So the police no longer need to plant drugs. They can just plant encrypted hard drives to which you have 'forgotten' the password. Hard-drives containing hashes of 'bad' pics. And then you can spend your life in jail (unless you plead guilty) ?
The question isn't if this particular man is guilty, it's if investigators and judges have the constitutional authority to sentence a person to life in prison because they think that a person remembers a password they say they don't remember.
The judge's ruling says essentially what you're saying... there's enough evidence already that he considers it a foregone conclusion that there is child porn on the encrypted hard disk.
The only problem I have with this argument is that if it is such compelling evidence why not send the case to trial and let a jury decide?
You have misunderstood what "foregone conclusion" means in this case. It is not a foregone conclusion that this is child porn on the disks. It is a foregone conclusion that there is something on the disks and that something is encrypted with a password known by the defendant.
The author of the arstechnica piece (who, unlike the author of the Washington Post piece, is not a laywer) hasn't really explained things well. It's worth reading the actual decision from the court[1].
A relavent paragraph:
In Fisher, however, the Court also articulated the “foregone conclusion” rule, which acts as an exception to the otherwise applicable act-of-production doctrine. Fisher, 425 U.S. at 411. Under this rule, the Fifth Amendment does not
protect an act of production when any potentially testimonial component of the act of production—such as the existence, custody, and authenticity of evidence—is a “foregone conclusion” that “adds little or nothing to the sum total of the Government’s information.” Id. For the rule to apply, the Government must be able to “describe with reasonable particularity” the documents or evidence it seeks to compel. Hubbell, 530 U.S. at 30.
Note that the issue with this question is the "existence, custody, and authenticity" of the evidence not its actual contents.
Because you can only send this case to a jury once without triggering double jeopardy, so the state has an interest in sending the strongest case it reasonably can.
If they're going to do that, they might as well just leave the pictures unencrypted. I don't see how encrypting it and then going through all these gymnastics in court helps them; in fact doing that seems like a good way to draw unnecessary attention to the frame job.
I mean, he could have testified at the contempt hearing or presented any sort of evidence that he just plain forgot the password, and the court might have heard that. He opted to not testify or introduce any testimony at this hearing. So that court hearing did not seriously consider memory failure because the defendant did not seriously assert it.
(Of course if he was lying about the failure of his memory, that assertion might have gotten him into more hot water -- it would potentially be a perjury charge. But we should not say definitely "he was lying when he said that to police" but just "he didn't make that case for himself at court," if I'm reading these court documents right.)
Just to give the relevant excerpts, the supplemental order that the judge issued to explain his reason for the contempt order states that he's using a well-established legal framework for figuring out memory-failure type contempt cases, quoting one of those cases directly as:
> A civil contempt proceeding on a witness' asserted memory loss requires a three-step analysis that shifts the burden of production to the witness, but always leaves the burden of proof with the government. First, the government must make a prima facie[1] showing of contempt; i.e., that it made an authorized request for
information, that the information was relevant to the proceedings, that the information was not already in the possession of the government, and that the witness did not comply. Second, once the government has presented its prima facie case, the witness must provide some explanation on the record for his failure to comply. If the witness fails to meet this "burden of producing evidence," the government's prima facie case is sufficient to meet its burden of proof for a finding of contempt. The witness may meet his burden, however, where, as here, he testifies that he does not remember the events in question. Finally, if the witness meets his burden of production by claiming a loss of memory, the government must carry its burden of proof
for a finding of contempt by demonstrating that the witness in fact did remember the events in question, thereby establishing a willful
failure to comply.
Note that testifying "I don't remember the password" is enough to activate part two. The supplemental order then goes on to apply this in the only obvious way,
> [first, ] the Government's prima facie case of contempt was largely, if not entirely, uncontested ... [second, ] at the September 30th
Contempt Hearing, Mr. Rawls did not testify or call any witnesses, he did not offer any documentary or physical evidence into the record, and the only evidence he elicited was in the form of cross-examination of the Government's witnesses. Crucially, Mr. Rawls offered no on-the-record explanation for his present failure to comply with the August 27th Order... [therefore, ] in light of the Government satisfying its burden of proof, the Court adjudged Mr. Rawls to be in civil contempt of court.
[1] prima facie is a phrase which one might not be familiar with unless one has a philosophy or legal background; it means "at first glance" -- i.e. the government's showing might at a deeper stage be questioned but it has to "look like" contempt in order to start the process.
One way would be to bang your head into the wall and cause an injury serious enough that a doctor could testify that you have brain damage and therefore memory loss.
If I was innocent, and legitimately forgot my password, and faced an indefinite time locked away, I would probably actually consider that as an option. Now that act itself could be an act of contempt, but then again you could always use the excuse that someone else did it to you. Or you could pick a sufficiently damaging fight with another inmate or guard.
If indefinite imprisonment can result from one's failure to prove that one does not remember (or never knew) some piece of information, I consider that a serious flaw in our legal system.
As the note at the bottom of the article implies, "hashes" of files on an encrypted disk? WTF?
"Bleeping Computer users have pointed out that you cannot match file hashes to encrypted content. The article was updated with a link to court documents from where the prosecution's statement was cited."
They have to convince a court beyond reasonable doubt that you know the password, AFAIK. An extreme example would be pulling the power plug on a computer you're using as the police arrive: you'd be hard pushed to convince a jury beyond reasonable doubt that you don't know it. Of course, shades of gray, etc.
Maybe if you kept a live Linux USB bootable drive plugged in at all times, you could say that you can't access the installed OS...might have a problem with time-stamps and such but that should be fixable
It's odd that you can be required to prove your own innocence beyond reasonable doubt. I would have sworn that it was supposed to work the other way around.
Did you read? He showed the pictures to his sister so the court is reasonable certain that he does know the password. If that's the case then he lied to police which is an offense in itself.
> The court also noted that the authorities "found [on the Mac Book Pro] one image depicting a pubescent girl in a sexually suggestive position and logs that suggested the user had visited groups with titles common in child exploitation." They also said the man's sister had "reported" that her brother showed her hundreds of pictures and videos of child pornography. All of this, according to the appeals court, meant that the lower court lawfully ordered Rawls to unlock the drives.
And then this from Rawls' public defender:
> "The fact remains that the government has not brought charges," Donoghue said in a telephone interview. "Our client has now been in custody for almost 18 months based on his assertion of his Fifth Amendment right against compelled self-incrimination."
There are numerous quotes from Comey and many others in the FBI and DOJ who have argued that forced decryption is necessary to catch the bad guys. But here the argument is the exact opposite: the evidence they have is so overwhelming that it is a "foregone conclusion" that more of the same incriminating evidence is on the encrypted drive.
> The court also noted that the authorities "found [on the Mac Book Pro] one image depicting a pubescent girl in a sexually suggestive position and logs that suggested the user had visited groups with titles common in child exploitation." They also said the man's sister had "reported" that her brother showed her hundreds of pictures and videos of child pornography.
The fact that hey have so much evidence and yet they still prefer to lock him up in jail until he decrypts the drive rather than convict him makes me believe this case is intended to provide jurisprudence in order to force other people to unlock encrypted devices in much more dubious cases.
Not unlike the "locked iPhone" case where terrorists had destroyed all the devices that could be of interest and yet the FBI went against Apple because the case appeared very good to get support in the public eye (it's to catch terrorists!).
> The fact that hey have so much evidence and yet they still prefer to lock him up in jail until he decrypts the drive rather than convict him makes me believe this case is intended to provide jurisprudence in order to force other people to unlock encrypted devices in much more dubious cases.
