The best part of this whole story is the unintended consequence of attack. Don't like someone, encrypt a zip drive with drivel, toss it in his car and call the cops. Say you saw him looking at what could be kiddie porn. The guy doesn't know the password. Life in prison. No excuse.
This applies not merely to Bob in Accounting that's a dick, but to everyone: Congress! Start sniping political enemies. A jump drive here. A hard drive there. Soon, you could have 6 or so Congressional individuals going to jail for a child porn ring. The Feds would think it's a great prisoner dilemma. No one's turning on each other. Again, anonymous tip claiming that the right honorable Representative Duggans was watching kiddie porn late at night in his office. The same tipster told the police that while he was jacking it he thanked Representative O'Connel for the present over the phone (make sure to wait for an actual call so their is evidence).
Sure eventually all of this will die down. Until then, for $100 bucks and a few hours you can sit back, eat some popcorn and watch the system implode. Do it right and you'll get years of fun for everyone.
This would work for your average Joe, but not for Congressmen. Unless somebody more powerful than them want them gone, they will have the resources to just deflect the problem. Honestly, how many politicians have you seen going to jail ? Does it match the global % of population in jail ?
That would be a good hypothesis if politicians wouldn't be constantly being caught lying, cheating and breaking promises, starting wars or saving bankrupt industries with people's money. But since they do that, with little consequences, the theory that they are actually good at getting what they want without paying the cost we would pay for something far smaller seems more likely.
That's a good point :) But they are breaking laws in the process. God, the US government is even breaking the habeas corpus, the most important law of all, and nobody bats an eye.
So do I. There is a selection process. It is not selecting for non-criminality. It isn't selecting for criminality necessarily either, but it certainly is not strongly selecting against, in the sense intended.
More likely yes. If you manage to get it to the right people, and not get it confiscated, and get it on display, then yes. It's a lot of if, but the odds are definitly better.
That's not what happened here. Read the DOJ's filing.
* The accused admitted to knowing the password and refused to provide it, on the auspices of not wanting investigators snooping through his files. Only later did they claim to have "forgotten" it.
* Prosecutors entered into evidence multiple factual claims establishing that the accused knew the password; for instance: years of eyewitness testimony demonstrating the accused entering the password from memory.
Whenever you get to an alarming conclusion like "this means forgetting the password to your laptop means life in prison", chances are, you've missed relevant details.
I have logs on my site showing many users who enter their passwords from memory regularly only to forget them months later after not using them.
Since the user hasn't been made to recall the password for months, it's plausible that he forgot it. I know I have personally forgotten passwords to accounts after months of disuse.
For instance, I had an old yahoo email account for many years. I didn't use it for about six months before they announced they would start re-purposing accounts that went unused for more than a year. I was unable to remember the password as well as the email account I had associated with that account for password reset. I ended up losing the account.
My point is just this: the notion that you have or haven't forgotten your password is something that gets argued in court, just like everything else.
Tech people have a bad habit of pretending that the uncertainties that our work generates are the first uncertainties the court system has ever dealt with.
But most of criminal law turns in large part --- mens rea --- over a court making decisions about what's in the head of the accused!
That is decided during a trial, and the decision is the outcome of the trial. The 6th amendment says "In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial", the 7th amendment says "the right of trial by jury shall be preserved", and the 5th amendment says "nor be deprived of life, liberty, or property, without due process of law".
I would interpret what is happening as a de-facto trial by judge, not peers, and thus a deprivation of liberty without due process of law, which must include a trial by peers.
The good news is: a judge can't hold you in contempt for relying on your Constitutional rights. So either it's going to be Constitutional for the state to demand encryption to be unlocked, or "indefinite" contempt detentions will be overturned by a superior court.
I have no problem with the state punishing someone for failing to provide something that has been deemed lawful to solicit, but failure to comply should result in another trial of some sort (possibly after a set period, so it's not immediate and abused). Based on the bill of rights, I believe you should not be detained indefinitely without a trial for the charges you are being held for, full stop. That the offense happened during a trial, and a judge was present is irrelevant. Otherwise, the charges you are being detained for have not had a trial by peer. Not to mention, you've now been denied a speedy and public trial. You could try to make a case that you've prevented your own speedy and public trial, but until there's been a conviction on whether you need to comply, I don't see how that reasoning is sustainable.
