint behind, giving you an upper-hand over other passengers who have to self-censor their browsing for fear of scrutiny at a later date from border officers.
Even tails if not immune to this unless you use some secure wipe tool. Even they flash drives have wear level management that loves data around to make the wear on each chip equal so you can't be sure its even gone.
I'll leave this link here for those who use Tails and need to wipe files and other data, either there and then, or after the fact of deletion (clearing files from free space):
I think you misunderstand my suggestion. You have a windows install that you don't actually use for anything. This is because a windows install is a normal thing for someone to have. You can keep your usb booted, forensic OS but make sure you're running it on something that they've seen a million times before, not some sort of l33t uber laptop without a harddrive.
The point is to look normal.
Securing cloud hosted documents is obviously another discussion.
 Also related: https://news.ycombinator.com/item?id=13016132
I know everyone wants to have a perfect justice system but we have to ALSO decide which direction we would like it to fail until that time comes (never). In essence cases like this are more about this question. When the system fails, which direction do we want it to fail in?
"are we are willing to let a guilty person go free rather than let a guilty person go free and an innocent person go to jail."
Which has a much more obvious answer..
Although, thinking about it from the point of view of someone being Convicted of a crime that never happened is fair enough, But when someone is not convicted of a crime that never happened we are not 'letting a guilty person go free' so both options in the ultimatum are broken with this.
or do you just put 30,000 in prison to prevent most innocent persons from going to jail? Then you are letting half of the guilty people go free
It's a question of how many innocent people you are willing to jail to catch more real criminals
It seems we accept a higher FAR (False Alarm Rate, a diagnostic which gives a false positive) for certain communities (poor people, minorities) than others.
The consequence matters too: even people who support the retributive aspect of the death penalty may reject it in practice because of the excessive false conviction rate.
60,000 = "oh well, some false negatives, some false negatives AND false positives, whatever"
30,000 = "oh well, some false negatives"
Although i get the feeling we are moving into semantics, its just always bothered me the way this was worded. Anyway thanks for that perspective, made me think.
Let me ask a question, is jail the appropriate sentence for a contempt of court charge? This is not the first time, reporters have been jailed for many months bc of contempt of court charges. Is this the appropriate sentence for the crime of not complying with a court order?
I don't know what the alternative would be... also, on the question of guilt vs. innocence. I can see myself agreeing with you that since the state has such a high burden of proof to meet, that the defense has a an implicit advantage, the issue is that the statistics are showing a far greater issue of a imbalance of justice being applied at different levels of society. There is no good reason that I can see where an innocent poor person goes to jail because of a bad defense, vs a guilty rich person who gets off because of a great defense.
Justice is supposed to be blind.
In reference to your question I'll pose another question: "Should this be counted as being in contempt of court?"
As to the innocent people going to jail because of bad defense, I think this is why we need to fail in the direction of the innocent. I'd personally rather guilty men go free than innocent men be imprisoned. I think if we're going to figure out the limitations of the 5th Amendment in the digital age we need to decide which direction the system is going to fail. I think many on HN will agree with me, but I'd be interested to know what the country as a whole believes (if anyone has that info).
The crazy part for me is that this has all happened while the crime rate has been steadily going down, so there's not even a justification for it (from a crime standpoint).
*edit - aquire not require..
Except those files may have been deleted already. You can't prove that you will find anything incriminating on that drive.
My most important passwords (passphrases for gpg used by password managers and luks) are in my head and muscle memory.
When I update passwords I tend to have them written down until I've typed them enough times.
So after a months vacation I often struggle to remember my work password for example. While using phrases makes all this easier these days, 16 months is a long time to presumably spend without your keyboard.
But being forced to divulge the virtual coordinates of his hidden data is somehow different...