Or, they prefer to have actual images to use against him in the child porn case they intend to bring, rather than being forced to explain cryptographic hash functions to a jury.
These issues are often around catching criminals but there's always the issue that they will be abused for something else and we (the common folks) are all at risk. That's plausible.
Honest question: It's hard to do risk assessment at my level of ignorance so where can I find major cases where common people have been screwed by the overarching tentacles of govt surveillance in the developed world? Any noteworthy cases I should read about to raise my level of alertness?
Most "developed" governments recognize some right to privacy. Counter examples that come to mind would be censorship by governments who surveil internet traffic & lock up "rebels", or governments that go into people's houses without warrants, checking to see if you're harboring people of a "banned" sect. I worked with a developer who had just moved to the USA from Cuba, he told me stories about how they would go around in vans, if they detected illegal wifi signals they would kick in your door & put on a show. If you were sent to prison it would of course involve various forms of torture, like being forced to stand for days on end, according to him.
Your question is loaded though, because of course the common person will follow the law & avoid going on the internet.
My question was not loaded. I'm not assuming anything (well, except that by having broad surveillance rights the govt can do harm to regular people).
I'm looking for documented cases where common people have been harmed so I can feel more impacted by it (and I have better examples when talking about these subjects with friends and family).
It's not fair to unload these research needs on HN so I'll do more googling to find a catalogue of cases I can refer to.
Again, I'm not dismissing any issues. I'm 100% acknowledging them and hoping to increase my own level of alertness based on concrete facts that I can relate to (or are closer to my reality vs. basing my rights on the rights of pedophiles and terrorists being impacted). I hope that clarifies my perspective.
> I'm looking for documented cases where common people have been harmed so I can feel more impacted by it (and I have better examples when talking about these subjects with friends and family).
* it was revealed in the lawsuit that she was put on the no-fly list due to a clerical error
* the government used nearly every tactic available to keep the details of her lawsuit secret in the name of national security, meaning a) they were actively trying to cover up embarrassment of the clerical error, b) the DOJ actually don't have an easy way to know why someone is on the no-fly list, or c) they have a way but have little to no interest in finding out. None of those are good options for a democratic developed country.
* this interrupted her Ph.D. studies at Stanford.
* this interrupted her ability to appear in court for her own lawsuit (because her name remaining on the no-fly list prevented her from travelling back to the U.S.)
* this cost millions of dollars in attorneys fees and what looks like years of time for her
* there is no evidence that the administration of the no-fly list has improved since then, and indeed has only grown (almost certainly a link from the Intercept that backs this up, but you're not paying me to research this and I am now bored and hungry)
Edit: just so it's clear-- the reason she kept reappearing in the list is because the nature of wide-net surveillance databases is that they sprawl across multiple agencies that often don't have the ability to communicate well with one another. Further, no congressperson in their right mind is going to publicly take up the cause of "cleaning up the no-fly list" because the moment there is anything resembling a terrorist attack an opponent will beat them by calling them "soft on terrorism."
One final edit: Question: be honest, if she had lost this lawsuit and I had included her story as an example of common people being impacted by wide-net surveillance, would you have found it convincing?
I think a good argument against all of this massive surveillance for common people is that governments are usually pretty incompetent and a bureaucratic mess... it's a very asymmetric battle with massive blob holding a lot of information about you vs. you without few resources and picking up clues here and there about what might or might not help you in a lawsuit.
I'm not sure I understand the question. It's not like the NSA is going to shoot a tennis ball at your head if you fail to pay attention to wide-net surveillance.
Similarly, the cases where wide-net surveillance has had a detrimental effect on people-- the case of the Stanford student who accidentally got added to the U.S.'s no-fly list comes to mind-- there was probably nothing at all the person could have done to prevent getting screwed.
One reason they want him to unlock the drive is to protect children. Each of these images is a child that has been abused. Some of these are historic cases, and the child is now safe. But some of these are new, and the child is still living with the abuser, and the abuse is continuing.
I don't think that's the point of plea bargaining, but plea bargaining is an American thing and we don't have it in England.
Waiting for a case to make its way to court would take far too long. Police will search through seized evidence and immediately start trying to identify the children in the images; working out if the images are new; and working out where the images were created.
They'd also want to see if there are any images of abusers in there too, and if those abusers are already known to police, and if those abusers are the same person as the alleged possessor of images of child sexual abuse currently being detained by police.
> "The fact remains that the government has not brought charges," Donoghue said in a telephone interview. "Our client has now been in custody for almost 18 months based on his assertion of his Fifth Amendment right against compelled self-incrimination."
To be clear (and I am pretty sure the public defender knows this, but is just phrasing it like this for public perception), the prosecution's position is that the Fifth Amendment is irrelevant because they're compelling him to do an act under the All Writs Act and not to testify about anything (produce a password, produce files, etc.). The approach they're taking is that he's a person in a position to do something to let the government access evidence, and it doesn't matter that he's the person they want evidence against, instead of a third party (as with New York Telephone Co., or more recently Apple), and he's in prison for refusing compliance with the writ.
It's totally unclear that this legal strategy should work in a just/ideal society, but, at least for now, the courts are allowing it.
1. There is an unbreakable safe
2. The judge believes he has the key to the unbreakable safe
3. They know there is evidence inside the safe
4. They ask him to unlock the safe
5. He refuses to do so, so they try to force him by jailing him
They do not ask him to testify about the safes contents or even to hand over the key, just to "insert and turn the key". And their argument is that he can not refuse that by pleading the fifth. In a physical world they would be able to seize the key from him by force even if he gets hurt in the process (within some limits).
In the end he will probably be able to argue that he does no longer have the key, and they will not be able to proof he still has. But _at the moment_ this is not whats being argued about.
(Not saying I find anything about that right or just or moral, but I do not find it completely without reason)
This is a reasonable analogy too, but that does not help (me at least) to understand the position of the judge and prosecution.
Deciphering the letter would mean he writes down the cleartext version, or reads it out aloud or something like that, which could much more obviously be argued as "being witness against himself". Their position is that this is exactly NOT what they are trying to force him to do, so the fifth does not apply.
I agree. When we think of it as a cyphered letter, it is more clear to me that the government is compelling him to incriminate himself. So instead of collecting evidence, they are forcing him to provide evidence, which to me is a clear 5th amendment violation.
When we use the safe analogy, well safes are easy to open, no big deal. The government opens them all the time. Why is that such a huge leap? Using the incorrect analogy muddies the real issue here IMO.
1) Giving up the decryption key is clearly not analogous to deciphering the letter. When you decrypt a drive, it’s the computer does the actual deciphering operation.
2) Focusing on how easy the safe is to break without the key cuts against your position. We can jail people for not providing the key to a regular safe, even though the cops could break into it. But we can’t jail people for not providing the key to an encrypted drive, even though the cops likely have no other way to get the evidence they know is in there. Isn’t that precisely backward? Shouldn’t the cops have more power in the situation where they have no alternatives?
>Giving up the decryption key is clearly not analogous to deciphering the letter. When you decrypt a drive, it’s the computer does the actual deciphering operation.
The computer cannot decipher the drive without the decryption key. The computer doing it is just automation. Using that logic killing someone with a car isn't the person's fault since the car did the actual killing. It's about who is controlling the thing, not the actual thing itself.
>We can jail people for not providing the key to a regular safe, even though the cops could break into it.
That is true with physical keys, but not combinations. It doesn't matter to police whether a suspect provides a key or not because the cops can work around that. In the case of encryption, they cannot. A cypher is a combination more so than a key.
Here is an article on revealing a combination of a safe vs. a key. In it, judges agree that revealing a combination delves into the mind while a physical key does not. A distinct difference when dealing with self incrimination. Collecting evidence from the mind (a combination) is self incrimination.