This is a very old legal debate. It can be resolved politically by passing statutes limiting the application of contempt rules, but that seems unlikely to happen soon.
>But most of criminal law turns in large part --- mens rea --- over a court making decisions about what's in the head of the accused!
That doesn't stop all these uncertainties affecting the outcome ("and the prosecution would like to note that the accused didn't provide the password, pretending that he doesn't remember it/know it" can turn jurors against someone, even if its BS).
How many people were accused and convicted with BS technical certainties (but actual scientific uncertainties) like the bogus "hair matching"?
Yes, but it has grown a little too inhuman in practice in a country that's 5% of the world's population but has 25% of the world's inmates.
(Plus practices like the death penalty, private prisons, abuse of solitary confinement for long periods, down to contractors overcharging 10x for prison phone calls. One would compare that with the 3rd world, not the modern Western world).
If anything it needs more limitations to prosecution and uncertainties that work in favor of the state, not less.
I agree that sentences in the US are across the board too long but am not sure what that has to do with compelled decryption of hard drives.
The court system didn't make sentences too long. They were dragged there, kicking and screaming, by a polity that overwhelmingly demanded tough-on-crime statutes and tough-on-crime prosecutors, and passed laws to ensure that the courts complied.
Most of criminal law is therefore undecidable and insane, so far as I can see, amounting to little more than a thin coat of gloss over a clumsy, ignorant, violent, and almost entirely unaccountable iron fist.
I don't know whether that's true or not (it's certainly a libertarian talking point I'm familiar with), but most criminal statutes are not strict liability.
This argument is besides the point, though. I'm not saying that contempt rules are OK because the underlying crimes require the state to prove mens rea. I'm saying, the court has for centuries been charged with ascertaining truths that are in some sense unknowable, because they depend on determining what someone was thinking. This isn't a new challenge for the court.
Also, he showed his own family child porn, and they have actually found searches for child porn in a VM on the computer.
>Whenever you get to an alarming conclusion like "this means forgetting the password to your laptop means life in prison", chances are, you've missed relevant details.
Unfortunately responses like the parent comment are predictable on HN. There is the constant narrative that the government is out to get us all. Yet the example given is someone who already has a lot of evidence of child porn, and a frickin police officer no less.
Then he should be sentenced on the other evidence anyway. The failure to provide additional incriminating evidence could be used as an aggravating circumstance in the ruling, not as a separate crime with infinite detainment.
(edit: replaced punishment with detainment, it's probably more neutral)
>Then he should be sentenced on the other evidence anyway
Yes, probably. I'm not really convinced that this isn't a violation of the fifth amendment, but I'm not a lawyer.
I suspect a jury would find him guilty anyway, and the fact that he refuses to decrypt his hard drive will likely not help his chances of convincing a jury that he's innocent.
He's in possession of data deemed contraband, but apparently not linked to distribution. The police need to demonstrate possession and can do so when their search is complete.
The police did an investigation, obtained a warrant to search for the contraband and seized the hard drive. The defendant was ordered by the judge to decrypt the drive per the warrant, and refused to follow the order. He's in contempt of court, and he can get out of jail very easily -- by complying with the order.
Should this work in the same way when other "data" is in the possession of the accused? Say, a murder suspect is considered by the judge as knowing the location of the victims body, and by refusing to tell the court, the suspect is detained as being in contempt of court.
The murder suspect has the right to refuse to testify against himself. The interesting part here is that this poor fella doesn't face any charges right now, so he has no such right. This is what makes it possible for the judge to jail him.
nor shall be compelled in any criminal case to be a witness against himself
As I understand it, Miranda established that the 5th amendment applies to all interactions with law enforcement, not just answering questions in court. So they can search the hard drive all they want, but the constitution protects us from being required to disclose what's in our heads which, in this case, should include the password.
> As I understand it, Miranda established that the 5th amendment applies to all interactions with law enforcement, not just answering questions in court. So they can search the hard drive all they want, but the constitution protects us from being required to disclose what's in our heads which, in this case, should include the password.