Should law enforcement have a right to search through court orders? In a world of unbreakable locks it seems very hard to get justice unless the law can do proper searches. If we end up in a world of unbreakable encryption everywhere, seems to me, criminal activity will have huge benefits. If we can't control crime, we can't have a just society. We can't protect a individuals rights if they are undermined by criminals. Of course, it's also hard if the state has too much power to protect and individuals rights. But somewhere we need pragmatic compromises.
The police does parallel construction to avoid admitting access to illegally collected evidence, civil forfeiture to punish people for things police doesn't like without having to prove anything, etc — incentives for police to step over the rules are a larger problem than unbreakable encryption right now.
So this becomes the question where decrypting a hard drive lies on this spectrum. Is it more like testifying against yourself or is it more like allowing the police to search your home? Assuming one agrees with the way testifying against yourself and searching your home is currently handled by the law.
In Germany you never have to actively help the police even if they come with a warrant. They can't even compel you to open the door of the house or a physical safe. They will of course come in anyway and send you the bill for the locksmith, but it's your perfect right to just sit there and do nothing.
So with the hard disk encryption it's actually exactly the same: You don't have to help in any way, but of course the police can still take the drive and try to decrypt it. If they can't decrypt, well, bad luck. Not your problem, you don't have to help.
This raises the question if there is any other situation where you have to act against your own best interest, otherwise my initial argument falls apart and it seems unreasonable to try to force someone to decrypt his hard drive.
Another question is, how far can I push the search warrant scenario? Am I allowed to use force against the police to prevent them from entering in the same way I may use force against burglars? Am I allowed to shoot at the police? Not that it would buy you much, it is pretty unlikely that you can hide at home forever, but from a purely theoretical standpoint?
The downside is that you'll probably end up dead, since the police (in the US especially) have a record of killing even people who don't shoot at them.
Whether not giving up keys is jot helping or is it stopping them.
Rights are rights.
But we make up those rights. If there is a right to not to incriminate oneself that applies in all circumstances, then I am of course with you, you should not be forced to decrypt the hard drive.
My point was that I am not sure if such a right applying in all circumstances exists and I thought the search warrant scenario proved that to not be the case but that turned out to be wrong.
Doesn't this whole situation and the threat thereof go away for 99.9% of the population if we decriminalize possession / "viewing" of child pornography? [Note: you could still be severely prosecuted for making it]
There doesn't appear to be anything else in the digital realm that can get you in such legal trouble. The only other thing I could think of is national defense espionage, or rogue WMD plans. And on these counts, 99.9% of people are going to be very difficult to put a plausible frame job for these crimes. Sure the 0.1% with security clearance could be framed here, but as far as I understand, that's a personal decision and risk each person go to make for themselves.
If you deny the prosecution the ability to use reasonable suspicion of CP to search, or compel a decryption of your digital files, it's going to be a long time before another case like this.
The list goes on. It just so happens the FBI is obsessed with CP, but if you decriminalize that, we'll have the same problems with other crimes.
Take corporate espionage: sure proprietary files from my employer could end up on hard-drive. But that would mean the FBI is willing to in addition to frame me, pay someone to go in and steal from my company. That's the type of thing that get's someone's boss's boss canned.
Do you see how high the conspiracy is going here? And do you know how messy this type of action gets when you need all these different nefarious actors executing FrontPageHeadline news if caught.
As far as the Drugs.xls, or the MobsterAccountPayable.xls, there already exists much legal room to disqualify a one-off document, without some kind of physical evidence - e.g. a guy wearing a wire says "Hears the money to pay Tony the Muscle" and you say "cool" or the guy who runs a storage facility says thats the guy who came in two months ago and rented that locker where the drugs were found. That's why the police are so obsessed with getting these type non-digital evidence: because a conviction on pure digital grounds is almost impossible with a halfway decent lawyer.
The thing about CP it doesn't have to be congruent with any other aspect of your life or be verified by anything physical or any witness. Even the motive/rationale is he had disturbing sexual impulses deep in his heart and its common sense that he wouldn't revel these to anyone so let's just assume he does.