That article relies on Doe v. United States, 487 U.S. 201 (1988)[1], in which the Supreme Court found that a suspect could be compelled to sign a form authorizing banks to disclose records of any accounts over which he had a right of withdrawal, because 'neither the form nor its execution communicates any factual assertions, implicit or explicit, or conveys any information to the Government.' Applying that decision, a federal circuit court has already decided that the Fifth Amendment rights of the suspect in this case have not been infringed: United States v. Apple Mac Pro Computer, 851 F.3d 238 (2017)[2]. So, while the question is currently the subject of a petition to the Supreme Court, it is not accurate to say that judges agree that revealing a combination, or decrypting an encrypted volume, 'delves into the mind' so that compelling someone to do so would violate the Fifth Amendment.
No, I meant judges in this particular case, not all judges. This is the key part.
We do not disagree with the dissent that “[t]he expression of the contents of an individual’s mind” is testimonial communication for purposes of the Fifth Amendment. … We simply disagree with the dissent’s conclusion that the execution of the consent directive at issue here forced petitioner to express the contents of his mind. In our view, such compulsion is more like “be[ing] forced to surrender a key to a strongbox containing incriminating documents” than it is like “be[ing] compelled to reveal the combination to [petitioner’s] wall safe.”
Being compelled to reveal the combination to a wall safe they consider a violation of the 5th amendment. Revealing the combination to a wall safe is much more like revealing a password than surrendering a key.
That's a fair point, and the last sentence of my previous reply should be qualified: compelling someone to reveal the combination to a wall safe is not necessarily a violation of the Fifth Amendment. In this case, the court decided that the 'foregone conclusion' exception in Fisher v. United States, 425 U.S. 391 (1976)[1] applies. In Fisher, the court acknowledged that producing documents in response to a subpoena can be testimonial, because it 'tacitly concedes the existence [and possession] of the papers demanded.' But when the existence of the location of the documents are a foregone conclusion, the testimonial aspect of the production of documents – the tacit concession as to their existence – adds 'little or nothing to the sum total of the Government's information.'
As you suggested, compulsory key disclosure can be a violation of the Fifth Amendment, and here the court referred to an example of that in In re Grand Jury Subpoena Duces Tecum Dated Mar. 25, 2011, 670 F.3d 1335 (2012)[2]. The difference was that in In re Grand Jury Subpoena, there was no evidence that the TrueCrypt volumes contained any data, and no evidence that the suspect could actually decrypt them.
Forcing someone to provide evidence is not a 5th amendment violation. Law enforcement can require that a person hand over all sorts of evidence: documents, physical artifacts, even a person's own blood.
Lots of evidence can come from your mind. The location of a document, the passcode on a safe.
What makes these things similar to an encryption key and different from other types of testimony is that they only unlock information that already exists outside of the witnesses's head so they aren't subject to the same prohibitions under the 5th amendment.
The compelling of revealing a safe's combination is protected in prior cases (I liked on earlier in this thread but I'll quote it again)
We do not disagree with the dissent that “[t]he expression of the contents of an individual’s mind” is testimonial communication for purposes of the Fifth Amendment. … We simply disagree with the dissent’s conclusion that the execution of the consent directive at issue here forced petitioner to express the contents of his mind. In our view, such compulsion is more like “be[ing] forced to surrender a key to a strongbox containing incriminating documents” than it is like “be[ing] compelled to reveal the combination to [petitioner’s] wall safe.”
Of course, the Supreme Court hasn't ruled on it as far as I know, but it's an interesting case. I'd like the SCOTUS to rule on it.
Well I state it like a fact because that is not part of the current argument. In this case the judge made that determination, and challenging that is a whole other argument where a jury might or might not come into play.
The fact that he possesses no physical key is the crux of the matter. Any metaphor that tries to use objects like keys is pointless - there would be no controversy if there was a physical key.
Well there are plenty of safes without physical keys that use pin-pads. To to bring that analogy a little closer to reality then, they are trying to force him to enter the pin into the safe.
And again the current argument is not about whether he knows the pin or not, just whether he can refuse to enter it by arguing that this would be "being witness against himself", i.e. protected by the fifth.
So much for that whole constitution thing anyway.. They can just create some "act" that overrides it! And nobody will complain because the person affected is the bad guy, until they come for them.
It doesn't override the Constitution, though. He's not compelled to testify against himself. In a pre-computer society, we'd understand the Fifth Amendment as allowing you not to testify to your crimes, but not allowing you to refuse the police the right to search your house with a court-signed warrant, simply because you keep incriminating things in the house.
It might exploit a loophole, though (and I also think there's a lot of room to argue over whether that analogy is actually the right one).
The one thing that's different with computers is that usually the police can just break into your house (or a safe, or something like that) if you refuse to give them the key, and encrypted drives have no other alternate route in. So you wouldn't be kept in prison indefinitely for refusing to comply with a warrant; you'd just get your door knocked down.
But if the police found a document written in what looked like gibberish, they couldn't compel you to translate the document to English. In this case, they have executed the warrant, and found an electronic document filled with gibberish.
Can you be compelled to labor to help the prosecution?
What if I had a huge stone vault. To get to the inside of it would take the fed 7 years of digging. The crime they have a warrant for has a statute of limitations of 5 years. If I help them dig, they can get there in 4 years. Can they force me to dig with them?
I think the All Writs Act as written would say yes. There's nothing in it about amount of work. The government does, I think, have to pay you.
Now, in response to the use of the All Writs Act about iPhone decryption, a couple of people raised the argument that the 13th Amendment, which prohibits "involuntary servitude," might prevent the government from just telling you what your job is (even if you're paid for it). I don't know that any court has had an opinion on the validity of this argument.
Also, I think the All Writs Act only applies to things that the Western legal system considers "writs," which is not clearly defined in statute anywhere. So you'd have to ask an actual lawyer who understands Western caselaw about whether "decrypt your hard drive," "write and sign firmware for an iPhone that doesn't lock you out on incorrect passcode attempts," and "dig stone for four years" count as writs. I have no idea.
Interesting question. In my opinion, no, they could not obligate you to help dig, because they could get someone else to help with that. If you had a key, however, it might be different?
Furthermore, what if you didn't have the key, but had a photographic memory and could draw out the shape of the key for them to make one? Could they then compel that?
> But if the police found a document written in what looked like gibberish, they couldn't compel you to translate the document to English. In this case, they have executed the warrant, and found an electronic document filled with gibberish.
Out of curiosity, is there any case law establishing this (i.e. a document written in code)? With a document in gibberish, I can't see any reasonable reason to believe that it means something (unless, say, the defendant was suspected for espionage). In this case, however, there is other compelling evidence to believe this drive is encrypted and has data on it. It would be curious to see if something like this has been prosecuted before.
> The one thing that's different with computers is that usually the police can just break into your house (or a safe, or something like that) if you refuse to give them the key, and encrypted drives have no other alternate route in. So you wouldn't be kept in prison indefinitely for refusing to comply with a warrant; you'd just get your door knocked down.
This isn't really new with computers. People have been writing in code since time immemorial. What would have happened two hundred years ago if some defendant had been using a book cipher and the police don't know which page of which book is the key?
This isn't really new with computers. People have been writing in code since time immemorial. What would have happened two hundred years ago if some defendant had been using a book cipher and the police don't know which page of which book is the key?
I'm guessing that they would have brute-forced it. The complexity is much lower than the modern case as is the number of potential keys. I can imagine someone spending a fair bit of time in jail for contempt during this procedure, but it would not be indefinite. I can also just see the police calling in a code breaker and not bothering with the court order to tell them the key.
