How about a real issue for a change

Professur

Professur

Well-Known Member
http://www.theregister.co.uk/2009/03/03/encryption_password_ruling/


Child porn suspect ordered to decrypt own hard drive


Self-decryption not self-incrimination

By Dan Goodin in San Francisco • Get more from this author

Posted in Crime, 3rd March 2009 00:07 GMT

In a move sure to stoke debates over constitutional protections against self-incrimination in the digital age, a federal judge has ordered a child porn suspect to decrypt his hard drive so prosecutors can inspect its contents.

In a ruling issued last month, US District Judge William Sessions in Vermont ruled criminal defendant Sebastien Boucher does not have a constitutional right to keep the files encrypted. The ruling reversed an earlier decision by a federal magistrate that said forcing Boucher to enter his password into his laptop would violate his Fifth-Amendment rights against self incrimination. Boucher's attorney is appealing Sessions's ruling, according to CNET News, which reported the story earlier.

The case is believed to be one of the first times a court has decided whether the Fifth Amendment bars prosecutors from forcing a criminal defendant to surrender a computer password. It's well settled that suspects must turn over keys if they're deemed relevant to a criminal case. Compelling a defendant to turn over the combination to a safe, on the other hand, has generally been considered off limits because it would "convey the contents of one's mind," an act that's tantamount to testifying, Magistrate Judge Jerome J. Niedermeier wrote in a November ruling in the case.

Boucher was arrested in late 2006 while entering the US from Canada when border agents claimed they found images of child pornography on his laptop. Boucher waived his Miranda rights and allegedly told the agents he may have downloaded child pornography. The laptop was then shut down.

Nine days later, authorities armed with a subpoena tried to access the pictures again and this time were unable to inspect the hard drive's contents because it was protected by encryption software from PGP, or Pretty Good Privacy.

Sessions's ruling came after prosecutors narrowed earlier requests and said they only wanted him to decrypt the hard drive contents before a grand jury, apparently by typing in his passphrase in their presence. Sessions reached his decision after concluding the act of producing an unencrypted version of the hard drive wasn't necessary to authenticate its contents, presumably based on Boucher's statements to border agents. ®
Click to expand...
 
You know I hate it with every fiber of my being but that Judge's order is totally unconstitutional. If they can't make a case another way they need to drop chages without prejudice and make their case another way. I he is what they say he is, he will screw up eventually. If this order stands it is BAD precident and it is a serious challenge to constitutional rights.
 
Is it unconstitutional? They have a search warrant, does that not mean they can force him to do this?

If it is unconstitutional, why can't they force PGP to crack it?
 
PGP didn't do any wrong, so they can't be forced to do anything. There is nothing stopping the cops from hiring a few WhiteHats to crack the code or find a back door. PGP is unlikely to do it without having their arm wrenched first. Their entire selling point is being able to protect it's customers information from this kind of GVT interfearance... if they give in, they might as well close up shop.

This is the leading edge of the law as it affects the internet and technology in particular.

Perhaps the gvt should lean on the ISP to peek at his upload/download file-names.
 
i seem to recall something like this posted before... somebody seems really concerned about this kinda content on hard drives... :D
 
Of course...if they can find the thumb-drive that he's using to hold his key, they're in like flynn. If he's using words, it's even easier. 140k words in the Websters Dictionary, if you add upper/lower case combos and other characters, plus proper names, you can still narrow it down to 160k ˆ*(8-10) tries... at current speeds of processors, that shouldn't take too long.

Hell, it's probably 123abc
 
I've posted here before about the double container encryption being used by the pedos (and paranoids) now. You create an encrypted partition. Then, in the same space, you create a second one. Inside that second one, you keep all your jailable stuff. Because you`ll do jail time if you refuse to give up your passwords, this lets you appear to activate the decrypt ... but you do it on the first container, not the hidden second one. This then destroys the second one, making it impossible to retrieve.

The problem is that law makers are on to this now, and bit-by-bit clone the suspect drive before touching it. If you decrypt the first and it doesn't show, they now have what they need to find the second and bust your ass for not providing that password too.
 
well, there's an obvious way around all of those troubles.

don't download and/or otherwise possess kiddie porn.
 
How about the summer photos of my daughter in her bikini, or of the boys in the bath? Have you seen the list of images that are now illegal to posess? Drawings of Milhouse doing Lisa Simpson .. illegal. Nudist summer photos ... illegal. See through clothing, down blouse, up skirt, nipple slip ... all illegal. Even fully clothed child models in 'provokative poses' ... illegal. A 1974 Underoos TV commercial ....illegal.
 
Intent vs. written law. just because the law is written as widely as possible in order to catch more real pedos doesn't mean that you are in any danger of being arrested for child porn for having innocent images on your computer. You're likely to get flagged depending on where you place said images or which sites you visit, but unlikely to get into any trouble if those images never find their way onto illicit p2p sites.
 
2minkey said:
well, there's an obvious way around all of those troubles.

don't download and/or otherwise possess kiddie porn.
Click to expand...


Gee...the right against self-incrimination is there-by void? Personally...I think the guy should hand, but...constitution-wise, he's totally within his rights...
 
Amendment V

No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
Click to expand...

He doesn't have to submit to the judges order. However, the state can hire a bigger, faster computer to start running password breaking software.
 
paul_valaru said:
Is it unconstitutional? They have a search warrant, does that not mean they can force him to do this?

If it is unconstitutional, why can't they force PGP to crack it?
Click to expand...

It took several years for a Cray supercomputer working 24/7 to crack a PGP passphrase that was ony a few words long and that was in the infancy of PGP. It is much stronger now. If this guy has a private key that is, say, 25 words and 180 characters it would take longer than the statute of limitations to crack the key.

PGP is the most sophisticated encryption program that is available to the public. When Philip Zimmermann, who lives right here in Boulder, CO, first released the program he was investigated for "munitions export without a license". because it got carried overseas to foreign enemy states and others restricted from having this technology.

There is a good writeup on PGP and Zimmerman HERE Pay particular attention to the part entitled "Security quality".

He also wrote, and distributed, a program called "Pretty Good Scrambler", or something like that, which encrypted voice communications between two computers using VOIP and PGS.
 
I'd bet that the 1.64-petaflop Jaguar supercomputer could do in 5 hours what the old Cray they used at the time could do in one year.

1640 trillion floating-point operations per second vs. 1.02 trillion FPO/Second on Cray T3E-1200E with 1480 processors
 
MrBishop said:
I'd bet that the 1.64-petaflop Jaguar supercomputer could do in 5 hours what the old Cray they used at the time could do in one year.

1640 trillion floating-point operations per second vs. 1.02 trillion FPO/Second on Cray T3E-1200E with 1480 processors
Click to expand...

And I am sure this should be a priority above all other work and considerations!
 
Then he'd be tempting 'contempt of court'.

I still think that the best way is to track his upload/download files through his ISP. After all..before they were encoded, he had to get them from somewhere.
 
You must log in or register to reply here.
Back
Top