I mention this because there are parallels. In each case the man would say "I don't have the (key|money)" and in each case the judge can effectively sentence them to indefinite jail.
But I'll play along with your pedantic game. First, the wording says to give over his computer and hard drives. What if those hard drives failed? He can't handover the literal hard drives anymore.
Ok, you say it can be any hard drive then. The court will provide replacements and the disk images. If investigators providing those materials is allowed as a means to allow Rawls to complete said task, that means Rawls is allowed access to materials the court (or prosecution or him or some other entity) deems necessary. Not a big deal, right? Wrong. Going down that rabbit hole can lead to a slippery slope where courts can abuse the power of the wording to indefinitely contain anyone given that they assign them a task that "can" be completed with the given materials. However, the feasibility of the task may or may not be reasonable.
It's the twisting of the law through evasive language that is the problem here. They are deliberately avoiding the 5th Amendment by deploying language that skirts the letter of the law and ignores the intention/spirit of it.
Failing that they can convict him based on other evidence or at least convince him that they can and cut a deal for access.
In the vital cases which are normally cited as examples of why we must allow cops to violate our right options abound.
What's left is petty crap and police incompetence which serve as poor justification for giving up our rights.
Why do we care for people distributing "illegal material" in the first place?
And how come this "illegal material" doesn't ever get decrypted? Catch them then.
Is "distributing child pornography should not be a crime" really the hill you want to die on?
One day, some one is going to pass a law or do something that you don't like because the government will have unprecedented access and control of information flow. They can stop you seeing or even sharing. And it may be happening already but nobody knows.
But responding to a case where cryptography is (maybe) used to conceal evidence of possession and/or distribution of child pornography, with, and I paraphrase, "why do we care about this kind of nonsense?", does not advance the cause of encouraging moderate legislation and jurisprudence on this subject.
At the very best, it makes one who advances such an argument look like so completely detached a privacy absolutist as to defend even the vilest of crimes in cases where it might overlap with his pet issue in a potentially negative way.
At only slightly less than the very best, it opens anyone who advances such an argument to allegations of wanting the distribution of child pornography to proceed untrammeled by law, and to those allegations being supported by citation of arguments like 'coldtea's, made in threads like this one.
I get that many here are very theoretically minded sorts, and that, being "systems thinkers", are much happier designing the perfect system of laws and judgment on a clean sheet of paper, rather than dealing with anything so messy as the diversity of politics and opinions which has such a significant impact in reality. I used to be such a person myself. It didn't help me understand a damn thing about the world in which we all actually live, and it made me a pointless nuisance rather than an effective agent in convincing people that even such a hot-button issue as child pornography is not an excuse to abandon all nuance.
I don't demand that my interlocutors, here or elsewhere, develop the same understanding, although I think it'd be a brilliant idea if they did. But I do ask, at minimum, that when they say ill-thought-out and pointlessly absolutist things which tend to make it harder for me to actually convince actual people that at-rest encryption is not dangerous but compelling those accused of criminal activity to divulge encrypted data is, they not act so surprised when I push back on that.
Oh come on, now who's being hyperbolic. Possession of child porn is clearly not the vilest of crimes, as child molestation is obviously much, much worse. And don't pretend like those are remotely the same.
And in any case, I don't think I strayed very far, if at all, into hyperbole, even taken verbatim. Child pornography may not be the same thing as child molestation, but it's still plenty vile nonetheless.
More hyperbole. You really think young cartoon characters conducting sexual acts, which is illegal child porn, is as vile as perfectly legal scat porn? Or is your claim once again hyperbolic because, a) it's not your sexual preference, and b) you assumed, wrongly, that everything classified as child porn is necessarily harmful to children?