> I'm guessing that they would have brute-forced it.
In an era before digital computers?
That still isn't any different. Nothing stops the police from hiring someone to break the encryption. They may not be able to do it but that is no different than before. Many ciphers that are broken today were not broken decades or centuries ago -- good luck brute forcing even 56-bit DES in 1975. It's completely plausible that AES will be considered insecure some years in the future even if nobody can break it today.
200 years ago they did not have computers to do the encryption either; encryption schemes were comparatively simple. Also, the scenario suggested that the police had the code book, but simply did not know which page.
A password is information that you "know" not something you "have." I believe that giving a password is testifying information. This appears to be the sticking point. He is being locked up for refusing to say the equivalent of a word that would be information used against him. To me, that is being locked up for refusing to testify. Locking up for refusing is compelling. Therefore he is being compelled to testify.
But they are not asking him to testify, admit guilt, or anything like that. They aren't even asking him to tell them the password, just to enter the password to decrypt. This is more like expecting access to your house when a search warrant is provided.
EDIT: To be clear, it's not that I feel he should necessarily be compelled, but rather that a fifth amendment defense is weak in this case, since it's not a testimony at all, but rather revealing already existing material (as opposed to compelling the defendant to write a confession).
> They aren't even asking him to tell them the password, just to enter the password to decrypt.
How are you distinguishing one from the other? What makes compelling someone to speak the password aloud different from compelling them to type it with a keyboard?
Well, the government has made a distinction for physical security [1]. So it's probably not too much of a jump to make. That case is probably the closest case law to this one we have, though the facts aren't quite the same (the police didn't have as much evidence for what might be on the phone in that case).
EDIT: Worth pointing out that line in that case is really "physical evidence" vs. "knowledge". The court argues that the fingerprint unlocking the smartphone is closer to a blood sample than a testimony. However, I could definitely see a court seeing this as "it's ok to make someone unlock" because they didn't just collect the physical evidence, but made him take the action of unlocking the phone.
Yes, there is a court order compelling him to unlock the drives. The really questionable thing here is that they haven't charged him with any crimes, even contempt. That shows there may be a desire to establish some precedent in this case.
EDIT: Scratch that, you can hold someone in jail as long as they are in contempt of court, apparently.
The courts are trying to say that the Fifth Amendment only applies to witnesses. They're deliberately misleading the people in this case. The fifth amendment clearly states "No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation."
Note the "nor shall be compelled in any criminal case to be a witness against himself" telling him to decrypt that hard drive is still in effect forcing him to be a witness against himself.
These judges saying the fifth amendment doesn't apply should be sued for constitutional violations.
Are you denying that the Fifth Amendment only applies to witnesses (which seems clear from the text), or are you just disputing the court's decision that being compelled to decrypt a hard drive is not 'in effect' forcing someone 'to be a witness against himself' within the meaning of the Fifth Amendment?
"Are you denying that the Fifth Amendment only applies to witnesses"
Yes, because of the first two words of the entire amendment - "No person" that 100% excludes any qualifying status and grants everyone immunity from testifying in any effect against themselves.
The Third Circuit punted in the legal question, stating that even if the 5th Amendment applied to being forced to hand over a decryption key, the guy couldn’t invoke his Fifth Amendment right here because of legal technicalities (see Kerr’s analysis in the link above).
How does one prove, beyond a reasonable doubt, that I haven't actually forgotten the password?
If I've forgotten the password, wouldn't I no longer be in a position to aid in obtaining the evidence?
Would the burden of proof be on the fed to prove that I have not forgotten the password?
If I lost the physical keys to a vault, could in be held for not being able to open it?
I think Child pornography / abuse is one of the worst offenses possible, but in this case, they need to find another way to convict him if he is guilty.
> How does one prove, beyond a reasonable doubt, that I haven't actually forgotten the password?
It appears the disk wasn't fully encrypted (since they found hashes of individual files), so they likely know when the computer was last used and possibly when the data in question was last decrypted. I don't think the former being very recent should be enough to establish that he hasn't forgotten the password, but the latter sure seems like a good standard.
Well, it is also bullshit to require the subject of an investigation to assist in their own investigation. I don't care what the laws says - it's wrong.
They have a warrant to access the device and he won't unlock it. I think he should have to unlock it, sort of like unlocking your house if they have a warrant for searching it.
My dislike for police is eclipsed by my dislike for pedophiles. So I'm biased here.
If there is such overwhelming evidence that it's a foregone conclusion, then I wonder why they haven't charged and convicted the man already. Why do they need any cooperation at all?
If there is such overwhelming evidence that it's a foregone conclusion, then I wonder why they haven't charged and convicted the man already. Why do they need any cooperation at all?
It isn't about childporn, or whatever this guy is accused of doing. This is about "you are not doing as you are told, citizen, and we will fuck you up for that".
It is about control, in the same way that security theater at airports isn't about security.
When the FBI used the All Writs Act against Apple to attempt to force Apple to bypass the password functions of an iPhone or develop a backdoor method of access, the courts ruled that decryption was not a violation of the Fifth Amendment "if the contents were a foregone conclusion."
So if "foregone conclusion" is the criteria that must be met, I have to ask how the contents of this man's external hard drive could be conclusively a foregone conclusion. Maybe he did download thousands of images. What if he no longer possess them? He could have deleted them. The police have been known to make mistakes and have made high profile mistakes' i.e., the Atlanta Olympics bombing when they all but destroyed Richard Jewell.
What if he decrypted it and there was no child porn but there were records of say a store selling drugs etc on the dark net? Then he would have incriminated himself for something they had zero knowledge about because the court issued this writ.
The government states that his sister acknowledges him showing her many explicit photos. Did she turn in her brother? Why would a man show his sister pornographic images? Did she tell anyone around the time this happened that this occurred? Seems to me to be unusual at the least for the government to hang their hat on something uncorroberated. If the sister had access to the computer' who is to say that she did not download the images. He could have seen them and deleted them. Seems that a mere he said -she said is enough to have the government invade your privacy and demand you willingly set aside your consistutional protections or risk going to jail when you have not been charged with, let alone convicted of, a crime.
We have to be very careful when we start seeing civil liberties and constitutional protections erode. Tech companies have been under siege from the government's use of the All Writs Act in the last two decades and as long as they are successful, I do not foresee them changing their methods.
The "forgone conclusion" argument makes no sense to me. If there's enough evidence that the conclusion is "forgone", what is there to gain by decrypting the contents?
The forgone conclusion is that evidence likely exists on the drives and as such the judge issued the Writ pursuant to the All Writs Act. But to prosecute someone in a court of law it takes evidence, admissible evidence, and conclusions that it likely sits on an external hard drive is not in and of itself evidence of pornographic images of children.
Or maybe he is a firm believer that there is no faster way to erode our constitutional protections than to voluntarily surrender them.
Or maybe he believes that damn pesky constitution (sarcasm) applies to everyone including the government when it comes to search and seizure, and to himself when it comes to right to due process of law, and the protection against self incrimination to name just a few.
Or maybe there is child pornography on there and he does not want to charged and tried and vilified in the court of public opinion. Right now he can stand on "higher ground" by making a constitutional law argument than exposing a secret that he may be ashamed of (guessing here).
Or maybe he truly does not know the password? Despite the governments best efforts they have not been able to crack it so it must be quite secure/complicated.
Maybe. But let's be honest here: there's CP on that drive. This is a good case for spinning around on HN arguing about the extent of the bill of rights protections in the face of creative application of the All Writs Act. It's a terrible one for actually defending the perp. I mean, come on.
