Not quite. Investigators said they had found he had downloaded thousands of files whose hash values matched known child pornography [1]. The files were not found on his computer so they wanted to decrypt his external drive to see if they were there...
Which makes more sense to me...I believe it is unlikely that hash values would remain intact through encryption.
Wow, that link is really damning. As the passwords he willingly did give up showed CP content on his iphone, I'm unwilling to give him the benefit of the doubt on the drives.
That said, it's entirely possible still he forgot the passwords to the drives.
But that does not mean he downloaded them if someone else has access to his computer nor does that mean they are still there.
I read the article to mean that the police have proof that hashes of known child pornography were downloaded and are not on the computer so they are assuming that they were downloaded to the external hard drive. How can they see what files are sitting on a password protected encrypted drive? Who is to say that it is this external hard drive these files were download onto?
I just believe that more is needed to meet the "foregone conclusion" threshold.
Specifically the top paragraph on page 7. If you can get through that paragraph and still give him the benefit of the doubt, then you are more open minded than I am.
Who is giving him benefit of the doubt? I have repeatedly said there may be child pornography on the drive or evidence of other crimes. I am simply saying there are a number of reasons he is unable or unwilling to do as he has been ordered by the Writ.
Then the police need to work with the prosecutor and the prosecutor needs to bring charges and get a trial underway.
Prisons are overcrowded enough and it costs a pretty penny to house prisoners without us starting to house people indefinitely who have not been charged with a crime.
How does that happen? Technically I mean? This isn't full disk encryption? What terrible software leaked the hashes of what it was encrypting? This seems highly relevant to the discussion.
They know he downloaded files which have the same hash values as known images of child sexual abuse.
They arrest him and search him. They can't find these images but they find an encrypted hard drive.
In some countries (England) they can ask for the keys, and not handing over the keys is its own offence (with 2 or 5 year sentence depending on the supposed contents).
I have no idea what the legal situation is in any other countries.
The US has a provision on the bill of rights of its constitution saying, loosely, that you can never be compelled / coerced into being a witness against yourself. E.g. "Admit you did this crime or we send you to jail for life." Keep in mind that the bill of rights was written by rebelling colonials who were explicitly countering what they saw as abuses in the English system of law--in your example the ability of a judge to charge you with essentially the "crime" of not helping the prosecution's case. The crux of this case is over whether revealing a password to unlock a drive is the same as admitting to guilt -- which the court cannot compel you to do. There are arguments for both sides, honestly.
I see. I think this is my understanding of where the hashes come in -- law enforcement doesn't keep child porn around for comparison. That would be asking for abuse. They instead keep a list of cryptographic hashes of identified child porn files, and they want to see if this hard drive, once decrypted, has any files that match those hashes.
Seems easily defeated by a technical adversary, but probably good enough for most police work.