You even said that my interpretation of your literal words was not far from your intent, and doubled-down on your claim that child porn is almost as vile as child molestation. I then pointed out that some cartoons are considered child porn, and contrasted that with legal porn that's also widely considered to be vile, then asked if you stand by your claim that underage cartoon sex is really more vile than this type of legal porn (which doesn't even touch on the issue of why vileness is a meaningful metric of legality, as opposed to something obviously meaningful like harm).
So I can't see how I'm arguing in bad faith.
> Visual depictions include photographs, videos, digital or computer generated images indistinguishable from an actual minor...
No language exists to include depictions of the sort you describe, which are trivially distinguishable from an actual minor.
Perhaps you argue from the law of a specific US state, but you need in that case to name the state on whose laws you base your argument, and explain why they have a stronger bearing on the matter at hand than the laws of the nation entire.
If you're going to continue to accuse me of engaging in hyperbole, authoritarianism, ignorant pseudoscientific wittering, and whatever else you can think of, that is of course your privilege, and I would never dream of suggesting you demur. But will you please leaven it a bit with actual substance, as in your comment full of rich, meaty counter-citations to my hypothesis around reinforcement, a comment which I look forward to perusing? That was an excellent comment, and I appreciate it! Quite aside from the tantalizing possibility of learning something new and thus improving my understanding of reality, one does eventually grow tired of the same thing over and over; a bit of variety appeals.
Police have more than enough tools to catch people using encryption without the ability to compel people to decrypt data. At the end of the day if you have to try force someone to enter a password or fetch you a key then you already fucked up and should have to admit your failure and try assemble a case with what you were able to get before you fucked it up by not getting the data in-flight or otherwise unencrypted.
How about creating child pornography being a crime? That's what's actually hurtful.
Regardless, if you're saying we should focus more on treatment and less on caging people, I can get behind that. If you're saying we should just abolish the law and do nothing on the consumption side - we likely disagree on the harm done or the role of government in society.
Same. But just lately it seems like the push is toward normalization, and that complicates the matter considerably.
Not only would this expand the scope of "criminal" to include people who have not committed such crimes (and may never do so), but I think it's a futile and petulant exercise, albeit one with benefit to intrusive law enforcement (and I'm echoing feedback provided elsewhere in this thread).
In any case, these are all currently crimes in their own right, so they fall under your first category, rather than your second, so I'm not quite clear what sort of point you're making here.
I was answering the question below:
>Your proposal ignores it - legalizes its distribution, in fact. Why?
If, in response to my answer, you conclude that committing a crime is an action tantamount to sharing, viewing, or possessing information about it, I disagree, and I think your outlook is frighteningly authoritarian. "Action" was a poor word choice. "Actions which entail direct harm", such as raping a child, should be illegal, I should've said. "Actions which entail indirect harm", such as possessing, sharing, or viewing data, should not be, in my opinion.
That doesn't matter if you're ignoring actions' directness and level of harm altogether and arguing that, since a judicial body classifies an action as a crime, it is a crime, and so I should agree that it should be a crime. But, in that case, I also disagree, and I think you're being a poor advocate for orthodoxy.
>ongoing harm to the victims, which, while not unreasonable, I think might be a weaker argument than that distribution in particular may make and expand a market even when not done for money
Here, I think you're doing it more justice. Incidentally, though, I'm the other way around. The "harm to victims" angle is much more salient than the "increasing demand" one, but both are pretty spurious to me, and certainly seem like underwhelming reasons to imprison and permanently cripple the lives of people whose only actions consisted of manipulating bits in storage media to the direct harm of no one.
You're also underplaying your hand here somewhat, I think - either that, or you find your own arguments unconvincing. You've already conceded, in your concept of "indirect harm" (still harm, but less so?) and the weaksauce relative-injury argument which constitutes your last paragraph, that the distribution of child pornography does inflict ongoing harm on those abused in order to produce it - but you don't think that that harm suffices to justify the injury inflicted upon those who engage in such distribution, but not such production, in the course of being convicted of and punished for that crime. That the former are innocent, and the latter are not, seems not to move you; your concern appears instead to be purely utilitarian.