> Maybe. But let's be honest here: there's CP on that drive. This is a good case for spinning around on HN arguing about the extent of the bill of rights protections in the face of creative application of the All Writs Act. It's a terrible one for actually defending the perp. I mean, come on.
The thing with the law and rights is, is that they are the same for everyone. Eroding them for this guy also erodes them for you.
Don't you think its wrong to be able to hold someone forever without evidence? Isn't one of your rights that you don't have to incriminate yourself?
Or do you think that some people should have less or more rights than yourself?
>It's a terrible one for actually defending the perp. I mean, come on.
Who is defending him? I cannot in good conscience call him a perp as he has not been charged with, let alone convicted of, a crime. I am only pointing out that there are a myriad of possibilities one of which is that there is child pornography on the drive. However, we do not know that for a fact.
But just as I said, he may fear decrypting the drive because of what is on it (only he knows at this point). He may think it is better to be seen as the little guy being bullied by big brother than to be vilified by those who will presume him guilty of having "CP on that drive" and becoming "the perp" without due process.
Forgive me if I am incorrect but don't our laws apply equally regardless of the crime one is suspected of commiting?
> Forgive me if I am incorrect but don't our laws apply equally regardless of the crime one is suspected of commiting?
The All Writs Act is a law, and it allows exactly what is happening here. The question at hand is about whether that is in conflict with the fourth and fifth amendments. Equal protection is an entirely different thing and not at issue here.
And again, if you want to talk about the constitution I'm all for it. But just don't do that in the context of "you know, maybe this guy is innocent". That's silly and counterproductive.
The practical thing happening here is that the prosecution almost certainly could build a case on the evidence they have, but in practice they don't have to because the judge is willing to hold the guy in jail on procedural grounds.
Again, I'm saying there is a good argument that this was a bad decision and that the All Writs Act shouldn't be construed to allow this. But that's an academic point. In the real world, chances are very near zero that there is any "injustice" going on in this particular case.
Not a "game", maybe, but it's still zero sum. Which prosecution specifically do you want to skip so that the system can go through the motions to "do its freaking job" and get a conviction?
Once more: this was a practical decision by prosecutors to deliver as much justice as they could given limited resources. It seems all but certain (yes, in the "beyond a reasonable doubt" sense) that there is no objective injustice involved in holding this guy.
I don't think many people on this thread would have a problem with the case if the guy had gone in trial for possessing child pornography and had been convicted.
That's exactly what I believe: there are files there that will incriminate him in committing those acts himself. I find it hard to argue he should be left alone, but I suppose that's just a gut reaction?
The logic of innocent until proven guilty philosophy, is that it's better for a guilty person to go free than for an innocent person to be jailed. Hence the burden on proving guilt beyond a reasonable doubt.
Probability isn't sufficient, in this philosophy, because it's a trap. Of course probably he has on these drives what prosecutors claim, or worse, evidence of his direct involvement. And the trap is the injection of lack of sympathy into the decision making process; of course any reasonable person will say, eww he's almost certainly a creep therefore I'm not sympathetic to his indefinite incarceration. But that's exactly what the philosophy was supposedly designed to avoid, any possibility that innocent people get jailed; not preventing guilty people going free.
This is why you see a lot of effort by prosecutors defending against introduction of new evidence to prove innocence; because proving innocence well after a guilty verdict, itself shows the possibility of jailing innocents. It taints the system. And then you get these ever more perverse notions that executing those who later prove themselves innocent is not an unconstitutional execution when that person had received a free and fair trial finding them guilty of a capital crime.
http://www.businessinsider.com/antonin-scalia-says-executing...
While this may be true, the government has asked the court to order him to decrypt it as they search for those images. If they are after a bigger network of people sharing these images, then they should say so and grant him immunity or work out some type of deal with him.
As I said earlier I am not taking a position on whether what he did was right or wrong or on the moral aspects of the subject matter but here in the US the government must have a warrant to search electronic devices and that warrant must name the material they are seeking. If they list images related to child pornography, child molestation, etc they cannot go looking for evidence of drug dealing per se. But let's assume they find evidence of drug dealing, do you not think they will simply broaden the scope of their investigation and go looking in every corner of s life to now prove something they previously were unaware of before they hypothetically gain access to the drive.
Or maybe he is trying to stand his ground and preserve his right to privacy or as I said previously, maybe there is some totally unrelated crime that unlocking the external hard drive would expose.
Not quite. Investigators said they had found he had downloaded thousands of files whose hash values matched known child pornography [1]. The files were not found on his computer so they wanted to decrypt his external drive to see if they were there...
Which makes more sense to me...I believe it is unlikely that hash values would remain intact through encryption.
Wow, that link is really damning. As the passwords he willingly did give up showed CP content on his iphone, I'm unwilling to give him the benefit of the doubt on the drives.
That said, it's entirely possible still he forgot the passwords to the drives.
But that does not mean he downloaded them if someone else has access to his computer nor does that mean they are still there.
I read the article to mean that the police have proof that hashes of known child pornography were downloaded and are not on the computer so they are assuming that they were downloaded to the external hard drive. How can they see what files are sitting on a password protected encrypted drive? Who is to say that it is this external hard drive these files were download onto?
I just believe that more is needed to meet the "foregone conclusion" threshold.
Specifically the top paragraph on page 7. If you can get through that paragraph and still give him the benefit of the doubt, then you are more open minded than I am.
Who is giving him benefit of the doubt? I have repeatedly said there may be child pornography on the drive or evidence of other crimes. I am simply saying there are a number of reasons he is unable or unwilling to do as he has been ordered by the Writ.
Then the police need to work with the prosecutor and the prosecutor needs to bring charges and get a trial underway.
Prisons are overcrowded enough and it costs a pretty penny to house prisoners without us starting to house people indefinitely who have not been charged with a crime.
How does that happen? Technically I mean? This isn't full disk encryption? What terrible software leaked the hashes of what it was encrypting? This seems highly relevant to the discussion.
They know he downloaded files which have the same hash values as known images of child sexual abuse.
They arrest him and search him. They can't find these images but they find an encrypted hard drive.
In some countries (England) they can ask for the keys, and not handing over the keys is its own offence (with 2 or 5 year sentence depending on the supposed contents).
I have no idea what the legal situation is in any other countries.
The US has a provision on the bill of rights of its constitution saying, loosely, that you can never be compelled / coerced into being a witness against yourself. E.g. "Admit you did this crime or we send you to jail for life." Keep in mind that the bill of rights was written by rebelling colonials who were explicitly countering what they saw as abuses in the English system of law--in your example the ability of a judge to charge you with essentially the "crime" of not helping the prosecution's case. The crux of this case is over whether revealing a password to unlock a drive is the same as admitting to guilt -- which the court cannot compel you to do. There are arguments for both sides, honestly.
I see. I think this is my understanding of where the hashes come in -- law enforcement doesn't keep child porn around for comparison. That would be asking for abuse. They instead keep a list of cryptographic hashes of identified child porn files, and they want to see if this hard drive, once decrypted, has any files that match those hashes.
Seems easily defeated by a technical adversary, but probably good enough for most police work.
"Investigators said content stored on the encrypted hard drive matched file hashes for known child pornography content."
If the disk is encrypted how can they match file hashes? Do they encrypt known CP files with the FileVault key and then compare? If so, isn't that enough to convict him?
> The Forensic examination also disclosed that Doe had downloaded thousands of files known by their “hash” values to be child pornography.[3] The files, however, were not on the Mac Pro, but instead had been stored on the encrypted external hard drives. Accordingly, the files themselves could not be accessed.