The privilege against self-incrimination applies to any interaction which they introduce into evidence against you in a criminal case, or from which they derive information on which they then gather other evidence that is used against you in a criminal case.
It doesn't actually protect you against the police doing anything, or forcing you to provide information (other Constitutional provisions may, however), it just protects you against certain information being used against you in criminal court.
Miranda vs Arizona established that 5th amendment protections apply outside of a criminal case. That's why police have to read the Miranda warning when arresting someone. He's been arrested and read his Miranda rights and is invoking them.
> Miranda vs Arizona established that 5th amendment protections apply outside of a criminal case.
No, Miranda vs. Arizona set standards for how 5th amendment protections apply in a criminal case, and established remedies for violation of those protections in such case.
It's not a punishment. It's being held in contempt of court for refusing to obey a court order. He holds the keys to his own freedom; he has to provide the password.
>And historically, from Jim Crow laws, to J.E. Hoover and McCarthy, and onwards to Snowden, this is wrong, because?
Most of the examples you gave are historical. Regarding Snowden: has anything been used against anyone? I'm not condoning the snooping, BTW.
I think when you compare the US government to the likes of Russia and China, you'll see that the US is really not "out to get you". Certainly in this case it's pretty obvious that the govt isn't out to get an innocent person. There is a lot of strong evidence already that he has been collecting child porn. That of course doesn't mean that illegal procedures should be used to obtain more evidence, but we shouldn't get hysterical about it and say that the govt is going to use this to frame innocent people.
Historical doesn't mean "belonging to lore" or "ain't gonna happen again". It precisely means "this things happen". And I don't consider stuff from 40 and 60 and 80 years ago as "deep history", like it's the Roman times or something and now we're totally different. In some cases those that did or suffered those things are still alive. In others, their direct 1st-gen legacy (sons, proteges, people they mentored etc) still rule.
>I think when you compare the US government to the likes of Russia and China, you'll see that the US is really not "out to get you"
Not sure what this means. With 25% of the world's inmates in only 5% of the world's population, I'd say it's very much out to get a heck of a lot of its citizens. And in prison conditions that compared to places like Germany or Sweden are like third world dungeons. The only way not to see this is to conveniently consider all those people are somehow subhumans, or criminals who "deserve it" (then one has to wonder why in the US 10x more of the population "deserve" such a fate compared to those in the German or the French population).
Or maybe let's talk police shootings? One is much more probable to get shot in the US ('walking while black' et al) than most parts of the world, China and Russia don't even compare.
Or are those not part of the government, and those laws and that climate is not fostered by government policies and political demagogy?
> I think when you compare the US government to the likes of Russia and China, you'll see that the US is really not "out to get you".
Have you any evidence that the US Government has changed their modus operandi?
Programs like COINTELPRO weren't public knowledge until some time afterwards, ditto "rendition" of terrorism suspects for overseas torture. Snowden has demonstrated that your Government still engages in widespread illegal activity.
I'd say the only reason such abuse seem "historical" is that we're unaware of the abuses going on right now.
>I'd say the only reason such abuse seem "historical" is that we're unaware of the abuses going on right now.
That's my point. The US government may or may not be mildly abusing it's citizens by spying on them illegally, it's hard to know. Compare to Russia or China where it most certainly is vehemently abusing people it disagrees with.
Also, I think the rendition was only for non-citizens. The US doesn't really give much of a shit about you if you're not a US citizen.
> Whenever you get to an alarming conclusion like "this means forgetting the password to your laptop means life in prison", chances are, you've missed relevant details.
Was OP's comment edited after you replied? I read nothing implying the OP concludes forgetting one's password means life in prison. I read a seemingly tongue-in-cheek, obviously hyperbolic bit of nonsense about using this as a vector for watching the world burn because people couldn't prove otherwise. Sure, OP is stretching for effect, but it doesn't seem OP missed relevant details.
Huh? Providing a password was made mandatory here, and, as I pointed out, the state's case is based on evidence establishing that the accused knows the password and is simply being intransigent. The state was not able to, on a whim, suggest the accused had a password they didn't actually have.