I don't suppose it would be surprising if you were indeed unconvinced of this - it strikes me as a very difficult position to defend! But I'd be interested to see whether and how you do so, nonetheless. Or perhaps I've misgathered your point?
I don't think anyone would argue this "cures" the tendency - certainly I will not! But, at the very least, I can't see how it could do other than make a pedophile less likely to graduate to child molesting, to have built a strong habit of not acting on the urge - and, again, vice versa.
There are also other forms of harm than the physical. I am not myself moved to dismay by the possibility of images of my own abuse circulating on the Internet, although that may have more than anything to do with the fact that, to the best of my knowledge, no such images were made, and in any case said abuse occurred long before the dawn of the era in which such distribution became trivially simple. But I hardly imagine it is my place to tell someone who does find such a possibility - or a certainty - dismaying, that she is wrong to feel that way, or that she should not consider herself to be harmed thereby. Nor do I believe it is anyone else's place to do so.
Reinforcing the circuits to reward yourself with more porn, not with molesting children. Your whole point is exactly the kind of pseudo scientific rationalising every authoritarian uses to push their "moralistic" agenda.
Real studies have actually shown that exposure porn reduces recidivism and tendencies to molestation, except in a small class of pedophiles which already have violent tendencies.
All of the studies purporting to demonstrate links between possession of child porn and child molestation are plagued with methodological errors . This issue is so emotionally charged that most of the science around it is garbage. The stigma against child porn is no different than claiming that consumers of staged rape fetish porn must all be closet rapists, and viewing this porn will simply make them act on it. It's a patently absurd claim.
About the only possessors of child porn that are at high risk of molesting a child are the ones that actually produce it, and so had already sexual abused children .
While it would be a stretch to postulate that the effect of child pornography on those disposed to it exactly matches that of drugs which provoke massive dopamine release on those who take them, the effects of dopamine on sexual behavior in the human male, and its role in the brain's reward system in general, lend I think considerable plausibility to the hypothesis that engaging in pedophilic behavior centered around child pornography, and obtaining sexual satisfaction thereby, tends to potentiate further engagement in the same behavior.
This shouldn't be surprising. Consumers of rape fetish porn are unlikely to actually rape someone, but actual rapists are likely to consume rape fetish porn. Furthermore, in countries where porn of all kinds was legalized, including child porn, enjoyed falling rates of child molestation.
The OP is making some of the same old arguments people have trotted out against porn for decades, just couched in pseudo neuroscience. The fact is, we don't understand these relationships to the degree the OP needs to justify his causal claims.
On the other hand, children are extraordinarily vulnerable to many forms of abuse, this among them. In a system of laws one of whose explicit purposes is to afford those vulnerable to mistreatment protection under law, I don't think it is on its face unreasonable to argue that children merit extraordinary protection as well. While there is perhaps a fair question to be asked around whether the sort of law under discussion actually serves that end, I would at the very least suggest anyone raising the question in a serious way be very well prepared to answer objections and counterarguments of every imaginable sort.
You could argue that looking at CP is no different then looking at a murder photo.
Both are a picture of a crime you didn't commit.
Were I, though, for some unaccountable reason required to clarify my opinion on Rawls' situation despite it being in no way pertinent to the discussion at hand, I would note that I consider his treatment in contravention of both the right to speedy trial and, although I'm not as sure about this one, habeas corpus as well. The case as a whole, and the prosecution's attitude toward it, strike me as a solid example of the troubling habit of overreach our legislative and law-enforcement communities seem to be developing toward strong cryptography, which is as morally neutral as any other technology.
On the other hand, it's rather difficult to argue other than that a government unable to maintain order is unable to effectively govern, and not at all difficult to understand how, viewed from such a perspective, effectively impermeable cryptography might well seem an imminent danger to the security of the state and of those of its citizens not engaged in the sorts of activities which tend to undermine the ability of the government to maintain order. I understand that, especially since last November, the Overton window around opinions on the United States government has shifted such that mere deep and lasting mistrust seems absurdly moderate. But there is nuance here, and to ignore it in search of easy answers is as foolish in this context as in every other.