If he's downloading them or storing them by some content-addressable system (torrents, something rsync-like that generates hashes before syncing them, etc.), I can easily believe that there's forensic evidence on the internal hard drive that the files were copied, including the hash of the plaintext, but the files themselves aren't present in plaintext.
Ding ding ding. This is the answer. I know OS X also stores hashes of at least some downloads for the purpose of checking certificates on downloaded apps and disk images.
This is clearly enough evidence to convict the guy, so I imagine they're holding him for some political reason (like generating jurisprudence for violating the 5th amendment in the future).
I vaguely suspect they're holding him because they expect to get either a stronger conviction or more evidence for other cases from the contents of the external drive (e.g., maybe he's producing child porn or knows people who do).
Something doesn't add up in this story. Encryption and hashing are different processes with different algorithms - SHA vs MD5. For example, IPSec VPNs hash a packet with MD5 to prevent tampering, then encrypt the hash with SHA256 to prevent viewing. (Because the message could be modified while encrypted, were it not also hashed.)
Isn't the point of encryption that it doesn't create a reliable hash - that 2 identical files will appear different while encrypted, as part of the larger encrypted drive?
Or are encrypted-hash collisions possible when small files are encrypted individually?
There are several misconceptions in this comment, first and foremost that SHA is encryption, which it is not. It is a hashing algorithm, not unlike MD5, though "stronger".
Secondly, when you have two files that are exactly the same and encrypt both with the same key, method and parameters then both will have the same hash. ( Though I could imagine Apple doing stuff with padding, and other parameters to make this not happen)
Right... so for the authorities to "compare" the hash of an encrypted file with that of a known original, they would need to encrypt the original with the same private key used to encrypt the encrypted file. If they had that private key, wouldn't it be sufficient to unlock the drive? They wouldn't need his cooperation to decrypt the drive if they had a private key. So it seems like a catch-22 compelling him to decrypt the drive based on a hash collision.
Exactly, but the original quote doesn't say that they compared decrypted content with known hashes. It doesn't say anything about how they learned about the "content stored on the encrypted hard drive".
"Investigators said content stored on the encrypted hard drive matched file hashes for known child pornography content."
I read it like this: They figured out that the disk had some incriminating files, as I described in another comment of this thread.
To make this work hashes are of no use, they need the original files.
For various reasons they might not want to admit that they are in possession of the original files, hence the cryptic and vague phrasing.
Sure. My point was more that they might possibly not want to openly admit that they are in the possession of the original files.
I'm sure law enforcement has lists with hashes of incriminating files, but I'm not sure if they are allowed to keep the original files. Even if they are, maybe they just want to avoid public discussion about it.
It's logically impossible for them to have the hashes of the files without having had the files at some point. If they no longer have the files, you might just as well take their word for it as to the content of the files as take their word for it what the hashes of the files are.
The chances of a hash collision are drastically lower than the false positive rate of a DNA test, and US courts have accepted the latter for a long time.
All modern encryption schemes inject randomness into the encryption process (via an initialization vector) so no, there is no way to check if two encrypted files are the same file. The investigators' claim doesn't make sense.
I would assume they have evidence, maybe via a warrant to his ISP, that showed the transfer of files with hashes of known illegal content. They might have evidence content was transferred to a computer on an account in his name, but they most likely do not have evidence of his actual possession of illegal content.
How would the ISP have such hashes? Are they hashing and recording every file one downloads? And the sources of this illegal content weren't even using HTTPS, let alone Tor?
> Encryption and hashing are different processes with different algorithms - SHA vs MD5. For example, IPSec VPNs hash a packet with MD5 to prevent tampering, then encrypt the hash with SHA256 to prevent viewing.
You do realize that MD5, SHA-1, and SHA-256 are all hashing algorithms?
I highly doubt you meant a cipher built from a hash function (easy to do with
Feistel net, though nobody does that), especially that IPsec doesn't define
any such thing, from what I remember.
Given that you apparently don't understand how encryption and hashing work and
relate to each other, you're not in a position to question the technical
aspects of the story.
Agents from the Department of Homeland Security then applied
for a federal search warrant to examine the seized devices.
Doe voluntarily provided the password for the Apple iPhone 5S,
but refused to provide the passwords to decrypt the Apple Mac Pro
computer or the external hard drives. Despite Doe’s refusal,
forensic analysts discovered the password to decrypt the Mac Pro
Computer, but could not decrypt the external hard drives.
Forensic examination of the
Mac Pro revealed an image of a pubescent girl in a sexually
provocative position and logs showing that the Mac Pro had
been used to visit sites with titles common in child
exploitation, such as "toddler_cp," "lolicam," "tor-childporn," and “pthc.”
The Forensic examination also disclosed that Doe had downloaded thousands
of files known by their “hash” values to be child pornography.
The files, however, were not on the Mac Pro, but instead had been
stored on the encrypted external hard drives. Accordingly,
the files themselves could not be accessed.
So it looks like they got the hashes from logs/forensic evidence collected from an decrypted Mac Pro.
You could also hash, encrypt, then hash again if you wanted extra integrity without decrypting. This is technically done with HTTPS through the TCP hash.
Yes, this. Whatever was used to share or transfer the files generated a cleartext log with MD5 hashes, which was written somewhere other than the encrypted volume.
Hashes might not fall under being "beyond reasonable doubt" - I'd be interested to see the legal history, if any, of them being used in convictions. There'll always be the argument of the pigeonhole principle.
On a similar note, I wonder if this will spur interest in a kind of file-doping program to confuse hashes of drive contents. A few pixels won't make a difference if you're planning on just viewing some images.
Whether a person's guilt has been proven beyond reasonable doubt is a question of fact for the judge or jury deciding a particular case, and not something that can be determined by precedent. But given that people are regularly convicted of historical sex offences based solely on the credible testimony of the victim, it is difficult to imagine that a judge or jury would find a person not guilty of possessing a particular file solely on the basis of the pigeonhole principle.
I wonder if the same kind of error-tolerant fingerprinting used in technology like Shazam (recognizing songs from ambient recordings) could be generalized to combat such a doping program.
You might have to do more than change a few pixels here and a unicode character or meta tag there. I even suspect things like color grading and, say, something like batching multiple images or text files together into one file, could be accounted for.
Not to mention, such a doping program would preferably alter files in an imperceptible (aka, less mutated) fashion.
I am a bit of an audiophile with my music and go to great lengths to rip high-quality, lossless, perfectly-encoded tracks for the sake of historical preservation. I imagine some pedophiles feel the same way about their data and the thought of tampering with the data's original state is abhorrent.
Even a colorshift or one or two changed pixels might make it worthless in their eyes, much like a bad rip with barely perceptible clicks or an altered noise floor is worthless to me.
Oh cool, I'd heard of PhotoDNA but I didn't know the details behind it. Thanks!
"It works by converting the image to black and white, re-sizing it, breaking it into a grid, and looking at intensity gradients or edges."
Pretty cool piece of technology. Seems like it covers the obvious bases. I imagine it also ignores meta tags as part of the hashing process, and operates directly on the pixel information.
Perhaps one way to circumvent detection without making perceptual modifications (which would have to be somewhat significant to thwart the above method) could be a program that losslessly converts all of your images' pixel data to a generated file type only understandable by a program with a specific key in memory, which either directly displays the image or creates temporary files that could be used by a regular image viewer? The files could possibly be signed by more than one party for extra protection. I know it sounds just like encryption but I'm thinking of something a little different. Sort of a singular encrypted file that can be securely transferred to any file system.
Sounds like a fun and challenging project but I'd hate for it to be so successful that it leads to child pornographers getting off the hook.