Eh, not so hard. Proxy their internet for a browsing session, and you put thumbnails of images in their cache. If they have any encrypted drive, or any encrypted blobs (could push those into their cache as well), and they're not going to have a great day.
Cached images has been enough to put away more than a few folks - there was also recently a story about using exactly that tactic against a suspected spy.
It can easily be used in tandem with the encrypted drive, to create probable cause to suspect the drive.
And MiTM is far too simple to do. One of my friends was able to rickroll many a person with about $100 of gear. It was always troubling to watch my computer connect to my home network while at a conference, with no real notification to me.
A zip drive with no fingerprints of the person it supposedly belongs to? Not very convincing.
Also in this case the prosecution apparently has a bit more information that just "he did it":
A subsequent forensic exam of his Mac Pro computer revealed that Doe had installed a virtual machine ... the examiner found one image of what appeared to be a 14-year-old child wearing a bathing suit and posed in a sexually suggestive position. There were also log files that indicated that Doe had visited groups titled: “toddler_cp,” “lolicam,” “hussy,” “child models – girls,” “pedomom,” “tor- childporn,” and “pthc,” terms that are commonly used in child exploitation.
... The exam showed that Doe accessed or attempted to access more than 20,000 files with file names consistent with obvious child pornography... and that he used the external hard drives seized by Delaware County detectives to access and store the images.
Wouldn't stop the police from keeping him behind bars. "He went through the trouble of encrypting the drive and keeping it clean from prints, but we found it in his car. He's clearly a well organized, determined child porn consumer."
Perhaps you have too much faith in law enforcement, or I have grown too cynical by what I perceive as the dawn of a new era of police states.
I am no fan of compelled decryption, and believe it is a violation of 5th amendment rights. That being said, I think the government's argument is stronger than usual having proven that he has accessed files regularly in the encrypted drive by showing logs of regular access to content with suspicious filenames.
The police have a fundamentally different argument here than "it happened to be in his possession".
I agree, and looking at the story that is available to us here, the guy in question is very suspect.
However, that does not mean we can or should change the rules (or define new rules) to put him in jail. I'd prefer they use another way to convict this guy. I'm also careful not to condemn a suspect based on what the media reports about him and his case (the court of public opinion is a dangerous thing).
The fifth amendment is one of the few defenses you can call on when facing the incredibly skewed US legal system, and should not be chipped away at, even in a case like this.
>That being said, I think the government's argument is stronger than usual having proven that he has accessed files regularly in the encrypted drive by showing logs of regular access to content with suspicious filenames.
I'm not sure why the case has to stop while the drive remains encrypted then. If they do get the drive decrypted and find nothing (perhaps he held no files and is protesting against forced decryption or they simply have the wrong drive) that will hurt the prosecution.
To me, the judge has basically said you can be locked up indefinitely for accessing suspicious file names. I'm not going to lie though, 20,000 entries would make me pretty fucking suspicious. I think almost all of us would immediately report that to the cops if we saw that in our networks without verifying what's inside.
I agree that the case here is a bit more compelling. You're also correct in the lack of some evidence in the attach scheme.
You can overcome the fingerprints by handing things out for free. Here's a jump drive from some corp. You can also it in a cup holder. The person would touch the jump drive while being a bit perplexed. If you know the person, you can probably get them to hold it for you by simply handing it to them.
Yes, you have to be more involved, but at the same time it's doable.
This applies not merely to Bob in Accounting that's a dick, but to everyone: Congress! Start sniping political enemies. A jump drive here. A hard drive there. Soon, you could have 6 or so Congressional individuals going to jail for a child porn ring. The Feds would think it's a great prisoner dilemma. No one's turning on each other. Again, anonymous tip claiming that the right honorable Representative Duggans was watching kiddie porn late at night in his office. The same tipster told the police that while he was jacking it he thanked Representative O'Connel for the present over the phone (make sure to wait for an actual call so their is evidence).
Sure eventually all of this will die down. Until then, for $100 bucks and a few hours you can sit back, eat some popcorn and watch the system implode. Do it right and you'll get years of fun for everyone.