And quite aside from all that, there is the strong utilitarian argument to be made that this is not the hook on which to hang your defense of encryption, privacy, et cetera. Pedophiles and child molesters come in for about the strongest opprobrium our society ever brings to bear. Do you really not have anyone else around whom to build this case, so that you might have an easier time arguing against such mistreatment of someone as yet convicted of no crime? If you exclude refusal to decrypt a volume on demand from the permissible causes for a finding of contempt, you solve this fellow's problem, too. Can you really not find any way to do that that doesn't involve putting him front and center, where it is literally impossible to separate the substance of the issue from the allegations of extreme unsavoriness which will be leveled against his character, and by extension yours as well?
Remember, if you're going to make a meaningful contribution in this realm, you must of necessity do so in the world where we actually live, not the one where you'd prefer that we did. In the world where we actually live, pedophiles and child molesters are the lowest of the low, and even the mere accusation of involvement in such activities is often enough to ruin lives. It's already hard enough to sell the argument you're making. Why is it worth your while to make it a whole lot harder?
"Bad guys" still have fifth amendment protection. You prosecute, satisfy the burden of proof and hope a jury convicts. That's what you do.
Outside of that, if you really want this changed, petition your representative to repeal the fifth amendment, I suppose?
Is this something that ought not be considered either?
"bad guys" who distribute illegal material
Sure, that's an obtuse abstraction, but honestly, the buck stops there. At the end of the day, they have a circuit encoded in a given state. Magnetic media that can be arbitrarily degaussed.
It's not real.
Stop prosecuting it.
So, okay, you wanna argue. Let's get more specific.
Bad things people can "have" encoded on their digital storage media:
1. stolen economic identifiers, such as credit
card numbers, and other mechanisms of fraud
2. raster graphics and audio depicting nudity,
or evidence of events that have since transpired,
and prove culpability, via direct participation
rather than simply the hoarding of collectible
media files of whatever persuasion
3. preferences and settings that can correlate
identity in other crimes, subscriber information
such IMEI numbers and MAC addresses, and more
4. classified information restricted from being
leaked among state actors or the general public
5. intellectual property that translates directly
to business opportunities, insider trading,
corporate espionage and other white collar
6. copyrighted music and movies, oh noes!
The demand for relinquishing data, in any such situation is not unlike demanding all the things that people write on napkins and envelopes. Every scrap of paper in someone's pocket. Movie tickets, dry cleaning stubs, match books, and so on. Evidence of a crime? Possibly. Is everyone guilty until proven innocent? Gee, I don't know. Maybe we should just make everyone empty their pockets, and take pictures, just in case.
The fact of that matter is that these are essentially fishing expeditions for item #3.
It's not about "illegal data" at all, nothing is ever going to divert ones and zeroes as contraband. That simply doesn't happen, and doesn't work. It's about coming up with reasons to harass people, as vectors into prosecuting other crimes. Smoking out the paranoid, so that they crack under the pressure of getting sweated down in the hot seat.
I would note as a counter-counter argument that we often make things illegal that are not in themselves harmful, but can lead to harm.
Kind of. I do my best to avoid any relation with the U.S. including avoiding visiting it, taking up a job or incoorperate there. So even thought i am monitored by some shitty govs, there is no legal way that it means anything.
Or, maybe a better question is, why do you think you could legalize child porn easier than we could outlaw or end programs like PRISM?
To outlaw or end programs like PRISM you'd have to take on the entire political establishment, the military industrial complex and all branches of the judiciary and law enforcement.
It'd be far easier to legalize CP than do away with PRISM and the like.
It's a bit like asking a burglar to break in. You either have enough proof, or you catch them in the act.