"In December 2016, Facebook, Twitter, Google and Microsoft announced plans to use PhotoDNA to tackle extremist content such as terrorist recruitment videos or violent terrorist imagery."
I think they're also looking for other files, whose hashes they don't have forensic evidence of, to secure a stronger conviction (e.g., they might suspect him of producing child pornography and not just downloading it, and so they're looking for files whose hashes they don't already know).
I was thinking perhaps the hash is from something like BitTorrent, where they have a list of hashes that actually identifies components of the file. Then they see that the data for a particular series of matching hashes looks like they were saved to an external drive.
> If the disk is encrypted how can they match file hashes?
This is an attack, which contemporary block based FDE doesn't really protect you well from. Bitlocker, FileFault, TrueCrypt, VeraCrypt basically operate on one disk block at at time and this means they cannot hide data patterns well. Or as Thomas Ptacek put it in his article "You Don't Want XTS" [1]
>It’s ECB-like. It can’t do a perfect job of providing privacy.
This is also why Thomas Ptacek and others are advocating that FDE is not a complete replacement for file based encryption.
> But that’s the big problem: sector-level encryption sucks. It’s messy, provides fewer security guarantees than conventional message encryption, and makes tradeoffs tailored to the challenges of encrypting disk sectors.
> Sector-level crypto is last-resort crypto.[1]
The Wikipedia article about ECB[2] (which is not used in current FDE) has a dramatic example where the image of the Linux penguin is clearly recognizable in the ciphertext.
This is 100% wrong. XTS-mode AES absolutely protects you from known-plaintext attacks like the investigators apparently claim to have pulled off. I suspect we don't have the full description.
> Bitlocker, FileFault, TrueCrypt, VeraCrypt basically operate on one disk block at at time and this means they cannot hide data patterns well.
This is wrong, but you claimed it. In the context of this thread (matching files on an encrypted disk with known unencrypted files), that's a known-plaintext attack.
Maybe you weren't aware you were making this claim, but you did.
I think, importantly and regardless of the crime itself, I would like to ask: what can be done here and how did we get to this point? We have someone who has been in prison indefinitely who hasn't been charged with anything. What can be done about this situation even if we raise awareness? Also, how did we get to the point where this is legal?
I think this is not the hill you want to die on. Everything points to this guy being guilty and the court of public perception would not be on your side. Though it does seem possible that they are using this case to set a precedent for future, less clear-cut cases.
The problem with not choosing this hill is that the hills that need defending are exactly the ones you wouldn't choose. If this guy didn't appear to be in the wrong, the government wouldn't spend their time trying to unlawfully compel him to decrypt the drive.
If white supremacists had something nice to say, people wouldn't want the government to unlawfully silence them.
It doesn't feel good to protect the rights of suspected child pornographers, or white supremacists; but consider that we don't want a government empowered to unlawfully persecute those who do or say things we find morally repugnant because what the majority finds morally repugnant changes over time, but fundamental rights shouldn't.
No, he was held on contempt on the All Writs act, and here is a very important distinction to make. He refused while in court, so he can be HELD on contempt. To be CHARGED with contempt of court, your actions typically happen outside of the courtroom after being given a legal order (e.g. you ignored a TRO or ignored a civil summons subpoena or violated probation.)
Absolutely but I'll go further. Having something in your hard drive or book or whatever should never be a crime in itself. I mean in India it is a crime to carry an authentic map of India with you.
What harm does the contents of an encrypted disk do to society? It is not like he was going out and trying to legalize child abuse. If the person was involved in child abuse, we must try to convict him absolutely but we should be able to do that without what's on the hard disk.
Oh and while I have your attention I'd like the reader to look up something unrelated but still very important. Look up cfaa. If you're in the us, please help repeal it!
Yeah, I'm uncomfortable with the banning of certain kinds of content.
The root problem here is child abuse. Anybody abusing children, or financially supporting the abuse of children, is doing a seriously bad thing and this is what should be illegal.
I'm highly skeptical that images on a hard drive can cause the abuse of children. That's the same kind of logic people used back in the 1970s to argue that playing D&D and listening to Kiss were going to result in a whole generation of Satan-worshippers.
You could show a non-pedophiliac person the entire contents of that hard drive, and it wouldn't arouse them or make them want to go abuse children. Wouldn't make me go abuse kids. I'd probably cry a lot and go volunteer to help some kids[1]. So I am not convinced that the contents of this guy's hard drive are going to result in more kids being molested somehow.
Would I want my kids hanging around somebody with a hard drive full of that stuff? Probably not, but I also wouldn't want them hanging around supporters of certain political parties either, and I don't think they should be rotting in prison indefinitely with no trial.
______
[1] I already do volunteer work; no need to send me illegal porn in order to get me off of my couch
Replying to my own post here, but my initial post totally focused on the "are the contents of this guy's hard drive going to make him go out and abuse children?" question.
I totally ignored the question of the harm that the continued availability of this pictures might do to the victims in the pictures.
The ramifications of "revenge porn" are well known; it can be really hurtful to the victims for that stuff to be out there. It is, essentially, an ongoing sexual assault. (Jennifer Lawrence is one celebrity who has spoken about this at length) So, it was wrong for me to ignore that very important aspect.
Of course, it's not a given that this guy was distributing porn - there's a difference between saving a picture on your hard drive, and distributing it. If it was a torrent download, obviously, then he did both. And there might not even be people involved -- aren't underage hentai comics considered child porn in many jurisdictions? Barf, I don't want to think about this.
Because this is the internet and words get turned around so easily, let me be super clear that sexual contact with minors is wrong and I'd like to see it eradicated.
I have known victims of childhood sexual abuse. The lifelong damage caused can be absolutely devastating.
I agree that child pornography should not be illegal to possess, only to make or profit from the distribution.
My theory goes: if you're not a pedophile, I don't think stumbling upon child porn will make you one, just like watching violent movies won't make you a violent person. If you are a pedophile already then seeing child porn may be a way out of actually harming children, just like watching gore movies be a way out for some sexual fetish with corpses.
We should be going after abusers (obviously) and people who actually profit from distribution, which add an incentive for child abuse even for people who are not pedophiles, just desperate for money.
Having pictures on your computer without an intent that could cause harm should not be illegal.
Unrelated to this discussion, but my favorite piece of unexpected good news was discovering that the girl in the picture healed and has gone on to live what appears to be a happily normal life! I'd always seen that photo and figured that she was yet another person lost to war...
Just like airplanes, the first few planes costs the most due to R&D and then the rest are just for materials + labor. The harm has already been done, and I doubt the guy has the originals.
If he's financially supporting the abusers by purchasing the pictures, then they should be prosecuted if there's proof, but is there really any harm done if the number of copies of a picture goes from 10,000 to 10,001?
Trump quite explicitely promised to double on police and prosecutor power. If what you want is better protection for accused, Trump is last person you should vote for.
I think the argument is that the system already allowed for this before Trump so it's only natural that people angry at a system will vote towards who they perceive to be as far away from it as possible and Trump definitely hits the mark there, compared to the competition.
Trump may be far away from system, but he boasted about supporting tough policies and whatever cops do repeatedly. Claiming that this is why people go for Trump is like claiming they vote him cause they want more benevolent pro-immigrant policies.
This is literally approach pro-Trump voters want. They complaint is that system became weak and does not do power play like this often enough.
CP is a wedge tool for politicians. Want to get around the Constitution while having public opinion on your side? Use a pedophile. I don't have a problem sending people to jail who produce the stuff, but the idea that I could put images in someone's computer, call the cops, and get them put away didn't sit right with me.
This case in particular is troublesome. There are lots of bogus claims by the prosecution like being able to confirm the CP via hashes despite the content being encrypted. If they truly had a strong case against this guy, they'd go to trial.
When I was in jail for only a month, I forgot a password I had recently changed, and when I got back home I ended up having to reformat my hard drive and lost a lot of old data. Poems, prose, music, images from my childhood... (well, what was left from recovering a failed drive from a year earlier, anyways)
Put me in jail for a year or two and I'll probably lose access to everything I own.
> The suspect appealed the indefinite prison sentence twice, but both appeals failed. His lawyers tried to argue that holding him breaches his Fifth Amendment right to not incriminate himself, but appeal judges did not see it that way. Judges pointed out that the Fifth Amendment only applies to witnesses and that the prosecutors didn't call him as a witness but only made a request for him to unlock his device, hence Fifth Amendment protections did not apply.
> The government also said that Rawls doesn't have to provide them with his password anymore, as they only need him to perform the act of unlocking the hard drive.
Those two statements seem at great odds. If the government actually knows the password now, the only thing having the defendant himself unlock it does is make it some sort of testimonial fact. The prosecution will use the fact that the defendant unlocked the device himself a point to the jury.
I think you misread; the government doesn't know the password. Nor are they interested in the password, per se; they are interested in the contents of the suspect's hard drive. Therefore, rather than ask for the password itself, which is information contained in his head and therefore arguably "testimony", they are merely compelling him to perform an "action" in decrypting the drive; he is free to keep the secret of the password itself.
They don't know his password. They're claiming that they're not asking him to tell them what the password is, only to enter it into the computer, and that this makes it not a Fifth Amendment violation.
I've got a few hard drives wiped with random data that looks like cipher text and yet it isn't and I don't know the password (but this can't be proven). Does this make me a criminal in the US?
Is democracy basically dead? There are all sorts of disturbing precedents being set over the last 10 years without any push back. Can anyone think of a single democracy, free speech, surveillance or rule of law issue that will get people on the street or even change their voting preference?
This is just the sort of hard case to set the right precedents about rule of law, you just can't lock someone up without trial. It goes against every know tenet of law.
If there is a rule of law that allows this, then it is basically not rule of law as we understand the word.
My best guess is that something on the unencrypted Mac Pro was referencing files on the encrypted drive. I'm not sure what kind of metadata macOS stores or what a third-party app would have, but it wouldn't be hard to imagine that something had hashes for files on the external drive.
How do they know the hashes are child pornography? Did they get that from the International Center for Missing and Exploited Children? Which is controlled by child porn "artist" Jeff Koons who was accused of his exwife of molesting their son?Once you can indefinitely detain someone for a hash, all the organized criminals have to do is control the body that responds to has requests and they can ruin or exonerate anyone. Too much power to rationally consider this risk, but we're allowing it to happen.
Does anyone understand the intent of the foregone conclusion doctrine? It seems like if something's a foregone conclusion, instead of overriding 5th amendment rights, they shouldn't even need whatever's being hidden in the first place. So why the doctrine?
Last time this story was here, I posted this link [1], from law prof. Orin Kerr. I find his reasoning about "foregone conclusion" and Fifth Amendment pretty interesting.
This guy is going to forget the password before this is resolved and then the argument will be about whether or not he has really forgotten. I look forward to seeing how this all plays out.
Given the could convict him right now, my guess is that they are trying to bargain in some way to get access to the HDDs as a way to 1) try to find the children being abused and 2) access a wider ring of child absusers etc.
Given the legal grey area this all appears to be in and the potential upside of getting in to the HDDs this seems like something the authorities would be ok doing while the law catches up.
Or they're using it as the case to challenge encryption. If this goes to the supreme court, a decision on this will set some major prescient on encryption.
I saw this in the article that was posted here on Ars technica and have thought about the issues it brings up.
Why should this guy get a free pass on child pornography just because he encrypted his hard drive? Child pornography is terrible! Who cares if the guy encrypted his child pornography. He should be in jail either way. The only reason someone would rot in prison for 2 years is because he knows he's going to rot in there for a lot longer due to his child pornography if he unlocks his hard drive.
The point of the 5th ammendment is not that the government shouldn't be able to access concrete evidence. It's so that the government can't torture/imprison someone in order to get them to admit to a crime. The reason for this is that a forced confession isn't any indication that the person actually committed a crime.
Of course we will never know if the guy truly forgot his password, but chances are he's been counseled by his attorney to never give it up.
If the drive is encrypted, how can they say in contains hashes of know illegal content? Unless the content is shared in its encrypted form along with the key... This sounds like BS on their part.
lol why not just call him and say "hello, this is Steve Jobs from Apple, you have won $100M for being a loyal Apple user. All you need to do to get the prize is unlock your Mac to prove it is yours"
I'm not claiming it's a perfect solution, but what other options are there? Here's the only other options I see:
* Detaining this individual indefinitely without charge.
* Charge based on limited anecdotal evidence.
* Release without charge.
Can you think of other suggestions? Which of the available options do you think is best? Best being a balance between the rights of the individual and the laws of the state.
Sometimes, justice doesn't carry out fully. Cases fail for a variety of reasons. We sometimes fail to charge the guilty. The reason why it works this way is simple : it's better than charging the innocent.
What should happen in this case IMO is that they should charge him with whatever they have right this moment, and if it fails, release him. Infinite detaining of individuals should be impossible, no matter what. This is dangerous.
I agree that indefinite detention of individuals without charge is dangerous, and I would not advocate for that. However, it's important to understand the precendence that would be set by the case you describe. Assuming that the evidence outside of what's stored on the encrypted hard drive is flimsy, and the charges are dropped, are we then open to the idea of untouchable criminals?
If all it takes to be a criminal that can't be charged for their online behaviour is to encrypt a hard drive, what ramifications does that have for our legal system?
In addition to what kortex said, the man here could be charged for a variety of things. The police already have damning evidence of the crime, apparently, through the presence of hashes (the dubious validity of their claims notwithstanding)
Refusing to comply is not a valid reason to lock someone up forever. You can charge him with contempt to court if you need to.
From what I understand, they have basically the logfile or other metadata from the program he used to download/manage these files, which contains the hashes. The encrypted drives in question are external drives, not the OS drive.
Despite Doe’s refusal, f orensic analysts discovered the password to decrypt the Mac Pro Computer , but could not de crypt the external hard drives. [...]
The Forensic examination also disclosed that Doe had downloaded thousands of files known by their “hash ” values to be child pornography. 3 The files, however, were not on the Mac Pro, but i nstead had been stored on the encrypted external hard drives. Accordingly, the files themselves could not be accessed.
It sounds like they suspect the files were downloaded directly to the external drive, perhaps there's a pointer in a log file or something with the path. Clearly they haven't proven that, hence their wish to inspect the decrypted drive.
IMHO, if they really wanted to charge him and take him to trial, they have plenty of evidence. I doubt a jury would be sympathetic to the "I forgot my password" argument and the logic would be that if the files _were not_ on the external drive then he would willingly decrypt it to prove as much.
Yeah, what gives? "We encrypted childporn.mpg with the password 'supersecure123', and once encrypted the file hash came out the same as one of the files. But we have no idea what his password is!"
5th amendment is the wrong argument here, he should be arguing 1st amendment right to free expression. Typing is a form of speech, and the government can't compel speech under the first amendment. It cuts out all the unlock / password / vault metaphors which are irrelevant. You can't compel a person to say something / type something under the first amendment. The "right to remain silent", fifth amendment is redundant after the case law that says the first amendment protects the right to be silent.
